Most of us already use cancan for authorization, where we define the Role Based Access (RBAC) to various models in the Ability class. However, any changes to these abilities, requires code changes to the Ability class and restarting the application for the changes to take effect.
What if we could assign these permissions dynamically? That would be great, wouldn’t it. This is how we manage roles and permissions dynamically. Some initial thoughts were picked up from here
This approach is based primarily on authorization for the controller actions.
Let’s consider an example. We will add the models as they are required. Right now the basic application has models User, Role and Permission. The relationship is as shown
Role #the model to save the role :name # the role name :has_many :users :has_and_belongs_to_many :permissions User :name # user name :email # user email :password # user password :belongs_to :role Permission #…
View original post 583 more words