Kristiyan Tsvetanov Kristiyan Tsvetanov - 5 months ago 7
Ruby Question

Rails, gem choice for authorization

I am building an app which aims to help shops organise their staff. There are many shops and each shop has many roles for the staff. The only constant position is the manager's one. I would like to enable him/her to create his/her own roles. For example, in shop A, the delivery guy may update order_status, but in shop B, he may not.
As you can see, I would like the roles to be custom and to be constrained in the specific shop.
I am considering three gems for the authorization - cancancan, rolify and pundit(but I am open to suggestions). Rolify is not that famous one but it has the convinient option to say

user.has_role?(:manager, Shop.find(4))


Which gem do you think is the best choice? Thank you!

EDIT: I found the following link extremely helpful. Click

Answer

Pundit manage permission through policies and I think that is the best.

You can crete an app/policies/application_policy.rb that manage actions like index/show/create....

  def index?
    false
  end

  def show?
    false
  end

  def create?
    false
  end

  def new?
    create?
  end

  def update?
    false
  end

  def edit?
    update?
  end

  def destroy?
    false
  end

And after that generate policies like

class MyClassPolicy < ApplicationPolicy
end

Check pundit documentation.

About roles you can use: role model gem (https://github.com/martinrehfeld/role_model) that manage roles too easy. Check the example and ask if needed.