I am building an app which aims to help shops organise their staff. There are many shops and each shop has many roles for the staff. The only constant position is the manager's one. I would like to enable him/her to create his/her own roles. For example, in shop A, the delivery guy may update order_status, but in shop B, he may not.
As you can see, I would like the roles to be custom and to be constrained in the specific shop.
I am considering three gems for the authorization - cancancan, rolify and pundit(but I am open to suggestions). Rolify is not that famous one but it has the convinient option to say
Pundit manage permission through policies and I think that is the best.
You can crete an app/policies/application_policy.rb that manage actions like index/show/create....
def index? false end def show? false end def create? false end def new? create? end def update? false end def edit? update? end def destroy? false end
And after that generate policies like
class MyClassPolicy < ApplicationPolicy end
Check pundit documentation.
About roles you can use: role model gem (https://github.com/martinrehfeld/role_model) that manage roles too easy. Check the example and ask if needed.