Does the Pundit or CanCan gem allow for user-by-user, controller-by-controller permissions?

390 views Asked by At

I have an admin section on my site with links to 30 something features. We want to have it so that each customer service reps will be given access to these pages on a very granular, individual level (i.e. Joe will be given access to page A and B, but not C; Mary is given access to A and C, but not B).

Is Pundit or CanCan made to work like that or would I be better off creating a Permission model that relates to a User with a boolean column for each admin feature? I was hoping to avoid that as I could see it getting out of hand quick.

1

There are 1 answers

1
coreyward On

Rather than creating a column for each feature, you can use a single integer column and utilize a bit mask to store N boolean values. There are ruby libraries that will do this for you, like Bitfields, if desired.

Another approach is to create a join table (habtm relationship) between admins and features (you would add features as a db-backed model if they aren't already), then granting permission is as easy as adding a row to the join table. Here's an example:

class User < ApplicationRecord
  has_and_belongs_to_many :features
end

class Feature < ApplicationRecord
  has_and_belongs_to_many :users
end

# authorization
def authorized?(current_user, requested_feature)
  current_user.features.where(id: requested_feature.id).exists?
end