There’s a relatively new player in the town of role-based access control for Rails – acl9 by Oleg Dashevskii. The first look through it’s README page may leave a confusingly bitter taste of complexity in your mouth, but don’t you worry – it’s nice and flexible and easy to use once you get into it.
acl9 has not only global user roles (like this user has admin role, and that user has editor role), but it also allows you to specify users’ roles over specific objects. For example, some blog post can have one user with “author” role and another with “editor” role, and these roles can belong to different users over different objects.
And it’s all good but looks a bit too complex for me in the default implementation – all these per-object roles are stored in the database so you have to assign them by calling user.has_role!(:admin, blog_post) and user.has_role!(:editor, blog_post). And if some roles are changed over time – we have to go over the relevant objects and remove/change the roles.
So let’s sprinkle this basic goody with some dynamic pepper to give it just the perfect flavor we need. And by the way I’ll show you just how easy it is to modify roles behaviours with acl9 – and that’s why I love it.