Topic: Role based permissions for a customer portal

Working on plans for rebuilding an existing app in Rails. Right now the site is built on Fusebox 3 and ColdFusion and uses a simple permissions system based on a comma delimited list of permissions that is stored as a session variable.

Can anyone point me to a best practice or recommended way to implement a roles based permissions scheme in Rails?

Re: Role based permissions for a customer portal

I'm working on an integration system at the moment, but we're setting it up such that users do not have any permissions, but usergroups do. The concept should be the same as your 'roles'.

Each user belongs to a usergroup and each usergroup then has a join table (hm:t or habtm) which specifices its permissions on an object table or on an object group. Users authenticate individually but only their groups authorize them to do anything.

Re: Role based permissions for a customer portal

See this post for one way I have handled role based permissions.

Railscasts - Free Ruby on Rails Screencasts