Rails object based permission/authorization engine?

Question

I want to add \"Sharing documents\" feature to my app, like in google documents service. As i see:

User can:

• can list/view/create/edit/delete own docum

Answer 1

You can look at some authorization plugins available here:

http://www.ruby-toolbox.com/categories/rails_authorization.html

As for object level authorization/permission, it looks like canable can do this:

http://github.com/jnunemaker/canable

From the example in the readme:

class Article
  include MongoMapper::Document
  include Canable::Ables
  userstamps! # adds creator and updater

  def updatable_by?(user)
    creator == user
  end

  def destroyable_by?(user)
    updatable_by?(user)
  end
end

You could also define a viewable_by? method. You would still need some kind of permission fields or association on the document model, but after that you could use canable to simplify authorization in your controller/views.