abelemlih
commented
2 years ago To implement role management, we should consider the following three options:
CanCanCan gem
The most popular option among all options I found, the CanCanCan gem simplifies role management by having one Ability class where all roles are defined, and having all controllers use the permissions defined in that class. The gem is also used by Samvera for role management.
Pros
- Simplifies creating new roles and specifying what actions they are allowed to perform, or what resources they have access to.
- Widely used and extensively documented, with many resources online on how to implement it and handle complex role management in a Rails app.
- Used by Samvera, which keeps the catalog consistent with what the community uses for role management.
- ⭐️ worth mentioning: I have experience using this gem from past projects
Cons
- Third party library, meaning we need to ensure it is always up to date
Pundit gem
Another popular gem for implementing role management is Pundit, which relies on creating separate policy classes for each resource.
Pros
- Simplifies role management by having permissions clearly defined in separate policy classes.
- Also widely used and well documented
Cons
- Third party library, meaning we need to ensure it is always up to date
Implemeting role management from scratch
This option will require us designing and implementing role management logic from scratch, which could be very useful if we have very specific criteria that we should account for when adding role management.
Pros
- No need to add a third party library, which ensures we do not have a dependency we need to keep up to date.
- Greater flexibility in how roles are defined and managed
Cons
- This option will take much longer to develop, compared to out of the box tools like the gems above.
- Given that it is implemented from scratch, we will need to write extensive documentation to ensure any future changes to how roles are managed and defined follow the guidelines we initially set up.
- No resources online for future developers to refer to if they run into issues making any changes role management related
I personally recommend using the CanCanCan gem, given how widely used it is in the Rails ecosystem, and how well documented it is. As for the criteria below:
- Ease of adding the first user to the first role
- Ease of adding additional users to a role
- Flexibility for users without roles
- Flexibility for creating new roles.
I believe all options satisfy those criteria, the CanCanCan gem will allow us to satisfy those criteria and implement role management much faster.
One thing worth mentioning is none of the options above include any UI for role management. The options above are strictly used to define roles and their permissions within the app. For anything UI related e.g. UI to assign users to a given role, or organize users into role groups, I recommend a separate research ticket that will focus on what UI libraries are available.
@rotated8 @eporter23 @lovinscari let me know if you have any questions!
lovinscari
Take a day to research and recommend an approach for user role management.
The recommendation should take into account
The recommendation will be used to implement role-based authorization for admins, allowing them to see an admin dashboard and access admin-only features.