gorrillamcd
commented
12 years ago Got this done. User roles are managed with cancan and the available roles themselves are stored in a constant on the User model, since they won't change much if at all.
I will revisit security after the main features are completed to tweak the permissions for each role, but I'll call this feature done and open a new one with a milestone for security hardening.
Support for user roles and access restriction based on role.