The current implementation uses a hierarchical system with CanCanCan to reflect the different roles and their permissions. This should be refactored to a non-hierarchical version to allow adding new roles that do not fit in the hierarchical order. This should only allow that a user belongs to exactly one group. If more groups per user are needed at some point this can be added later on.
A possible approach would be to introduce bit-wise role-management, where a flag indicates wether a user belongs to a specific group or not in order to replace the hierarchical order.
The current implementation uses a hierarchical system with CanCanCan to reflect the different roles and their permissions. This should be refactored to a non-hierarchical version to allow adding new roles that do not fit in the hierarchical order. This should only allow that a user belongs to exactly one group. If more groups per user are needed at some point this can be added later on.
A possible approach would be to introduce bit-wise role-management, where a flag indicates wether a user belongs to a specific group or not in order to replace the hierarchical order.