CanCan 2.0 Resource attribute abilities - value masking

[jasonm23]

Is it possible in CanCan 2 to define abilities on attributes, and the possible values that can be set.

I suppose the broadest example is the User.role ... imagine the role tiers as follows:

 Admin
  |_  GroupManager
         |_  StoreManager
                 |_ Staff
                      |_ Customer

Admin of course has access to set any role they chose, while each tier can then only assign the roles available beneath them.

If not, would configuration following the example below work out? It seems (naively) flexible (rather than taking into consideration any hierarchy rules.)

 if user.role? :group_manager
    can :update, User, :role, ["store_manager", "staff", "customer"]
 end

 if user.role? :store_manager
    can :update, User, :role, ["staff", "customer"]
 end

etc... being able to specify, ranges, bitmasks etc. as alternatives to the final argument.

[xhoy]

Thanks for your submission! The ryanb/cancan repository has been inactive since Sep 06, 2013. Since only Ryan himself has commit permissions, the CanCan project is on a standstill.

CanCan has many open issues, including missing support for Rails 4. To keep CanCan alive, an active fork exists at cancancommunity/cancancan. The new gem is cancancan. More info is available at #994.

If your pull request or issue is still applicable, it would be really appreciated if you resubmit it to CanCanCan.

We hope to see you on the other side!