So here's my scenario:
I'm currently working on writing a rails 4 based wiki application from the ground up because I got pissed that Confluence used so much in the way of resources for features that I never really used. I _do_, however, enjoy a lot of the organization that Confluence has. As such, I've mimicked its idea of having 'Spaces'. This has lead me to a bit of a quandary on how to handle authorization (authentication is already handled by Devise).
A bit of illustration is in order:
You have
* A site
* A site has one or more super-admins (all powerful, could do anything anywhere)
* A site has one or more spaces.
* A space has a single owner
* A space's owner would be an 'admin' for that space automatically.
* A space may have other admins, which are not the owner of the 'space'
* A space may be private, or may allow for any logged in user to view (or any other specified action)
If I had a simple situation of simple role authorization, I could do this pretty easily on my own. I must admit though that the variability of role, based on 'space', leaves me scratching my head.
Anyone care to pipe up and give me some feedback? Perhaps you've used cancan or cancancan before?
Have you watched the Railscast for CanCan? Ryan walks through several use cases. Also bear in mind that CanCan is really on Rails 3, you’ll need to use CanCanCan, a forked version of CanCan that supports Rails 4.