A question about relationships

I understand Martial Arts, and I understand roles.

In martial arts, it is reasonable to hold multiple ranks. For example, within
the Shintani association, one can hold the rank of nidan in karate and shodan
in shindo at the same time.

I still think roles should be distinct from ranks - sysadmin, for example, is
a matter of ownership rather than rank.

Let me ponder for a bit ... I see the shape of a solution but can't quite
express it yet.

Am I understanding this product fully?

The product is a set of forums and the supporting mechanisms necessary
to make them work.

Every forum has a predictable set of types of roles. For example:

reader
poster
moderator
administrator

In addition, there are roles that fall outside of the forum role
structure. For example:

public
sysadmin
security

The roles are distinct for each forum. the role "moderator shindo" is
distinct from "moderator wado kai karate". When a new forum is
created, the roles for that forum can also be created as a part of that
process.

The assignment to a forum based role is generally governed by rank.
There is a process for assigning rank. The role assignment rules can
be applied as this process is fired, and as users are registered to the
individual forums.

Role assignment rules should be based on data in the database.

Given this, you have the following models:

user
forum
roletype
role
rank

The following relationships apply:

user HABTM roles (table roles_users) (and vice versa)
user HABTM ranks (table rank_users) or user belongs_to ranks + rank
has_many users (I'm partial to user HABTM ranks)
forum HABTM roles (table forums_roles) (and vice versa)
rank HABTM roles (table ranks_roles) (and vice versa)

Within a forum, each action joins (roles_users for the current user)
against (forums_roles for the current forum and action). If there is
not an empty set, then the user has authority to perform the action.
This role test should be implemented as a boolean method, so it can be
reused both for adapting the options on the display and for wrapping
the actions to eliminate a security hole.

In the forum create method, the class checks to see if the forum roles
exist. If they do not then it creates them.

Sysadmin needs authority on all actions, synce sysadmin is the ultimate
authority. This is best implemented in the forum user role test.

This isn't complete, but it should be reasonably close.