Hi everyone
I have now spent a great deal of time investigating on my own so now I will delegate the question to you. Which is the best solution for adding authorization/access control to a rails app. My requirements are:
* Must be group/role based. Structure: - A user habtm groups - A group habtm roles - A role is allowed/denied to do specific things on models/model instances.
* Active development. The project should be alive.
Gold star features:
* Cached/efficient queries. * Fine grained access control to specific features on an instance. * Some way of grouping target objects, for example "the fan_mail_reader role can read all mails that have the attribute fan_mail == true. This can certainly be handled outside authorization but would be handy.
I think the whole community could benefit from a little light shedding on this area. There are many solutions out there, but many lack important features or are very outdated. The closest one in features in my opinion is ActiveACL but that is from 2005 and requires plugins that I cannot find anymore.
I have great hopes that someone can help me and others that are in the same situation.
Kindest regards
Erik Lindblad