How to implement user role with user panel


I’m currently try to develop my first web application in Ruby on Rails for

I made a user model with a “role” integer in the database to determine if a user

  • Guest
  • Editor
  • Administrator

I’m using an enum in the model to manage roles availables.

I don’t know if it is a good choise ?

Like a CMS, my application manage articles.

  • A Guest user can see some private articles and
    post comments like in a blog.
  • An editor is like a guest user but can write articles.
  • Administrator can write article and can manage users, attribute roles…

I would like an admin panel only for admin users.
I thought to implement that with an admin namespace and specifics controllers for
admin actions, in this namespace.

About Editor and Guest, I don’t know it I should also create differents namespaces ?

Is this practise is a good choise to be conform with Rails principles (DRY, REST full) ?

I would like to know what would be the bests practise in Rails way to implement that.
Your tips or recommendations are welcome :wink: ! I would like to learn the best pratices in
Ruby on Rails !

You should probably use Devise & Cancan.

They’re pretty easy to use and very powerful.

I’d also recommend looking the catalog of gems on this website (or others).

If you don’t you might be facepalming yourself few times.


Thank you for your answer, Cody Skidmore.

Sure, it is possible to use gems but I would like to do it myself from scratch because
I think this is a good training to learn good practise in Rails.

So there was a Railscast that did an authentication system from scratch, and for a simple use case you can easily check if a user has a certain rule in a before_filter / before_action, but admittedly the gems are well tested, and peer reviewed, so is probably the best way to go. If you are using the latest Rails (which you should be), then either use cancancan (as cancan only works on rails 3), but I now prefer pundit for larger projects, as cancan(can) centralizes everything in one ‘Ability’ class, while pundit takes the modular approach by specifying the policies on a per model / class basis which makes them easier to test in isolation, and scales better

The best practice is to use good gems when they are available. Spend
your time developing the bits specific to your application. By all
means, as a learning exercise, look at the source code of gems to see
how they work.

Have you already worked right through a good tutorial such as (which is free to use online)?