What you're dealing with is the authenticate / authorize sequence.
Authenticate covers topics such as login / password / session access
to the site.
Authorize covers role (or other) based access within the site.
Google either for gems / plugins / discussions
restful_authentication plugin.
also has roles for authorization.
http://github.com/technoweenie/restful-authentication/tree/master
http://railsforum.com/viewtopic.php?id=14216
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks