A practical pattern for implementing role management in Rails without external gems like rolify. Uses three core models (User, Role, UserRole) with a polymorphic resource association on Role to support global roles, class-scoped roles, and instance-scoped roles. The post walks through migrations, model definitions, named scopes for querying roles by type and name, and predicate methods on User (e.g. developer?, manager_of?) that cleanly encapsulate authorization checks for use in policy classes.
Sort: