Reno, NV    +1 (800)0 621-0871

Go back

Development | Ruby on Rails

Using declarative_authorization’s developer support to access your role hierarchy

  |  March 3, 2011

We just answered a question on StackOverflow.

This situation comes up when you have a hierarchy of roles in a system and you want to allow some roles the ability to edit users.  It is important for security to ensure that no user can promote himself to a higher level, thus granting themselves more permissions.  If you are using the elegant and powerful declarative_authorization gem for your access control, the means for doing this unfortunately is not exactly clear.

It turns out the declarative_authorization gem has a nifty controller which produces a graph showing the hierarchy of your roles. Using the same supporting code they use for generating the graph, you can easily access the ancestors of any role thusly: