Go back
We just answered a question on StackOverflow.
This situation comes up when you have a hierarchy of roles in a system and you want to allow some roles the ability to edit users. It is important for security to ensure that no user can promote himself to a higher level, thus granting themselves more permissions. If you are using the elegant and powerful declarative_authorization gem for your access control, the means for doing this unfortunately is not exactly clear.
It turns out the declarative_authorization gem has a nifty controller which produces a graph showing the hierarchy of your roles. Using the same supporting code they use for generating the graph, you can easily access the ancestors of any role thusly: