User-customizable roles? (best practices, ideas, examples)
I'm looking to implement a user-customizable roles feature in an application and I was wondering if anyone had any ideas, experiences, or good examples from other apps. I'm looking for ideas for both the UI portion and the backend portion.
I'd like admin users within each account to be able to create, modify, and delete roles for their account. These roles can be fine-tuned for different permissions across the app.
I have some ideas of how to implement this, but I'm always open to new or better ways.
For reference, I plan to use Pundit for the actual authorization of these roles.
I think you should define some roles upfront and let the user choose from those.
Either you do a simple hierarchy based like
user < admin < superadmin etc. Where the
admin has the same rights like
user and some extra and
superadmin has the same right like
admin and some extra. Here you define all the action and the
superadmin for instance can alter the
superuser and vice versa.
Other way would be to grant the user to choose action based roles like
can_edit_post. In this case though you still should have some hierarchy otherwise any user can override any other user's role.
Regarding the database it also can be tricky in more complex cases you have to define joint_tables between roles and users. Although in most cases it's perfectly enough to create a role field on the users table.