How to implement Role Based Access Control with rails/java?

Question

I'm working on new application with many users, a few roles and specific permissions for those roles. I would like to know the best practices to implement RBAC.

My requirements are:

I will have set of roles assigned to users say,

user1=superadmin, user2=admin, user3=expert

Based on user role I have to restrict:

1. Html pages (links in home page).

2. Data in all pages. (like some level of data abstraction).

3. Html elements in few pages. (for eg: some buttons, labels..etc., will be visible to user3).

Is there a framework to go ahead with?

Any advise is very appreciated!

NOTE: We will using either rails/java to develop app.

Answer 1

Have a look at the cancan gem. An (older) railscast can be found here

Example from github:

<% if can? :create, Project %>
  <%= link_to "New Project", new_project_path %>
<% end %>

Answer 2

You can use Casbin: https://casbin.org/

It supports Java and Javascript to do frontend and backend authorization.

Answer 3

in this period I've created a new Open Source project related the RBAC:

microservice-rbac-user-management

You can find an RBAC apis and model here ready to use and with all the documentation. I hope this will help you.