Custom RBAC with CanCan (or other plugin?)

Question

i'm looking for a customized RBAC solution for an application i am making. The main difference than casual CanCan would be that the RBAC is not relying on a User model, but rather on some other models, totally custom.

For instance, a user belongs to a group and that group has roles that have specific permissions. That is, a User may belong to group 'workers'(he is a worker), where workers are able to 'fix stuff'.

What i would actually like to ask before implementing this, is whether CanCan is able to do such a customized thing. Or if there is a better solution for designing a custom RBAC, a better plugin maybe ?

NOTICE that this RBAC i'm trying to do has nothing to do with actual user authentication, but is just a way to use internal resources, like who is able to fix stuff, who is able to clean and so on ..

Answer 1

CanCan cares very little about where permissions comes from.

Replace

class Ability
  include CanCan::Ability

  def initialize(user)
    if user.has_role?(:foo)
      can :manage, :bars
    end
  end
end

with

class Ability
  include CanCan::Ability

  def initialize(user)
    if user.group.has_role?(:foo)
      can :manage, :bars
    end
  end
end

And you have a group based system.