Description:

Authorizer is a gem for Ruby (in conjunction with Rails 2.3) that does authorization for you on a per-object basis. What makes this gem different from e.g. declarative_authorization and cancan is they define one role for the entire application. With Authorizer, you define roles for different users on every Rails object.

Let's use a Dropbox analogy.

With Dropbox, you can choose which folder you want to share. For instance:

Al has a home folder with these subfolders in it:

 - Music (shared with Bob)

 - Pictures (shared with Casper and Bob)

 - News (shared with no-one)

This causes Al to have all 3 folders in his Dropbox. Bob has 2 and Casper has only 1 folder called Pictures. 

In other words, a user has access to a subset of the entire collection of folders. Bob has access to 2 of Al's folders, namely Music and Pictures. But he doesn't even see the News folder, nor can he download files from it. 

Bob's access to the two folders is both read and write, so let's call that role "admin". Al is the owner of all 3 folders and has a role called "owner". This leads to the following Roles table:

 folder_name

Features:

user_name           role

 Music

Instructions:

Al                  owner