Since you are using Rails, you can create these rules in the Backend using Cancan .
Read the documentation for installation and configuration. All the access rules are done in the file ability.rb
, in case your configuration would look something like this:
class Ability
include CanCan::Ability
def initialize(usuario)
usuario ||= Usuario.new
if usuario.administrador_geral?
can :manage, :all
end
if usuario.administrador_local?
can :manage, LocalModelOne
can :manage, LocalModelTwo
end
if usuario.mantenedor?
can :manage, RestrictModelOne
can :manage, RestrictModelTwo
can :read, VeryRestrictModelOne
end
end
end
Well, I put some fake rules just so you have an idea of the structure, but you will create your own rules.
The methods administrador_geral?
, administrador_local?
and mantenedor?
are methods of verification that you will create in your Usuario
model, for example
def mantenedor?
usuario.tipo == MANTENEDOR_TIPO
end
Just a way of how it can be done, but since your question is very open, there is no way to give a closed solution, good luck.