Implement roles and authorization

Gemfile

@@ -17,6 +17,10 @@ gem 'omniauth-reddit', :git => 'git://github.com/jackdempsey/omniauth-reddit.git
 
 gem 'active_model_serializers'
 
+# AUTHORIZATION
+gem 'pundit'
+gem 'rolify'
+
 group :production do
   gem 'rails_12factor'
   gem 'pg'

Gemfile.lock

@@ -120,6 +120,8 @@ GEM
       omniauth (~> 1.2)
     pg (0.18.3)
     puma (2.14.0)
+    pundit (1.0.1)
+      activesupport (>= 3.0.0)
     quiet_assets (1.1.0)
       railties (>= 3.1, < 5.0)
     rack (1.6.4)
@@ -161,6 +163,7 @@ GEM
       thor (>= 0.18.1, < 2.0)
     rake (10.4.2)
     rdoc (4.2.0)
+    rolify (4.1.1)
     ruby-graphviz (1.2.2)
     sass (3.4.18)
     sass-rails (5.0.4)
@@ -224,10 +227,12 @@ DEPENDENCIES
   omniauth-reddit!
   pg
   puma
+  pundit
   quiet_assets
   rails (= 4.2.4)
   rails-erd
   rails_12factor
+  rolify
   sass-rails (~> 5.0)
   sdoc (~> 0.4.0)
   simple_form

app/assets/javascripts/users.coffee

@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://coffeescript.org/

app/assets/stylesheets/users.scss

@@ -0,0 +1,3 @@
+// Place all the styles related to the Users controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/

app/controllers/application_controller.rb

@@ -1,4 +1,6 @@
 class ApplicationController < ActionController::Base
+  include Pundit
+
   protect_from_forgery with: :exception
 
   helper_method :current_user

app/controllers/awaken_types_controller.rb

@@ -1,20 +1,28 @@
 class AwakenTypesController < ApplicationController
   before_action :set_awaken_type, only: [:show, :edit, :update, :destroy]
+  after_action :verify_authorized
 
   def index
     @awaken_types = AwakenType.all
+
+    authorize AwakenType
   end
 
   def show
+    authorize @awaken_type
   end
 
   def new
     @awaken_type = AwakenType.new
+
+    authorize @awaken_type
   end
 
   def create
     @awaken_type = AwakenType.new(awaken_type_params)
 
+    authorize @awaken_type
+
     if @awaken_type.save
       redirect_to awaken_types_path, notice: 'Awaken Type was created'
     else
@@ -23,9 +31,12 @@ class AwakenTypesController < ApplicationController
   end
 
   def edit
+    authorize @awaken_type
   end
 
   def update
+    authorize @awaken_type
+
     if @awaken_type.update(awaken_type_params)
       redirect_to awaken_types_path, notice: 'Awaken Type was updated'
     else

app/controllers/cards_controller.rb

@@ -1,20 +1,28 @@
 class CardsController < ApplicationController
   before_action :set_card, only: [:show, :edit, :update, :destroy]
+  after_action :verify_authorized
 
   def index
     @cards = Card.includes(:character).all
+
+    authorize Card
   end
 
   def show
+    authorize @card
   end
 
   def new
     @card = Card.new
+
+    authorize @card
   end
 
   def create
     @card = Card.new(card_params)
 
+    authorize @card
+
     if @card.save
       redirect_to cards_path, notice: 'Card was created'
     else
@@ -23,9 +31,12 @@ class CardsController < ApplicationController
   end
 
   def edit
+    authorize @card
   end
 
   def update
+    authorize @card
+
     if @card.update(card_params)
       redirect_to cards_path, notice: 'Card was updated'
     else
@@ -34,6 +45,8 @@ class CardsController < ApplicationController
   end
 
   def destroy
+    authorize @card
+
     @card.destroy
 
     redirect_to cards_path, notice: 'Card was deleted'

app/controllers/characters_controller.rb

@@ -1,20 +1,28 @@
 class CharactersController < ApplicationController
   before_action :set_character, only: [:show, :edit, :update, :destroy]
+  after_action :verify_authorized
 
   def index
     @characters = Character.all
+
+    authorize Character
   end
 
   def show
+    authorize @character
   end
 
   def new
     @character = Character.new
+
+    authorize @character
   end
 
   def create
     @character = Character.new(character_params)
 
+    authorize @character
+
     if @character.save
       redirect_to characters_path, notice: 'Character was created'
     else
@@ -23,9 +31,12 @@ class CharactersController < ApplicationController
   end
 
   def edit
+    authorize @character
   end
 
   def update
+    authorize @character
+
     if @character.update(character_params)
       redirect_to characters_path, notice: 'Character was updated'
     else
@@ -34,6 +45,8 @@ class CharactersController < ApplicationController
   end
 
   def destroy
+    authorize @character
+
     @character.destroy
 
     redirect_to characters_path, notice: 'Character was deleted'

app/controllers/leader_skills_controller.rb

@@ -1,20 +1,28 @@
 class LeaderSkillsController < ApplicationController
   before_action :set_leader_skill, only: [:show, :edit, :update, :destroy]
+  after_action :verify_authorized
 
   def index
     @leader_skills = LeaderSkill.all
+
+    authorize LeaderSkill
   end
 
   def show
+    authorize @leader_skill
   end
 
   def new
     @leader_skill = LeaderSkill.new
+
+    authorize @leader_skill
   end
 
   def create
     @leader_skill = LeaderSkill.new(leader_skill_params)
 
+    authorize @leader_skill
+
     if @leader_skill.save
       redirect_to leader_skills_path, notice: 'Leader Skill was created'
     else
@@ -23,9 +31,12 @@ class LeaderSkillsController < ApplicationController
   end
 
   def edit
+    authorize @leader_skill
   end
 
   def update
+    authorize @leader_skill
+
     if @leader_skill.update(leader_skill_params)
       redirect_to leader_skills_path, notice: 'Leader Skill was updated'
     else
@@ -34,6 +45,8 @@ class LeaderSkillsController < ApplicationController
   end
 
   def destroy
+    authorize @leader_skill
+
     @leader_skill.destroy
 
     redirect_to leader_skills_path, notice: 'Leader Skills was deleted'

app/controllers/links_controller.rb

@@ -1,20 +1,28 @@
 class LinksController < ApplicationController
   before_action :set_link, only: [:show, :edit, :update, :destroy]
+  after_action :verify_authorized
 
   def index
     @links = Link.all
+
+    authorize Link
   end
 
   def show
+    authorize @link
   end
 
   def new
     @link = Link.new
+
+    authorize @link
   end
 
   def create
     @link = Link.new(link_params)
 
+    authorize @link
+
     if @link.save
       redirect_to links_path, notice: 'Link was created'
     else
@@ -23,9 +31,12 @@ class LinksController < ApplicationController
   end
 
   def edit
+    authorize @link
   end
 
   def update
+    authorize @link
+
     if @link.update(link_params)
       redirect_to links_path, notice: 'Link was updated'
     else
@@ -34,6 +45,8 @@ class LinksController < ApplicationController
   end
 
   def destroy
+    authorize @link
+
     @link.destroy
 
     redirect_to links_path, notice: 'Link was deleted'

app/controllers/passive_skills_controller.rb

@@ -1,20 +1,28 @@
 class PassiveSkillsController < ApplicationController
   before_action :set_passive_skill, only: [:show, :edit, :update, :destroy]
+  after_action :verify_authorized
 
   def index
     @passive_skills = PassiveSkill.all
+
+    authorize PassiveSkill
   end
 
   def show
+    authorize @passive_skill
   end
 
   def new
     @passive_skill = PassiveSkill.new
+
+    authorize @passive_skill
   end
 
   def create
     @passive_skill = PassiveSkill.new(passive_skill_params)
 
+    authorize @passive_skill
+
     if @passive_skill.save
       redirect_to passive_skills_path, notice: 'Passive Skill was created'
     else
@@ -23,9 +31,12 @@ class PassiveSkillsController < ApplicationController
   end
 
   def edit
+    authorize @passive_skill
   end
 
   def update
+    authorize @passive_skill
+
     if @passive_skill.update(passive_skill_params)
       redirect_to passive_skills_path, notice: 'Passive Skill was updated'
     else
@@ -34,6 +45,8 @@ class PassiveSkillsController < ApplicationController
   end
 
   def destroy
+    authorize @passive_skill
+
     @passive_skill.destroy
 
     redirect_to passive_skills_path, notice: 'Passive Skill was deleted'

app/controllers/rarities_controller.rb

@@ -1,20 +1,28 @@
 class RaritiesController < ApplicationController
   before_action :set_rarity, only: [:show, :edit, :update, :destroy]
+  after_action :verify_authorized
 
   def index
     @rarities = Rarity.all
+
+    authorize Rarity
   end
 
   def show
+    authorize @rarity
   end
 
   def new
     @rarity = Rarity.new
+
+    authorize @rarity
   end
 
   def create
     @rarity = Rarity.new(rarity_params)
 
+    authorize @rarity
+
     if @rarity.save
       redirect_to rarities_path, notice: 'Rarity was created'
     else
@@ -23,9 +31,12 @@ class RaritiesController < ApplicationController
   end
 
   def edit
+    authorize @rarity
   end
 
   def update
+    authorize @rarity
+
     if @rarity.update(rarity_params)
       redirect_to rarities_path, notice: 'Rarity was updated'
     else
@@ -34,6 +45,8 @@ class RaritiesController < ApplicationController
   end
 
   def destroy
+    authorize @rarity
+
     @rarity.destroy
 
     redirect_to rarities_path, notice: 'Rarity was deleted'

app/controllers/super_attacks_controller.rb

@@ -1,20 +1,28 @@
 class SuperAttacksController < ApplicationController
   before_action :set_super_attack, only: [:show, :edit, :update, :destroy]
+  after_action :verify_authorized
 
   def index
     @super_attacks = SuperAttack.all
+
+    authorize SuperAttack
   end
 
   def show
+    authorize @super_attack
   end
 
   def new
     @super_attack = SuperAttack.new
+
+    authorize @super_attack
   end
 
   def create
     @super_attack = SuperAttack.new(super_attack_params)
 
+    authorize @super_attack
+
     if @super_attack.save
       redirect_to super_attacks_path, notice: 'Super Attack was created'
     else
@@ -23,9 +31,12 @@ class SuperAttacksController < ApplicationController
   end
 
   def edit
+    authorize @super_attack
   end
 
   def update
+    authorize @super_attack
+
     if @super_attack.update(super_attack_params)
       redirect_to super_attacks_path, notice: 'Super Attack was updated'
     else
@@ -34,6 +45,8 @@ class SuperAttacksController < ApplicationController
   end
 
   def destroy
+    authorize @super_attack
+
     @super_attack.destroy
 
     redirect_to super_attacks_path, notice: 'Super Attack was deleted'

app/controllers/types_controller.rb

@@ -1,20 +1,27 @@
 class TypesController < ApplicationController
   before_action :set_type, only: [:show, :edit, :update, :destroy]
+  after_action :verify_authorized
 
   def index
     @types = Type.all
+    authorize Type
   end
 
   def show
+    authorize @type
   end
 
   def new
     @type = Type.new
+
+    authorize @type
   end
 
   def create
     @type = Type.new(type_params)
 
+    authorize @type
+
     if @type.save
       redirect_to types_path, notice: 'Type was created'
     else
@@ -23,9 +30,12 @@ class TypesController < ApplicationController
   end
 
   def edit
+    authorize @type
   end
 
   def update
+    authorize @type
+
     if @type.update(type_params)
       redirect_to types_path, notice: 'Type was updated'
     else
@@ -34,6 +44,8 @@ class TypesController < ApplicationController
   end
 
   def destroy
+    authorize @type
+
     @type.destroy
 
     redirect_to types_path, notice: 'Type was deleted'

app/controllers/users_controller.rb

@@ -0,0 +1,46 @@
+class UsersController < ApplicationController
+  before_action :set_user, only: [:show, :edit, :update, :destroy]
+  after_action :verify_authorized
+
+  def index
+    @users = User.all
+
+    authorize User
+  end
+
+  def show
+    authorize @user
+  end
+
+  def edit
+    authorize @user
+  end
+
+  def update
+    authorize @user
+
+    if @user.update(user_params)
+      redirect_to users_path, notice: 'User was updated'
+    else
+      render :edit
+    end
+  end
+
+  def destroy
+    authorize @user
+
+    @user.destroy
+
+    redirect_to users_path, notice: 'User was deleted'
+  end
+
+  private
+
+  def user_params
+    params.require(:user).permit(role_ids: [])
+  end
+
+  def set_user
+    @user = User.find(params[:id])
+  end
+end

app/helpers/users_helper.rb

@@ -0,0 +1,2 @@
+module UsersHelper
+end

app/models/role.rb

@@ -0,0 +1,10 @@
+class Role < ActiveRecord::Base
+  has_and_belongs_to_many :users, :join_table => :users_roles
+  belongs_to :resource, :polymorphic => true
+
+  validates :resource_type,
+            :inclusion => { :in => Rolify.resource_types },
+            :allow_nil => true
+
+  scopify
+end

app/models/user.rb

@@ -1,4 +1,8 @@
 class User < ActiveRecord::Base
+  rolify
+
+  after_create :set_admin, if: User.count == 1
+
   def self.create_with_omniauth(auth)
     where(provider: auth[:provider], uid: auth[:uid]).first_or_create do |user|
       user.provider = auth[:provider]
@@ -7,4 +11,18 @@ class User < ActiveRecord::Base
       user.email    = auth[:info][:email]
     end
   end
+
+  def admin?
+    self.has_role?(:admin)
+  end
+
+  def moderator?
+    self.has_role?(:moderator)
+  end
+
+  private
+
+  def set_admin
+    self.add_role :admin
+  end
 end

app/policies/application_policy.rb

@@ -0,0 +1,53 @@
+class ApplicationPolicy
+  attr_reader :user, :record
+
+  def initialize(user, record)
+    @user = user
+    @record = record
+  end
+
+  def index?
+    false
+  end
+
+  def show?
+    scope.where(:id => record.id).exists?
+  end
+
+  def create?
+    false
+  end
+
+  def new?
+    create?
+  end
+
+  def update?
+    false
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    false
+  end
+
+  def scope
+    Pundit.policy_scope!(user, record.class)
+  end
+
+  class Scope
+    attr_reader :user, :scope
+
+    def initialize(user, scope)
+      @user = user
+      @scope = scope
+    end
+
+    def resolve
+      scope
+    end
+  end
+end

app/policies/awaken_type_policy.rb

@@ -0,0 +1,17 @@
+class AwakenTypePolicy < ApplicationPolicy
+  def index?
+    true
+  end
+
+  def create?
+    user.admin?
+  end
+
+  def update?
+    user.admin?
+  end
+
+  def destroy?
+    user.admin?
+  end
+end

app/policies/card_policy.rb

@@ -0,0 +1,17 @@
+class CardPolicy < ApplicationPolicy
+  def index?
+    true
+  end
+
+  def create?
+    user.moderator? || user.admin?
+  end
+
+  def update?
+    user.moderator? || user.admin?
+  end
+
+  def destroy?
+    user.moderator? || user.admin?
+  end
+end

app/policies/character_policy.rb

@@ -0,0 +1,17 @@
+class CharacterPolicy < ApplicationPolicy
+  def index?
+    true
+  end
+
+  def create?
+    user.moderator? || user.admin?
+  end
+
+  def update?
+    user.moderator? || user.admin?
+  end
+
+  def destroy?
+    user.moderator? || user.admin?
+  end
+end

app/policies/leader_skill_policy.rb

@@ -0,0 +1,17 @@
+class LeaderSkillPolicy < ApplicationPolicy
+  def index?
+    true
+  end
+
+  def create?
+    user.moderator? || user.admin?
+  end
+
+  def update?
+    user.moderator? || user.admin?
+  end
+
+  def destroy?
+    user.moderator? || user.admin?
+  end
+end

app/policies/link_policy.rb

@@ -0,0 +1,17 @@
+class LinkPolicy < ApplicationPolicy
+  def index?
+    true
+  end
+
+  def create?
+    user.moderator? || user.admin?
+  end
+
+  def update?
+    user.moderator? || user.admin?
+  end
+
+  def destroy?
+    user.moderator? || user.admin?
+  end
+end

app/policies/passive_skill_policy.rb

@@ -0,0 +1,17 @@
+class PassiveSkillPolicy < ApplicationPolicy
+  def index?
+    true
+  end
+
+  def create?
+    user.moderator? || user.admin?
+  end
+
+  def update?
+    user.moderator? || user.admin?
+  end
+
+  def destroy?
+    user.moderator? || user.admin?
+  end
+end

app/policies/rarity_policy.rb

@@ -0,0 +1,17 @@
+class RarityPolicy < ApplicationPolicy
+  def index?
+    true
+  end
+
+  def create?
+    user.admin?
+  end
+
+  def update?
+    user.admin?
+  end
+
+  def destroy?
+    user.admin?
+  end
+end

app/policies/super_attack_policy.rb

@@ -0,0 +1,17 @@
+class SuperAttackPolicy < ApplicationPolicy
+  def index?
+    true
+  end
+
+  def create?
+    user.moderator? || user.admin?
+  end
+
+  def update?
+    user.moderator? || user.admin?
+  end
+
+  def destroy?
+    user.moderator? || user.admin?
+  end
+end

app/policies/type_policy.rb

@@ -0,0 +1,17 @@
+class TypePolicy < ApplicationPolicy
+  def index?
+    true
+  end
+
+  def create?
+    user.admin?
+  end
+
+  def update?
+    user.admin?
+  end
+
+  def destroy?
+    user.admin?
+  end
+end

app/policies/user_policy.rb

@@ -0,0 +1,13 @@
+class UserPolicy < ApplicationPolicy
+  def index?
+    user.admin?
+  end
+
+  def update?
+    user.admin?
+  end
+
+  def destroy?
+    user.admin?
+  end
+end

app/views/application/_navbar.html.slim

@@ -9,25 +9,44 @@
       = link_to 'DBZDokkan', root_path, class: 'navbar-brand'
     .collapse.navbar-collapse
       ul.nav.navbar-nav.navbar-right
-        li.dropdown
-          a href='#' class='dropdown-toggle' data-toggle='dropdown'
-            = 'Abilities '
-            span class='caret'
-          ul.dropdown-menu
-            li= link_to 'Links', links_path
-            li= link_to 'Leader Skills', leader_skills_path
-            li= link_to 'Passive Skills', passive_skills_path
-            li= link_to 'Super Attacks', super_attacks_path
-        li= nav_link_to 'Cards', cards_path
-        li= nav_link_to 'Characters', characters_path
-        li.dropdown
-          a href='#' class='dropdown-toggle' data-toggle='dropdown'
-            = 'Others '
-            span class='caret'
-          ul.dropdown-menu
-            li= link_to 'Awaken Types', awaken_types_path
-            li= link_to 'Rarities', rarities_path
-            li= link_to 'Types', types_path
+        - if policy(:user).index?
+          li.dropdown
+            a href='#' class='dropdown-toggle' data-toggle='dropdown'
+              = 'Admin '
+              span class='caret'
+            ul.dropdown-menu
+              - if policy(:user).index?
+                li= link_to 'Users', users_path
+        - if policy(:link).index? || policy(:leader_skill).index? || policy(:passive_skill).index? || policy(:super_attack).index?
+          li.dropdown
+            a href='#' class='dropdown-toggle' data-toggle='dropdown'
+              = 'Abilities '
+              span class='caret'
+            ul.dropdown-menu
+              - if policy(:link).index?
+                li= link_to 'Links', links_path
+              - if policy(:leader_skill).index?
+                li= link_to 'Leader Skills', leader_skills_path
+              - if policy(:passive_skill).index?
+                li= link_to 'Passive Skills', passive_skills_path
+              - if policy(:super_attack).index?
+                li= link_to 'Super Attacks', super_attacks_path
+        - if policy(:card).index?
+          li= nav_link_to 'Cards', cards_path
+        - if policy(:character).index?
+          li= nav_link_to 'Characters', characters_path
+        - if policy(:awaken_type).index? || policy(:rarity).index? || policy(:type).index?
+          li.dropdown
+            a href='#' class='dropdown-toggle' data-toggle='dropdown'
+              = 'Others '
+              span class='caret'
+            ul.dropdown-menu
+              - if policy(:awaken_type).index?
+                li= link_to 'Awaken Types', awaken_types_path
+              - if policy(:rarity).index?
+                li= link_to 'Rarities', rarities_path
+              - if policy(:type).index?
+                li= link_to 'Types', types_path
         - if logged_in?
           li= link_to 'Log Out', logout_path, method: :delete
         - else

app/views/awaken_types/index.html.slim

@@ -1,7 +1,8 @@
-.row
-  .col-md-12
-    .pull-right
-      = link_to 'New Awaken Type', new_awaken_type_path, class: 'btn btn-primary'
+- if policy(:awaken_type).new?
+  .row
+    .col-md-12
+      .pull-right
+        = link_to 'New Awaken Type', new_awaken_type_path, class: 'btn btn-primary'
 
 .row
   .col-md-12
@@ -15,9 +16,12 @@
           tr
             td= awaken_type.name
             td
-              = link_to glyph('edit', classes: 'control-icon'), edit_awaken_type_path(awaken_type)
-              = link_to glyph('trash', classes: 'control-icon'), awaken_type_path(awaken_type), method: :delete
+              - if policy(:awaken_type).edit?
+                = link_to glyph('edit', classes: 'control-icon'), edit_awaken_type_path(awaken_type)
+              - if policy(:awaken_type).destroy?
+                = link_to glyph('trash', classes: 'control-icon'), awaken_type_path(awaken_type), method: :delete
 
-.row
-  .col-md-12
-    = link_to 'New Awaken Type', new_awaken_type_path, class: 'btn btn-primary'
+- if policy(:awaken_type).new?
+  .row
+    .col-md-12
+      = link_to 'New Awaken Type', new_awaken_type_path, class: 'btn btn-primary'

app/views/cards/index.html.slim

@@ -1,7 +1,8 @@
-.row
-  .col-md-12
-    .pull-right
-      = link_to 'New Card', new_card_path, class: 'btn btn-primary'
+- if policy(:card).new?
+  .row
+    .col-md-12
+      .pull-right
+        = link_to 'New Card', new_card_path, class: 'btn btn-primary'
 
 .row
   .col-md-12
@@ -17,9 +18,12 @@
             td= card.name
             td= card.title
             td
-              = link_to glyph('edit', classes: 'control-icon'), edit_card_path(card)
-              = link_to glyph('trash', classes: 'control-icon'), card_path(card), method: :delete
+              - if policy(:card).edit?
+                = link_to glyph('edit', classes: 'control-icon'), edit_card_path(card)
+              - if policy(:card).destroy?
+                = link_to glyph('trash', classes: 'control-icon'), card_path(card), method: :delete
 
-.row
-  .col-md-12
-    = link_to 'New Card', new_card_path, class: 'btn btn-primary'
+- if policy(:card).new?
+  .row
+    .col-md-12
+      = link_to 'New Card', new_card_path, class: 'btn btn-primary'

app/views/characters/index.html.slim

@@ -1,7 +1,8 @@
-.row
-  .col-md-12
-    .pull-right
-      = link_to 'New Character', new_character_path, class: 'btn btn-primary'
+- if policy(:character).new?
+  .row
+    .col-md-12
+      .pull-right
+        = link_to 'New Character', new_character_path, class: 'btn btn-primary'
 
 .row
   .col-md-12
@@ -15,9 +16,12 @@
           tr
             td= character.name
             td
-              = link_to glyph('edit', classes: 'control-icon'), edit_character_path(character)
-              = link_to glyph('trash', classes: 'control-icon'), character_path(character), method: :delete
+              - if policy(:character).edit?
+                = link_to glyph('edit', classes: 'control-icon'), edit_character_path(character)
+              - if policy(:character).destroy?
+                = link_to glyph('trash', classes: 'control-icon'), character_path(character), method: :delete
 
-.row
-  .col-md-12
-    = link_to 'New Character', new_character_path, class: 'btn btn-primary'
+- if policy(:character).new?
+  .row
+    .col-md-12
+      = link_to 'New Character', new_character_path, class: 'btn btn-primary'

app/views/leader_skills/index.html.slim

@@ -1,7 +1,8 @@
-.row
-  .col-md-12
-    .pull-right
-      = link_to 'New Leader Skill', new_leader_skill_path, class: 'btn btn-primary'
+- if policy(:leader_skill).new?
+  .row
+    .col-md-12
+      .pull-right
+        = link_to 'New Leader Skill', new_leader_skill_path, class: 'btn btn-primary'
 
 .row
   .col-md-12
@@ -15,9 +16,12 @@
           tr
             td= leader_skill.description
             td
-              = link_to glyph('edit', classes: 'control-icon'), edit_leader_skill_path(leader_skill)
-              = link_to glyph('trash', classes: 'control-icon'), leader_skill_path(leader_skill), method: :delete
+              - if policy(:leader_skill).edit?
+                = link_to glyph('edit', classes: 'control-icon'), edit_leader_skill_path(leader_skill)
+              - if policy(:leader_skill).destroy?
+                = link_to glyph('trash', classes: 'control-icon'), leader_skill_path(leader_skill), method: :delete
 
-.row
-  .col-md-12
-    = link_to 'New Leader Skill', new_leader_skill_path, class: 'btn btn-primary'
+- if policy(:leader_skill).new?
+  .row
+    .col-md-12
+      = link_to 'New Leader Skill', new_leader_skill_path, class: 'btn btn-primary'

app/views/links/index.html.slim

@@ -1,7 +1,8 @@
-.row
-  .col-md-12
-    .pull-right
-      = link_to 'New Link', new_link_path, class: 'btn btn-primary'
+- if policy(:link).new?
+  .row
+    .col-md-12
+      .pull-right
+        = link_to 'New Link', new_link_path, class: 'btn btn-primary'
 
 .row
   .col-md-12
@@ -17,9 +18,12 @@
             td= link.name
             td= link.description
             td
-              = link_to glyph('edit', classes: 'control-icon'), edit_link_path(link)
-              = link_to glyph('trash', classes: 'control-icon'), link_path(link), method: :delete
+              - if policy(:link).edit?
+                = link_to glyph('edit', classes: 'control-icon'), edit_link_path(link)
+              - if policy(:link).destroy?
+                = link_to glyph('trash', classes: 'control-icon'), link_path(link), method: :delete
 
-.row
-  .col-md-12
-    = link_to 'New Link', new_link_path, class: 'btn btn-primary'
+- if policy(:link).new?
+  .row
+    .col-md-12
+      = link_to 'New Link', new_link_path, class: 'btn btn-primary'

app/views/passive_skills/index.html.slim

@@ -1,7 +1,8 @@
-.row
-  .col-md-12
-    .pull-right
-      = link_to 'New Passive Skill', new_passive_skill_path, class: 'btn btn-primary'
+- if policy(:passive_skill).new?
+  .row
+    .col-md-12
+      .pull-right
+        = link_to 'New Passive Skill', new_passive_skill_path, class: 'btn btn-primary'
 
 .row
   .col-md-12
@@ -17,9 +18,12 @@
             td= passive_skill.name
             td= passive_skill.description
             td
-              = link_to glyph('edit', classes: 'control-icon'), edit_passive_skill_path(passive_skill)
-              = link_to glyph('trash', classes: 'control-icon'), passive_skill_path(passive_skill), method: :delete
+              - if policy(:passive_skill).edit?
+                = link_to glyph('edit', classes: 'control-icon'), edit_passive_skill_path(passive_skill)
+              - if policy(:passive_skill).destroy?
+                = link_to glyph('trash', classes: 'control-icon'), passive_skill_path(passive_skill), method: :delete
 
-.row
-  .col-md-12
-    = link_to 'New Passive Skill', new_passive_skill_path, class: 'btn btn-primary'
+- if policy(:passive_skill).new?
+  .row
+    .col-md-12
+      = link_to 'New Passive Skill', new_passive_skill_path, class: 'btn btn-primary'

app/views/rarities/index.html.slim

@@ -1,7 +1,8 @@
-.row
-  .col-md-12
-    .pull-right
-      = link_to 'New Rarity', new_rarity_path, class: 'btn btn-primary'
+- if policy(:rarity).new?
+  .row
+    .col-md-12
+      .pull-right
+        = link_to 'New Rarity', new_rarity_path, class: 'btn btn-primary'
 
 .row
   .col-md-12
@@ -17,9 +18,12 @@
             td= rarity.name
             td= rarity.description
             td
-              = link_to glyph('edit', classes: 'control-icon'), edit_rarity_path(rarity)
-              = link_to glyph('trash', classes: 'control-icon'), rarity_path(rarity), method: :delete
+              - if policy(:rarity).edit?
+                = link_to glyph('edit', classes: 'control-icon'), edit_rarity_path(rarity)
+              - if policy(:rarity).destroy?
+                = link_to glyph('trash', classes: 'control-icon'), rarity_path(rarity), method: :delete
 
-.row
-  .col-md-12
-    = link_to 'New Rarity', new_rarity_path, class: 'btn btn-primary'
+- if policy(:rarity).new?
+  .row
+    .col-md-12
+      = link_to 'New Rarity', new_rarity_path, class: 'btn btn-primary'

app/views/super_attacks/index.html.slim

@@ -1,7 +1,8 @@
-.row
-  .col-md-12
-    .pull-right
-      = link_to 'New Super Attack', new_super_attack_path, class: 'btn btn-primary'
+- if policy(:super_attack).new?
+  .row
+    .col-md-12
+      .pull-right
+        = link_to 'New Super Attack', new_super_attack_path, class: 'btn btn-primary'
 
 .row
   .col-md-12
@@ -17,9 +18,12 @@
             td= super_attack.name
             td= super_attack.description
             td
-              = link_to glyph('edit', classes: 'control-icon'), edit_super_attack_path(super_attack)
-              = link_to glyph('trash', classes: 'control-icon'), super_attack_path(super_attack), method: :delete
+              - if policy(:super_attack).edit?
+                = link_to glyph('edit', classes: 'control-icon'), edit_super_attack_path(super_attack)
+              - if policy(:super_attack).destroy?
+                = link_to glyph('trash', classes: 'control-icon'), super_attack_path(super_attack), method: :delete
 
-.row
-  .col-md-12
-    = link_to 'New Super Attack', new_super_attack_path, class: 'btn btn-primary'
+- if policy(:super_attack).new?
+  .row
+    .col-md-12
+      = link_to 'New Super Attack', new_super_attack_path, class: 'btn btn-primary'

app/views/types/index.html.slim

@@ -1,7 +1,8 @@
-.row
-  .col-md-12
-    .pull-right
-      = link_to 'New Type', new_type_path, class: 'btn btn-primary'
+- if policy(:type).new?
+  .row
+    .col-md-12
+      .pull-right
+        = link_to 'New Type', new_type_path, class: 'btn btn-primary'
 
 .row
   .col-md-12
@@ -17,9 +18,12 @@
             td= type.name
             td= type.description
             td
-              = link_to glyph('edit', classes: 'control-icon'), edit_type_path(type)
-              = link_to glyph('trash', classes: 'control-icon'), type_path(type), method: :delete
+              - if policy(:type).edit?
+                = link_to glyph('edit', classes: 'control-icon'), edit_type_path(type)
+              - if policy(:type).destroy?
+                = link_to glyph('trash', classes: 'control-icon'), type_path(type), method: :delete
 
-.row
-  .col-md-12
-    = link_to 'New Type', new_type_path, class: 'btn btn-primary'
+- if policy(:type).new?
+  .row
+    .col-md-12
+      = link_to 'New Type', new_type_path, class: 'btn btn-primary'

app/views/users/_form.html.slim

@@ -0,0 +1,5 @@
+= simple_form_for @user do |f|
+  .form-inputs
+    = f.association :roles, as: :check_boxes
+  .form-actions
+    = f.button :button

app/views/users/edit.html.slim

@@ -0,0 +1 @@
+== render 'form'

app/views/users/index.html.slim

@@ -0,0 +1,16 @@
+.row
+  .col-md-12
+    table.table.table-striped.table-hover
+      thead
+        tr
+          th Nickname
+          th Actions
+      tbody
+        - @users.each do |user|
+          tr
+            td= user.nickname
+            td
+              - if policy(:user).edit?
+                = link_to glyph('edit', classes: 'control-icon'), edit_user_path(user)
+              - if policy(:user).destroy?
+                = link_to glyph('trash', classes: 'control-icon'), user_path(user), method: :delete

config/initializers/rolify.rb

@@ -0,0 +1,7 @@
+Rolify.configure do |config|
+  # By default ORM adapter is ActiveRecord. uncomment to use mongoid
+  # config.use_mongoid
+
+  # Dynamic shortcuts for User class (user.is_admin? like methods). Default is: false
+  # config.use_dynamic_shortcuts
+end

config/routes.rb

@@ -12,6 +12,7 @@ Rails.application.routes.draw do
   resources :rarities
   resources :super_attacks
   resources :types
+  resources :users, except: [:new, :create]
   resources :welcome, only: [:index]
 
   root to: 'welcome#index'

db/migrate/20151008192100_rolify_create_roles.rb

@@ -0,0 +1,19 @@
+class RolifyCreateRoles < ActiveRecord::Migration
+  def change
+    create_table(:roles) do |t|
+      t.string :name
+      t.references :resource, :polymorphic => true
+
+      t.timestamps
+    end
+
+    create_table(:users_roles, :id => false) do |t|
+      t.references :user
+      t.references :role
+    end
+
+    add_index(:roles, :name)
+    add_index(:roles, [ :name, :resource_type, :resource_id ])
+    add_index(:users_roles, [ :user_id, :role_id ])
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20151008163922) do
+ActiveRecord::Schema.define(version: 20151008192100) do
 
   create_table "awaken_types", force: :cascade do |t|
     t.string   "name"
@@ -93,6 +93,17 @@ ActiveRecord::Schema.define(version: 20151008163922) do
     t.datetime "updated_at",  null: false
   end
 
+  create_table "roles", force: :cascade do |t|
+    t.string   "name"
+    t.integer  "resource_id"
+    t.string   "resource_type"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  add_index "roles", ["name", "resource_type", "resource_id"], name: "index_roles_on_name_and_resource_type_and_resource_id"
+  add_index "roles", ["name"], name: "index_roles_on_name"
+
   create_table "super_attacks", force: :cascade do |t|
     t.string   "name"
     t.string   "description"
@@ -116,4 +127,11 @@ ActiveRecord::Schema.define(version: 20151008163922) do
     t.datetime "updated_at", null: false
   end
 
+  create_table "users_roles", id: false, force: :cascade do |t|
+    t.integer "user_id"
+    t.integer "role_id"
+  end
+
+  add_index "users_roles", ["user_id", "role_id"], name: "index_users_roles_on_user_id_and_role_id"
+
 end

db/seeds.rb

@@ -19,6 +19,13 @@ awaken_types = [
   'Extreme',
 ]
 
+roles = [
+  :admin,
+  :moderator,
+  :user,
+  :guest,
+]
+
 types.each do |description, name|
   Type.create(name: name, description: description)
 end
@@ -30,3 +37,7 @@ end
 awaken_types.each do |name|
   AwakenType.create(name: name)
 end
+
+roles.each do |role|
+  Role.where({ name: role }, without_protection: true).first_or_create
+end