Role-Based Access Control With CanCan
Getting permissions correct for web applications can be a daunting task. Take for example a university application, where Students can see content created by themselves or other students in their group, Teachers can see any content created in any of their classes, and Administrators can see any content on the system.
If we were to hardcode these rules everywhere we needed them, the permissions checking would quickly get out of hand, and it would be hard to reason about the security of the system.
CanCan solves this problem in an elegant way, giving us a single file where we can list all the permissions and roles.