- Overall permissions and assignments will be stored in PostgreSQL
- A simplified cached version of a users' permissions will be stored in Redis
- Contains a hash with the permission name and class and id of the object if relevant
- Authorization will reference the cached version in Redis using Ohm
- The cache will be build if there is no data in it when Rails starts
- Changes to permissions or permissions assignments will trigger a cache update job(in Resque)
- Users will have a default Role assigned which will contain permissions everyone who is logged in has
- AnonymousUsers will have a default Role assigned which will contain permissions logged out users have
- User permission assignments will specify the object/record/entity if any they apply to.
- Roles will specify the entity if any they apply to. Entities will not be stored on the Role permission assignment.
- Referencing non-existant roles should raise an exception
- User - Authenticated/referenced class.
- Role - Allows mass assignment of permission to a group generally or on a specific object or entity
- Permission - Defines a checkable assignment of authority to perform or access certain functionality
- UserPermission - Defines an assignment of a Permission to a specific User to access functionality generally or on a specific object or entity.
- RolePermission - Defines an assignement of a Permission to a Role