Rails 3.0 authorization per user not roles

A lot of the rails authorization gems in rails is based on the idea of roles. We have a开发者_开发知识库 website that does not have "roles" but rather many users. Each user needs access to changed/update information on a single page rather than on lots of pages in a role of author. The page that they are editing is public accessible (view) but only editable by that user or the admin. No other user can edit that page.

Creating a role per user for this is silly.

Are there any rails gems already available that will allow this sort of mapping to users that do not have a particular grouping in a role?

Am I looking at the problem incorrectly?

Thanks.

You can use CanCan, and limit the queries / actions per user. Check it here https://github.com/ryanb/cancan . And there's an example of how to do this in Railscast 192.

I have the idea that I've seen an example in which CanCan added a mixin active record to provide some out of the box authorization, but I can't find an example of that. It the code looked like (it the app would be a blog with comments) Comment.authorize.find(1) and that command validated that the user had created the comment.

Role based permission systems are old hat, Mysql changed from a roles based system to a permissions based system a long time ago.

I have a plugin that is very similar to cancan but it differs in a few small ways.Fat Model Auth