How to make Ruby on Rails authorization?

I have this problem for my social network website. I want to make an authorization for members based on the member level, if the member's level is below then the others, he can't chat or seeing the profile picture. Is there any plug in that can handle 开发者_StackOverflow社区it?

Declarative Authorization. Very powerful. Would definitely recommend it. There's even an awesome railscast on this by Ryan Bates.

I've used the following (both can be found on GitHub):

CanCan--pretty straightforward and well-documented. The author is Ryan Bates of Railscasts fame. One nice thing about it is you can identify all of your permissions within a single file.

RESTful_ACL--not as popular but easy to implement. Permissions are defined in each model you want to protect. I wrote a series on implementing RESTful_ACL in my Rails blog: http://everydayrails.com/2010/06/16/authorization-restful-acl-1.html

Try Aegis - http://www.agileweboperations.com/role-based-permissions-for-your-ruby-on-rails-application