What is the best approach to setting up authentication\authorization system for corporate \ single user accounts in Rails?

I'm setting up a website where I have multiple types of users. For instance consider Amazon or CDW. They have individual accounts, where a regular person can just buy a book or a computer, and they also have corporate accounts, that have multiple subusers that can do purchasing and a supervisor/superuser that can track spending on the whole account, but also close account of subusers or add new subusers for their account.

I can obviously roll out my own system here, but would I be better of starting off with something like devise, authlogic or restful_authentication in conjun开发者_运维百科ction with CanCan or similar authorization system? Or is there something like this out there already? Anyone had any experience setting up something like this? What are the caveats?

Thanks

I did some digging, and right now there is nothing like this available. At least not a as ready to use gem. Most people seem to just roll their own. I'll do the same here.

P.S.:

Not accepting the other answer as it is essentially the repeat of my question in a statement form. One of my professors used to fail students if they tried to give him answers like this.

I would suggest using Devise (or similar) to authenticate users, and CanCan (or similar) to authorize their actions.

Beyond that, you essentially roll your own. You can have users belonging to accounts, admin boolean flags on user instances, etc. to determine what users are allowed to do. But definitely let Devise and CanCan do the heavy lifting.