<p>Sounds like a good idea to me, and I agree that CanCanCan looks like it's probably the best option from what I've seen so far.</p>
<p>I have to say that having read quite a bit of the CanCanCan documentation now I still don't entirely understand how the ability objects get created and attached to the request so that he controllers and views can see them, but I'm sure there's something entirely obvious that I've missed that you will be able to figure out ;-)</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/issues/1626#issuecomment-326412734">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ABWnLVX1OLoEmCUKcE4HfNxtOWakI9E9ks5sdxiAgaJpZM4PHh-a">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/ABWnLY7Aa8KNYKW827_Otf8WEXGHypKAks5sdxiAgaJpZM4PHh-a.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/openstreetmap/openstreetmap-website/issues/1626#issuecomment-326412734"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/openstreetmap/openstreetmap-website","title":"openstreetmap/openstreetmap-website","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/openstreetmap/openstreetmap-website"}},"updates":{"snippets":[{"icon":"PERSON","message":"@tomhughes in #1626: Sounds like a good idea to me, and I agree that CanCanCan looks like it's probably the best option from what I've seen so far.\r\n\r\nI have to say that having read quite a bit of the CanCanCan documentation now I still don't entirely understand how the ability objects get created and attached to the request so that he controllers and views can see them, but I'm sure there's something entirely obvious that I've missed that you will be able to figure out ;-)"}],"action":{"name":"View Issue","url":"https://github.com/openstreetmap/openstreetmap-website/issues/1626#issuecomment-326412734"}}}</script>