I’ve written an article on Rails authorization, showing how to implement simple role-based authorization, and comparing the Pundit and CanCan gems, with links to the rails-devise-roles example application, which you can generate with Rails Composer.