How to best go about supporting several distinct actors?

[Epigene]

Most of the examples are written with one type of actor, user, in mind, but live apps regularly have unregistered_visitor, user, admin and more.

For example, take a twitter clone. Who can do what with Post? I'm sick of seeing if user.admin?.
I want to structure my app according to Clean Architecture and have separate controllers for each actor type, and separate policies. I'm thinking of using actor type as a toplevel namespace, and resource types below. For example

class Visitor::PostPolicy
  def read?
    true
  end

  def update?
    false
  end
end

class User::PostPolicy < Visitor::PostPolicy
  # omitting `def read`, since it's the same as for visitors 
  
  def update?
    record.user_id = user.id
  end
end

class Admin::PostPolicy < Visitor::PostPolicy
  def update?
    true
  end
end

Is this a sensible approach?

[palkan]

Hey!
Sorry for late reply.

Yeah, this approach is sensible; actually, the namespacing feature of Action Policy was built with something like this in mind (we had an app with separate controllers for different types of users).

Authorization layer (e.g., policies) is connected to the entrypoint layer; so, it makes sense to organize policy the way entrypoints structured.