Use Roles for checking access privileges

Objective 🔗

We should use Roles to enable access to restricted features. To grant access to features and actions that only a subset of the BP team should have, we should use the roles that we have created through the rolify gem.

If you need to provide access for a more specific subset of employees, you should go through the process of creating a new role instead of relying on other feature access tools. This will improve clarity of which employees should be able to access which features.

Good 🔗

# admin/marketplace/business.rb

  action_item :destroy_business,
              if: proc { current_user.admin? },
              only: [:show] do
              ...

Bad 🔗

# admin/marketplace/business.rb

  action_item :destroy_business,
              if: proc { Flipper.enabled?("2024_04:marketplace:delete_marketplace_business_admin_ui", current_user) },
              only: [:show] do
              ...

We should avoid using Flipper feature flags to enable access to features.

Feature flags should be used to test the rollout of new features that are not guaranteed to be a permanent part of the application.