Check out example codes for "How to handle permission in rails". It will help you in understanding the concepts better.

Code Example 1

class Ability
  include CanCan::Ability

  def initialize(user)
    if user.present?  # additional permissions for logged in users (they can read their own posts)
      can :read, Post, users: { id: user.id }
    end
  end
end

Code Example 2

class Post
  has_many :post_users
  has_many :users, through: :post_users
end

class PostUser
  belongs_to :post
  belongs_to :user
end

class User
  has_many :post_users
  has_many :posts, through: :post_users
end

Learn ReactJs, React Native from akashmittal.com