I’ve been struggling a bit trying to figure out the best way to
design/implement a system with authentication/authorization, and was
hoping some of you may be able to offer some advice…
At the moment, I have a system with 4 different types of users -
clients, administrators, sales_reps, and public_users. I’m using
“Authorizing Users with Roles” from the Rails Recipes book, and it’s
working well, the only problem I’m having is the following:
I have a Users table which contains pretty much the minimum amount of
information required to allow users to login:
def self.up
create_table :users do |t|
t.column :username, :string
t.column :password_salt, :string
t.column :password_hash, :string
t.column :created_at, :datetime
t.column :updated_at, :datetime
t.column :last_login_date, :datetime
end
The problem is that some users (such as sales reps), need many more
attributes than are provided by the User table, such as
primary_market, secondary_market, previous_employer, current_employer,
essay, referral_source, website, comments, etc… So what I’m
struggling with is how to add these attributes… Do I:
a) add all the attributes to the users table - this is the easiest
solution, since then I can consider everyone as a user, the only
difference being that some users will actually make use of the
additional attributes, while others (such as administrators) won’t
need the extra info.
b) add as many common attributes (such as first_name, last_name, date
of birth) to the Users table and create another table for additional
information specific to the particular user type (ie add
primary_market, essay, etc to a “sales_rep_info” table)
c) ??
right now I’m using option B, but what I find confusing is if, for
example, I have a has_and_belongs_to_many relationship for sales reps,
such as primary_market (can be a combination of “automotive”,
“electrical”, “industrial”, etc), do I associate the foreign key of
the primary_market join table with the sales_rep_info table, or do I
associate it with the users table? Or do I associate with both
tables, (ie, use the same id value for sales_rep_info as I do for the
entry in the users table).
I’m thinking that I should associate it with the users table, since
that should be the main entry point for updating/inserting/modifying
user information… But then the problem is that I have a bunch of
associations attached to the users table, and then I might have
something like primary_city_id, which is something specific to a
sales_rep, so ideally, that should be referenced in the sales_rep_info
table, not the users table… So then I end up with a mixture of
associations spread through both the users table and the
sales_rep_table, some of which contain information specific to the
type of user, and some of which are generic relations.
Now that I’ve written things down, it seems like I should keep all
generic associations tied to the user table (ie roles, rights, etc),
and use the sales_rep_info table for informaiton specific to the sales
reps…
so if anyone can make heads or tails of what I’m talking about, I
would appreciate some advice or direction. Thanks for your help,
Mike