Authentication design/ideas

Hi all,
I’m using acts_as_authenticated for the front end facing part of my
site. I have a model called Customer. I now want to protect the admin
sides of things. I am thinking of using Ezra’s acl plugin
(http://opensvn.csie.org/ezra/rails/plugins/dev/acl_system2/README)
for this. My only problem is that I don’t want the model for admin
users to be called Customer, I’d rather it be called User or something
(call me pedantic :slight_smile:

So, I could rename my Customer model to User and implement the above
plugin which will give me the authorization I want. But then I lose
the ability to do:

@order.customer.fullname

Instead it will be:

@order.user.fullname

Also, for admin users, I just want to store their username and
password, not all the other associated data that goes with a customer.

Is this a use for STI? Can I somehow alias the User model so that it
can be accessed as Customer as well? Shall I just forget this and live
with the name User? :slight_smile:

How do others approach the frontend/backend authorization scenario? I
would imagine it’s pretty common.

Many thanks,
Jord

Hello Jord,

2006/7/25, Jordan E. [email protected]:

Is this a use for STI? Can I somehow alias the User model so that it
can be accessed as Customer as well? Shall I just forget this and live
with the name User? :slight_smile:

Nothing prevents you from doing:

class Order < ActiveRecord::Base
belongs_to :customer, :class_name => ‘User’, :foreign_key =>
:customer_id
end

class User < ActiveRecord::Base
has_many :orders, :foreign_key => :customer_id
end

That takes care of one problem. Secondly, your admin users. Yes,
this is a use for STI. You can do this:

class User < ActiveRecord::Base
validates_presence_of :login, :password
end

class Customer < User
validates_presence_of :address, :phone
has_many :orders, :foreign_key => :customer_id, :order => :order_no
end

class Order < ActiveRecord::Base
belongs_to :customer, :foreign_key => :customer_id
validates_presence_of :customer_id
end

Hope that helps !

Hi Francois,

Nothing prevents you from doing:

class Order < ActiveRecord::Base
belongs_to :customer, :class_name => ‘User’, :foreign_key => :customer_id
end

class User < ActiveRecord::Base
has_many :orders, :foreign_key => :customer_id
end

That’s great to know. I always assumed that the association had to be
the name of the table. Very useful, thanks.

end

class Order < ActiveRecord::Base
belongs_to :customer, :foreign_key => :customer_id
validates_presence_of :customer_id
end

Hope that helps !

It does, greatly. Thank you very much :slight_smile:

I can’t help thinking that this is too much. I only need to password
protect a controller with one or two usernames and I wanted to keep
the acts_as_authenticated code as DRY as possible, which is why I’ve
gone for this idea. Do you think it’s a good idea to mix customers and
internal users into the same table? What do you think?

Cheers,
Jord

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs