I’m somewhat new with RoR, but have been programming for a while. I’m
trying to design the right model for an application which will have a
login system, I’m leaning towards acts_as_authenticated.
I have one confusion, though… In my app, I want to have one login
system which will allow general Clients and Employees to login. These
have all similar characteristics shared with the User table created
by AAA, but also have other methods and behaviors to deal with the
rest of my app.
How should I define the Client model, for instance? Would it be
something like:
class Client < User
since I already have user.rb defining the User class as such:
class User < ActiveRecord::Base
or would I be forced to compromise and create different Client and
Employee tables and models, each with its own salt, hashed_passwords
and the like?
I figure by inheriting from User, I should be able to define the User
model with all the relevant methods and properties. Must I have all
the classes in the same file, or am I able to have a client.rb file
where I inherit User?
“Peace of mind isn’t at all superficial, really,” I expound. “It’s
the whole thing. That which produces it is good maintenance; that
which disturbs it is poor maintenance. What we call workability of
the machine is just an objectification of this peace of mind. The
ultimate test is always your own serenity.” - Zen and the Art of
Motorcycle Maintenance.
by AAA, but also have other methods and behaviors to deal with the
rest of my app.
[…]
Hi Mauricio,
What you’re describing sounds very much like role-based authorization
to me. Your Clients and Employees do not necessarily have to be
first-class models; they are both Users, but they belong in different
roles because they do not have the same access to resources.
How you implement this kind of role separation is up to you – in some
of my apps, I have just a text field on my User model that contains
the name of a role; in others, I have a table of Roles, and my User
model belongs_to :role (i.e., it has a role_id field). In still
others, where users can be in many roles and the relationship is a
many-to-many, I use a join model, like “Membership”, which has a
user_id and a role_id.
Another way to get started might be to look at Bill K.'s
Authorization plugin ( writertopia ). I don’t know
if he’s been doing much work on it lately, but it’s certainly worth
looking at, as it may help with your concerns.
I don’t know why I didn’t think of RBAC before, it’s definitely what
I need.
So I’ll just use the authentication provided by AAA, then setup an
authorization system based on the Membership model, which then allows
me to redirect the user to the right controller depending on the
current role the User assumes. I actually considered using Goldberg,
but that would defeat my purpose of learning more about Rails, so
I’ll build it from scratch.
“Peace of mind isn’t at all superficial, really,” I expound. “It’s
the whole thing. That which produces it is good maintenance; that
which disturbs it is poor maintenance. What we call workability of
the machine is just an objectification of this peace of mind. The
ultimate test is always your own serenity.” - Zen and the Art of
Motorcycle Maintenance.
On May 24, 2007, at 03:52, Seth Morabito wrote:
What you’re describing sounds very much like role-based authorization
to me.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.