Hi,
I am creating a daily deals website and have a Users table in my
database. I want to be able to differentiate admins from regular
users(customers). What is the recommended way to do this? Just add a
role column to the table which says “admin” or “customer”? Is this
secure? Or maybe create another table called Role (user_id, role)?
Thanks
Samir
On Dec 17, 2011, at 6:23 PM, Samir wrote:
Hi,
I am creating a daily deals website and have a Users table in my
database. I want to be able to differentiate admins from regular
users(customers). What is the recommended way to do this? Just add a
role column to the table which says “admin” or “customer”? Is this
secure? Or maybe create another table called Role (user_id, role)?
It depends on whether you will be using roles for anything more
fine-grained in future. I have done both, and you just have to choose
based on how complicated this side of your application is likely to
become.
As far as security goes, just add a validation that ensures that the
only person who can change the role is an admin. This keeps the admin
from locking herself out, and it also keeps the proles from promoting
themselves. Set customer as the default value for the role column in
your migration, and either use console or a seed to set your first admin
record.
Walter
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs