Could someone help me with an authentication/authorisation design
please?
It’s for a car garage application that allows a customer to monitor the
status of their car. Here are my requirements:
- I need a heirarchy of 4 users:
A. Superuser (me)
B. Garage owner.
C. Mechanic.
D. Customer.
The superuser can create/edit/delete users A,B,C and D.
The Garage owner can create/edit/delete users C and D.
-
There can be multiple Garage owners that own the same group of
mechanics, and customers. -
Authentication for garage owners and mechanics is an account number
(that the application issues) and password. -
Authentication for customers is based on their email address and
password. -
A single login form for all types of user.
-
A customer has visibility of the status of their car only. A mechanic
or garage owner has access to all cars associated with the garage. And
the super user has access to all cars in the db.
My plugins of choice for this would be authlogic and cancan, but I can’t
figure out a design that will represent the ownership of some users by
other users, for example, that for a particular garage owner, get all
the mechanics or customers.
I have tried several designs, but none seem to work. I would appreciate
any help, advice or pointers.
Thanks