Multi User System -- STI? Roles? Hmmm?


#1

Ok, this is a tricky situation. I have a user system where a user might
be an admin, a director, an actor/actress, an extra, or a member At
first, STI sounded great, mainly because a member could just browse, a
directory and actor/actress has_many movies, and so on. Then I realized
that a director could also star in a movie, so, STI wouldn’t work
because of the overlap.

I’m not sure what to do to build this cleanly, I mean, it’d be easy to
use STI so I can have model relationships based on type, but if you
can’t share the models, what am I to do? Use a hacky implementation of
roles?

Thoughts? Suggestions?

Thanks!


#2

STI?
http://en.wikipedia.org/wiki/Sexually_transmitted_disease
http://wiki.rubyonrails.org/rails/pages/singletableinheritance

why don’t you just use a role-based authentication system? that way
your users may have many different roles. or do actors have different
attributes than directors?

it clearly depends on what your trying to achieve. the better the
infos you offer, the better the advice you might get.


#3

MaD wrote:

STI?
http://en.wikipedia.org/wiki/Sexually_transmitted_disease
http://wiki.rubyonrails.org/rails/pages/singletableinheritance

why don’t you just use a role-based authentication system? that way
your users may have many different roles. or do actors have different
attributes than directors?

it clearly depends on what your trying to achieve. the better the
infos you offer, the better the advice you might get.

STDs lol. Simple example, a director can direct movies, a browsing
member can not. An actor can star in a movie, a browsing member can not.


#4

well that’s more or less a questions of rights. i guess you could
easily manage that with a role-based authentication system.


#5

MaD wrote:

well that’s more or less a questions of rights. i guess you could
easily manage that with a role-based authentication system.

How would you cleanly define a relationship between a user and other
models based off a role?


#6

I’ve used restful_authentication and role_requirement for a similar
situation. It’s easy to setup, and should allow you to do all the
stuff you want. As far as the associations you speak of, you probably
to setup some different find methods with_scope. Check out the
following links for more info…

http://github.com/timcharper/role_requirement
http://github.com/technoweenie/restful-authentication
http://api.rubyonrails.org/classes/ActiveRecord/Base.html#M002256

On Feb 20, 1:02 am, Mrkris M. removed_email_address@domain.invalid


#7

Dave S wrote:

I’ve used restful_authentication and role_requirement for a similar
situation. It’s easy to setup, and should allow you to do all the
stuff you want. As far as the associations you speak of, you probably
to setup some different find methods with_scope. Check out the
following links for more info…

http://github.com/timcharper/role_requirement
http://github.com/technoweenie/restful-authentication
http://api.rubyonrails.org/classes/ActiveRecord/Base.html#M002256

On Feb 20, 1:02�am, Mrkris M. removed_email_address@domain.invalid

Yeah, I love role_requirement, been using it for a while. I guess I’ll
just stick with it instead of STI.


#8

Well it sounds like you just answered your question. You should
associate your other models to your user but the limit their access to
it with the permissions that are associated to the roles that they
have. Take a look at something like role_requirement. A user can have
more than one role. IE; One user could be an actor, director, and an
extra while another director isn’t an actor but is an extra… I hope
this makes some sense… It’s early for me.

On Feb 20, 2:51 am, Mrkris M. removed_email_address@domain.invalid


#9

I’ve run into this situation - recently had a client that stated
during the
initial development that ‘Users can only ever have one role’. So I
used
STI for all the user types; in addition to permission differences,
each
role had different associations and sitewide navigation.

THEN, the client says, “Well, some people can be more than one
thing”…

I ended up using a hackish solution where users get stored with their
role
as part of their email; ie a user with multiple roles would have two
records in
the DB:

  • removed_email_address@domain.invalid
  • removed_email_address@domain.invalid

Then the login screen and the user models were tweaked so that
removed_email_address@domain.invalid
has a consistent set of profile details and password hash/salt, and
could log in
as just removed_email_address@domain.invalid.

Finally, I added a role select screen so that, in this example, bob
could switch between
admin and candidate.

I’m not suggesting that this is the best solution, merely a possible
one. It was good
for my app because the different user types see totally different
navigation structures.

–Matt J.

On Feb 20, 12:13 pm, Mrkris M. removed_email_address@domain.invalid


#10

Mrkris M. wrote:

Yeah, I love role_requirement, been using it for a while. I guess I’ll
just stick with it instead of STI.

You might, as an alternative, take a look at Lockdown:
http://atlrug.org/stonean/posts/96-Lockdown

I have not tried this yet myself, but what I saw of Lockdown at this
months Atlanta Ruby U.'s Group (ATLRUG). Looked pretty interesting.
Maybe it will help.