Restful_authentication with two models suggestion/help


#1

Hi all,

I’m working on trying to create a login system via subdomains for a
teacher/students.

I have two models at the moment. teacher.rb and student.rb. The fields
in both tables are almost identical. Now I’ve come add
restful_authentication and I realize this could be a pain with two
tables. I basically want to have one login screen where both the teacher
and/or student can login to the site. If it’s a teacher they can access
teacher specific pages/data and students will see student specific
pages/data.

Is it better to combine both teachers AND students into one table (users
table for example)? Or is there a way to keep both tables and still use
restful_authentication?

Many thanks. Let me know if you need any more code or specifics.

-Tony


#2

Just make a users table, and create a polymorphic relationship between
users and students or teachers. Then, when the user logs in, check if
they have a student or teacher record associated with them and
redirect properly.


#3

Andrew B. wrote:

Just make a users table, and create a polymorphic relationship between
users and students or teachers. Then, when the user logs in, check if
they have a student or teacher record associated with them and
redirect properly.

Thanks for the reply Andrew.

I’ll look into how to go about doing that. Any hints/suggestions from
anyone would be helpful in the meantime. Thanks!

-Tony


#4

Hey guys,

Hate to be annoying about this, but is unifying these two tables the
best way to go about this?

Obviously students will have completely different levels of access to
the site than teachers. Students will be able to log in and pay fees,
view grades, print homework, etc. Teachers will be able to see log in
and see all of their students, see whose paid or not, grade students,
etc. Having both students and teachers in the same table worries me a
bit with security.

If moving these tables into one is the best way to go about this, any
hints on how to tell teachers apart from students? For example, having a
“Teacher page” and a “Student page”

Or should I just keep this current structure (teacher table and student
table) and…

  1. Find a way to have one restful_authentication form check both
    students AND teachers (according to the subdomain) and log them in.
  2. Have a page with two forms. Where student and teachers log in through
    their respective form section.
  3. Have a specific page for teachers to log in to and another for
    students to log in to (I’d hate to do this)

Thanks for the advice/suggestions,
Tony


#5

On Mar 3, 9:26 pm, Tony T. removed_email_address@domain.invalid wrote:

bit with security.

If moving these tables into one is the best way to go about this, any
hints on how to tell teachers apart from students? For example, having a
“Teacher page” and a “Student page”

The pattern I’ve used before is to have a base User class (essentially
what
restful_authentication generates), and then derive the various types
of users from
that class. You’ll need to add a string column named ‘type’ to your
users table for this
to work.

So your Teacher class would be declared as:
class Teacher < User

teacher specific stuff

end

This works great for cases where users are cleanly divided into roles
(ie, Teachers are never Students). It also makes it easy to add access
control: define methods to check access on the user models, and then
call them in the views.

Example (viewing grades):

user.rb

class User < ActiveRecord::Base
def can_view_grades?(student)
false
end
end

student.rb

class Student < User
def can_view_grades?(student)
# more if needed here…
self == student
end
end

teacher.rb

class Teacher < User
def can_view_grades?(student)
true
end
end

That makes the check in GradesController very short:
class GradesController < ApplicationController
def index
# assumes that grades are a nested resource under student
@student = Student.find(params[:student_id]
return access_denied unless current_user.can_view_grades?
(@student)
# etc
end
end

This also makes it easy to add, say, an Admin user type that can view
everybody’s grades. Just create another subclass!
It also allows different types of users to have different associations

  • for example:

class Teacher < User
has_many :student_class_assignments
has_many :students, :through => :student_class_assignments
end

class StudentClassAssignment < ActiveRecord::Base
belongs_to :teacher
belongs_to :student

adding another association here to indicate which section/class

this is is left to the reader
end

class Student < User
has_many :student_class_assignments
has_many :teachers, :through => :student_class_assignments
end

It’s also handy to have methods to check the type of a user; in this
case, “teacher?” and “student?”.

Finally, on the navigation issue, it’s relatively straightforward to
check the type of current_user and pick what to display. In several of
my apps, there’s an individualized nav partial per user type, but your
case may be different.

Hope this helps!

–Matt J.


#6

Matt J. wrote:

On Mar 3, 9:26�pm, Tony T. removed_email_address@domain.invalid wrote:

bit with security.

If moving these tables into one is the best way to go about this, any
hints on how to tell teachers apart from students? For example, having a
“Teacher page” and a “Student page”

The pattern I’ve used before is to have a base User class (essentially
what
restful_authentication generates), and then derive the various types
of users from
that class. You’ll need to add a string column named ‘type’ to your
users table for this
to work.

–Matt J.

VERY HELPFUL! I wasn’t aware of this. Thank you VERY much! :slight_smile:

-Tony