Using act_as_authenticated where two models require differen

Hi there.

I am playing around with acts_as_authenticated as many recommend it
for authentication. I have two relevant model: Worker and Company.
Registration for both Workers and Companies should be pretty similar:
username, email, password, email verification, etc.

I thought of two possible solutions, both of which may be ood/bad
ideas: I don’t know because I am too new to rails at this point :slight_smile:
(1) Create a UserBase class that is the model created by the
acts_as_authenticated generator. From there, I can use polymorphism
and STI to derive Workers and Companies, each with their own unique
properties, but sharing the common authentication stuff.
(2) Trying to generate seperate models using the acts_as_auth
generator.

I really would appreciate some guidance here. Obviously, Workers and
Companies should only be allowed to access the resources of the site
permissible to each. However, using before_filter :login_required
doesn’t seem to be able to specify which model requires
authentication.

Maybe acts_as_auth isn’t the best solution, but I have no idea. Maybe
I should roll my own based on the example code from “Rails Recipes”,
as I need both authentication and resource authorization; I just
didn’t want to reinvent the wheel.

Thanks for any suggestions.
-Chris

If Worker and Company have a fairly similar set of fields, then STI
can certainly make sense. If they are fairly different, you could
make sure they each have the required fields (login, password) and
put the authentication code into a module that you include into each
class.

Remember that login_required calls the authorized method as one of
the last things it does to return whether the login was successful.
So, in your different controllers you can create a custom authorized
method that then checks some aspect of the object returned by
current_user (such as its class or whether it responds to a
particular method).

–
Building an e-commerce site with Rails?
http://agilewebdevelopment.com/rails-ecommerce

Meet up at RailsConf:
http://railsconf2007.conferencemeetup.com/

Thanks for the reply.

I am really stuck on this one. This will be trivial I am sure once I
gain my rails legs, but for now, I don’t know where to start.

I need to have workers and companies in my system. The worker can
create an account with profile information, and only that worker
should be allowed to edit his profile page (although it will be
publicly viewable). Similarly, companies can create profile pages as
well, and companies can only edit their infomation (as expected). The
only real similarity between workers and companies (for now) is the
account (username/password/email) creation process.

As such, can anyone suggest a clean design? I was planning on using
acts_as_authenticated (or restful_authentication), generating separate
worker/company model/controllers. I have seen a bit on “barn-
raising”, in which a community helps a new rails dev get going; anyone
want to help raise my barn?

Cheers.

Hi Chris,

what about the following design:

Have one model “User” whose responsibility is to authenticate.

Additionally you have your two models “Worker” and “Company” which have
both a foreign key to model “User”

  1. The authorization stuff can easily be done with AAA with
    before_filter
  2. When the user is authorized you can query the models User and Company
    if they belong to the current_user.

Best regards
Chris (G.)

chris johnson wrote:

Thanks for the reply.

I am really stuck on this one. This will be trivial I am sure once I
gain my rails legs, but for now, I don’t know where to start.

I need to have workers and companies in my system. The worker can
create an account with profile information, and only that worker
should be allowed to edit his profile page (although it will be
publicly viewable). Similarly, companies can create profile pages as
well, and companies can only edit their infomation (as expected). The
only real similarity between workers and companies (for now) is the
account (username/password/email) creation process.

As such, can anyone suggest a clean design? I was planning on using
acts_as_authenticated (or restful_authentication), generating separate
worker/company model/controllers. I have seen a bit on “barn-
raising”, in which a community helps a new rails dev get going; anyone
want to help raise my barn?

Cheers.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs