I have been working on an app but ran into many problems when i was applying authentication and authorization.
I want to have the following users with the given abilities. Admin: full control on the entire system, but apart from login , email and password it does not require any more attributes company owner: should be able to created the number of companies the admin approves, and have full control over all of its companies, i would like to send an invitation to this user type user: should have different roles and has couple more fields than the company owner. The super user roles can only have full control over its own company. user cant create companies and should belong to a company and cant create companies. owners or super users should be able to create them via a crud client: if approved by the admin a company is clients are allowed to log in to the system, they only have read access to their personal data and an internal email system. Have lots of fields, ca be affiliated to a company but the admin has access to all clients in the system. company owners only have access to their companies clients , and the users only to the clients that are affiliated to their company. the problem comes now, I have 4 models at the moment, i would like authentication an authorization systems to be common to all of them. I have 4 abilities with cancan, and 4 resources with devise, but keeping up with everything was very redundant, i have 4 login page 4 path to signout, etc. If i unify all users in a single model an manage everything with fields in the DB im a little confuse on how to handle the company users relation since companies belong to owners in the current design but a company has many users and clients. I have been thinking of a has many through association with resources called ownership, employ and affiliation and use boolean fields or a user type field to differentiate each type of user. I would need a lot of conditional validations of course. would STI be helpful or would it require 4 of everything anyway? i want to have one login page and one ability class. Anyone has a better solution? i would appreciate some comments on this. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
