On 7 October 2010 01:33, radhames brito <[email protected]> wrote: > I have been working on an app but ran into many problems when i was > applying authentication and authorization. > > I want to have the following users with the given abilities.
Note your wording here, you want the following _users_. That is the clue to what follows. > > Admin: full control on the entire system, but apart from login , email > and password it does not require any more attributes > > company owner: should be able to created the number of companies the > admin approves, and have full control over all of its companies, i > would like to send an invitation to this user type > > user: should have different roles and has couple more fields than the > company owner. The super user roles can only have full control over > its own company. user cant create companies and should belong to a > company and cant create companies. owners or super users should be > able to create them via a crud > > client: if approved by the admin a company is clients are allowed to > log in to the system, they only have read access to their personal > data and an internal email system. Have lots of fields, ca be > affiliated to a company but the admin has access to all clients in the > system. company owners only have access to their companies clients , > and the users only to the clients that are affiliated to their > company. > > the problem comes now, I have 4 models at the moment, i would like > authentication an authorization systems to be common to all of them. I > have 4 abilities with cancan, and 4 resources with devise, but keeping > up with everything was very redundant, i have 4 login page 4 path to > signout, etc. If i unify all users in a single model an manage > everything with fields in the DB im a little confuse on how to handle > the company users relation since companies belong to owners in the > current design but a company has many users and clients. I presume that your models are Admin, Owner, User and Client (or similar names). The fact that you worded your initial requirement as I have pointed out above suggests that these are all Users with different roles. This rationalisation will mean they can all log on via the same page. Once logged in you can control the features available using the roles that a particular user has. There will likely be a roles table. User belongs_to role, Role has_many users and so on. The settings in the role will indicate what a user can do. Colin > > I have been thinking of a has many through association with resources > called ownership, employ and affiliation > and use boolean fields or a user type field to differentiate each type > of user. I would need a lot of conditional validations of course. > would STI be helpful or would it require 4 of everything anyway? i > want to have one login page and one ability class. > > Anyone has a better solution? i would appreciate some comments on > this. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
