On Dec 17, 2011, at 6:23 PM, Samir wrote: > Hi, > > I am creating a daily deals website and have a Users table in my > database. I want to be able to differentiate admins from regular > users(customers). What is the recommended way to do this? Just add a > role column to the table which says "admin" or "customer"? Is this > secure? Or maybe create another table called Role (user_id, role)?
It depends on whether you will be using roles for anything more fine-grained in future. I have done both, and you just have to choose based on how complicated this side of your application is likely to become. As far as security goes, just add a validation that ensures that the only person who can change the role is an admin. This keeps the admin from locking herself out, and it also keeps the proles from promoting themselves. Set customer as the default value for the role column in your migration, and either use console or a seed to set your first admin record. Walter > > > Thanks > Samir > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
