chris johnson
2007-Apr-23 05:44 UTC
Using act_as_authenticated where two models require different authentication
Hi there. I am playing around with acts_as_authenticated as many recommend it for authentication. I have two relevant model: Worker and Company. Registration for both Workers and Companies should be pretty similar: username, email, password, email verification, etc. I thought of two possible solutions, both of which may be ood/bad ideas: I don''t know because I am too new to rails at this point :-) (1) Create a UserBase class that is the model created by the acts_as_authenticated generator. From there, I can use polymorphism and STI to derive Workers and Companies, each with their own unique properties, but sharing the common authentication stuff. (2) Trying to generate seperate models using the acts_as_auth generator. I really would appreciate some guidance here. Obviously, Workers and Companies should only be allowed to access the resources of the site permissible to each. However, using before_filter :login_required doesn''t seem to be able to specify which model requires authentication. Maybe acts_as_auth isn''t the best solution, but I have no idea. Maybe I should roll my own based on the example code from "Rails Recipes", as I need both authentication and resource authorization; I just didn''t want to reinvent the wheel. Thanks for any suggestions. -Chris --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Benjamin Curtis
2007-Apr-23 13:27 UTC
Re: Using act_as_authenticated where two models require different authentication
If Worker and Company have a fairly similar set of fields, then STI can certainly make sense. If they are fairly different, you could make sure they each have the required fields (login, password) and put the authentication code into a module that you include into each class. Remember that login_required calls the authorized method as one of the last things it does to return whether the login was successful. So, in your different controllers you can create a custom authorized method that then checks some aspect of the object returned by current_user (such as its class or whether it responds to a particular method). -- Building an e-commerce site with Rails? http://agilewebdevelopment.com/rails-ecommerce Meet up at RailsConf: http://railsconf2007.conferencemeetup.com/ On Apr 22, 2007, at 10:44 PM, chris johnson wrote:> > Hi there. > > I am playing around with acts_as_authenticated as many recommend it > for authentication. I have two relevant model: Worker and Company. > Registration for both Workers and Companies should be pretty similar: > username, email, password, email verification, etc. > > I thought of two possible solutions, both of which may be ood/bad > ideas: I don''t know because I am too new to rails at this point :-) > (1) Create a UserBase class that is the model created by the > acts_as_authenticated generator. From there, I can use polymorphism > and STI to derive Workers and Companies, each with their own unique > properties, but sharing the common authentication stuff. > (2) Trying to generate seperate models using the acts_as_auth > generator. > > I really would appreciate some guidance here. Obviously, Workers and > Companies should only be allowed to access the resources of the site > permissible to each. However, using before_filter :login_required > doesn''t seem to be able to specify which model requires > authentication. > > Maybe acts_as_auth isn''t the best solution, but I have no idea. Maybe > I should roll my own based on the example code from "Rails Recipes", > as I need both authentication and resource authorization; I just > didn''t want to reinvent the wheel. > > Thanks for any suggestions. > -Chris >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
chris johnson
2007-May-02 03:46 UTC
Re: Using acts_as_authenticated where two models require different authentication
Thanks for the reply. I am really stuck on this one. This will be trivial I am sure once I gain my rails legs, but for now, I don''t know where to start. I need to have workers and companies in my system. The worker can create an account with profile information, and only that worker should be allowed to edit his profile page (although it will be publicly viewable). Similarly, companies can create profile pages as well, and companies can only edit their infomation (as expected). The only real similarity between workers and companies (for now) is the account (username/password/email) creation process. As such, can anyone suggest a clean design? I was planning on using acts_as_authenticated (or restful_authentication), generating separate worker/company model/controllers. I have seen a bit on "barn- raising", in which a community helps a new rails dev get going; anyone want to help raise my barn? Cheers. On Apr 23, 6:27 am, Benjamin Curtis <r...-4dtGyw5agdmakBO8gow8eQ@public.gmane.org> wrote:> If Worker and Company have a fairly similar set of fields, then STI > can certainly make sense. If they are fairly different, you could > make sure they each have the required fields (login, password) and > put the authentication code into a module that you include into each > class. > > Remember that login_required calls the authorized method as one of > the last things it does to return whether the login was successful. > So, in your different controllers you can create a custom authorized > method that then checks some aspect of the object returned by > current_user (such as its class or whether it responds to a > particular method). > > -- > Building an e-commerce site with Rails?http://agilewebdevelopment.com/rails-ecommerce > > Meet up at RailsConf:http://railsconf2007.conferencemeetup.com/ > > On Apr 22, 2007, at 10:44 PM, chris johnson wrote: > > > > > Hi there. > > > I am playing around with acts_as_authenticated as many recommend it > > for authentication. I have two relevant model: Worker and Company. > > Registration for both Workers and Companies should be pretty similar: > > username, email, password, email verification, etc. > > > I thought of two possible solutions, both of which may be ood/bad > > ideas: I don''t know because I am too new to rails at this point :-) > > (1) Create a UserBase class that is the model created by the > > acts_as_authenticated generator. From there, I can use polymorphism > > and STI to derive Workers and Companies, each with their own unique > > properties, but sharing the common authentication stuff. > > (2) Trying to generate seperate models using the acts_as_auth > > generator. > > > I really would appreciate some guidance here. Obviously, Workers and > > Companies should only be allowed to access the resources of the site > > permissible to each. However, using before_filter :login_required > > doesn''t seem to be able to specify which model requires > > authentication. > > > Maybe acts_as_auth isn''t the best solution, but I have no idea. Maybe > > I should roll my own based on the example code from "Rails Recipes", > > as I need both authentication and resource authorization; I just > > didn''t want to reinvent the wheel. > > > Thanks for any suggestions. > > -Chris--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Chris Günther
2007-Jun-13 15:49 UTC
Re: Using acts_as_authenticated where two models require dif
Hi Chris, what about the following design: Have one model "User" whose responsibility is to authenticate. Additionally you have your two models "Worker" and "Company" which have both a foreign key to model "User" 1) The authorization stuff can easily be done with AAA with before_filter 2) When the user is authorized you can query the models User and Company if they belong to the current_user. Best regards Chris (G.) chris johnson wrote:> Thanks for the reply. > > I am really stuck on this one. This will be trivial I am sure once I > gain my rails legs, but for now, I don''t know where to start. > > I need to have workers and companies in my system. The worker can > create an account with profile information, and only that worker > should be allowed to edit his profile page (although it will be > publicly viewable). Similarly, companies can create profile pages as > well, and companies can only edit their infomation (as expected). The > only real similarity between workers and companies (for now) is the > account (username/password/email) creation process. > > As such, can anyone suggest a clean design? I was planning on using > acts_as_authenticated (or restful_authentication), generating separate > worker/company model/controllers. I have seen a bit on "barn- > raising", in which a community helps a new rails dev get going; anyone > want to help raise my barn? > > Cheers.-- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---