Hi all, I''m somewhat new with RoR, but have been programming for a while. I''m trying to design the right model for an application which will have a login system, I''m leaning towards acts_as_authenticated. I have one confusion, though... In my app, I want to have one login system which will allow general Clients and Employees to login. These have all similar characteristics shared with the User table created by AAA, but also have other methods and behaviors to deal with the rest of my app. How should I define the Client model, for instance? Would it be something like: class Client < User since I already have user.rb defining the User class as such: class User < ActiveRecord::Base or would I be forced to compromise and create different Client and Employee tables and models, each with its own salt, hashed_passwords and the like? I figure by inheriting from User, I should be able to define the User model with all the relevant methods and properties. Must I have all the classes in the same file, or am I able to have a client.rb file where I inherit User? Thanks for any help in advance, Mauricio --- Mauricio L. Sadicoff muxico73-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org "Peace of mind isn''t at all superficial, really," I expound. "It''s the whole thing. That which produces it is good maintenance; that which disturbs it is poor maintenance. What we call workability of the machine is just an objectification of this peace of mind. The ultimate test is always your own serenity." - Zen and the Art of Motorcycle Maintenance. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 5/23/07, Mauricio Sadicoff <muxico73-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > Hi all, > > I''m somewhat new with RoR, but have been programming for a while. I''m > trying to design the right model for an application which will have a > login system, I''m leaning towards acts_as_authenticated. > > I have one confusion, though... In my app, I want to have one login > system which will allow general Clients and Employees to login. These > have all similar characteristics shared with the User table created > by AAA, but also have other methods and behaviors to deal with the > rest of my app.[...] Hi Mauricio, What you''re describing sounds very much like role-based authorization to me. Your Clients and Employees do not necessarily have to be first-class models; they are both Users, but they belong in different roles because they do not have the same access to resources. How you implement this kind of role separation is up to you -- in some of my apps, I have just a text field on my User model that contains the name of a role; in others, I have a table of Roles, and my User model belongs_to :role (i.e., it has a role_id field). In still others, where users can be in many roles and the relationship is a many-to-many, I use a join model, like "Membership", which has a user_id and a role_id. Another way to get started might be to look at Bill Katz''s Authorization plugin ( http://www.writertopia.com/developers/authorization ). I don''t know if he''s been doing much work on it lately, but it''s certainly worth looking at, as it may help with your concerns. Regards, Seth Morabito --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Here''s an overview of several authorization solutions for rails http://www.vaporbase.com/postings/Authorization_in_Rails --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Thank you so much, Seth and Linoj. I don''t know why I didn''t think of RBAC before, it''s definitely what I need. So I''ll just use the authentication provided by AAA, then setup an authorization system based on the Membership model, which then allows me to redirect the user to the right controller depending on the current role the User assumes. I actually considered using Goldberg, but that would defeat my purpose of learning more about Rails, so I''ll build it from scratch. Thanks again, guys, super helpful! Cheers, Mauricio --- Mauricio L. Sadicoff muxico73-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org "Peace of mind isn''t at all superficial, really," I expound. "It''s the whole thing. That which produces it is good maintenance; that which disturbs it is poor maintenance. What we call workability of the machine is just an objectification of this peace of mind. The ultimate test is always your own serenity." - Zen and the Art of Motorcycle Maintenance. On May 24, 2007, at 03:52, Seth Morabito wrote:> What you''re describing sounds very much like role-based authorization > to me.On May 24, 2007, at 09:56, linoj wrote:> > Here''s an overview of several authorization solutions for rails > http://www.vaporbase.com/postings/Authorization_in_Rails >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---