Rails - Mar 2009 - restful_authentication with two models suggestion/help

Hi all,

I''m working on trying to create a login system via subdomains for a
teacher/students.

I have two models at the moment. teacher.rb and student.rb. The fields
in both tables are almost identical. Now I''ve come add
restful_authentication and I realize this could be a pain with two
tables. I basically want to have one login screen where both the teacher
and/or student can login to the site. If it''s a teacher they can access
teacher specific pages/data and students will see student specific
pages/data.

Is it better to combine both teachers AND students into one table (users
table for example)? Or is there a way to keep both tables and still use
restful_authentication?

Many thanks. Let me know if you need any more code or specifics.


-Tony
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Just make a users table, and create a polymorphic relationship between
users and students or teachers. Then, when the user logs in, check if
they have a student or teacher record associated with them and
redirect properly.

On Mar 3, 1:59 pm, Tony Tony
<rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
> Hi all,
>
> I''m working on trying to create a login system via subdomains for
a
> teacher/students.
>
> I have two models at the moment. teacher.rb and student.rb. The fields
> in both tables are almost identical. Now I''ve come add
> restful_authentication and I realize this could be a pain with two
> tables. I basically want to have one login screen where both the teacher
> and/or student can login to the site. If it''s a teacher they can
access
> teacher specific pages/data and students will see student specific
> pages/data.
>
> Is it better to combine both teachers AND students into one table (users
> table for example)? Or is there a way to keep both tables and still use
> restful_authentication?
>
> Many thanks. Let me know if you need any more code or specifics.
>
> -Tony
> --
> Posted viahttp://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Andrew Bloom wrote:
> Just make a users table, and create a polymorphic relationship between
> users and students or teachers. Then, when the user logs in, check if
> they have a student or teacher record associated with them and
> redirect properly.
Thanks for the reply Andrew.

I''ll look into how to go about doing that. Any hints/suggestions from 
anyone would be helpful in the meantime. Thanks!


-Tony
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Hey guys,

Hate to be annoying about this, but is unifying these two tables the 
best way to go about this?

Obviously students will have completely different levels of access to 
the site than teachers. Students will be able to log in and pay fees, 
view grades, print homework, etc. Teachers will be able to see log in 
and see all of their students, see whose paid or not, grade students, 
etc. Having both students and teachers in the same table worries me a 
bit with security.

If moving these tables into one is the best way to go about this, any 
hints on how to tell teachers apart from students? For example, having a 
"Teacher page" and a "Student page"

Or should I just keep this current structure (teacher table and student 
table) and...

1. Find a way to have one restful_authentication form check both 
students AND teachers (according to the subdomain) and log them in.
2. Have a page with two forms. Where student and teachers log in through 
their respective form section.
3. Have a specific page for teachers to log in to and another for 
students to log in to (I''d hate to do this)


Thanks for the advice/suggestions,
Tony
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On Mar 3, 9:26 pm, Tony Tony
<rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
> Hey guys,
>
> Hate to be annoying about this, but is unifying these two tables the
> best way to go about this?
>
> Obviously students will have completely different levels of access to
> the site than teachers. Students will be able to log in and pay fees,
> view grades, print homework, etc. Teachers will be able to see log in
> and see all of their students, see whose paid or not, grade students,
> etc. Having both students and teachers in the same table worries me a
> bit with security.
>
> If moving these tables into one is the best way to go about this, any
> hints on how to tell teachers apart from students? For example, having a
> "Teacher page" and a "Student page"
The pattern I''ve used before is to have a base User class (essentially
what
restful_authentication generates), and then derive the various types
of users from
that class. You''ll need to add a string column named
''type'' to your
users table for this
to work.

So your Teacher class would be declared as:
class Teacher < User
  # teacher specific stuff
end

This works great for cases where users are cleanly divided into roles
(ie, Teachers are never Students). It also makes it easy to add access
control: define methods to check access on the user models, and then
call them in the views.

Example (viewing grades):
# user.rb
class User < ActiveRecord::Base
  def can_view_grades?(student)
    false
  end
end

# student.rb
class Student < User
  def can_view_grades?(student)
    # more if needed here...
    self == student
  end
end

# teacher.rb
class Teacher < User
  def can_view_grades?(student)
    true
  end
end

That makes the check in GradesController very short:
class GradesController < ApplicationController
  def index
    # assumes that grades are a nested resource under student
    @student = Student.find(params[:student_id]
    return access_denied unless current_user.can_view_grades?
(@student)
    # etc
  end
end

This also makes it easy to add, say, an Admin user type that can view
*everybody''s* grades. Just create another subclass!
It also allows different types of users to have different associations
- for example:

class Teacher < User
  has_many :student_class_assignments
  has_many :students, :through => :student_class_assignments
end

class StudentClassAssignment < ActiveRecord::Base
  belongs_to :teacher
  belongs_to :student
  # adding another association here to indicate which section/class
this is is left to the reader
end

class Student < User
  has_many :student_class_assignments
  has_many :teachers, :through => :student_class_assignments
end

It''s also handy to have methods to check the type of a user; in this
case, "teacher?" and "student?".

Finally, on the navigation issue, it''s relatively straightforward to
check the type of current_user and pick what to display. In several of
my apps, there''s an individualized nav partial per user type, but your
case may be different.

Hope this helps!

--Matt Jones


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Matt Jones wrote:
> On Mar 3, 9:26�pm, Tony Tony
<rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:
>> bit with security.
>>
>> If moving these tables into one is the best way to go about this, any
>> hints on how to tell teachers apart from students? For example, having
a
>> "Teacher page" and a "Student page"
> 
> The pattern I''ve used before is to have a base User class
(essentially
> what
> restful_authentication generates), and then derive the various types
> of users from
> that class. You''ll need to add a string column named
''type'' to your
> users table for this
> to work.
> 
> --Matt Jones
VERY HELPFUL! I wasn''t aware of this. Thank you VERY much! :-)


-Tony
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---