Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
Excuse my lack of knowledge,
Lately, I am learning rails and found it extremely easy and fun, but still there is alot to learn.
I made an application for managing a Car workshop:
Owners has many cars
cars has many visits
visits belong to a car and an owner.
I wanna have the ability for diffrent users of workshops to manage their businesses, what is the currect design in order to make visits and cars and owners belong to that specific user, is making all models belong to User enough? where can I read about this? managing access to dabases based on the logged in user?
I read about authentication, but its not answering my question, which is the best design for my needs, which is workshops managing only their data.
You could probably check Devise (https://github.com/plataformatec/devise) which is one of the most common ways of handling authentication
In the end, you will have a User model and then you can treat it as any other model, so for example if you only want to show a user's cars you could do something like current_user.cars and restrict certain controller actions to happen only if user_signed_in? and so on. I do recommend checking their documentation, since most use cases are explained easily.
Devise can be used to handle authentication and Pundit or CanCanCan can be used for authorization. I'd recommend looking at those, there are many tutorials which will answer your question for those.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I'm working on a rails app to teach myself associations. Its an app with Tutors and Students where Tutors create Students as Users and can then Tutors create "posts" for what was taught in that lesson to the specific Students page to show their progress. When the Student logs in they can only see their assigned progress and do nothing else.
I figured an option is having Students as "categories" so the Students can be filtered but what is the best practice?
It seems simple but I keep overthinking it
Generally you want to create the associations as you need them in your code later. So if a tutor has many students and many posts and a student has many posts and belongs to a tutor and so on.
In order to restrict it in the view, you can restrict that in the controller. So this is where you can filter the posts by the students then. So you could do student.posts (Beware, I am not super sure what your db structure/schema looks like).
And there are gems that handle authorization. Look at pundit (my favorite) or cancancan. With those you can specifiy for each controller action, who can see/do certain things.
Now judging from the little information you gave, you might also want to look into namespaced controllers because you probably have a posts#index for tutors and another one for students. Here you can get another layer of organisation by adding a so called namespace meaning you can have one posts controller under tutors and one under students. You can find more info here: https://guides.rubyonrails.org/routing.html#controller-namespaces-and-routing
Let me know if anything is unclear!
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 5 years ago.
Improve this question
I am trying to make a site where i can divide the site into different member categories like admin,moderators,helpers,users,etc with their own functionalities ... I have once used the Django framework, so my question is can i be able to do this task also using Django again, i mean, can Django fulfill this task's requirements easily so i may not need to roam to other languages or frameworks for this particular task?
P.S.: I know php(framework like laravel or others)can do this task but i was just trying to implement Django since i have used it once already. OR do you recommend frameworks like Rails(i have heard a lot about it specifically on field of web-development,can it do this task). OR Anyone please tell me which should i use ?
I am in a lot of dilemma in choosing among these three.
Regards,
Note: I have edited the whole description.
The Django authentication has groups.
Users can be assigned to groups and permissions can be added to groups (giving all the users of the group the set of permissions which is assigned to the group).
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I currently have three models: Business, Charity, and Organization. A business and charity are both types of organizations because they share many similar attributes (e.g. address, hours, website, etc.) however they each have their own unique attributes. How should I best handle the creation of the models in Active Record? Use STI or Polymorphism? Or should I break out each one into their own model with duplicate information and get rid of the Organization model?
You can use both, so it is not necessarily an either/or situation. Most importantly, however, is how you will structure your tables and the logic surrounding them, which depends on how you are going to query the data, and how these elements relate to one another.
There is not enough information above to give you very clear direction on what to use. However, if after reading:
Rails Guides
How and When to Use STI
... the solution isn't clear, here are some simple rules:
if the types of objects you are using mostly have the same attributes but have different business logic attached to them (ie, the behavior written into their Model classes), then STI is a good baseline idea, but
if they have the same logic as well, it may make sense just to create them as a single class with a "type" flag (but not the attribute type, since it is only for STI)
As far as polymorphism goes, it seems like these Models are all very similar and interchangeable -- polymorphism is more useful for relating unlike things (such as comments and photos) to another Model (such as a FB post). In that case, using either a single table or STI and relating based on the parent table may make more sense.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
I'm looking for a Rails 3 compatible plugin/gem/engine that takes a more auth-begets-auth approach. Most of the rails "authentication/authorization" plugins I've encountered are set up with a view to users signing up automatically. In the past I've simply used the core of these plugins (for auth purposes) and tacked my own functionality on in order to get the results I want.
It would be nice, though, if there were an existing "full service" plugin/gem/engine that approached the whole Authentication from the standpoint of there being a single (with future) super user and only they can create users? Sort of a management system approach instead of a "hey we trust anyone to join us" approach…?
In a perfect world I'd also like to dynamically adjust permissions for each role, but I'd be happy with just a more "paranoid" authorization/authentication model. If not, I'll continue Frankensteining.
Best
You can set up the sign-up page with a before_filter for authentication with proper authorization so that random people can not create new users.
I recommend CanCan which is a joy to manage Role abilities and denying all but admins to create new users. CanCan can also automatically authorize Controller actions and will not allow even to acquire the signup form if not authorized.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I have made a fairly simple application, which can be found on GitHub called BaseApp2.
It's basically a starter application for future applications that I make to save me redoing the same parts over and over again. It's not advanced, but it serves its purpose for me.
At the moment any information that's entered into the database is either done by an user or an administrator user. That's the limit of my ability!
I would really like to add the ability of each user and administrator is part of a team or company. So each team/company would have one administrator (account owner if you like) and a number of users. The administrator could only edit users under their team/company name. Each team/company would only see data entered by their team/company.
Where can I start with this kind of thing?
Your post is pretty vague, but based on what you said I'd create a model for Company that has_many users.
Making sure that each user could only see data from their company would be as simple as limiting the data results to that company. Your index could look like:
before_filter :current_company
def index
#data = #current_company.data.find(:all)
respond_to do |format|
format.html
end
end
Limiting admin abilities to their own companies could be done with:
#data = #current_user.company.data.find(params[:id])
This prevents them from editing anything outside their company because if they try it'll just return a record not found error. Note that this could be cleaner, but you get the idea.
This railscast on subdomains will probably point you in the right direction: http://railscasts.com/episodes/123-subdomains (I like using subdomains because it feels cleaner to me, but it's not necessary and you can still use most of the rest)