We're developing a Rails app that will serve as a backend for multiple apps. The Rails app will have a web CMS that will let admin users to manage their mobile apps (one admin user can have 1..N mobile apps).
The same Rails app will also serve as an API for those mobile apps. The mobile apps are completely separated one from each others, not sharing any data among them. We have users with different roles (global_admin which manages his app in the CMS, place_manager which manages his place in the app within the CMS, and users of the mobile app). These users are not shared between apps (if a user signs up in a mobile app, he will be able to log in only in that app; so if he wants to log in another mobile app he needs to register again).
Which is the best approach to achieve this? We are thinking about:
Option 1: we can have a single User model, with different roles on different apps (global_admin on app 1, user on app 2, manager on app 3...). If a user signs up for app 1, a record is created, and if he signs up for app 2, we only add a role to it, but he thinks that he created a new account.
Option 2: we can create a record for each user on each app (removing the uniqueness constraint on the email field)
Option X: ideas?
Thank you in advance
The API/API users scenario looks like a situation for multi-tenancy in which each app runs as a separate instance. You can look at something like Apartment for database level multitenancy, or Milia for app level multitenancy.
Database level is generally easier to manage, but you will need a workaround for the global admin requirement.
I suggest the following approach if you would like to use a single rails application for multiple mobile apps.
For users you can have different API returning different kinds of users, specific to the application requirement.
Use STI to differentiate users for each apps(in this way, you could have only a single table for users but different models)
These users are not shared between apps (if a user signs up in a
mobile app, he will be able to log in only in that app; so if he wants
to log in another mobile app he needs to register again).
In my opinion these are three different Rails apps. Obviously the apps have nothing in common, in particular no data is shared.
I think Option 1 would work well in your case. You can setup a has_many :through relationship between apps and users that will contain information regarding the user's role for that particular application (assuming only one role per user per application).
With this approach the workflow would be a bit different than what you describe though. If the user is not registered at all (i.e. no record with that email exists), they will need to signup (email + password) at which point you'll create the user record (with hashed password) and setup the association to the mobile application. If the user IS already registered, you don't want them entering a new password again, you'll simply want to setup the association. This can be handled via first_or_create. Hope this helps.
Related
When it comes to sub domains in AWS (payments.x.com and forums.x.com) do I upload completely different rails apps for the payments and the forums?
If so how do I make sure that the logged in user is carried over from one to the other when using Postgres?
So I was following the below (classic) tutorial for spring boot with facebook:
https://spring.io/guides/tutorials/spring-boot-oauth2/
Everything is working fine, however I can't find documentation to help me implement my specific use case. So here it goes:
I'll have two facebook apps: one for the owner and another for the regular user
These two facebook apps will ask for different permissions (ex: for owner app it'll ask for permission to post in the fanpage and for the regular user it'll only for basic user info)
There will be two real application being one mobile (iOS and Android) and another browser based application (that's not really relevant)
REST API will be secured based on roles, meaning that the owner will have the OWNER role and the regular user will have the REGULAR_USER role, so that, for example, the regular user won't be able to call the API to post on the fanpage
Both applications will make it possible to login with or without facebook, because I need an users table to store more information and so
Eventually regular user can login as owner if he/she downloads the **owner* app
So, to summarize, I need:
Two facebook apps to be backed by same spring boot application
The ability to authorize an user with APP ID X and assign OWNER role and the ability to authorize an user with APP ID Y and assign role REGULAR_USER
To be able to configure (in the YML) two different facebook apps
The user to be able to merge existing account with facebook if he authorizes later on
I guess that's it. I'll edit later if I find more useful information to provide.
Thanks!
There is Dave Syer's project that shows how to set up an Authorization Server and multiple Resource Servers in the same app.
Similar question with solution: OAuth2 SSO for multiple resource servers with spring boot and jHipster
I have an existing rails application where the users can register, login and do a few activities. Now I want this to be done through an api so that this it could be used from some kind of external app like for an ios or android application.
I have doubts on how to approach this. I have before created versioned apis and also secured them with the technique of uuids for each user. But here, I already have validations for the user model which validates his email, password and stuffs. I dont think that would be a rightful approach when it comes to the api, specially for a mobile app user to be entering a password to register is not the common practise I think. If some one could suggest an idea where the api could be integrated with the existing application logic and let me know how to bypass these validations, it would be of great help.
I'm working on a school project. We are going to make a bug/rodent themed tower defense game. The game will primarily be an Android app. There will also be (at least we want there to be) a Ruby on Rails website/application tied together with it.
One of the requirements for the project is to implement three levels of user that will interact with the project. We decided that the three types of users will be administrators, guest players, and players with accounts. Players with accounts will be able to accumulate perks. Guest players will be able to play, but won't have any capacity to earn perks over time. The administrators will be able to manage the users with accounts (delete, edit, et cetera) via a web browser and the Rails application.
I want the users with accounts to be able to login to the Rails application via the Android app. There will be parts of the game that only users with accounts will be able to access. How can we create a login/logout scheme for the Android app? I'm thinking it will be something like the user enters their username/password, taps login, and then the Android app will send a request to the Rails side. Once the user is logged in via the Android app, they can access certain parts of the Android app that guest users cannot.
How would I go about this? I'm not sure where to start.
Would the Android app, using Java, send http requests to the Rails application (sending the username and password)? Then would the Rails application send back some sort of success? How would the Android app hold onto this successful login like a session in a web browser? Also, the Android app will need to update user attributes in the Rails database (something like accumulated perks).
Is this possible?
I've seen miscellaneous information about how to do this scattered online in blogs, on stackoverflow, and on discussion boards. But, I haven't found a coherent solution for my group's needs.
Thanks.
You can use your rails apps as an oauth provider (https://github.com/pelle/oauth-plugin) and use an oauth client library on the mobile application
I'm developing an application in Rails 3. In the application, users are allowed to send e-mails using their existing email account settings. What's the best approach to define per user settings for every user's credentials?
Regards,
Liviu
Given you'd probably want to offer the option for users to change/update their settings, they should go in a model. After that, it comes down to taste...
If you have only a few settings, you could store them directly in the User model. If you have lots of settings, you could have a separate UserProfile model that belongs_to User.