I am creating dashboard appliaction on Rails4. I have created model Partner with some data. I also have created a lot of models with views that will be associated to this Partner.
I can edit data of all models without any restrictions. Now I want to create Admin, that will login to my app and will manage data. Admins will be added via console and it does not need registration.
Also I want to make Partners to login/register too. Partners can only open pages that are connected to their data and edit them.
Here my questions depending on this situation:
How to remove registration element from Admins not affecting to Partners?
How to restrict Partners to only their own pages while Admins can be everywhere?
Is it good approach to make Admins and Partners to edit data on same dashboard, or I need to create different controllers with different views for Admins and Partners separately?
You should be able to do everything you're discussing by using a gem for handling authorization ( authority ) and one for roles ( rolify )
https://github.com/nathanl/authority
https://github.com/RolifyCommunity/rolify
You shouldn't have to create distinct views/controllers, however, depending on how divergent they are it may be appropriate. You should be able to do most of that logic by using logic to switch based on the permissions you set up.
current_user.can_edit?(page)
within the Authorization setup, you would have to determine who can edit/view/create/etc. There's a good writeup for doing this in the authority wiki.
Related
I'm building a website, where vendors can have their own separate website on. There is vendors and normal users.
The goal is to have a closed profile page w. login for both, where a vendor can edit his website, check out stats and more. A normal user is also able to login to mark different vendor's websites as favourites and check out newest post on the forum. So what is important here is: They booth need to be on my Discourse forum, but I'd like to avoid a Vendor to have a login both for vendor and for a user (Signing up twice).
http://www.discourse.org/ has SSO ability for devise, but im not sure if it allows for two different devise models.
Should I:
Create one devise-model for both, called Users? (And have a boolean or integer if User is a vendor/has vendor-access?)
Or:
Separate them: One for Users and one for Vendors?
I haven't tested out if Discourse allows for two devise-models, since Discourse is the easiest to set up in production-mode. But I need your advice: Can I use Single sign-on for devise with two different devise models? Is it the preferable way? Or is there other ways than this I haven't noticed? Like adding a user to a vendor, or something?
Using rails 5
We can achieve this by managing role field. We can make entry on the time of sign_up in role field that user is normal user or vendor. After create this we check user_role can in after_sign_up_path and redirect to path accordingly.
for this refer gem rolify
please correct me if getting any thing wrong.
I am developing a job portal website as part of a project for university and not exactly sure how to approach this problem, I am using Devise for my authentication system allowing users to sign, The system will have many user_types (job_seeker, company).
At the moment I am using “Rails_admin” for the admin interface, but I am looking to create an interface where a company can manage their jobs, applications, etc, and for job_seekers to view their previous job applications, and job status etc.
My plan was to develop it so in the controller it checked the user_type and then redirected it to a control panel, which would hopefully allow all users go sign in using one login page, but my question is, how do I go about developing a “job_seeker” and “Company” control panels where they can manage their details.
I am looking for information on how to approach this problem, or the best method to achieve a solution.
Did you try using a gem that allow you or simplified role user management like cancan?
A good approach is as Maxence said, have a namespace for every role and a dashboard controller to show what you need. This will help you to keep things spited and will be more easy to maintenance. You can check it here how use namespaces. You can do it as well with a resource but I dont like it.
Other thing that you can do is having a single dashboard controller and redirect depending of the user role.
I have a web app that will have 4 different users on it:
Owner Admin (My Team and I)
Common User of the App (the everyday people using the site
Company Admins (The people who pay the bills)
Company Users
Of these the last 3 will require profiles and other controller and Model relations.
My question is do I create separate controllers for each of these users and have them link through their current devise ID to their individual profile, or should I edit the devise DB tables to accommodate for profiles and different levels of access?
Cheers,
Andrew
Mostly depends on what you want. I prefer to use a single table for all user types.
should I edit the devise DB tables to accommodate for profiles and different levels of access?
Again depends on what you want since there are many ways to provide different levels of access.
Edit user table (ie. roll your own solution on top of devise)
use authorization gem (eg. cancan)
Therefore no hard answers.
I have a Rails 3.1 application. I'm planning to use Devise for auth and Mongoid for DB storage. So basically there will be two different types of users: Clients and Developers. Each of them has different abilities, Client can post a project, Developer can response to project's creator. So somehow we have to separate them. I think they both can use User model (probably embedded in Profile or Client or Developer model). Client won't have any profile, but Developer will.
So I came up with several ideas:
Client and Developer models, each with different fields but each
embeds User model. But then we have to provide one login form for
both...
Another ideas is there should be User model, and Client and Developer
which inherit from User. Then we can just authorize User but also we
will need to somehow access profile data.
Your ideas on how this can be done?
Client and Developer models, each with different fields but each embeds User model. But then we have to provide one login form for both...
I'm not sure why this is a problem, exactly? Why do you want two different login forms?
I would make two different classes, and have them mix in User, which would contain the common functionality.
How about just adding a "type" field to the user model?
I have models A,B,C,D, etc. I have my usual controllers/views/helpers for each of these models. These are accessed by a set of content authors in a form based application to populate data into the db. The content authors will also have categories like authors, publishers, super admins etc. Essentially we have built out a mini content management system.
A set of other users (unrelated to the above set) need to access data in some of these models. But the view for those are totally different. I also do not want these users to have the edit screens for the models they are allowed to view. Essentially these guys are end users who use the application as a read only/analytics data store.
How do I accomplish this? Should I create separate controllers and invoke these models for the user website? How do I ensure the website users do not have access to the cms screens? Any pointers, design principles, routing methods, gems for such an application?
How do I accomplish this? Should I create separate controllers and invoke these models for the user website?
I would create a different set of controllers for the backend and frontend. I would move the backend controller to a namespace. More Information on namespaces: http://guides.rubyonrails.org/routing.html#controller-namespaces-and-routing
How do I ensure the website users do not have access to the cms screens? Any pointers, design principles, routing methods, gems for such an application?
For this you need some kind of authentication and authorization. Some examples:
authentication:
authlogic
devise
authorization:
cancan
declarative_authorization
aegis
acl9
There are some good screencasts on this matter:
Authlogic
Declarative Authorization
Authorization with CanCan
Introducing Devise
Customizing Devise
You need a layer of authentication.
The easiest way, and I'd say the most common one is to make separate controllers for each section, and add a before_filter method in each section authenticating and authorizing user to continue (usually a is_admin? method on the user model), or redirect back with an error message if the user is not allowed.
You can separate your controllers with namespaces (something like /admin/authors, /admin/books/1/edit and so on), and keep them RESTful this way.
If you need a more complex schema, you can use any of the authorization tools out there http://ruby-toolbox.com/categories/rails_authorization.html