I've discovered yesterday a tutorial that explains how to implement a role based single user model with Devise, ActiveAdmin and CanCan : http://renisoft.com/devise-activeadmin-cancan-single-user-model/. Yet, I'm new to rails, and I was wondering if it is possible to implement such a solution with roles that have different attributes. For instance, my users will have email, forename, surname, password and will share it with the other roles. But my seller role will have many attributes, my admin and my buyers will have others. Is it something possible to implement with those ruby gems ?
Thanks in advance for your answer.
Users and roles are two different things. Roles haven't got any attributes, but Users have.
However check this:
Rolify is a great Role management library for rails: https://github.com/EppO/rolify
Related
I have a User table where i store user information and i have a Role table where i store the roles. The associations of the tables is : User can have just one role, and roles can have more than one User.
I have my controller where i have actions like "create, new, update, delete". I want to use authorization for these actions. For example admin can do everything, a simple user can just read etc. Im very new in RoR, can somebody tell me how to permit/restrict access to specific pages/actions based in roles.
Thanks in advance
The CanCanCan gem is designed for this task.
I would also recommend considering the gem Devise for user authentication, rather than rolling your own solution.
In rails_admin wiki with Devise it has example with only one model. I have two models Admin and Owner. I will define their roles with cancancan.
Is it possible to make more than one model, which uses Devise, able to login to rails_admin dashboard? I just can't find any examples.
Using only one model with diffrent roles may be bad solution, because there each of them will have very different attributes.
The only method I have found is to use inheritance.
I have Admin and User models in which I want to use my rails_admin. I have created Person model which will be parent class for both of them.
Then I added devise for Person with CanCan authorization.
I am trying to have Devise create a single User model and have different roles be a separate model. My User model (from rails g devise User) has a email, first name, last name, and role field.
The roles are admin, spectator, competitor. So, I created admin, spectator, and competitor models who all inherit from the User model.
I followed the top answer from devise and multiple "user" models and I can create a user. However, my competitor model migration also has other information such as contest name and location that are not required for the other models. When I do Competitor.create() and put in the necessary information for creating a devise User, the User gets stored in the database even though I have null constraints on the competitor model for contest name and location.
When I do Spectator.all, the recently created competitor data shows up which I thought it shouldn't....
My question is how should I be setting this up so that a competitor user doesn't get created unless his contest name and location is provided.
Another question is why when I do Spectator.all is the competitor's information displaying?
There is a much better way to use devise for multiple users.
Use Rolify Gem
It makes development much easier faster and more secure. You can have the configuration as per your requirement in the question "Single User model and each roles have a separate model"
Tutorial for using Rolify gem + Devise by Rolify Gem developers
If you want an authorization system, so go for CanCan created by Ryan Bates. With CanCan you can have many Roles. I am using it with devise with no problems. See Role Based Authorization and Separate Role Model. And check this ScreenCast about CanCan
Building a small reservation site. There are users (who login and work with the site) and there are guests who are being assigned to rooms. users can be (are?) guests but not all guests are also users.
My initial inclination was to set up a belongs_to / has_one relationship between user & guest but maybe STI would work here? Being as users & guests have first_name, last_name, email etc. does it make sense to set up the model such that, say, user and guest both inherit from person?
I will roll my own simplistic authentication so the only additional fields user is likely to have are password_digest, roles_mask and a icon_color.
Any suggestions? I only ask because things can get tricky around authentication, authorization & whatnot.
Appreciate any ideas/tips!
The simplest approach here would be to, as suggested, stick to STI. You can, for example, setup a single devise User model as well as apply ACL with CanCan and define roles for your users.
CanCan's ability spec will determine which resources are accessible and what are not. The advantage here is that users can be guests, and depending on how you setup your ACL, guests can be prevented from having admin like access.
However, Jesse's suggestion of going two separate Devise models is also a good idea as this ensures their sessions are separate. This is more straightforward to implement as you can then setup a User-specific ACL and Guest-specific ACL accordingly.
https://github.com/ryanb/cancan
I'm writing a trading system and I have 3 models/roles: Buyers, Sellers and Administrators. I have generated the devise views for each of the models but I would like to use the same sign in, forgotten password pages etc. for them, rather than maintaining 3 sets of views, is there a way of doing this?
The buyer and seller have similar fields (forename, surname, email address, telephone etc.), is it possible to use STI with devise and is it fairly straightforward? At the moment I have 3 separate models with no inheritance.
You can simply have a single User model with a :role attribute and also implement a simple ACL via CanCan or decl_auth (gems). This way they will all sign in etc. via the same session. Devise and CanCan is quite a popular approach and well documented online and in their respective Github wiki's.
For administrators, you can modify your validations to skip on the extra attributes and leave them as blank in the DB.