Database and Authentication Design Question - ruby-on-rails

I have a Rails 3.1 application. I'm planning to use Devise for auth and Mongoid for DB storage. So basically there will be two different types of users: Clients and Developers. Each of them has different abilities, Client can post a project, Developer can response to project's creator. So somehow we have to separate them. I think they both can use User model (probably embedded in Profile or Client or Developer model). Client won't have any profile, but Developer will.
So I came up with several ideas:
Client and Developer models, each with different fields but each
embeds User model. But then we have to provide one login form for
both...
Another ideas is there should be User model, and Client and Developer
which inherit from User. Then we can just authorize User but also we
will need to somehow access profile data.
Your ideas on how this can be done?

Client and Developer models, each with different fields but each embeds User model. But then we have to provide one login form for both...
I'm not sure why this is a problem, exactly? Why do you want two different login forms?
I would make two different classes, and have them mix in User, which would contain the common functionality.

How about just adding a "type" field to the user model?

Related

How to handle multiple Devise user models with 1 post model

I need some suggestions on building a website with Rails as a newbie to programming
I am learning Rails by myself for around 2 months and I now want to build a website to connect individual consultants with individual clients.
My first problem is I am going to create 3 user models by using Devise (one for clients and one for consultants and one for admin) with the following main condition:
Only users can post a question.
Only the posting user and consultants can have comments on the question.
Only user or admin can change the question's status (like
solved or unsolved)
This is because consultant model will require more information to be provided than the client (not only the information but I want the consultants to verify themselves by submitting certificates etc. before becoming a part of professionals on my platform). Any gem to handle this? Or this is better to be achieved by STI using only 1 user model?
Actually, what I actually want to do at the end would be more complicated (and I still have no idea how to create it at this time), what I want to know at this point is that how can I handle 3 different models with the only 1 posting model (especially foreign key) because I am used to creating 1 user model for 1 posting model (and add Boolean for further management).
In addition, if I want to implement the in-app chat function, can I use the action cable for the private chat between the consultant and the client or should I make a new model for the private conversation between them, or do you have any gem to recommend?
Appreciate any comments.
I am going to use STI to avoid any complication as provided in [https://stackoverflow.com/questions/9472852/devise-and-multiple-user-models?rq=1][1].

Rails: How to implement login and authentication where i have five different user models in rails?

I'm fairly new to rails. I'm having problem on designing the model classes. So this app will be used by 5 different users(Students, Teachers, Head and Coordinator). They each are different users to login into the website and have different functionality (example: Head makes an event. Students register for an event. Coordinator sets who can be head etc). I have created all four models with USERNAME and PASSWORD on each models.I don't have user model right now because the users in this app are these 4 models. Now, while making login page, i'm having hard time on implementing the best way to authenticate the users. For example, If a Head puts its login credentials, the app should identify that user that logged in is Head. What approach will be best to encounter this?
Also, after not figuring out the way to approach this. I was thinking of using devise and CanCanCan gem. But the same promblem comes in even if i use this gems.(i maybe wrong)
Do not create multiple models for different kinds of users. This is almost always not what you want. Instead add a column called role of the type enum which contains all of the kinds of roles you want to add like Sergio pointed out. Your comment about having too many attributes on one model is a non issue compared to the one you are planning to create with 5 user models.
It sounds like you are possible putting too much data on the user model if that is your concern
and have different functionality (example: Head makes an event. Students register for an event.
For this you want a permissions system such as cancancan where you can specify which features of the website each role has access to.

Devise and discourse: Seperate devise users for vendors and users or just one devise for users?

I'm building a website, where vendors can have their own separate website on. There is vendors and normal users.
The goal is to have a closed profile page w. login for both, where a vendor can edit his website, check out stats and more. A normal user is also able to login to mark different vendor's websites as favourites and check out newest post on the forum. So what is important here is: They booth need to be on my Discourse forum, but I'd like to avoid a Vendor to have a login both for vendor and for a user (Signing up twice).
http://www.discourse.org/ has SSO ability for devise, but im not sure if it allows for two different devise models.
Should I:
Create one devise-model for both, called Users? (And have a boolean or integer if User is a vendor/has vendor-access?)
Or:
Separate them: One for Users and one for Vendors?
I haven't tested out if Discourse allows for two devise-models, since Discourse is the easiest to set up in production-mode. But I need your advice: Can I use Single sign-on for devise with two different devise models? Is it the preferable way? Or is there other ways than this I haven't noticed? Like adding a user to a vendor, or something?
Using rails 5
We can achieve this by managing role field. We can make entry on the time of sign_up in role field that user is normal user or vendor. After create this we check user_role can in after_sign_up_path and redirect to path accordingly.
for this refer gem rolify
please correct me if getting any thing wrong.

Rails, managing access of dashboard pages by models roles. Using devise

I am creating dashboard appliaction on Rails4. I have created model Partner with some data. I also have created a lot of models with views that will be associated to this Partner.
I can edit data of all models without any restrictions. Now I want to create Admin, that will login to my app and will manage data. Admins will be added via console and it does not need registration.
Also I want to make Partners to login/register too. Partners can only open pages that are connected to their data and edit them.
Here my questions depending on this situation:
How to remove registration element from Admins not affecting to Partners?
How to restrict Partners to only their own pages while Admins can be everywhere?
Is it good approach to make Admins and Partners to edit data on same dashboard, or I need to create different controllers with different views for Admins and Partners separately?
You should be able to do everything you're discussing by using a gem for handling authorization ( authority ) and one for roles ( rolify )
https://github.com/nathanl/authority
https://github.com/RolifyCommunity/rolify
You shouldn't have to create distinct views/controllers, however, depending on how divergent they are it may be appropriate. You should be able to do most of that logic by using logic to switch based on the permissions you set up.
current_user.can_edit?(page)
within the Authorization setup, you would have to determine who can edit/view/create/etc. There's a good writeup for doing this in the authority wiki.

Multiple User Logins in Rails

I am working on an app right now where I have Individuals, Athletes and Coaches. A coach has many athletes and they create athletes as well. Whereas individuals can just come to the site and use a different set of tools. So for functionality and logic reasons I prefer to keep the individual model separate from the athlete model.
When users come to the site I want them to login but it would be confusing to have 3 logins (coach, individual and athlete). Users coming to the site will get confused whether or not they are an individual or an athlete. I was thinking of putting a login link which would have an ajax menu with all three choices, which will look nicer but I still have the multiple login issue.
Does anyone have an idea on how I can make ideally 1 login form for individuals and athletes. I am using authlogic for authentication. I am not looking for code, I can go in and mess around, just wondering if there is a trick to this (making it easier for the user).
Thanks!
You might want to look at the devise gem (http://github.com/plataformatec/devise), this supports using multiple models for authentication.
Why not have the Individual, Athlete and Coach models be subclasses of your User model.
Then you can put all the authentication guff into User and it's available to all three - all through the same login form.
You want to assign Roles to Users. You don't need separate subclasses for each user type, model it so a user has_many :roles.
Have a look at this blog post for a detailed explanation - roles can be very simple if this is all you need.

Resources