Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I have made a fairly simple application, which can be found on GitHub called BaseApp2.
It's basically a starter application for future applications that I make to save me redoing the same parts over and over again. It's not advanced, but it serves its purpose for me.
At the moment any information that's entered into the database is either done by an user or an administrator user. That's the limit of my ability!
I would really like to add the ability of each user and administrator is part of a team or company. So each team/company would have one administrator (account owner if you like) and a number of users. The administrator could only edit users under their team/company name. Each team/company would only see data entered by their team/company.
Where can I start with this kind of thing?
Your post is pretty vague, but based on what you said I'd create a model for Company that has_many users.
Making sure that each user could only see data from their company would be as simple as limiting the data results to that company. Your index could look like:
before_filter :current_company
def index
#data = #current_company.data.find(:all)
respond_to do |format|
format.html
end
end
Limiting admin abilities to their own companies could be done with:
#data = #current_user.company.data.find(params[:id])
This prevents them from editing anything outside their company because if they try it'll just return a record not found error. Note that this could be cleaner, but you get the idea.
This railscast on subdomains will probably point you in the right direction: http://railscasts.com/episodes/123-subdomains (I like using subdomains because it feels cleaner to me, but it's not necessary and you can still use most of the rest)
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I'm working on a rails app to teach myself associations. Its an app with Tutors and Students where Tutors create Students as Users and can then Tutors create "posts" for what was taught in that lesson to the specific Students page to show their progress. When the Student logs in they can only see their assigned progress and do nothing else.
I figured an option is having Students as "categories" so the Students can be filtered but what is the best practice?
It seems simple but I keep overthinking it
Generally you want to create the associations as you need them in your code later. So if a tutor has many students and many posts and a student has many posts and belongs to a tutor and so on.
In order to restrict it in the view, you can restrict that in the controller. So this is where you can filter the posts by the students then. So you could do student.posts (Beware, I am not super sure what your db structure/schema looks like).
And there are gems that handle authorization. Look at pundit (my favorite) or cancancan. With those you can specifiy for each controller action, who can see/do certain things.
Now judging from the little information you gave, you might also want to look into namespaced controllers because you probably have a posts#index for tutors and another one for students. Here you can get another layer of organisation by adding a so called namespace meaning you can have one posts controller under tutors and one under students. You can find more info here: https://guides.rubyonrails.org/routing.html#controller-namespaces-and-routing
Let me know if anything is unclear!
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I'm a bit new in rails development I'm modeling a website with few resources and so far so good. But here is my question:
I would like to allow the admin users to manage information show in most of the pages: Application name, telephone number, address, default email and this kind of things.
My current idea is make a model Property with name and value, but somehow I'm not convinced about this approach because I'll need to access the database to get this values for every request.
Thanks everyone for your time! :D
This seems like an OK approach. If you implement caching, it no longer will hit the db with every request, and honestly it probably isn't really that big of a deal even without the caching. Build it the way you need, and optimize afterward, if necessary.
With all this being said, it may be worth considering how much things like the phone number are going to change, and balance the cost of developing a dynamic solution against the time it would take to change once, 3 years from now (if the number ever does change), in a partial.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
Excuse my lack of knowledge,
Lately, I am learning rails and found it extremely easy and fun, but still there is alot to learn.
I made an application for managing a Car workshop:
Owners has many cars
cars has many visits
visits belong to a car and an owner.
I wanna have the ability for diffrent users of workshops to manage their businesses, what is the currect design in order to make visits and cars and owners belong to that specific user, is making all models belong to User enough? where can I read about this? managing access to dabases based on the logged in user?
I read about authentication, but its not answering my question, which is the best design for my needs, which is workshops managing only their data.
You could probably check Devise (https://github.com/plataformatec/devise) which is one of the most common ways of handling authentication
In the end, you will have a User model and then you can treat it as any other model, so for example if you only want to show a user's cars you could do something like current_user.cars and restrict certain controller actions to happen only if user_signed_in? and so on. I do recommend checking their documentation, since most use cases are explained easily.
Devise can be used to handle authentication and Pundit or CanCanCan can be used for authorization. I'd recommend looking at those, there are many tutorials which will answer your question for those.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I allow the ability for users to create additional accounts as part of their Company.
IE. Nicky has an account, and her company is Nike. So her email address is nicky#nike.com.
Because her company is 'Nike', I'd only like email addresses she associates with new accounts to be #nike.com. If she tried to create bob#nike.com.au, it wouldn't be allowed.
I'm trying to find the regex that would match Nicky's domain to the one she enters in a new account field. If it's accepted, she can create the new account. Otherwise, it'll throw an error.
Are you familiar with regex? You shouldn't come and say "I need a code that does this: ..." without giving your own input, your post can come off as rude. I'll answer your question about the usage of regex though.
You can get the domain out of your e-mail input with a regex like this: (?<=#)([^\s]+)(?=\s|$) (doesn't work in javascript due to lookbehind). See https://regex101.com/r/qX1qF5/3 for examples and description.
Based on some answers on stackoverflow, if you're using Ruby, which we can only assume you are because of tags and not your actual post, you can capture it using scan or match:
domain = eMailInput.scan(/(?<=#)([^\s]+)(?=\s|$)/).first
Then you compare it to your domain name variable and you get the answer you need. It doesn't seem like the actual "validation" part should be done with regex.
That's the theory, anyway, and the way how I would approach this problem. Now go ahead and use it in your code and tell us if it works or if there are problems you're encountering.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
I'm looking for a Rails 3 compatible plugin/gem/engine that takes a more auth-begets-auth approach. Most of the rails "authentication/authorization" plugins I've encountered are set up with a view to users signing up automatically. In the past I've simply used the core of these plugins (for auth purposes) and tacked my own functionality on in order to get the results I want.
It would be nice, though, if there were an existing "full service" plugin/gem/engine that approached the whole Authentication from the standpoint of there being a single (with future) super user and only they can create users? Sort of a management system approach instead of a "hey we trust anyone to join us" approach…?
In a perfect world I'd also like to dynamically adjust permissions for each role, but I'd be happy with just a more "paranoid" authorization/authentication model. If not, I'll continue Frankensteining.
Best
You can set up the sign-up page with a before_filter for authentication with proper authorization so that random people can not create new users.
I recommend CanCan which is a joy to manage Role abilities and denying all but admins to create new users. CanCan can also automatically authorize Controller actions and will not allow even to acquire the signup form if not authorized.