I am working on an app right now where I have Individuals, Athletes and Coaches. A coach has many athletes and they create athletes as well. Whereas individuals can just come to the site and use a different set of tools. So for functionality and logic reasons I prefer to keep the individual model separate from the athlete model.
When users come to the site I want them to login but it would be confusing to have 3 logins (coach, individual and athlete). Users coming to the site will get confused whether or not they are an individual or an athlete. I was thinking of putting a login link which would have an ajax menu with all three choices, which will look nicer but I still have the multiple login issue.
Does anyone have an idea on how I can make ideally 1 login form for individuals and athletes. I am using authlogic for authentication. I am not looking for code, I can go in and mess around, just wondering if there is a trick to this (making it easier for the user).
Thanks!
You might want to look at the devise gem (http://github.com/plataformatec/devise), this supports using multiple models for authentication.
Why not have the Individual, Athlete and Coach models be subclasses of your User model.
Then you can put all the authentication guff into User and it's available to all three - all through the same login form.
You want to assign Roles to Users. You don't need separate subclasses for each user type, model it so a user has_many :roles.
Have a look at this blog post for a detailed explanation - roles can be very simple if this is all you need.
Related
I'm fairly new to rails. I'm having problem on designing the model classes. So this app will be used by 5 different users(Students, Teachers, Head and Coordinator). They each are different users to login into the website and have different functionality (example: Head makes an event. Students register for an event. Coordinator sets who can be head etc). I have created all four models with USERNAME and PASSWORD on each models.I don't have user model right now because the users in this app are these 4 models. Now, while making login page, i'm having hard time on implementing the best way to authenticate the users. For example, If a Head puts its login credentials, the app should identify that user that logged in is Head. What approach will be best to encounter this?
Also, after not figuring out the way to approach this. I was thinking of using devise and CanCanCan gem. But the same promblem comes in even if i use this gems.(i maybe wrong)
Do not create multiple models for different kinds of users. This is almost always not what you want. Instead add a column called role of the type enum which contains all of the kinds of roles you want to add like Sergio pointed out. Your comment about having too many attributes on one model is a non issue compared to the one you are planning to create with 5 user models.
It sounds like you are possible putting too much data on the user model if that is your concern
and have different functionality (example: Head makes an event. Students register for an event.
For this you want a permissions system such as cancancan where you can specify which features of the website each role has access to.
I have following models (models don't overlap, an accountant can not be a customer):
Company has many accountants
Accountant has many customers
Accountants and customer can sign in / up.
What is the best way to do the auth?
Option A:
Use Devise with two separate models (Accountant & Customer:
https://github.com/plataformatec/devise/wiki/How-to-Setup-Multiple-Devise-User-Models
Option B:
Use Devise with one Model user, then another model Profile, which has some information, for example, column role.
Pros and cons would be very helpful, since I ask my question myself every time I build such a Rails App. I am used to work with Option B
Thanks.
Well, the right solution depends on how you are going to handle these 2 types of users, accountants and customers. Both options are reasonable, however, I would stay with Option B.
Pros are:
You don't have to worry about the same logins of Accountants and Customers models. When using the same Sign In form for logging in customers and accountants (I doubt that there will be 2 different login form for them) the controller will have to find out if it is a customer or accountant. There can be ambiguity if the given login will be in customers and accountants table. When you use only one table, users, there is no such problem.
You don't have to duplicate code related to authorization. Sooner or later, but with 2 different models, it's inevitable. Different views, different mail templates, sometimes different controllers.
I'm not sure about your case, but the same user can be a customer AND accountant at the same time. It's more about usability, and some applications really separate these accounts: that double-role users have separate logins, one for accountant role and other for customer. As for me, it's not user-friendly, and it's better to have a single login with an option to switch between the roles when logged in.
On the other hand, if accountants and customers do not overlap at all, like regular users and admins, then it makes sense to have them in different models. But in this case they would need different interfaces too, the same as admin panel for site administrators and regular UI for regular users.
If I want to build a Rails app that has two different types of users, let's say one type is called players and the other one is owners, what is the best and most efficient approach to modeling the app?
Things to take into account:
There should only be one Login, but different Registration forms that Owners/Players can use.
Owners can have access to a control panel but Players cannot.
Owners cannot share any of Players capabilities, but both need to be able to perform Login/Registration.
I am not using Devise, so please do not suggest it.
Different Approaches I've considered:
Using cancancan gem, but it does not really seem to meet my needs in the sense that I am not looking to create a user/admin hierarchical approach but rather a if you're a Player, then you can see these pages and perform these actions but Owners cannot and vice versa. Almost like splitting the app in two. cancancan seems that it would treat Owners as "Players with extra privileges", not different privileges entirely.
Creating separate models with separate login and registration forms, which seems like a disaster waiting to happen. One small mixup between a Players table and the Owners table, especially with the primary keys, and that will be a world of trouble where people could end up logging in to the wrong accounts.
Creating a polymorphic or has_one relation toward an Account model, which so far, seems like the best way to probably go about it. If I created a polymorphic Account model, I can store different types of Players/Owners, but how could I compare login credentials against all types?
I had been trying to find something on this matter regarding how to map this out and was surprised to not find an information on how to do this without using Devise. If anyone has any good links they can point me to that also address this matter (without Devise), please leave them in your answer! Thanks.
I'd suggest one User class with a type attribute that determines whether the user is a Player or an Owner (single table inheritance). This way you keep the registration logic in one place but can customize the forms depending on the user's class.
There must be alternatives to cancancan that help with what you want to do, or you can implement helpers yourself:
def can_access_control_panel?
current_user.is_a?(Owner)
end
You have to have a way to separate one user from another. One way is to add an attribute to the User table so you can call current_user.role and it will return "owner" or return "player".
I have used Pundit gem in the past. It lets you define which controller actions the current user is allowed to access. So as you create resources for your application, you can add a policy that specifies who is allowed to that given resource. This is the repo to the application.
This answer might help you.
When is it okay to use multiple devise models?
I have 3 types of users - users, vendors and admin. Vendors have a bunch more fields than users so I want to have separate tables for them. Users can sign up and sign in using facebook (vendors cannot). And users and vendors share the same sign-in page/form.
I started with multiple devise models, got confused how to handle a single sign-in page, and then read a lot here about using polymorphic associations and STI instead of discrete models. I'm still confused as to when each approach should be used and what would work better here... i know its a little vague, any advise would be great though, or any good links..
Users also fill out a bunch of extra fields when they sign up - even through facebook. How can I keep track of those fields for an omniauth login? (and should I use devise for this or something like omniauth identity..?)
Thanks for looking at this! I'm a rails newbie setting up authentication first time, really appreciate the help
Depending on the case it is recommended to separate or use a single model. The alternatives:
Use separate models, override the controllers, so firstly you check if the record match in User, and if it doesn't match try with Vendor
Use a single model for storing User and Vendor, use a boolean (a string if it is a polymorphic association) to check the kind of user, and add related models in order to store the additional fields
I think option #1 is easier but bigger, and option #2 is a little bit difficult but shorter.
Also, it would be a good idea to separate the models because User connects to FB and Vendor no, it represents a lot of differences.
In another way, the searches will be faster using option #2, because it will be only 1 query, and the table will be light because it will not contain the specific fields for users and vendors; you also have to consider this in order to make a decision.
For Admin you can follow a similar criteria.
Check this out: https://github.com/mkdynamic/omniauth-facebook
I'm using Mongoid, Devise and Rails 3.1.
I have four models: Students, Teacher, Parents and School (the main account). All them will log in on system. But, I don't want create four ways to login. I want create an unique login method using anyone this models, but with respectives roles (This is the minor problem, I already can do that with CanCan).
Anybody have a easy solution, without create a programming-hell?
Actually, people logging on to your system are all Users. So either you choose to let the classesTeacher, Student, Parent, SchoolRepresentative to inherit from User using STI.
Most of the times I prefer simply that a User has roles. And the role would then be teacher, student ...
The roles define what a user is allowed to see.
Hope this helps.