Reputation: 337
I have bigs interrogations since 1 week. I have 3 differents type of users :
For the moment id just installing gem devise (and it s magic)
So for you what is the best pratice to do my differents users with differents priviledges ? Simple boolean (user,admin,editor) ? I need to attribute a specific post for Editor with user_id for example ? Do you know a gem who can help to do that ? Do you think it's possible to do an admin validation system to inject on DB ? How I can make pending list for Editor post ?
That's lot of noob questions for sure, but i m lost at this moment, so if u can help me please :)
Thanks
Upvotes: 2
Views: 1128
Reputation: 506
I find cancan to be a bit of a headache and prefer using a polymorphic association.
User is your top level model with "profiles" of
Your User model can contain a field called "profile_id" and "profile_type"
For example:
class User < ActiveRecord::Base
belongs_to :profile, polymorphic: true
end
class Admin < ActiveRecord::Base
has_one :user, as: :profile, dependent: :destroy
end
This works nicely too when your different "profiles" have different database fields. You can also just use Single Table Inheritance.
Edit:
In your user model:
def admin?
self.profile_type.downcase == "admin"
end
Then you can use the helper current_user.admin?
The same can be done for the remaining types.
Upvotes: 1
Reputation: 18056
Because this is a generic question without code example, I am going to suggest a general approach when beginning to solve this problem.
What you need is the cancancan gem:
github.com/CanCanCommunity/cancancan.
The gem provides "authorization" framework and capabilities that can be easily used in rails framework.
Original gem cancan was written by Ryan Bates as well. Here's a great video that explains it:
railscasts.com/episodes/192-authorization-with-cancan
Also, if you are a rails beginner, I would suggest not to use "devise magic" without understanding how it works. A good start is to try authentication from scratch as explained quite simply by Ryan bates here :
railscasts.com/episodes/250-authentication-from-scratch
It will make understanding cancancan easier.
Upvotes: 2