Class inheritance and AAA

Mauricio_Sadicoff · May 24, 2007, 5:26am

Hi all,

I'm somewhat new with RoR, but have been programming for a while. I'm trying to design the right model for an application which will have a login system, I'm leaning towards acts_as_authenticated.

I have one confusion, though... In my app, I want to have one login system which will allow general Clients and Employees to login. These have all similar characteristics shared with the User table created by AAA, but also have other methods and behaviors to deal with the rest of my app.

How should I define the Client model, for instance? Would it be something like:

class Client < User

since I already have user.rb defining the User class as such:

class User < ActiveRecord::Base

or would I be forced to compromise and create different Client and Employee tables and models, each with its own salt, hashed_passwords and the like?

I figure by inheriting from User, I should be able to define the User model with all the relevant methods and properties. Must I have all the classes in the same file, or am I able to have a client.rb file where I inherit User?

Thanks for any help in advance, Mauricio

Seth_Morabito · May 24, 2007, 8:52am

[...]

Hi Mauricio,

What you're describing sounds very much like role-based authorization to me. Your Clients and Employees do not necessarily have to be first-class models; they are both Users, but they belong in different roles because they do not have the same access to resources.

How you implement this kind of role separation is up to you -- in some of my apps, I have just a text field on my User model that contains the name of a role; in others, I have a table of Roles, and my User model belongs_to :role (i.e., it has a role_id field). In still others, where users can be in many roles and the relationship is a many-to-many, I use a join model, like "Membership", which has a user_id and a role_id.

Another way to get started might be to look at Bill Katz's Authorization plugin ( writertopia ). I don't know if he's been doing much work on it lately, but it's certainly worth looking at, as it may help with your concerns.

Regards,

Seth Morabito

Jonathan_Linowes · May 24, 2007, 2:56pm

Here's an overview of several authorization solutions for rails http://www.vaporbase.com/postings/Authorization_in_Rails

Mauricio_Sadicoff · May 26, 2007, 2:58am

Thank you so much, Seth and Linoj.

I don't know why I didn't think of RBAC before, it's definitely what I need.

So I'll just use the authentication provided by AAA, then setup an authorization system based on the Membership model, which then allows me to redirect the user to the right controller depending on the current role the User assumes. I actually considered using Goldberg, but that would defeat my purpose of learning more about Rails, so I'll build it from scratch.

Thanks again, guys, super helpful!

Cheers, Mauricio

Topic		Replies	Views
Simple authorization setup rubyonrails-talk	7	127	March 14, 2007
Refactoring Existing Application For Login Accounts rubyonrails-talk	2	175	June 21, 2007
Authorization with single table inheritance? rubyonrails-talk	1	126	April 16, 2007
Logins for customers and admins rubyonrails-talk	2	92	August 7, 2007
Model newb qustion rubyonrails-talk	3	128	September 19, 2008

Class inheritance and AAA

Related topics

More Resources