Class inheritance and AAA

Hi all,

I'm somewhat new with RoR, but have been programming for a while. I'm trying to design the right model for an application which will have a login system, I'm leaning towards acts_as_authenticated.

I have one confusion, though... In my app, I want to have one login system which will allow general Clients and Employees to login. These have all similar characteristics shared with the User table created by AAA, but also have other methods and behaviors to deal with the rest of my app.

How should I define the Client model, for instance? Would it be something like:

class Client < User

since I already have user.rb defining the User class as such:

class User < ActiveRecord::Base

or would I be forced to compromise and create different Client and Employee tables and models, each with its own salt, hashed_passwords and the like?

I figure by inheriting from User, I should be able to define the User model with all the relevant methods and properties. Must I have all the classes in the same file, or am I able to have a client.rb file where I inherit User?

Thanks for any help in advance, Mauricio

[...]

Hi Mauricio,

What you're describing sounds very much like role-based authorization to me. Your Clients and Employees do not necessarily have to be first-class models; they are both Users, but they belong in different roles because they do not have the same access to resources.

How you implement this kind of role separation is up to you -- in some of my apps, I have just a text field on my User model that contains the name of a role; in others, I have a table of Roles, and my User model belongs_to :role (i.e., it has a role_id field). In still others, where users can be in many roles and the relationship is a many-to-many, I use a join model, like "Membership", which has a user_id and a role_id.

Another way to get started might be to look at Bill Katz's Authorization plugin ( writertopia ). I don't know if he's been doing much work on it lately, but it's certainly worth looking at, as it may help with your concerns.

Regards,

Seth Morabito

Here's an overview of several authorization solutions for rails http://www.vaporbase.com/postings/Authorization_in_Rails

Thank you so much, Seth and Linoj.

I don't know why I didn't think of RBAC before, it's definitely what I need.

So I'll just use the authentication provided by AAA, then setup an authorization system based on the Membership model, which then allows me to redirect the user to the right controller depending on the current role the User assumes. I actually considered using Goldberg, but that would defeat my purpose of learning more about Rails, so I'll build it from scratch.

Thanks again, guys, super helpful!

Cheers, Mauricio