Hi,
I am creating a daily deals website and have a Users table in my database. I want to be able to differentiate admins from regular users(customers). What is the recommended way to do this? Just add a role column to the table which says "admin" or "customer"? Is this secure? Or maybe create another table called Role (user_id, role)?
Thanks Samir
Hi,
I am creating a daily deals website and have a Users table in my database. I want to be able to differentiate admins from regular users(customers). What is the recommended way to do this? Just add a role column to the table which says "admin" or "customer"? Is this secure? Or maybe create another table called Role (user_id, role)?
It depends on whether you will be using roles for anything more fine-grained in future. I have done both, and you just have to choose based on how complicated this side of your application is likely to become.
As far as security goes, just add a validation that ensures that the only person who can change the role is an admin. This keeps the admin from locking herself out, and it also keeps the proles from promoting themselves. Set customer as the default value for the role column in your migration, and either use console or a seed to set your first admin record.
Walter
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks