I am creating a daily deals website and have a Users table in my
database. I want to be able to differentiate admins from regular
users(customers). What is the recommended way to do this? Just add a
role column to the table which says "admin" or "customer"? Is this
secure? Or maybe create another table called Role (user_id, role)?
I am creating a daily deals website and have a Users table in my
database. I want to be able to differentiate admins from regular
users(customers). What is the recommended way to do this? Just add a
role column to the table which says "admin" or "customer"? Is this
secure? Or maybe create another table called Role (user_id, role)?
It depends on whether you will be using roles for anything more fine-grained in future. I have done both, and you just have to choose based on how complicated this side of your application is likely to become.
As far as security goes, just add a validation that ensures that the only person who can change the role is an admin. This keeps the admin from locking herself out, and it also keeps the proles from promoting themselves. Set customer as the default value for the role column in your migration, and either use console or a seed to set your first admin record.