One account several users with different privileges

My app needs to have an account with several users inputting tasks on the same account. Only one of the users (the one that opened the account) will have admin privileges.

I'm thinking on using Authlogic for authentication and CanCan for determining user privileges. The point is that I'd like the User that opened the Account to be admin by default being him the only one to be able to create other Users for his account with a different privileges.

I'm working on something similar right now. I created a very simple login/authentication method and now I'm dealing with users privileges in the site.

In my case I have posts that belongs to companies so only users from the post's company can view them. Also each user has roles (Admin) to edit, remove, etc and (Some Role) to view exclusive posts.

I'm taking a look to both CanCan and Canable (http://github.com/ jnunemaker/canable)

I'll keep updating. Any preference on plugin or would it be better to write some custom code?

Carlos Cabrera wrote:

I'm working on something similar right now. I created a very simple login/authentication method and now I'm dealing with users privileges in the site.

In my case I have posts that belongs to companies so only users from the post's company can view them. Also each user has roles (Admin) to edit, remove, etc and (Some Role) to view exclusive posts.

I'm taking a look to both CanCan and Canable (http://github.com/ jnunemaker/canable)

I'll keep updating. Any preference on plugin or would it be better to write some custom code?

My idea is when you sign up for an account you should fill up the account name (Company) and the first users data (First name, Last, etc) Being this first user the only Admin user. From there that Admin user will create new users capable of adding tasks to that account (company). How would you approach this?

We had a similar problem - we did it this way: set a global string ADMINCODE = "somethingImpossibleToGuess" and include a text field for this in the signup form. If the user can enter an admin code, then they get to be admin.