I hope someone can help me.
I have a client who has asked me to develop a project status tracking
application using Ruby on Rails which will enable various business
partners to view the status of various projects that are currently in
Each business partner will have projects which they can view the
status. There will be projects which some business partners cannot
view the status.
Would someone please direct me to a plug-in or tutorial or book which
will enable me to setup this scenario in Ruby on Rails.
I suppose what I'm really looking for is a facility to not only
perform Authentication (i.e., registration, login, logout, etc.) but
also Access Control to projects in this case (e.g., User A can view
Projects A, B & C, but not Projects D, E & F, in fact, User A doesn't
even know that Projects D, E & F exist).
I hope someone can provide direction.
Thanks in advance.
Have a look at:
And particularly post #5, where the author explains about different
"areas" of the application, selecting by the user role.
i would probably start with good old faithful restful_authentication
plugin. This wil give you your basic login/registration pattern
Next, I add acl_system2 plugin, which allows me to lock down certain
sections of the website programmatically by adding roles to users.
Next I would create my models controllers and views for the Projects
Next I would use a polymorphic has_many :through association to
"attach" projects to users. By using polymorphism you allow the
flexibillity to create other types of assets that users might be
restricted in viewing
Finally i would create a helper method within the User model that
allowed me to check whether a project is viewable by a specific user
id | login | hashed_password | email
id | title
user_id | role_id
id | name | description | created_at | updated_at
assetables table (this is your polymorphic association table, where
you assign projects to your users)
id | user_id | assetable_id | assetable_type
I always get confused with the polymorphic association syntax. If
you're stuck, get hold of acts_as_taggable_on_steroids and copy the
way they do it, or, just drop back to a has_and_belongs_to_many
association until you really need to use polymorphism.
BTW I find make_resourceful invaluable when dealing with polymorphic
resources, and, in fact all RESTful controllers. You might like to
take a look too mr.hamptoncaitlin.com. Take a look inside the
actions.rb file to see what it's doing under the hood.
or.. you could do it all yourself, like the post that just beat me!
Or sign up for a corporate Basecamp account, spend some time setting
up the users and project data, then spend the summer working on all
Rey9999, Wildtangent & Cynthia.
Thank you for your responses. You've given me a lot of information to
review and consider.