Using act_as_authenticated where two models require different authentication

Hi there.

I am playing around with acts_as_authenticated as many recommend it
for authentication. I have two relevant model: Worker and Company.
Registration for both Workers and Companies should be pretty similar:
username, email, password, email verification, etc.

I thought of two possible solutions, both of which may be ood/bad
ideas: I don't know because I am too new to rails at this point :slight_smile:
(1) Create a UserBase class that is the model created by the
acts_as_authenticated generator. From there, I can use polymorphism
and STI to derive Workers and Companies, each with their own unique
properties, but sharing the common authentication stuff.
(2) Trying to generate seperate models using the acts_as_auth
generator.

I really would appreciate some guidance here. Obviously, Workers and
Companies should only be allowed to access the resources of the site
permissible to each. However, using before_filter :login_required
doesn't seem to be able to specify which model requires
authentication.

Maybe acts_as_auth isn't the best solution, but I have no idea. Maybe
I should roll my own based on the example code from "Rails Recipes",
as I need both authentication and resource authorization; I just
didn't want to reinvent the wheel.

Thanks for any suggestions.
-Chris

If Worker and Company have a fairly similar set of fields, then STI can certainly make sense. If they are fairly different, you could make sure they each have the required fields (login, password) and put the authentication code into a module that you include into each class.

Remember that login_required calls the authorized method as one of the last things it does to return whether the login was successful. So, in your different controllers you can create a custom authorized method that then checks some aspect of the object returned by current_user (such as its class or whether it responds to a particular method).

Thanks for the reply.

I am really stuck on this one. This will be trivial I am sure once I
gain my rails legs, but for now, I don't know where to start.

I need to have workers and companies in my system. The worker can
create an account with profile information, and only that worker
should be allowed to edit his profile page (although it will be
publicly viewable). Similarly, companies can create profile pages as
well, and companies can only edit their infomation (as expected). The
only real similarity between workers and companies (for now) is the
account (username/password/email) creation process.

As such, can anyone suggest a clean design? I was planning on using
acts_as_authenticated (or restful_authentication), generating separate
worker/company model/controllers. I have seen a bit on "barn-
raising", in which a community helps a new rails dev get going; anyone
want to help raise my barn?

Cheers.