Topic: Help with authentication/authorisation design.
Could someone help me with an authentication/authorisation design please?
It's for a car garage application that allows a customer to monitor the status of their car. Here are my requirements:
1. I need a heirarchy of 4 users:
A. Superuser (me)
B. Garage owner.
The superuser can create/edit/delete users A,B,C and D.
The Garage owner can create/edit/delete users C and D.
2. There can be multiple Garage owners that own the same group of mechanics, and customers.
3. Authentication for garage owners and mechanics is an account number (that the application issues) and password.
4. Authentication for customers is based on their email address and password.
5. A single login form for all types of user.
6. A customer has visibility of the status of their car only. A mechanic or garage owner has access to all cars associated with the garage. And the super user has access to all cars in the db.
My plugins of choice for this would be authlogic and cancan, but I can't figure out a design that will represent the ownership of some users by other users, for example, that for a particular garage owner, get all the mechanics or customers.
I have tried several designs, but none seem to work. I would appreciate any help, advice or pointers.