Topic: Authentication Structure


I am a rails newbie, and I am munsure of how I should set up my authentication strructure.

Basically I want three levels:


in which the admin is obviously for admin tasks and has access to everything. The professional is the main user of the app and is the one who signs up, and the client will be given access to certain parts of the Professional's space, once the Professional has created a login for them.

I hope that makes sense.



Re: Authentication Structure

I think a good place to start would be acts_as_authenticated by technoweenie.

I'd set up basic authentication first and then move on to including the roles. Depending on how complex you need your access control you could make some small modifications to acts_as_authenticated or use that ACL2 thing people are talking about. ACL System 2

Re: Authentication Structure

Once you get a basic User model authentication in place, I recommend using Single Table Inheritance on it for determining the roles. If you ask the user model if it has permission to do something then you can easily override the permissions in each role/subclass. I have done this and it has worked well.

Railscasts - Free Ruby on Rails Screencasts

Re: Authentication Structure

thanks guys. I think single table inheritence would work best.