Question

  • Admin = total control. CRUD Teacher and Student accounts. Minimal field set.
  • Teacher = Read/Update their own account. Read their own Student accounts. More unique fields.
  • Student = Read/Update their own account. Many more unique fields.

Authentication - Devise Authorization - CanCan, Rolify

I have a single User model in Devise combined with CanCan and Rolify to set roles and abilities. This works ok but starts to get complicated due to the first requirement below. I'm not sure that 'roles' is the best way to differentiate these accounts since they have a very different field set and abilities.

Would it be better to have different Devise models for the three user types? (This is complicated by the second requirement.) Or is it best practice to keep all users in one model and assign roles and abilities as I'm doing now?

Requirements:

  • Different user types will have several (required) fields unique to that user type (i.e. Student has parent_name, Teacher does not etc)
  • I need to have a unified login form and have user type detected from login credentials and user redirected based on this.

I've looked at several answers on here regarding the specifics of achieving either of these methods but I'm looking for advice on which method is more suited to my application. Am I putting too much in Devise? I realise it's only an authentication framework. Should I have a separate User model for personal attributes?

As if you can't tell - I'm new to this and still trying to get the concepts.

Was it helpful?

Solution

One suggestion would be to keep things as simple as possible with Devise and manage the roles by a single string field in the User model. Then you only have one field to check for authentication, and you can make 2 other separate models for the other attributes required by Teacher and Student as they will be easy to access with Rails' helpers (belongs_to etc).

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top