Modelling multiple types of users with Devise and Rails 4

Question

I have 3 types of "users"

Shop Provider Customer

The last 2 users will have similar attributes such as

First Name Last Name and so on

And the Shop user type will have the most contrast between types.

As far as behaviours they will all be quite different, although Provider and Shop will inherent many of customer behaviours.

It seems the behaviours can be dealt with CanCan as I've researched.

I'm now attempting to how I should authenticate these types.

I have looked at the STI model but I couldn't grasp where I would these extra attributes.

My mental model is as follower:

User is a table and model The types are abstract models that inherit from this.

So I'm wondering, how do I add attributes such as Business address for just the Shop type?

Or is it that the User Table has a column called Type and that type is associated with these type tables? And within the type tables are the extra attributes?

Answer 1

Don't even bother bringing Devise into this; Devise is for authentication not authorization. Authentication is determining whether or not someone who visits your site is who you think they are, like logging in. Authorization is deciding whether or not a user is allowed to perform some sort of action, like creating a new post.

What you want to do is have some sort of system that assigns a normal user your three different types; CanCan will do something like that. One way to do this on your own is using a permissions number based system. Let's say normal users have permissions level at 100, shop has a level at 50, and provider at 25. Using this system you can determine what actions a user can perform without having to make separate models, which will make your schema unnecessarily complicated. Here's an example of how this would work with say the UserController:

def show
  if current_user.permissions == 100
     render "customer_show"
  elsif current_user.permissions == 50
     render "shop_show"
  else
     render "provider_show"
  end
end

The easiest way to do this is to add a column to the user's table called permissions that defaults to say 100 when a new row is created. Here's what that migration would look like:

def change
  add_column :users, :permissions, :integer, default: 100
end

As for authenticating, don't worry about it. Let devise do it's thing; every user, no matter what type, will login and sign up in the same way, maybe just having separate forms for each that has a hidden field to set the permissions level for that specific kind of user.

Answer 2

I know I'm late to the party but I'm putting this out for future SO searchers. You CAN authorize actions with Devise. If you have devise models for 'buyer' & 'seller' you can add 'buyer_signed_in?' for whatever action you only want buyers to be able to do. You can also do more specific role-based authorizations as well - check out Devise' page

All in all, Tsiege's solution sounds pretty interesting. Let us know if you had any success with it!