Hi,

I am creating a daily deals website and have a Users table in my
database. I want to be able to differentiate admins from regular
users(customers). What is the recommended way to do this? Just add a
role column to the table which says "admin" or "customer"? Is this
secure? Or maybe create another table called Role (user_id, role)?


Thanks
Samir

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Search Discussions

  • Walter Lee Davis at Dec 17, 2011 at 11:32 pm

    On Dec 17, 2011, at 6:23 PM, Samir wrote:

    Hi,

    I am creating a daily deals website and have a Users table in my
    database. I want to be able to differentiate admins from regular
    users(customers). What is the recommended way to do this? Just add a
    role column to the table which says "admin" or "customer"? Is this
    secure? Or maybe create another table called Role (user_id, role)?
    It depends on whether you will be using roles for anything more fine-grained in future. I have done both, and you just have to choose based on how complicated this side of your application is likely to become.

    As far as security goes, just add a validation that ensures that the only person who can change the role is an admin. This keeps the admin from locking herself out, and it also keeps the proles from promoting themselves. Set customer as the default value for the role column in your migration, and either use console or a seed to set your first admin record.

    Walter

    Thanks
    Samir

    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouprubyonrails-talk @
categoriesrubyonrails
postedDec 17, '11 at 11:24p
activeDec 17, '11 at 11:32p
posts2
users2
websiterubyonrails.org
irc#RubyOnRails

2 users in discussion

Samir: 1 post Walter Lee Davis: 1 post

People

Translate

site design / logo © 2021 Grokbase