My application has user part and /admin part. There are 2 models Account (like a customer) and Admin, and I should authenticate account and admin separately. Admins should not access account's part and accounts should not access admin area. Is there any solution for me or I should write 2 different applications for users and admins and then wait for merb 1.1 and mount them somehow into 1 app? Any ideas?
+1
A:
Hello, your question seems very interesting to me, i`ve had same problems at the beginning. So, i can suggest different solutions from which you can select one depends on your app structure.
If all your users belongs to one class but has special field (like UserClass = (:client, :moderator, :admin, etc.) you`ll have minimum of app modifications, just check the user class parameter in your controllers/views. I think it is not a good idea for you.
Best practice - to use Merb Authentication Strategies. It is very flexible mechanism, so you can select classes you want to work with.
For example, you`ll have 2 basic strategies: ClientAuth, AdminAuth. Both of them will use different user classes (Client, Admin). All you need - create custom strategy file and then connect it into your router like this:
authenticate(ClientAuth) do
match('/profile').to(:controller => ProfileController)
end
authenticate(AdminAuth) do
match('/admin').to(:controller => AdminController)
end
Or, you can use authentication within controller:
class AdminController
:before ensure_authenticated, :with => [AdminAuth]
def index
... your stuff ...
end
end
Also, you even can use only one controller for authentication for both classes using both strategies like this:
class AdminController
:before ensure_authenticated, :with => [AdminAuth, ClientAuth]
end
Just because you have set different authentication classes (Admin, Client) for your strategies you will be able to get information about it: session.user.class (it is a basic ruby method to find out the class name of object)
Here is some useful links:
Dan Sosedoff
2009-08-17 03:24:33