views:

164

answers:

1

I am working on a Rails application that requires roles-based permissions (let's call it the "Hidden" application), but the application will not be handling user authentication. The Main application sets an encrypted cookie and the Hidden application uses that as evidence of authentication.

The Hidden application needs to implement a variety of roles; administrator, project manager, editor, etc. I am using an authorization plug in that creates a roles table and a users_roles table and uses has_many relationships between the user table and the roles table using a users_roles table. All pretty vanilla stuff so far.

The challenge is that the Main application already has a users table and a users_roles table. I have a Main::User model that uses the Main application database (creating a custom connection), but when trying to leverage the authorization infrastructure by creating a role, the operation fails because ActiveRecord is using the connection information from the Main::User table, which tries to update the users_roles tables in the Main application (which is not permitted). I've even tried removing the habtm specification and use the has_many macro with the :through option to specify the join table, but ActiveRecord still uses the Main database because the connection gets set up through the Main::User model.

The next step was to implement Rails Recipe 15 "Connecting to Multiple Database", but the part I'm missing is how to make my local reference model, UsersReference, automatically reference the users table of the Main application. The recipe mentions, "This solution would, of course, require the necessary rows to be created in the product_references table to match any products we have in the alternate database. This could be done either in batch or automatically at runtime." I'd rather not have to maintain dual copies -- there are over 425,000 users and their status change all the time, so the idea of doing batch updates isn't very palatable.

Ideally, I would like the UsersReference model from the Recipe to act as a delegate to the users table. I imagine this would involve getting the rows from the users table automatically at runtime, as described in the recipe. Does any one have experience in doing this or something like this? I'd greatly appreciate your thoughts.

A: 

I've solved it so far by removing the UsersReference model, and creating a Users model in the Hidden app. I've defined User.find_user, which checks to see if the user ID is in the local table. If it isn't User fetches it from the Main::User model and saves it locally. The Hidden User model is the one used for authorization, which fulfills the needs of the authorization plugin. The last thing I'd like is to hide the User.find method so that it can't be called accidentally, but creating a self.find(*arg) and making that protected or private didn't work -- User.find was still callable.

Peter Degen-Portnoy