Could I get some advice with an authentication/authorisation design please?
It’s for a car garage application that allows a customer to monitor the status of their car.
Here are my requirements:
1. I need a heirarchy of 4 users:
A. Superuser (me)
B. Garage owner.
C. Mechanic.
D. Customer.
The superuser can create/edit/delete users A,B,C and D.
The Garage owner can create/edit/delete users C and D.
-
There can be multiple Garage owners that own the same group of mechanics, and customers.
-
Authentication for garage owners and mechanics is an account number (that the application issues) and password.
-
Authentication for customers is based on their email address and password.
-
A single login form for all types of user.
-
A customer has visibility of the status of their car only. A mechanic or garage owner has access to all cars associated with the garage. And the super user has access to all cars in the db.
My plugins of choice for this would be authlogic and cancan, but I can’t seem to find an elegant design that will represent the ownership of some users by other users, for example, that for a particular garage owner, get all the mechanics or customers.
I would appreciate any thoughts about the best way to model this.
Thanks
I think you want a
Usermodel with agarage_idand aroleproperty. I would expect that you could use anafter_saveon theUserto set theloginproperty to theemailoraccount_numberappropriately. You could do the rest in the CanCanAbilityclass. Obviously the super user will have aNULLgarage_id.