I have the following situation:
My app has several types of users: Owner, Team Member, Collaborator, Client, and . (the Guest type isn't relevant for this question)Guest
These are the connections between the different models:
Ownerbelongs_toAccountAccounthas_manyTeam MembersAccounthas_manyProjectsProjectshabtm (or hmt)CollaboratorsProjecthabtm (or mht)Clients
There are four key functions I need for my authentication & authorization:
- Be able to upgrade a Collaborator to a Team Member (this means removing all habtm's to Projects, and add a belongs_to to Account
- Be able to have different Devise strategies for different users (Owners have registerable, clients do not)
- Have different login pages which only accept a subset of users (separate login for owner/team members/collaborators and clients)
- Be able to call the different subset of users using Account.owner, Account.team_members, Project.collaborators, and Project.clients
I have gone over several solutions in my head, but I am unsure which would work best in my situation.
- At first I thought about using Devise for both the authorization and authentication, but I figured I'd better use something like CanCan for the authorization part.
- I also considered using one table for each user type, but that would make it harder to change roles after initial creation
- I am now dubbing on using STI fo have TeamMember < User, Client < User, etc. But since Clients and Collaborators belong to Projects and Owners and Team Members belong to an Account, I am not sure that will work easily with STI, and I also haven't really found any good examples on Devise with STI.
Any ideas how to solve this situation?
