i'm building event registration system in ruby on rails. i'll need admin users normal users. there best practice creating admin users manually , not letting random person "sign up" admin? also, there way prevent signups in general?
(i'm thinking using devise gem)
option #1
the simplest way i've found, scenarios, add admin (boolean) attribute user model (i use devise, applies user model):
# db migration class addadmintousers < activerecord::migration def change add_column :users, :admin, :boolean, default: false end end then, activerecord, you'll automagically have admin? method on user model:
<% if current_user.admin? %> <%= # super-secret admin-only option %> <% end %> then, signup pages same were, , new users silently default admin = false. then, can implement "promoting" users admin = true like...such in admin::userscontroller#edit view in admin area of app.
option #2
if, however, need admin users have own views/routes/logic/etc, might worth separating them own admin model (devise supports well). give 2 separate models, each own routes, views, , controllers. 1 downside promoting user admin mean moving record 1 table other. option has lot of overhead, can end being cleaner if need separate logic.
which pattern use depend on own scenario. if need separate views/routes/logic managing admin users, choose #2. if can away checking admin attribute, #1 simpler.
Comments
Post a Comment