GitHub User: salex
I've been out of Rails for about a year and just trying to get back up to speed on what has changed and new approaches. I've written a couple small applications that are deployed from home (small audience, like my golf group), but I never completed what got me started on Rails - trying to rewrite an application that was and still is in 4D (aka 4th Dimension) using Active4D as the web access to 4D.
While I am retired, it still bugs me that I never got that conversion completed and occasionally waste a little time thinking of new approaches. This screen cast and the multitenecy got me thinking about yet another approach and is close to what I did years ago for my golf group maxwell.golfgaggle.com, playing with subdomains for groups and accounts (this would have helped at that time).
The application is to support AIDT aidt.edu which is an Alabama State agency that is part of Alabama's economic development team. If short it recruits and screens prospective employees for Alabama businesses (think Mercedes, Honda, Hyundai and many other smaller companies who have located in Alabama).
What I've potentially found this week is that routes, namespaces and subdomains are our friends for solving certain kinds of authentication and authorization problems. The web interface basically had two virtual hosts. jobs.aidt.edu the external site that candidates for job training leading to employment could apply, and an intranet application used to manage parts of the process over the web. The goal was to expand this into several other virtual hosts to enhance the process (project. to allow company users to interact with the process for their company project, instructor. to allow contract instructors to do some things, and then admin. to shield some stuff from the employee users. The above links are to the Active4D site, Rails is still just a thought and AIDT's remaining staff is undermanned - why a try to push them sometimes.
I threw off Devise several years ago and went with Simple Authorization (scratch) and CanCan. While it states that CanCan does not work well with namespace, I think I can get around it because namespace does the majority of the authorization by separating the database. The subdomain/namespaces jobs, project an instructor have limited access to just a few models and the controllers control the access. If they are logged in, thats all they can do. Admin just protects some stuff, but the intranet is pretty wide open and lends itself to CanCan type authorization.
My current approach is:
User is polymorphic as loginable to Citizens, Employees, Contacts and Instructors (maybe others) and only Citizens (jobs namespace) can register, all others are invited.
Most routes are constrained by subdomain
constraints :subdomain => 'jobs' do
namespace(:jobs, :path => '/') do
resources :citizens, [only ...]
resources :jobs, [only ..]
constraints :subdomain => 'admin' do
namespace(:admin, :path => '/') do
resources :employees do
constraints :subdomain => 'info' do
#not namespaced intranet site
#most models available
Have not set up CanCan yet, but it appears that Read Write Manage, etc will take care of most requirements. Non CRUD actions like 'invite', 'drop', 'progress' can also be handled.
This really applies to several screen casts but just thought I'd stick it here.
Ryan, thanks for your work. I'll never be a Rails expert but you certainly open my eyes to different ways of solving problems that sometimes seem unique.