What's the Best way to assign administrators and then create your first admin?
Posted by Pashpops on September 29, 2012
What's are the best practices surrounding adminstrator creation in rails?
One method I've found is to create an .admin field in the User's model, although how does you manage protection and user's not elevating themselves to the position of Admin.
Another way I've heard is to create a seperate user model for Admin - but this seems awfully redundant.
Or is the path of using a relationship model which defines user's the most effective way?
Answered by zamith on September 29, 2012
It really depends on the use case, if it a small project and you don't want a lot of trouble dealing with authorization, you can just add an admin boolean field to the User model. In terms of security check out strong parameters which is coming out with rails 4.0.
In a bigger project you can use something like clearance or cancan or even roll your own authorization mechanism. Notice that they are all based on the user having a role and that role having permissions which you verify on a controller or action basis.