I have search for a couple days now to try to find if anyone else has asked or answered this question and I haven't had any luck. This is also my first question I have asked on stackoverflow.
I am looking for someone to point me in the right direction...
I have devise setup an开发者_JS百科d running perfectly with two models -- Admin and User.
I need to have Admins create a workshop or class and Users to sign up or register for the workshop. I don't know if I should try a has_many_and_belongs_to_many or has_many :through or if there is some event registration gem that would solve this better.
Any pointers would be greatly appreciated.
There are quite a few ways to set about this. You do not need to create two devise models to achieve this though. You can just have a single User model and give it a :role attribute as String, make this default to some known role - say "visitor".
You can then consider installing a simple ACL such as Cancan
or decl_auth
.
This will allow you to control access to the various controller CRUD actions - this is what is meant by 'authorise_resource' (it's RESTful afterall) - of course, in such a setup admins get to see more options than regular users.
The 'old' school approach is to setup a namespace :admin
which will be handled under /admin/
in your app. You can still have admins and users login via the common login path you've setup in devise though.
There is however an advantage to having split devise models for Admin and Users - their sessions will be completely separate and some may consider this to be 'more secure'. Session hijacking is still not trivially achieved via the single model + roles approach.
精彩评论