Access rights and roles logic in third model ("has_many through" association)

Hello,

this question is more conceptual, than technical one. Do you think that it's a good idea to handle different types of "access rights" and "roles" in third model like this?

class DomainOwnership < ApplicationRecord
  belongs_to :domain
  belongs_to :user

  enum access_rights: [:ro, :rw]
  enum role: [:no_role, :owner, :payer]

  validates :role, uniqueness: { scope: :domain }, if: :owner_or_payer?

  def owner_or_payer?
    !no_role?
  end
end

The role validation is what I am concerned about. What I'd like to achieve is to have only one owner and/or payer per Domain. Should it be here or in Domain model?

Thank you :o)

This looks good to me, but I feel like DomainOwnership is doing a bit much. The validation in particular. I think it would make sense having that in the Domain model since the validation appears to be meant for it.

Would you move (to the Domain model) the validation only or whole logic of role as well (and keep only the access_rights here)? Having something like:

domain.owner_id # => User
domain.payer_id # => User

But isn't it redundant then? I'd have to ask two places for complete picture, right?

So sorry for replying so late. I must have missed the notification. Not sure it it's still relevant, but I really only meant the validation. Including the logic here makes sense to me, but by the time the Domain should be valid by the time it gets to the DomainOwnership. Makes sense?