Architecture for subscription with multiple users per account
Hi all!
I developed an app that uses Apartment for multitenancy, Devise for authentication and Pundit for auth. Each tenant is represented by a business (business model), where the id is also the tenant id. Businesses can have multiple users depending on the purchased plan yet to be implemented.
Each business will have an "owner" user, who will also be the first user created along with tenant (along with a few other tables in the tenant's schema. Business and User models are excluded from tenancy in Apartment.
I was hoping I could get some help/direction with the following:
Being the business table also the tenants table, would you hold the account information straight into this table or create an additional account table?
Since each business (account) can have multiple users, I am trying to figure out a solution to allow only the owner to manage the subscription and also to handle login attempts to expired account (i.e. fail any attempt from non owner users or redirect to subscription for renewal if the owner attempts to login)
Right now I am using Devise's active_for_authentication? in user.rb to check if the account is expired. If the logged user is also the owner, i then throw an exception that is handled in the application controller with a redirect to the subscription page. The problem is that the redirect then re-triggers the active_for_authentication? check causing a loop. Been trying different options such as checking if the current controller is subscriptions and stopping the active_for_authentication? but at this point I am not sure anymore whether I am going down the right path.
What do you guys think? Any ideas?
Thanks a lot in advance, I hope all the above makes sense :)
Luca
Ok, I solved the login redirection issue by using active_for_authentication? in user.rb to return true and allow the login only if the user is the owner in the case the account is expired.
# Check if account is active or throw error
def active_for_authentication?
super && self.is_active
end
def inactive_message
"Sorry, this account has been deactivated. Contact your employer for more information."
end
def is_active
if self.business.expires > Date.today || self.role == 'owner'
return true
end
end
I then redirect to the subscritpion page using before_action in the application controller where I check again if the subscription is expired.
before_action :verify_subscription, :if => :user_signed_in?
def verify_subscription
if current_user.business.expires < Date.today
redirect_to :subscription unless['SubscriptionController', 'SessionsController'].include?(self.class.to_s)
end
end