What is the best way to work with user roles?
What is the best way to achieve this when people sign up? I have a user model and an account model. I want to have 3 roles in my application. The administrator, store_owner and end_user.
A store owner can add a store.
The end_user sees all the stores that a store_owner has added.
The administrator sees everything :)
For now I have:
class User < ApplicationRecord
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :validatable
enum type: [:administrator, :store_owner, :end_user]
enum gender: [:male, :female]
end
class Account < ApplicationRecord
enum status: [:active, :inactive, :expired, :locked]
has_many :users
before_create :set_api_key
accepts_nested_attributes_for :users
private
def self.generate_api_key
SecureRandom.hex(36)
end
def set_api_key
self.api_key = Account.generate_api_key
end
end
And in my signup view:
<%= form_for @account do |f| %>
<%= f.fields_for :users do |user| %>
<%= f.label :email %>
<%= user.email_field :email, autofocus: true, autocomplete: "email", placeholder: "name@address.com" %>
<%= f.label :password %>
<% if @minimum_password_length %>
<em>(<%= @minimum_password_length %> characters minimum)</em>
<% end %>
<%= user.password_field :password, autocomplete: "new-password", placeholder: "Password" %>
<%= f.label :password_confirmation %><br />
<%= user.password_field :password_confirmation, autocomplete: "new-password", placeholder: "Password" %>
<%= f.submit "Sign up" %>
In my accounts controller:
class AccountsController < ApplicationController
def index
end
def new
@account = Account.new
@account.users.build
end
def create
@account = Account.new(account_params)
if @account.save
sign_in @account.users.first, bypass: true
redirect_to root_path
else
render :new
end
end
def destroy
@account = Account.find(params[:id])
@account.destroy
redirect_to root_path, notice: "Account deleted."
end
private
def account_params
params.require(:account).permit(users_attributes: [:email, :password, :password_confirmation])
end
end
So the question is, how do I make separate signups for store_owner and end_user? An example of this would be something like airbnb...There you can be a host (someone who rents out their home, or someone who rents a home from a host).
