Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Authlogic provides <a href="http://github.com/binarylogic/authlogic/blob/master/lib/authlogic/authenticates_many/base.rb" rel="nofollow noreferrer">API</a> for dealing with sub domain based authentication. </p> <pre><code>class User &lt; ActiveRecord::Base has_many :brands has_many :companies, :through =&gt; :brands acts_as_authentic end class Brand &lt; ActiveRecord::Base belongs_to :user belongs_to :company end class Company &lt; ActiveRecord::Base has_many :brands has_many :users, :through =&gt; :brands authenticates_many :user_sessions, :scope_cookies =&gt; true end </code></pre> <p>Session controller:</p> <pre><code>class UserSessionsController &lt; ApplicationController def create @company = Company.find(params[:user_session][:company]) @user_session = @company.user_sessions.new(params[:user_session]) if @user_session.save else end end end </code></pre> <p><strong>On the other hand</strong></p> <p>Here is a way to solve the problem using your current approach(I would use the first approach):</p> <p>Set custom data - to the key <code>email</code> of the hash used to create the <code>UserSession</code> object. AuthLogic will pass this value to <code>find_by_login</code> method. In the find_by_login method access the needed values.</p> <p><strong>Assumption:</strong> The sub domain id is set in a field called <code>company</code> in the form.</p> <pre><code>class UserSessionsController &lt; ApplicationController def create attrs = params[:user_session].dup #make a copy attrs[:email] = params[:user_session] # set custom data to :email key @user_session = UserSession.new(attrs) if @user_session.save else end end end </code></pre> <p><strong>Model code</strong></p> <p>Your code for finding the user with the given email and subdomain can be simplified and optimized as follows:</p> <pre><code>class User &lt; ActiveRecord::Base def find_by_email params={} # If invoked in the normal fashion then .. return User.first(:conditions =&gt; {:email =&gt; params}) unless params.is_a?(Hash) User.first(:joins =&gt; [:brands =&gt; :company}], :conditions =&gt; ["users.email = ? AND companies.id = ?", params[:email], params[:company]]) end end </code></pre> <p><strong>Edit 1</strong></p> <p>Once the user is authenticated, system should provide access to authorized data.</p> <p>If you maintain data for all the domains in the same table, then you have to scope the data by subdomain and authenticated user. Lets say you have <code>Post</code> model with <code>company_id</code> and <code>user_id</code> columns. When a user logs in you want to show user's posts for the sub domain. This is one way to scope user's data for the subdomain:</p> <pre><code>Posts.find_by_company_id_and_user_id(current_company, current_user) Posts.for_company_and_user(current_company, current_user) # named scope </code></pre> <p>If you do not scope the data, you will have potential security holes in your system. </p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload