I'm trying to set up an authorization/authentication system, and I'm getting confused, so I have a couple of questions:
- In a lot of tutorials, people set up a user/role HABTM relationship. I get that this allows for each user to have multiple roles, but if you want each user to only have one role, is this necessary? If I want to have options for "active" and "inactive" users, should those be roles or something else?
- In the Cancan wiki, it says if you want one user to have one role, you should just make it an attribute and then use "can :manage, :all if user.role == "admin"", but isn't that dangerous because each time "admin" is just a string? Does this matter? What's a better way to deal with this?
I've tried my best to read through the documentation for everything involved and I started with this tutorial
http://railsapps.github.com/tutorial-rails-bootstrap-devise-cancan.html
although I've also read http://starqle.com/articles/rails-3-authentication-and-authorization-with-devise-and-cancan-part-1/ and tonyamoyal.com/2010/09/29/rails-authentication-with-devise-and-cancan-part-2-restful-resources-for-administrators/
I just can't really get it to work the way that I want to. How do I do this?
