Rails 3.2
I am using the API gem. What the client wants, is to keep the table where he wants to whitelist the email addresses that can be used to access the API, in a seprate table, that he only can access through phpmyadmin.
This would be a single table:
api_users
With a single column: email (in addition to id, created_at, updated_at)
The email addresses that would go in this table, also exist in the users table for the rails application.
If I create a model: models/api_user.rb:
class ApiUser< ActiveRecord::Base
attr_accessible :email
And, in my models/api_ability.rb, I add the following:
class ApiAbility
include CanCan::Ability
def initialize(user, params = {})
user ||= User.new
if ApiUser.find_by_email(user.email)
can :manage, :api
end
end
end
Will this work?
That sounds absolutely doable. You might want to add something like
def readonly?
true
end
to the ApiUser class to make sure no one will try to create instances of it from within Rails. But apart from that I don't see any reason not to do it that way given the clients requirements.