I am using rails to build a web app which provides each business with its own account and subdomain, Similar to how basecamp (and other 37 signals apps) lighthouseapp.com, and so on.
Now I know that there are lots of decent tutorials on how to do subdomains in rails, and even the subdomain-fu plugin.
The thing is that I want to use the users email address as their login, which means it needs to be unique, however I only want it to be unique to each account rather than across all accounts.
I am using devise for authentication, and I have created an "Accounts" model which represents the account, and a user model to represent the users for that account. Devise operates on the user model, and it would appear that it would require each user to have a unique email address.
Have I stated the issue clearly enough? I can gladly provide clarification.
Can anyone point me in the right direction?
A: Each individual business would have one account. Such as "Springfield Maths grinds"
Q: Is there a one-to-one correlation between subdomains and accounts?
A: Yes, such as springfield-maths-grinds.myapp.com
Q: Does a "user" correspond to a physical person, or a role within an account?
businesses, accounts, subdomains businesses & accounts are effectively the same thing. A 'business account' so to speak. I am using subdomains to access each 'business account'
logins, users, email addresses I should clarify that I have two types of user which are represented by separate models, these are tutor and student. These will need to login to the app and I want to use an email address as their login, instead of a username.
Hopefully that clears things up rather than making it worse.
My actual problem is as follows, If someone were to setup a business account for "Springfield physics grinds" and one of the students of "Springfield maths grinds" tried to sign-up, then they would be unable to do so because the email address is already in use and needs to be unique. I want to know how to scope the students and tutors within a business account.
There's two things you need to think about. Data integrity and authentication.
Rails lets you scope uniqueness to one or more columns. With scoping you could have multiple foo@bar.local e-mail addresses in the database with the constraint of only one per account. I've included what the corresponding SQL might look this to demonstrate how this works.
# Without scoping
validates :email, :uniqueness => true
SELECT 1 FROM `users` WHERE `users`.email = 'foo@bar.local'
# With scoping
validates :email, :uniqueness => true, :scope => :account_id
SELECT 1 FROM `users` WHERE `users`.account_id = 1 AND `users`.email = 'foo@bar.local'
I'm assuming you're using Rails 3. You can pass the same option to validates_uniqueness_of if you're using Rails 2.
For authentication, you'll want to find the account, ensure the user belongs to that account and check that their password matches. When you present the login form to the user, you'll already know which account their authenticating against. Your action might look like this.
def create
@account = Account.find_by_subdomain(params[:subdomain])
@user = @account.users.find_by_email(params[:user][:email])
if @user.authenticate(params[:user][:password])
redirect_to dashboard_path
else
render :new
end
end