amkirwan / moustache-cms

Ruby on Rails CMS using using MongoDB & Mustache for templating
17 stars 3 forks source link

User created accounts #9

Closed n00b2pr0 closed 12 years ago

n00b2pr0 commented 12 years ago

Currently, the app only allows a user account to be created by an admin.

It would be useful in a general application or for extendability for a user to create and modify their own account as a base role.

Is there a reason that Moustache CMS doesn't allow public user account creation, native or via 3rd party using omniauth type solution? What would hold this back (csrf/security)? What barriers does Mustache templating in Moustache CMS present, for say, extending the app as ecommere?

amkirwan commented 12 years ago

It is setup by default to allow the admin user to only create accounts because I think that is what most users would expect out of the box. By default public account creation isn't allowed because I don't think you would want to allow any user to create an account and have access to your sites admin interface. The admin users therefore have the ability to create an account and assign the accounts role for the site.

I'm not sure what you meant by allowing a user to modify their own account a base role. Currently a user can downgrade their account role but they can't upgrade their account role from say editor to admin. Allowing a user to upgrade their account to admin would simply negate any roles as anyone could make their account an admin and therefore do whatever they want within the CMS.

I don't know of any barriers to using mustache templates with a third party eCommerce solutions but I'm not really familiar with any so I can't say for sure.

amkirwan commented 12 years ago

All of that said you can modify how the roles work in the app by modifying the model Ability.rb to suit your sites needs.

n00b2pr0 commented 12 years ago

Thanks for the fast response!

I think the way roles are set up currently is fantastic, and you explained it spot on of why. What I was curious about is in an ecommerce example, typically an end user (general/base role) user could create an account and add their personal information to order a product. That base role wouldn't need access to the admin per say, but some type of user profile or account page to modify their personal information. Another example would be extending and adding commenting or really any user generated content where public end users could sign up freely and have no permissions but to their own account information.

I haven't seen this functionality in Moustache CMS, and wondered if your thoughts would lean towards building that in to the current users model, or creating a separate base_user_accounts model that would accomodate non admin base privileges.

amkirwan commented 12 years ago

I think for now my thoughts would be to not build it into the current user model.

I would think another type of model the would represent customers would work better in this case. The way the current User model is setup is really only for admin functionality. I think mixing both customers and admins in the same model might cause problems.

n00b2pr0 commented 12 years ago

That was what I was leaning towards anyway, thanks for sharing your thoughts!