Ruby on Rails multiply tiered users with authentication and authorisation

Could I get some advice with an authentication/authorisation design please?

It's for a car garage application that allows a customer to monitor the status of t开发者_运维技巧heir car.

Here are my requirements: 1. I need a heirarchy of 4 users:

  A. Superuser (me)
  B. Garage owner.
  C. Mechanic.
  D. Customer.

The superuser can create/edit/delete users A,B,C and D. The Garage owner can create/edit/delete users C and D.

1. There can be multiple Garage owners that own the same group of mechanics, and customers.

2. Authentication for garage owners and mechanics is an account number (that the application issues) and password.

3. Authentication for customers is based on their email address and password.

4. A single login form for all types of user.

5. A customer has visibility of the status of their car only. A mechanic or garage owner has access to all cars associated with the garage. And the super user has access to all cars in the db.

My plugins of choice for this would be authlogic and cancan, but I can't seem to find an elegant design that will represent the ownership of some users by other users, for example, that for a particular garage owner, get all the mechanics or customers.

I would appreciate any thoughts about the best way to model this.

Thanks

I think you want a User model with a garage_id and a role property. I would expect that you could use an after_save on the User to set the login property to the email or account_number appropriately. You could do the rest in the CanCan Ability class. Obviously the super user will have a NULL garage_id.