Apr 13
If you have global before_filters for things like requiring login to access pages (such as in authenticated_system.rb), be careful of missing formats in the respond_to. I just tracked down a bug on an app where we were getting DoubleRenderErrors because of unauthenticated requests directly against a dynamic csv file.
We had a before_filter that was denying request and redirecting them to login, in different ways, depending on the format, but hadn't thought to include csv. In this case, it is wise to include a catch-all at the end using .any
Feb 13
If you are on Rails 2.3.x (pre-Bundler) and want to organize some of your shared functionality into gems, but they are for internal use only, you could set-up a private gem server and point the :source at this server. And then you could deal with authentication, and then...
Or as a quick hack you could just allow for config.gem to reference the gemfile directly, which would then mean 'rake gems:install' would work, even if the gem were stored locally, or on a file-server, etc. Also useful as you could then just point at a .gem file on github.
Feb 10
If you have a Rails metals that has enough code to have its own subdirectories that live in your Rails load_paths you can get stuck in dependency hell. The combinations of autoloading, rails reloading on development, and running through the metal can intersect in nasty ways: on the first request you get "Object is not missing constant XXX" and subsequent requests kick off "A copy of YYY has been removed from the module tree but is still active."
The easiest solution is to kill magic reloading for this metal's code by adding the metal's directories of code to the Rails load_once_paths and then using explicit require_dependency calls for any files that give you trouble. For example, I have a MadMetal that referenced a Mad which has a whole sub-directory structure of code that, for now, lives under lib/mad:
#config/environment.rb
config.load_once_paths += Dir["#{RAILS_ROOT}/lib/mad/**/"]
#app/metal/mad_metal.rb
require_dependency 'mad'
class MadMetal
def self.call(env)
if (env["PATH_INFO"] == '/the_path_to_my_metal')
Mad.call(env)
else
[404, {"Content-Type" => "text/html"}, ["Not Found"]]
end
end
end
And wallah, no more conflicts between development auto-reloading and metal.
Of course, now you need to restart the server if you change code in lib/mad. In this case it's not a problem for me because the app is also a stand-alone rack app that I run with shotgun when I want development environment reloading.
Feb 2
It may depend on which server you are on, but mine has mod_env
enabled, so it's a simple matter of setting the ENV['RAILS_ROOT'] in
an .htacess file
Nov 23
So my buddy Tammer's recent post about the Gang of Four's Template Pattern reminded me of some code I saw recently. A start-up's greenfield project had it's authorization done in a pretty clean way using the template pattern. Basically every object determined what could be done to it, something like this:
After continuing this approach to fully cover CRUD you make a straight-forward set of accessors that can be used to easily enforce permissions in the controller in a programmatic way (this project was using on of the inherited resourceful-controller plugins, so that was a big plus). The developer who implemented this commented that the trade-off for this simplicity was having to look in each individual model file to figure out what a user can do overall.
I figured I liked everything about this scheme except that trade-off, and since ruby is so dynamic, why settle for almost. Why not just reopen each class in the authorization file and add the methods. You still get the simplicity and encapsulation of having the model able to determine it's own permissions, based on it's state and methods, and there is still one place to look to review/change the permissions for the whole project:
Thoughts?
