Archives

I recently worked on a Rails application where a user needs edit capabilities on a resource, but would like to share a view to this resource with others and not worry about them messing with it. Typically this would entail an Authorization system to provide the proper permissions. Then we’ll need an Authentication system to register a user, and identify them within the system.

Mind you, this is a bit of toy app, and this seemed like a really overblown solution for a simple problem. Lots to configure, and lots of user interaction. In short, way too many moving pieces. Luckily there is a simple solution. Use you some Tokens!

Add private_token and public_token strings via a migration and throw the following in your model:

  # my_model.rb
  def self.find_by_token(token)
    mymodel = MyModel.where('private_token = ? or public_token = ?',
      token, token).first || raise(ActiveRecord::RecordNotFound)
    @edit_disabled = mymodel.public_token == token
    mymodel
  end

  def can_edit?
    @edit_disabled
  end

  # ...
  private

  def generate_tokens
    self[:public_token] = generate_token
    self[:private_token] = generate_token
  end
  def generate_token
    SecureRandom.base64(10).tr('+/=', '-_ ').strip.delete("\n")
  end

Now in your controller actions you can assume that the id coming in is now your token, so go ahead and use your new finder to get the trip.

  # my_model_controller.rb
  def show
    @mymodel = MyModel.find_by_token(params[:id])
  end

Now these two links point to the same resource, and we can conditionally do things based on the value of @mymodel.can_edit?
http://mysite.com/mymodel/yl45gikaH2sDKA <= public
http://mysite.com/mymodel/2s9GyIrykREPGg < = private

Obviously this is not a hard core security mechanism, but it’s pretty good at providing basic security with very little work.

Share/Bookmark

If you’re building Ruby web apps (Rails, Sinatra, Padrino, …) and you haven’t tried out Heroku, please do so. Immediately. You can run on the base package, which is more than adequate for a toy or even small business app, for free. It’s great for trying things out.

No need to dork around with Apache, Nginx, Mongrel, Passenger, etc, etc etc… Just a “git push” is all you need. Heroku has basically taken all the mundane crap that just gets in the way and lets you build your app.

First go sign up at http://heroku.com. Also make sure you’ve got an ssh key created for your machine. Github’s got some good instructions if you need them here.

gem install heroku

This will get you rolling. Just type “heroku” for a nice synopsis of what’s available. It will instruct you how to create your project:

heroku keys:add

This will add your public key so that heroku knows who you are.

rails myapp
cd myapp
git init
git add .
git commit -m "my new app"
heroku create "myawesomeappname"
git push heroku master

Now go visit your http://myawesomeappname.heroku.com. Isn’t that cool? Have you ever deployed a web app that quickly before? Now go build something, commit, and git push.

So what’s the catch?

It’s a bit more expensive than other cloud platforms like Rackspace or straight EC2 (which heroku is built upon). For me, and some Pathfinder clients its a worthy tradeoff since we save money on system administration tasks, and gain so much in speed. Also, your first “dyno” is free, which negates some of the cost as well. I feel like most apps (not Twitter, not Groupon) can build to a reasonable size on Heroku and concentrate on the PRODUCT. Once you’re big enough that heroku pricing is a pain, worry about saving some cash. (Let us know if you’ve got this problem, we’ll be happy to help)

You are at heroku’s whim when they’re down. I’ve had an application in production for almost a year now and I’ve only had a handful of short down periods. When heroku is down though, it can be a little rough. There is currently no way to display a branded error page. Your visitors see a cryptic “Ouchie Guy” graphic with some random Japanese text on it. But in sum total I’ve probably experienced 2-3 hours of outages in a year. That’s pretty darn good.

By default you’re on postgresql. Arguably a really nice database, but maybe not one that you’re used to, or interested in. You’ve got options though, as you can connect to Amazon RDS or a multitude of other services.

Use it

These guys have built a brilliant deployment platform. It enables ruby developers, and soon node.js developers to roll out new apps as fast as you can type. All those ideas you’ve got kicking around in your head can be built and deployed with little hassle. Let us know what you build.

Share/Bookmark

photo credit: Felix Francier

I’ve been using Git for close to a year now, and I cannot remember what I did before it. I literally forget the process involved in doing certain things with subversion, cvs, and (shudder) vss. At first it was a bit of a struggle sure. The gui tools are somewhat lacking, but what is there is decent enough. I like Gitx a lot for what it does, but mainly I use it for partial commits, and visualization of a source tree. Being from windows land, and having used tortoise svn (a very very nice subversion client), it took me a bit to master the intricacies of the git command line interface. I still get into a little trouble from time to time. But it is all so very much worth it!

git branch my_new_toy

Seriously? That’s it? And it took less than a second? Why would I not branch ALL THE TIME. Wanna try something out? Branch it! Unsure that you’ll finish a feature in time for iteration end? Branch it! My pet project has 5 branches going right, all for little experiments and features that I’ve been slowly working on.

Feature branches have changed my workflow entirely. Every new feature I build, I create a branch for it. If it takes a while I merge from master to make sure I’m up to date.

git merge master

If we balk at the feature, or I want to go a different route with it, I can chuck it. If all goes which (which of course it always does), I merge it to master or whatever branch represents the latest greatest code.

git checkout master
git merge my_feature_branch

Once you get the hang of it you realize how simple and powerful it is. Every day I use it I’m continually amazed and thankful of how well it works and how drastically it improves my teams workflow.

Share/Bookmark

Having using Acl9 for some time, it was refreshing to see RailsCast’s Ryan Bate’s take on authorization: CanCan.  Ryan put together a webcast for CanCan that you can checkout here.  There have been some nice additons since this initial release so do checkout the latest documentation on GitHub.  I won’t go into what I dislike about Acl9.  It’s a good system, with a nice DSL for defining permissions.  I’ll just talk about some of the things I’ve enjoyed about CanCan.  If you haven’t explored the library, you should.

Share/Bookmark

NOTICE: We’ve run into some snags still with the hudson daemon recognizing the proper environment vars.  We are working on some solutions after speaking with Wayne Seguin, and we’ll keep you updated.  So basically, the following is possibly interesting, but not yet entirely correctly implemented.

We’ve recently moved to Ruby 1.9.1 on a current Rails project. Since we’re still working on other projects using older ruby versions, all developers are up and running on RVM. This allows us to easily switch back and forth between different versions of Ruby. There’s a railscasts episode on RVM and Rails 3 if you’d like to learn up, but Rails 3 is NOT a requirement for RVM. We’ve seen a HUGE speed improvement running our test suite, as well as on the application itself. We’ve also upgraded the production environment to Ruby 1.9.1 to match. The problem we were now faced with is our continuous integration server, Hudson, is still running on ruby enterprise (1.8.6). We needed to run each project build on whichever ruby version was most appropriate.

RVM to the rescue!

So here’s how we did it.  On the build server, as the user the server runs as, we installed RVM.  We also made sure to ‘rvm system –default’ to make sure we didn’t mess with anything that was already relying on the current version. Next up was setting the environment up correctly for Hudson to recognize RVM.  We added the same line RVM prompts you to add to .bashrc and .bash_profile to our hudson startup script start_hudson.sh:

if [[ -s /home/hudson/.rvm/scripts/rvm ]] ; then source /home/hudson/.rvm/scripts/rvm ; fi

The rake plugin that lets us run our tests, migrations, coverage, etc… also allows us to create and assign ruby versions for each rake task.  So in Hudson’s system configuration we created entries for our rubies:

Then we can assign each rake task to the proper ruby, in this case 1.9.1.

One last snag: some things STILL appeared to be running from the default ruby, so we added two execute tasks to bookend the process.  The first ‘rvm 1.9.1 –default’, and the last ‘rvm system –default’.  This ensures everything runs via the proper ruby version, and we reset it when we’re finished.  Is this the best process for managing CI with mutiple versions of ruby? I’m not sure, but it works!

Share/Bookmark

On a recent project after months and months and hundreds of files worth of work, we were asked to provide documentation for the code. This request could have gone one of two ways depending upon how well we adhered to some basic documentation rules.

The C# compiler itself is setup to extract documentation which can then be piped through one of a number of documentation generation apps. My preference is a new(ish) project called SandCastle from Microsoft, which aims to provide much of the featureset that NDoc once did. Unfortunately this application provides no GUI. A fine gentleman named Eric Woodruff stepped in to wrap this application in an easy to use GUI for us aptly named Sandcastle Help File Builder. Through the use of good comments written WHILE we wrote the code, we were able to pop out some documentation for every bit of code we wrote in a matter of minutes. Add to this the nice information we get when using our code via intellisense, and it simply doesn’t make sense not to strictly enforce documentation standards on your project.

I often see code written with little or no attention paid to comments. Sometimes the comments are fairly haphazard and appear to follow no standards whatsoever. By following documentation standards, you too can auto generate documentation instead of wasting hours or days going back through and trying to remember what your code does.

Share/Bookmark

I’ve been in just about the same cycle for almost 15 years now. Install Windows. Install the software I need on top of it. Wait about 6 months to a year until I can no longer take the gunk slowing down my system (“Windows Disease”). Backup my data. Format my drive. Rinse and repeat. Do this maybe 3 or 4 times, and then upgrade my hardware. Sound familiar?

So I got smarter. I started making images using Ghost. This has worked fairly well. I get a new system, I set it up as pristine and fully featured as possible, then I take an image of it. This way the install step takes a couple button presses, leaving me to do more useful things with my time. Like blog or something.

Fast forward a couple years. Processors are way faster and have more cores. Virtualization is no longer a toy, and can now be used not just for enterprise purposes, but on the desktop. Sure I’m mostly a Windows developer, but that doesn’t mean I don’t want to write iPhone / Mac applications. So after cursing my previous laptop up and down on a daily basis, I’ve upgraded to a MacBook Pro. It’s tiny, it’s fast, and it runs OS X and WINDOWS via VMWare Fusion. Windows runs spectacularly on my MacBook. The most beautiful part is, as far as I can tell, there is no parallel (no pun intended) to “Windows Disease” on a Mac. It has continued to run as fresh and fast as the day I installed the OS. Now with my backed up copy of my Windows virtual machine, starting from scratch on Windows is as simple as taking a fresh copy and spinning up the backup VM.

Share/Bookmark

photo credit: FireChickenTA99

Developing an application with WinForms can lead to difficult testing scenarios.  There are a ton of  automated UI testing toolkits that essentially record workflows and replay them.  This can work, but leads to unwieldy tests, and makes it difficult to integrate them into automated tests and builds.  I recommend using the Model View Presenter (MVP) pattern for your application architecture to relieve this pain point.  Todd  Snyder from Infragistics has a nice blog entry explaining the differences between MVC and MVP patterns.  The gist is: you have a coordinating  Presenter that communicates with the View via its interface, and orchestrates the interaction between the View and the Model.  The important piece here is the View  interface.  This view interface can allow you to stub or mock the view in testing scenarios, to completely eliminate the need for any UI interaction.  As long as your UI code is used as a shell that does nothing but pass messages, this makes testing REALLY easy.

We recently built a project around the MVP architecture. Eventually we wound up creating a test harness providing us simple methods such as:
public void MouseUp(IDocumentPresenter presenter, int x, int y)
This simulated a mouse up event without actually requiring an input device or the UI that it acts upon. With simple method like these, you can build up some pretty complex tests that run quickly and don’t require any special libraries to run.

Before embarking on your next GUI framework based application, be it WinForms or other, evaluate the MVP pattern and the ease of testing that it can provide. It’s worked really well for us.

Share/Bookmark

Love it or hate it, pair programming is a large component of many agile development methodologies.  I’ve become a firm believer in the benefits of pairing, and very rarely write code nowadays without some degree of collaboration with a second (or third) developer.  The benefits have been vast.  The code is better thought out because a pairing session always starts with a discussion of the approach to be taken.  Fat-fingered mistakes are headed off at the pass because a second set of eyes is closely watching what’s being typed.  Less time is wasted checking email, taking calls from the in-laws, and just generally doing things that would annoy the second member of the pair.  Above all, it allows developers to analyze and quickly debate the approach being taken,  and adjust and improve that approach throughout the development cycle.

It all sounds great doesn’t it?  Well it is when executed correctly.  In my experience there are two general principals that if not adhered to, will turn a productive pairing session into a developer writing some mediocre code sitting next to a developer who might as well have taken the day off.   These principals are: developers must remain engaged, and developers like their own space.

Share/Bookmark

I’ve begun my foray into the world of LINQ, and in my investigation I’ve seen a lot of work based on the LINQ to SQL “design surface” available in Visual Studio 2008. It’s a neat tool. I point it to my database, drag some tables over, and it infers my domain structure and relationships from the databases fields and keys. That’s all well and good for a simple domain model that is directly related to the database schema. I could see using this for a quick prototype, or a really small application. I see three files created by the designer:

MyClasses.dbml – This looks like any ORM frameworks mapping file. It associates classes with tables, maps fields to object properties, and defines relationships.

MyClasses.dbml.layout – This looks to be specific to the layout of the design surface and appears to serve no purpose outside of this design.

MyClasses.designer.cs – This is the beast that I’m looking to replace. It contains the class definitions and attribute based mappings to bring my database schema into my application, and ready it for use by LINQ.

So this leaves me with a couple questions. One, why are attributes used to specify mappings? Can this be done strictly via XML? More importantly two, can I use my own domain model, and if so how do I map it to the database?

My goal would be to design a layered system, separating the underlying data store from the repositories required to push and pull my domain objects from these data stores. This would allow in memory implementations of the data store, and would make unit testing (and developing) a whole lot easier. I will be digging into this in the coming days and will report back soon. Stay tuned!

Share/Bookmark