|
So I'm developing a system that involves managing assignments and courses for programming classes, and I have this nested resource structure that might belong in the Coding Horrors thread instead:Ruby code: All the reading I've done indicates that nesting resources more than 1 deep is A Bad Idea, but that advice seems to have been written before shallow routes came along. Since the routes are shallow, the URLs are clean (never more than 1 deep) and everything Just Works with my route helpers and Cancan's load_and_authorize_resource mechanism, but am I still doing things here that could be better done a different way?
|
#
?
Dec 29, 2012 02:55
|
|
|
|
| # ? May 15, 2024 23:58 |
|
|
Sounds like if you are throwing shallow (had to look it up; neat) you could also break it down by Ruby code:Also your enrollment(able) model may be a good use of a concern (in models and in routes) I would think it possible for a student to be enrolled in an institution and a course, but that might be academic and not something you care about.
|
|
#
?
Dec 29, 2012 18:45
|
|
|
I recently started working at a trade association and apparently trade associations are computer retarded. The past developers here hand built all their apps using the worse practices so Im trying to get them up to speed. I havent used rails in a while so I'd like to take that route to brush up and continue learning, plus its mad quick to build these dinky apps with Rails. While it looks like each app has it's own database, they use an external DB for membership called iMIS which we use to authenticate access to our apps and sites. I'm pretty sure its just a mySQL db with some custom interface, that being said, would it be easy to configure Devise to authenticate against that DB? I found a couple articles about setting up multiple DBs and then tying in specific models to those DBs, would I be on the right track if I pointed my user model (created with devise) to the external DB that way?
|
|
#
?
Jan 2, 2013 20:03
|
|
|
We're currently mid migration from "all apps authenticate a user against stored in the same X db" to: "auth service hands out authenticity tokens to apps". There's a lot of moving parts and setting up all the integration and selenium tests for redirects was a big learning curve. Going back, having a User model located in a separate DB is pretty easy, and you might not even need to write any migrations for it. Have fun trying to reverse engineer whatever authentication scheme they thought up, though.
|
|
#
?
Jan 2, 2013 21:16
|
|
|
For everyone's reference, since this is now floating around; a SQL injection vulnerability across almost all versions of ActiveRecord: https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM
|
|
#
?
Jan 2, 2013 23:31
|
|
|
That vulnerability itself isn't super-serious (it needs to be combined with an another vulnerability that allows the attacker to inject a symbol-keyed Hash to the find_by_ methods), but there have been been some rumours of other much more serious vulnerabilities that will be revealed in the near future. So be ready to upgrade your apps in any case.
|
|
#
?
Jan 3, 2013 20:44
|
|
|
It's times like this that I hate managing 150+ Rails applications across a ton of different versions.
|
|
#
?
Jan 3, 2013 22:15
|
|
|
prom candy posted:It's times like this that I hate managing 150+ Rails applications across a ton of different versions. I feel your pain. I provide infrastructure support for almost 40 Rails apps ranging from 2.3 to 3.2, and maintain a few of those apps myself as well. There are days where I end up hating the entire Ruby ecosystem. We're still on 1.8.7 so I'm simultaneously dreading and looking forward to moving to 1.9.
|
|
#
?
Jan 4, 2013 01:14
|
|
|
Yeah, I'm already prepared to have to update like 20 apps during the weekend. 
|
|
#
?
Jan 4, 2013 01:16
|
|
|
Jumping on the tutorial bandwagon here: please recommend some good resources for brushing up on my PostgeSQL. I haven't had the need to write complex queries in ages and feel a bit rusty.
|
|
#
?
Jan 7, 2013 18:13
|
|
|
The Sweetling posted:Jumping on the tutorial bandwagon here: please recommend some good resources for brushing up on my PostgeSQL. I haven't had the need to write complex queries in ages and feel a bit rusty. Ryan Bates has some fairly recent screencasts covering PostgreSQL & its features. Most of the good ones are "subscription only" though, and you'll have to cough up $9 to view them. I found this http://www.postgresqltutorial.com/.
|
|
#
?
Jan 7, 2013 18:32
|
|
|
For those familiar with the rails tutorial app: Is there an easy way to have other actions create a micropost? Like say, when someone follows another person, it posts a micropost saying "Now following <user>"
|
|
#
?
Jan 8, 2013 00:22
|
|
|
Anyone have a link to a good example Puppet deploy config for Rails? The stuff I have found from googling around seems a year or more old and I am not sure if I should trust its advice. Barring that does the Pragmatic book on deploying Rails have some deep discussion on Puppet?
|
|
#
?
Jan 8, 2013 00:39
|
|
|
kitten smoothie posted:Anyone have a link to a good example Puppet deploy config for Rails? The stuff I have found from googling around seems a year or more old and I am not sure if I should trust its advice. I wouldn't suggest using puppet to deploy your applications. Have puppet configure the environment supporting the app (rubies, gems, packages, sensitive configs, etc) and then use capistrano to orchestrate the actual deployment as needed.
|
|
#
?
Jan 8, 2013 01:13
|
|
|
raej posted:For those familiar with the rails tutorial app: Sure, it's just ruby. You can use callbacks or just do it directly in the action. Might look something like`Micropost.create(:content => "Now following #{target_user.name}", :other_param => ... )`
|
|
#
?
Jan 8, 2013 01:17
|
|
|
The Sweetling posted:Jumping on the tutorial bandwagon here: please recommend some good resources for brushing up on my PostgeSQL. I haven't had the need to write complex queries in ages and feel a bit rusty. Also check out postgresguide.com, and if you have any specific questions, I'm happy to help.
|
|
#
?
Jan 8, 2013 09:03
|
|
|
I've been toying around in Rails 4 using the screencast from Ryan Bates (that stuff is good). Rails 4 is using minitest, which is awesome. But by default when you create a new model tests in Rails are being wrapped in TestCase which I guess is designed to make minitest look and act like test unit. Is there any way to tell Rails "no I want minitest I don't need your ridiculous extra pointless layers of complexity". Or do I just hack at the tests to make them use minitest and minitest::spec myself?
|
|
#
?
Jan 8, 2013 15:20
|
|
|
raej posted:For those familiar with the rails tutorial app: You'll probably want to implement some sort of observer pattern if this is going on all over your app, or use something like http://jamesgolick.com/2009/8/5/observational-better-observers-for-activerecord.html
|
|
#
?
Jan 8, 2013 18:21
|
|
|
Civil Twilight posted:There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application. 
|
|
#
?
Jan 8, 2013 21:42
|
|
|
Haha! fortunately my company's rails stack is so old this vulnerability doesn't apply.
|
|
#
?
Jan 8, 2013 22:58
|
|
|
gently caress gently caress gently caress gently caress. E: At least they released 2.3.15. I was prepared to to patch all our 2.3.x apps manually.
|
|
#
?
Jan 8, 2013 23:04
|
|
|
We have a ton of apps on 2.3.5 so updating isn't an option for us (because of the stupid forced HTML escaping they introduced). Luckily we were able to manually patch our 2.3.5 install but still.
|
|
#
?
Jan 9, 2013 21:22
|
|
|
prom candy posted:We have a ton of apps on 2.3.5 so updating isn't an option for us (because of the stupid forced HTML escaping they introduced). Luckily we were able to manually patch our 2.3.5 install but still.
|
|
#
?
Jan 9, 2013 23:31
|
|
|
We have at least 100 apps running on 2.3.5. Editing every view in every app to add raw in the right places would take days, if not weeks. Adding that functionality in a non-major release was the most frustrating thing the Rails team has ever done.
|
|
#
?
Jan 10, 2013 05:44
|
|
|
If you haven't patched yet, better fuckin' get that going: https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156?x=1quote:Update 2: An anonymous contributor pointed us to a specific class that is exploitable using the ruby/hash method (#3 above). The class is Metasploit is a lot of fun and if you don't update it will be a lot of fun figuring out what somebody did to your app.
|
|
#
?
Jan 10, 2013 05:48
|
|
|
prom candy posted:We have at least 100 apps running on 2.3.5. Editing every view in every app to add raw in the right places would take days, if not weeks. Adding that functionality in a non-major release was the most frustrating thing the Rails team has ever done. I'm in a similar boat: fewer apps but also I suspect fewer resources to deal with it. I still don't understand why they released that in 2.3.x instead of just waiting until 3 
|
|
#
?
Jan 10, 2013 16:45
|
|
|
~rails is omakase~
|
|
#
?
Jan 11, 2013 07:55
|
|
|
noob question time: I'm using a bit of raw ajax on a page with jQuery's `$.getJSON` method and relative pathing. It works fine on my local machine, but breaks on staging, which has an SSL cert. So Chrome complains that `the page at https://mydomain.com/my/path has displayed insecure content from http://mydomain.com/my/path`, and interrupts the GET request. I guess my question is, is there a way to retain relative pathing (as opposed to hardcoding the URIs, which would be a pain to manage between production, staging, dev etc) while ensuring that the AJAX method uses the `https` protocol in it's request URI? Thanks for any tips :-)
|
|
#
?
Jan 11, 2013 15:27
|
|
|
A MIRACLE posted:noob question time: I'm using a bit of raw ajax on a page with jQuery's `$.getJSON` method and relative pathing. It works fine on my local machine, but breaks on staging, which has an SSL cert. So Chrome complains that `the page at https://mydomain.com/my/path has displayed insecure content from http://mydomain.com/my/path`, and interrupts the GET request. Paste the JS somewhere (like pastie.org) and we can look at it. Usually you can just do something like: code:
|
|
#
?
Jan 11, 2013 15:39
|
|
|
Ok, you're right. I tried just getting a simple request from the console using the full https path and got the same error. I found this thread on stack overflow which suggests it may be an nginx problem.
|
|
#
?
Jan 11, 2013 15:46
|
|
|
Where can I find info on RubyCon and other RoR convetions? e: durrrr http://www.railsconf.com/ But are there any others? Physical fucked around with this message at 15:53 on Jan 11, 2013 |
|
#
?
Jan 11, 2013 15:49
|
|
|
Ruby Conf was a few months ago. Heroku just announced this year's Waza if you're interested.
|
|
#
?
Jan 11, 2013 15:57
|
|
|
A MIRACLE posted:Ruby Conf was a few months ago. Heroku just announced this year's Waza if you're interested.
|
|
#
?
Jan 11, 2013 16:02
|
|
|
RailsConf is going to be in April.
|
|
#
?
Jan 11, 2013 16:04
|
|
|
Physical posted:Where can I find info on RubyCon and other RoR convetions? http://lanyrd.com/topics/ruby-on-rails/ seems to know.
|
|
#
?
Jan 11, 2013 16:28
|
|
|
http://magic-ruby.com/ Hopefully they do it again this year 
|
|
#
?
Jan 11, 2013 16:57
|
|
|
Physical posted:Where can I find info on RubyCon and other RoR convetions? Here is one on the west end of us http://mtnwestrubyconf.org/
|
|
#
?
Jan 11, 2013 17:47
|
|
|
Physical posted:http://magic-ruby.com/ Hopefully they do it again this year I spoke at it last year, and for various reasons I wouldn't expect it to be inside a theme park again. RubyConf is going to be in Miami Beach this November, so that'll be nice.
|
|
#
?
Jan 11, 2013 18:25
|
|
|
|
| # ? May 15, 2024 23:58 |
|
|
A MIRACLE posted:noob question time: I'm using a bit of raw ajax on a page with jQuery's `$.getJSON` method and relative pathing. It works fine on my local machine, but breaks on staging, which has an SSL cert. So Chrome complains that `the page at https://mydomain.com/my/path has displayed insecure content from http://mydomain.com/my/path`, and interrupts the GET request. You can use /my/path as the path as long as it's the same hostname. You should be using SSL in all environments (including development) though if you're using it in production.
|
|
#
?
Jan 11, 2013 19:48
|
|
