No PhD

I work for Nature Publishing, but I haven't got a PhD

Authoritah v0.1.2

leave a comment »

I’ve pushed a new version of my authorisation/permission gem that fixes a small issue found by a developer in my team. It now supports propagating permission rules down the controller inheritance chain.

So given:

    class ParentController < ActionController::Base
      include Authoritah::Controller
      permits :current_user
    end

    class ChildController < ParentController
    end

The ChildController here would inherit the permits :current_user rule from the parent.

Just sudo gem install authoritah to pick up the latest version (v0.1.2). As ever, bug reports/feature requests would be appreciated.

That’s it. Thanks for watching.

Written by spanx

4th March, 2010 at 11:23 am

Posted in Code

RSpec 2 on Rails 3

with 3 comments

Just a quickie – RSpec 2 is on its way, but if you’re itching to get specs running under Rails 3 you can. The RSpec 2 alpha/beta gems are in the wild, so to get it running under Rails 3, just do the following.

Firstly, install the gems:

$ sudo gem install rspec --prerelease
$ sudo gem install webrat
$ sudo gem install rspec-rails --prerelease

Once this is done, you need to add the gem declarations to your Rails Gemfile:

group :test do
gem "rspec", "2.0.0.a5"
gem "rspec-rails", "2.0.0.a6"
end

Note, these versions are correct as of 12th Feb, but will change.

Finally, you need to run the newly available generator to create the RSpec structure and helpers:

$ rails g rspec:install

And you should be set. Happy speccing.

Written by spanx

12th February, 2010 at 11:28 pm

Posted in Code

Authoritah update

leave a comment »

I’ve pushed a couple of changes to my Authoritah gem recently that hope to make it a bit more useful. Firstly I’ve fixed using Procs that access the controller for testing whether an action is permitted or not:

class WidgetController < ApplicationController
  forbids :current_user => Proc.new {|user| user.id == params[:id }
end

This now works as expected.

I have also added the ability to change the outcome of an authorisation failure rather than always returning a 404. You can now use the on_reject option to customise the behaviour, as follows:

  
class WidgetController < ApplicationController
    permits :current_user => :logged_in?, :on_reject => :redirect_to_login
    forbids :current_user => :blacklisted?,
            :from => [:create, :destroy],
            :on_reject => Proc.new { redirect_to '/blacklisted' }

    def redirect_to_login
      flash[:notice] = "Please login to view widgets"
      redirect_to root_url
    end
  end

I hope these changes prove useful.

Written by spanx

18th November, 2009 at 1:45 pm

Posted in Code

Simple authorisation gem for Rails

leave a comment »

I’ve been looking around for a simple gem to handle basic Rails controller authorisation but I didn’t really get on with any of the maintained gems out there. They mostly rely on additional tables in your DB, cover hundreds of cases I don’t care about and generally seem a lot of effort.

The fruits of this frustration are here. My main aims with authoritah were providing a simple declarative DSL for specifying your permission rules that you customise to hook in to whatever authentication system you use.

Here’s an example:

class WidgetController < ApplicationController
  permits :current_user => :admin?, :to => [:create, :destroy]
  permits :current_user => :logged_in?, :to => :show
end

Authoritah relies on you providing a method or methods on your controller that result in an object you can query for authorisation information. In these examples we’re following the restful_authentication/authlogic approach of a current_user method that returns the currently logged in user.

At present you can’t just do the following:

class WidgetController < ApplicationController
  permits :logged_in?
end

which would imply you want the action to be permitted as long as there is a user logged in (i.e. you have a logged_in? method on your controllers). I’ll fix this soon though.

For more information see the gems home at http://github.com/indmill/authoritah.

Written by spanx

27th September, 2009 at 5:15 pm

Posted in Code

Hurl – curl, but sicker.

leave a comment »

One of the more useful things to come out of Rails Rumble this year is a fantastic little service called Hurl. Put simply, it allows you to set a URL and HTTP headers, and then displays the resultant content, be it HTML, XML, JSON, whatever. It’s a great little tool for developers exploring APIs such as Twitter, Facebook, Delicious. It’s curl on steroids. And it’s great.

Kudos to Chris Wanstrath and Leah Culver for a great little tool.

Written by spanx

12th September, 2009 at 9:36 am

Posted in Uncategorized

Mercurial sub-repositories for project dependencies

with 4 comments

With a number of our projects now sharing certain assets (primarily CSS files, images and javascript files) I’ve recently been looking in to a new feature of Mercurial; subrepos. These have been introduced in Mercurial 1.3 and are roughly analogous to externals in Subversion. Having just completed a first stab at using subrepos where we have assets shared between a Java Struts app and a Rails app I thought I’d share the steps in getting things up and running on OS X.

Dependencies

You’ll need the most recent version of Mercurial (v1.3.1 is the latest stable build). I use MacPorts to manage most of my apps on OS X. To install Mercurial with macports simply do:

$ sudo port install mercurial

Running the Mercurial command should return the following output:

$ hg --version
Mercurial Distributed SCM (version 1.3.1)

If not, update your ports install and try again.

Setting up

First we need a couple of repos – lets set them up with Mercurial:

$ hg init css-assets
$ hg init app
$ cd css-assets
$ echo "body { margin: 0 }" > main.css
$ hg add
$ hg commit -m "Initial stylesheet commit"

We now have an assets repository with a stylesheet and an empty app repository.

Subrepos

Now we need to link our css assets project to our app. It’s worth bearing in mind that subrepo support is experimental at this point and may change, but at this time the process is:

  1. Clone the subrepo in to your parent repository.
  2. Write an .hgsub file to identify the subrepo
  3. Commit the parent project to link the subrepo.

So, we must do the following steps:

$ cd app
$ hg clone ../css-assets css
updating working directory
1 files updated, 0 files merged, 0 files removed, 0 files unresolved
$ echo "css = css" > .hgsub
$ hg add
$ hg ci -m "Committing CSS subrepo"

The subrepo is now linked to the app repo. Committing the app repo has one major side-effect; it creates an .hgsubstate file. This identifies the version of the subrepo you link to. No matter which updates are pushed to the CSS repo by other users, our app repo will be fixed to the version in the .hgsubstate file. You can confirm this easily:

$ cd css-assets
$ hg log

The tip changeset ID of the CSS repo will match the version in the app repo .hgsubstate file. To update the app subrepo we must do the following:

$ cd css-assets
$ echo "p { margin: 5px }" >> main.css
$ hg ci -m "Updated main stylesheet"

This has updated the CSS repo. The app repo will not yet be aware of these changes; if you check the .hgsubstate file in your app repo you’ll see the changeset ID will still be the ID of the initial commit to the CSS repo. To update the version of the CSS you must:

$ cd app/css
$ hg pull -u
$ cd ..
$ hg ci -m "Updating CSS subrepo"

Now check the .hgsubstate file. The changeset ID has been updated to point to the CSS repo tip. Anyone cloning your repo will now get the latest versions.

That pretty much covers everything I’ve uncovered so far. An improvement I’d like to see is the ability to set your .hgsub file to point at a remote repo and for it to handle the initial clone for you rather than manually cloning and configuring (and if it can do this, someone please inform me how – the documentation is still a little thin).

Written by spanx

25th August, 2009 at 4:34 pm

Posted in Code

Jetty, JRuby 1.3.0RC1 and Warbler

leave a comment »

We’ve been preparing a new product for launch over the last few weeks, and part of the process has been testing out using Jetty and JRuby for the live deployment instead of our trusty Mongrel and MRI deployments.

We’ve been using the very handy Warbler gem (http://github.com/nicksieger/warbler) to package up our Rails app ready for Jetty, and it’s been going swimmingly. However, after a recent upgrade we’ve seen some very painful memory problems, with the Jetty process adding 100b to the heap with every request. We finally tracked the errors down do a part of our code doing a lot of XML processing in the Hpricot jruby gem. It turns out that Warbler bundles JRuby 1.3.0 RC1, and this was having difficulty with Hpricot.

And this is where Github saves the day again! Downloading a more recent fork of the warbler gem with JRuby 1.3.1 has solved our pain (the gem is at http://github.com/finnlabs/warbler) and our test deployment server is now zipping along nicely again.

Written by spanx

12th August, 2009 at 2:44 pm

Posted in Code

Follow

Get every new post delivered to your Inbox.