tags:

views:

111

answers:

3
Q: 

When to make models RESTful?

Just wondering -- how do you know when to add map.resources for a particular model? All of them? The ones you want to be accessible by a public API?

Thanks.

+1  A: 

Yes, you are deliberately exposing something as a kind of service, decide whetehr that's want you want to do. Exposing a service implies a certain commitment to your users, general advice keep the number of exposed services under control, they incur onging support debt.

djna  2009-08-08 17:00:27
So does that mean that for models I want to keep "private" I use my own set of controller actions?
 2009-08-09 03:37:46
A: 
  1. the model shouldn't reveal any secret or protected data (such as encrypted passwords)
  2. when you provide external access to a model, you essentially make it a public API. You should then commit to document it, maintain it, and keep it stable (in particular when you find that it is being used).
Martin v. Löwis  2009-08-08 17:00:49
"the model shouldn't reveal any secret or protected data (such as encrypted passwords)"Doesn't restful_authentication add a map.resources :users to your routes.rb file after calling the generator script?
 2009-08-09 03:38:20
Right. With proper access control, you might provide such access to administrators. However, I wonder what the point is of exposing such data in API. Users needing access to secret data should use the regular web interface, or perhaps even directly access the database on the server.
Martin v. Löwis  2009-08-09 05:25:49
+1  A: 

First of all we do not add map.resources for models. We add them for our controllers.

The map.resources and map.resource generate RESTful urls which do not address a model and its corresponding actions; it addresses only the resource itself. A resource is a combination of dedicated controller and a model.

Usually if you are going to make a complete RESTful app, you add map.respources for all of your controllers. After doing this, you can define all your CRUD(index, new, create, edit and update) actions in the corresponding controller which access a particular resource. The actions which can be carried out on a particular resource depend upon the policies defined by your application. If you have some resource which you do not want the users(via your application front end or via some API) of your application see(or something like that), you simply don't define a show action in the corresponding controller. Similarly other actions.

You should have a look at this small tutorial about REST and Rails. The lines above in the quote are shamelessly copied from the same document.

Waseem  2009-08-09 14:53:38
Thanks, I'll take a look at that!
 2009-08-09 16:00:37

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.