tags:

views:

59

answers:

3
Q: 

Adding a "tools mode" to rails app

Let's say I have a rails app with content that's read-only to the public, but I'd like to build tools to edit that content (or use scaffolding). I don't want to expose create/update/delete actions publicly (even if password-protected), but I'd like to have a server with this functionality inside a local network that interacts with the production database.

So I'm thinking of writing a plugin for this, which would add a tools rails environment (like development, production, and test) and a way of configuring a controller method as "tools-only". When not in tools mode, requests for any tools-only action gets redirected to a standard 404 page.

Before I start reinventing a wheel, does something like this already exist? Are there perhaps better ways to solve this problem?

A: 

umm...i know herokugarden allows you to edit your code online through a browser, will that work?

here is a link to the demo

ez  2009-08-16 01:09:55
A: 

Interesting idea - Aside from creating the custom environment wouldn't it just be one before_filter in your Application controller?

before_filter :can_access_tools, :except => [:show, :index]

Other controllers would just skip it as need be.

Andy Gaskell  2009-08-16 01:30:47
I think it's a little more complex (but maybe not much more). I won't want to maintain two separate entries in config/database.yml, but it looks like I should be able to do something like<pre>tools: <<: *production</pre>I'm wondering if there are other touch-points to worry about when creating custom environments.That's a good point with the whitelisting, it's better than blacklisting.
etoleb  2009-08-16 04:17:55
A: 

Why do it as a separate environment? What I would do (and have done) is put the editing functionality in a separate namespace (I usually call it admin), then using a before filter only allow a user with an admin role access to those controllers. So if your app is displaying widgets, you could see them in the normal app behind the url /widgets. In order to edit them you would go to /admin/widgets (and also have to be logged in as an admin). Instead of just doing it via route namespaces, I also create an AdminController that all other controllers in that namespace extend. Then you can put any filters that need to apply to all of them in one place.

You could get the UI for this up pretty quick by dropping in something like Active Scaffold to provide a pretty clean interface to do CRUD operations on it. You could also take a look at Streamlined or Hobo for this part as well.

I often set up extra environments for testing multiple contexts, but for this case it seems like overkill. If you limit the editing functionality by authorization (requiring the role of admin) instead of by access (only the local server can get to it), it also allows you to make changes if you're on the road and not in the office.

Jeff Whitmire  2009-08-16 07:16:42
I'd like to avoid implementing a user authentication system just to hide an admin toolset. It seems like an unnecessary security complication.With a tools mode I wouldn't necessarily need to run my admin jobs on the same machines that host my site. I don't want CPU intensive, long-running processes to impact live-site performance.Thanks for the advice on ActiveScaffold/Streamlined/Hobo, I suspect they'll be useful however I solve this problem.Good point about the "on the road", but it's not something I anticipate being a major factor (and it could be solved with a VPN later on).
etoleb  2009-08-16 15:16:56

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.