Thoughts Heap

Aug
25th

Tue

Rails Rumble 2009: The competition

So… it happened, the last weekend was the Rails Rumble, a really kick ass event that made me squeeze all my skills and drop all my social life for 48 hours. I learned a lot of lessons (some the hard way).

The Event Organization.

The competition organization was OUTSTANDING, starting with the registration/team page, everything worked really well. At the competition, the little details stand out pretty quickly, and they made me laugh a lot. Big brags for you guys.

I’ve read the post from the intredia guys, it got me thinking that it will also be a good thing to share some “Good Idea, Bad Idea” thougths (of course, I’m not going to repeat what they have told you already).

1. Good Idea: Know your plugins

For the love of God, be sure that the plugins you are planning to use actually do what you are expecting them to do. It happened that I wanted to do (and at the end DID!) a twitter authentication for the system, I didn’t wanted to use TwitterAuth because it is to invasive, it assumes things, makes a lot of stuff and I don’t feel comfortable with it.

I thought.. “Gee this oauth-plugin looks awesome, and it has support for Twitter too!”, what I found out after actually trying to use it (on the rumble) was that it is not intended to do authentication, it’s intended only to use the Twitter API via oauth.

Don’t get me wrong, the plugin is AWESOME in what it does, It was actually my fault because I didn’t pay attention to their README when they said:

It requires an authentication framework such as acts_as_authenticated, restful_authentication or restful_open_id_authentication

At some point, I didn’t assume that the purpose of the plugin didn’t include authentication. So remember, think it twice before using planning to use plugin you don’t know that well (a.k.a used before).

2. Bad Idea: Don’t use an editor that you are still learning how to use.

This recommendation has a little bit of it’s history, it turns out that since 3 weeks ago, I dished Textmate in favor of Vim (Don’t throw tomatoes at me please!, I don’t regret it, say whatever you want :-p), Textmate is awesome, but when I started to use Vim, I felt all the love right away (after customizing a little bit of course).

The problem was that, to use this editor you need to learn and use a lot of commands. At Sunday afternoon, when your brain is starting to throw SEGFAULTS because you haven’t slept that well, the Vim goodness didn’t flow (I guess this happens when you are still thinking on the commands before actually using them on normal basis).

3. Good Idea: Provision your workspace with all the fast food, energy drinks and snacks you can suffice.

You know it, body needs food to do it’s thing… FullThrotle drinks kept me up on night time.

4. Bad Idea (If you are actually planning to win): Go without a sys-admin and a designer

The perfect balance is 2 proficient Ruby coders, 1 sys-admin, and a Heck of a good designer, with that you should have all your needs covered (ah… and of course a good project to do).

Besides that I have a really good war story related to ActiveRecord callbacks caveats (I will have a blog post for this soon, promise), and the post-mortem evaluation of Paperback for judges, the app that we intended to create and partially did.

Thank you RailsRumble team for such a fun and great time, I had a blast… see you next year.

RailsRumble 2009. Paperback: A Post Mortem evaluation

So, to make life easier to the judges of my application, I will straight down the main features and the issues I’ve found along the way. We start now.

What it supposed to be.

Paperback in one sentence: “A day activity log manager with twitter-like interface”.

Paperback may look very similar to twitter when you log in, please be patient enough to pass through that. Paperback is intended to do something different.

1. You use Paperback when you are stating some activity you are doing in your day to day work

You will have the entries organized by date, so you can navigate to an specific day and see what you did for audit purposes.

2. You can categorize the entries

Some entries are related to projectX, some others to bug #123 of projectY. With categorization is easy for you to check entries related to an specific activity.

3. You specify time factor to the entries:

You can state an entry representing an activity that took you H hours and M minutes to complete
You can state an entry representing an activity that you think will take you H hours and M minutes to complete

This way, you can do time estimates on your entries, and actually get some useful insight data out of it. Sadly , we didn’t have enough time to represent good charts about that data we are recollecting :-(.

4. Entries can be Todo items:

Entries that had an estimation date could happen to be todos, so you could go to a pending page when you see all this entry representing a todo list instead of an activity log entry date. The only way you could check an entry as completed, was when you specify the actual time you took to finish it.

5. The social twitter factor

Normally you would use this as an activity log, but what would happen if people actually care of what you are doing, say your supervisor or team members?. I wanted to use twitter for this, but I considered that people that followed me for other reasons (social life, ruby community, etc) wouldn’t care about my progress on the bug #123 from the project XYZ. With Paperback we made explicit in which channels I want to follow a person.

6. Keep your identity

As I said before, We wanted to use twitter for this, and in some cases we still want to, that’s why we use the Twitter authentication in the first place, to keep the identity you have from twitter. We added OpenID just to support more ways to get you in the project for judging purposes, as soon as the competition ends, the OpenID authentication will go out.

What we have.

Sadly everything is not there, as its supposed to be on the final product, but we are proud to say that at least the core features are there, not polished nor well designed, but there.

The bad

Header titles… there is not a single one, it hurts so bad to see it
The update entry feedback is not well behaved, the entry will be updated, but you won’t be able to see it that well.

The Ugly

We didn’t specify user Timezones, we gather the info from OpenID and Twitter, but we didn’t actually assign the Timezone to the framework, you will find out pretty quickly if you are way off UTC (as in my case)
Public pages are not working, a last minute change added the current_user username on the rightbar, when there is no authenticated user it stills try to get the username, causing a NoMethodFoundError on the Nil class.
The update process won’t work if you don’t specify a valid command, as soon as you hit update, you will see the throbber rolling and rolling.
The OpenID process seems to fail, probably a last minute change added a bug

To finish the entry, I will post a short screencast showing some of the features, we hope you find this product helpful, we surely do, Thanks for syntoynizying.

Aug
14th

Fri

gesteves:

Make Bono History print:

Bono, the lead singer for U2, is performing a concert in Ireland. As part of his promotion for the anti-poverty campaign in which he plays such a prominent part, he stops singing and starts clicking his fingers, repeating the action every three seconds. The crowd falls silent, and after a while, Bono speaks:

Every time I click my fingers, a child dies unnecessarily from a preventable disease.

After he has been doing this for a few minutes to a largely silent and transfixed audience, someone helpfully shouts out:

Stop clicking your fucking fingers then.

Aug
11th

Tue

My Crush On Vim <3

So it has been a while since I don’t talk about vi/vim… I sadly had at some point to leave behind my goal to use vi/vim to work in more important things in the office.

But last week I regained my will to learn vim; and a lot of people at the office asked me why I do this… well what I’ve tell to them (and to myself) is that I needed to learn it because I don’t know in which platform I will be working at some point and Vim is one of those editors that is reliable on most of them (and is not made in Java).

So, one of the reasons I didn’t use Vim (even if I learned many of the commands) is that I didn’t know how to manage multiple files at the same time, after making a serious commitment to learn how to manage multiple files on the Vim environment, I got almost all my bases covered.

What I’m going to do know is give you all the steps I did in order to get familiar with vim, and finally what got me to use it as a replacement of TextMate (sometimes I go back to use some special features of TextMate, not that often though).

First of all, find yourself a good reference to get started, whatever works best for you… most of the tutorials are free, some of them are not. I did buy the book from O’Reilly Learning the vi and Vim Editors, because I wanted a well structured set of contents to learn from, I can say that is a great book to get started on the Vi field, and to get to know how to use the niceties of Vim. However, this book is mainly for first-time users, most of the high advanced stuff is online, but in order to understand that, first you need to understand the basics that this books covers.

After spending like 3 months reading (and practicing) all the commands and exercises from the O’Reilly Book, I started to look out how I could integrate easily my work environment with the Vim editor. Thanks to the developers of the rails.vim, NERDTree and FuzzyFinder plugins, it was not hard enough to get the Vim editor to work along. Also there were some good references from Fabio Akita (akitaonrails), Jason Stirk and Jamis Buck from the Ruby/Rails Community that helped me a lot in the process of installing all the things I needed.

After learning a lot of the cool stuff about navigation between files using ctags and the rails.vim plugin (watching the Fabio Akita screencast), I felt like I was about to stop using TextMate, there was just a really small thing holding me back. I really didn’t like the themes of vim; that’s why I took the time and effort to learn how to do colorschemas in Vim, and created the sunburst theme for the vim (the one I normally use in TextMate); The result… pure awesomeness, if you would like to use it, don’t hesitate to download it from this gist I made. Here is an screenshot to get you convinced ;-).

To summarize, the steps to get started wih Vim (on the Mac) are:

1. Download and install MacVim.
2. Download the .vim configuration files from github, either from my account or the one from Fabio Akita (mine is a fork of his with a few other niceties).
3. Follow the directions on the README of the github project.
4. Start coding, you have everything you need there.

Aug
4th

Tue

chiguire:

darkana:

Help the #freemediave campaign on twitter. Where in Venezuela the government is closing down radio stations, takes away 2 coffee plants and tries to approve the Law against media crimes (among other things). The translation of the law can be found here: http://artists4freedom.net/2009/08/chavez-kills-the-radio-star/

Join us in letting everyone know.

Thanks to Artists 4 freedom for the link.

Photo found in http://ihasahotdog.com

Jul
15th

Wed

walruz: Creating Basic Authorization Policies

Last post we checked the architecture of the walruz authorization framework, now we will continue on the implementation of basic policies. Creation of Authorization Policies.

To create a policy you have to create a class that extends from the Walruz::Policy class, once that is done, you’ll need to define the authorized? method. This method will receive 2 parameters: the actor, and the subject.

class ActorIsAdmin < Walruz::Policy

  def authorized?(actor, _)
    actor.admin?
  end

end

class ActorIsSubject < Walruz::Policy

  def authorized?(actor, subject)
    actor == subject
  end

end

In the example above, we define the most common policies, the first one is the “current user is admin” policy, in this policy we ignore completely the subject because it won’t affect the nature of the policy.

The second one is the “actor is subject”, you may not see the utility of this one after we use it (and ooh boy… we are going to use it a lot!).

Using the Authorization Policies

So, suppose we have the “all well known” User class, and we want to check if a User can be read, modified, updated or destroyed by the current authenticated user. The User class would go as follow:

class User < ActiveRecord::Base
  include Walruz::Actor
  include Walruz::Subject  

  ######################
  ### Authorizations ###
  ######################
  
  UserReadPolicy = Walruz::Utils.any(ActorIsSubject, ActorIsAdmin)  

  check_authorizations :read => UserReadPolicy

end

So the code above states that a User is an Actor (an entity that wants to execute some action in other entity), and at the same time a Subject (an entity that wants to be accessed in some way). It also defines some authorization policies associated to a label (in this case the action name). In this example Walruz::Utils.any let’s us define a composition of policies, this method will join a collection of policies together by a logical or statement.

There are several ways to check if an Actor can perform some action on a Subject, but for now, we are going to use the most basic one: the can? method.

def show(user)
 if current_user.can?(:read, user)
    render user
  else
    render :template => 'public/unauthorized'
  end
end

In the declaration of the UserReadPolicy we define that a User “A” can be read by another User “B” if either “A” is “B”, or “A” is an admin user. We are checking that conditions are met when we execute the current_user.can?(:read, user) statement.

Let’s extend our example a little bit, and Add a friendship relationship between users:

class User < ActiveRecord::Base
  include Walruz::Actor
  include Walruz::Subject
  
  ####################
  ### Associations ###
  ####################
  
  has_many :friendships
  has_many :friends, :through => :friendships, :class => 'User', :foreign_key => 'friender_id'
  
  ######################
  ### Authorizations ###
  ######################
  
  UserReadPolicy = Walruz::Utils.any(ActorIsSubject, ActorIsAdmin)  

  check_authorizations :read => UserReadPolicy
  
  ########################
  ### Instance Methods ###
  ########################
  
  def become_friend_of(another_user)
    Friendship.create!(:friender => self, :friendee => another_user)
    Friendship.create!(:friender => another_user, :friendee => self)
  end
  
end

class Friendship < ActiveRecord::Base
  
  belongs_to :friender
  belongs_to :friendee
  
end

Let’s say we want to enable friends to see each other records, right now it’s not possible with the policies stated, but this can be easily achievable with a new walruz policy.

class UserIsFriend < Walruz::Policy
  
  def authorized?(current_user, another_user)
    another_user.friends.include?(current_user)
  end
  
end

Once we create the new policy, we add it to the UserReadPolicy composition.

class User < ActiveRecord::Base
  ...
  UserReadPolicy = Walruz::Utils.any(ActorIsSubject, UserIsFriend, ActorIsAdmin)
  ...
end

As you may already noticed, the name of this new policy is different from the previous ones (this new one starts with “User” instead of “Actor”), this is because, in this policy the class of the Subject is important for the use of it. As a rule of thumb, if the subject is an important deal on the policy class, you should always start the name of the policy with the class of the Subject; that way it will become more easier to merge different policies together; but more on that later.

That’s all for this episode now, next post we are going to do some more fancy stuff with the policies of this episode and going to extend the example a little bit more, until then.

walruz: Simple but powerful authorization framework in Ruby

You have been there already… your kick-ass app suddenly becomes an insatiable beast when you have to add special conditions for authorized access, roles types, etc. And as soon as a new kind of user is added, or new more specific conditions are created for the existing authorizations, you just want to shoot your application just to put it out of its misery.

Well it doesn’t have to be that way anymore…

Introducing walruz.

walruz is an authorization framework that helps you on that creepy process of adding new authorization policies to your application, without having to change each piece of code that is related to it.

You see, the authorization process is divided in two sub-processes, the authorization checking and the action execution. walruz divides this 2 processes so that you can change without pain, the checking implementation from the execution implementation.

walruz Architecture.

In order to understand how walruz works, we need to clarify the architecture it has in order to achieve it’s goals. We have the three following components.

Subject. Object that is going to be managed (Posts, Profiles, Todos).
Actor. Entity that wants to perform an action on a subject (User, Admin).
Policy. A set of rules that tells if the Actor can perform the desired action on the Subject.

The framework represent this concepts with the following modules/classes:

Walruz::Subject. Module that when it is included makes the class a subject.
Walruz::Actor. Module that when it is included makes the class an actor.
Walruz::Policy. Class that will hold the authorization checking process.

This is all for now folks… I will be explaining the framework in short post, so that we don’t make this a very long hard read process.

A word of notice: The purpose of this series of posts is to serve as a tutorial to learn step by step all the goodies of the walruz framework. If you want something more technical, I suggest you read the README document that comes with the walruz gem. To install just do sudo gem install walruz, or download from github.

Next Post: How to create and use authorization policies.

Updates approaching

Hello guys… I’m adding this post just to apologize with the readers of this blog (If there’s any besides me). I started to work almost 2 months ago in this place called noomii and I have been really busy afterwards. Anyways! I have been doing some interesting stuff with Ruby and I will be posting new API soon-ish enough.

Peace out.

Jul
13th

Mon

Rule of thumb… whenever you query with datetime, date, or time attributes in Rails, transform them first to UTC.

— Me

May
29th

Fri

Rails had improved A LOT since last visit

GameParticipation on schema.rb


  create_table "game_participations", :force => true do |t|
    t.integer  "giver_id"
    t.integer  "receiver_id"
    t.integer  "game_id"
    t.datetime "activated_at"
    t.date     "occurs_on"
    t.datetime "created_at"
    t.datetime "updated_at"
  end

The error:


ActiveRecord::HasManyThroughSourceAssociationNotFoundError in 'Game#is_participating? should return false when the user is not participating on the game'
Could not find the source association(s) :participant or :participants in model GameParticipation.  Try 'has_many :participants, :through => :participations, :source => '.  Is it one of :game, :giver, or :receiver?

What impress me about this error, is the las part of the last sentence “Is it one of :game, :giver, or :receiver?”… If they wouldn’t add the last sentence, my first question would be “WTF is source?”, this meaningful error helped me save some time.

Good Job Rails Team \m/.

This is a spot where you can get a real slice of my thoughts