|
Peter Marklund's Home |
Rails Configuration: Yielding self in initializer
I've come across situations in Rails where you want to repeatedly invoke methods on some class with a long name and it gets ugly and tedious that you have to repeat the class name on every line. I just realized that unlike in the config/environments files the config object is not available in the config/initializer files. I use the AppConfig plugin to parameterize my application and I came up with the yield_self method to make my config/intializers/app_config.rb more readable:
# Method to supplement the app_config plugin. I want to crash early and be alerted if
# I have forgotten to define a parameter in an environment.
AppConfig.param(name) do
raise("No app_config param '' defined in environment , " +
"please define it in config/environments/.rb and restart the server")
end
end
yield self
end
end
AppConfig::Base.yield_self do |config|
config.site_name = "Simple Signup"
config.admin_email = '"Simple Signup" <info@simplesignup.se>'
config.exception_emails = %w(info@simplesignup.se)
config.email_prefix = "[]"
config.signup_timeout = 5
config.send_activate_email = false
config.transaction_fee = lambda do |price|
price.blank? ? 0.0 : [10.0, 5.0+0.035*price.to_f].max.round(2)
end
config.bank_fee = lambda do |price, card|
0.0
end
end
ExceptionNotifier.exception_recipients = config_param(:exception_emails)
ExceptionNotifier.sender_address = %{peter_marklund@fastmail.fm}
ExceptionNotifier.email_prefix = " ERROR: "
The method config_param might be more appropriately named app_config. That will be a refactoring for another day though.
Ruby Gotcha: Default Values for the options Argument Hash
Like in Java, method arguments in Ruby are passed by reference rather than by copy. This means it's possible for the method to modify the arguments that it receives. This can happen unintentionally and be a very unpleasant surprise for the caller. A good example of this is the typical options = {} at the end of the method argument list. If you set a default value in that hash then that is a potential issue for the caller when the options hash is reused in subsequent calls (i.e. in a loop). See below for an example:
options[:to_table] ||= from_column.to_s[/^(.+)_id$/, 1].pluralize
execute ["alter table ",
"add constraint ",
"foreign key ()",
"references (id)",
""].join(" ")
end
from_columns.each do |from_column|
foreign_key(from_table, from_column, options)
end
end
In the first invocation of foreign_key options[:to_table] will be set (if it isn't set already) to the destination table of the first column. The options[:to_table] value will be retained throughout the loop causing all foreign keys to point to the same table. The fix is to make to_table a local variable or to do add an "options = options.dup" line at the beginning of the method.
Lesson learned - avoid modifying the options hash and any other arguments that the caller doesn't expect will be modified.
Rails Testing Tip: Use Global Fixtures to Avoid Fixture Mayhem
I'm in a Rails team with mixed opinions on whether to use fixtures. Therefore we have everything from RSpec specifications that use a lot of mocking/stubbing and don't touch the database, to specifications that set up their own databse data through helper methods and the specifications that I write that rely mostly on fixture data. What I have found is that when you don't use global fixtures (a setting in your test_helper.rb or spec_helper.rb file) you can run into situations where seemingly unrelated specifications/tests fail, and fail in different ways depending on if you run them in separation, through autotest, or with rake. What is going on is test data spillover/interference between tests. This can lead to very long and frustrating debugging sessions indeed. The best way to avoid this seems to be to turn on global fixtures. This will probably increase the specification run time, an issue that I partially adress by keeping the number of records in my fixture files to a minimum. Also, I prioritize test coverage and convenient access to a common set of test data over making my specifications run faster.
Rails Optimistic Locking - Not Worth it for Me
When I upgraded to Rails 2.1 ActiveRecord partial updates were turned on, i.e. when you save a record only those attributes that have changed are saved to the database. In theory, if you have two almost simulateneous updates, and you have a validation rule across several columns, then those updates can render the database record in an invalid state. Of course, in practice, this is very unlikely to happen. Nevertheless, I decided to turn on optimistic locking to be on the safe side. It turned out optimistic locking caused more issues than it was worth. Suppose you have an Article model that has many instances of Chapter and also that the Article uses a counter cache. Then you can run into this issue:
article = Article.first
article.chapters.create(:name => "Summary")
# => UPDATE articles SET chapters_count = chapters_count + 1,
# lock_version = lock_version + 1 WHERE id = XXX;
article.publish_date = 1.days.from_now
article.save
# => throws ActiveRecord::StaleObjectError
I like partial updates though since they make it less likely that simulteneous updates will clobber, since you are only writing to the db what has changed. It also makes SQL statements in the log file more readable.
I'm abandoning optimistic locking for now though.
Ruby Gotcha: Symlinked Scripts and File.dirname(__FILE__)
If you have a Ruby script say in ~/src/ruby/my_script that you are symlinking to from ~/bin/my_script, then invoking File.dirname(__FILE__) in that script will yield the directory of the symlink not the directory of the script file. If you want the directory of the script file you can do this instead:
THIS_FILE = File.symlink?(__FILE__) ? File.readlink(__FILE__) : __FILE__
THIS_FILE will contain the path to the script file instead of the path to the symlink. This is valuable if say you want to require some Ruby library from your script and you are using a relative path.
Rails Tip: Validating Option Arguments
I think it's a good convention to validate options arguments passed to methods, i.e. to make sure they have valid keys and values. Misspellings can otherwise lead to unnecessary debugging sessions. Rails comes with the assert_valid_keys method. I added the assert_value method:
#:nodoc:
#:nodoc:
#:nodoc:
# Assert that option with given key is in list
options.assert_valid_keys([:in])
if !(options[:in].map(&:to_s) + ['']).include?(self[key].to_s)
raise(ArgumentError, "Invalid value '' for option '' must be one of ''")
end
end
end
end
end
end
Example usage and RSpec specification:
options.assert_valid_keys([:billing_period])
options.assert_value(:billing_period, :in => ["annual", "monthly"])
# method logic here...
end
# Rspec:
it "cannot be invoked with an invalid option" do
lambda { @campaign.price([23], :foobar => true)
}.should raise_error(ArgumentError)
end
it "cannot be invoked with an invalid billing period" do
lambda { @campaign.price([23], :billing_period => :foobar)
}.should raise_error(ArgumentError)
end
Rails plugin: acts_as_state_machine_hacked
I've been using the acts_as_state_machine plugin in a couple of projects. I think the syntax and functionality of the plugin is quite nice. It allows you to easily define states and events (transitions between states) for your ActiveRecord model. However, I wanted to be able to see which states are available in the current state. Also I thought that invoking an event, such as user.activate!, when the user is in a state where the activate event is not available should not yield a silent failure, but rather throw an exception. Also, if the event fails to fire because of a guard condition then an exception should also be raised. I encapsulated those changes in the plugin acts_as_state_machine_hacked.
DreamHost Hacked: All My Files Exposed Publicly
An ex-colleague of mine discovered that all my files in my home directory at the hosting company DreamHost were publicly viewable and downloadable on the web. I was quite shocked. I had certainly not intended to share all my private files with the world, especially since they contained some highly sensitive information. I assumed my account at DreamHost had been hacked. However the response from DreamHost support was that this was not the case. They explained that it was merely a symbolic link to my home directory that had been created:
"if you would like to keep this from happening you can prevent all other users on the server from viewing your account's files by enabling the Enhanced Security feature for your user. Just go to the Users > Manage Users section of your panel, click the "Edit" link next to your user, and then check to enable the Enhanced Security option. Hit the "Save Changes" button and you should be set in about 20 minutes.
The /home/ directory is public and it is not a security breach that the other user was able to create a symbolic link to /home/. Other users on the server have always had the same access, which means that they have been able to view your files but they absolutely cannot make any changes to your files or folders. The Enhanced Security feature takes it a step further and prevents any user from even viewing your files or folders.
So, just to be clear, there is no indication of a server hack or any security intrusion."
I wrote back that I had changed to "Enhanced" security and that my files were still exposed. Here are some excerpts from their second reply:
"Ultimately this was just some funny permissions on your home directory which caused this to be allowed to happen."
"When I changed your home directory's group ownership back to your default group (pg136611) this corrected the insecurity of other user's accessing your files via apache"
"The interesting part is it may have been enabling the extra web security which caused this insecurity."
A few days later I found that my files were still exposed and I had to manually change the group of my home directory. Basically as far as I'm concerned this means the issue has still not been fixed in a reliable fashion.
I've heard no apology from DreamHost so far. In fact, there is not much in their replies that indicates that they are even taking the issue very seriously. I'm quite disappointed and I am not left with much confidence in DreamHost when it comes to security and privacy.
Rails Testing Tip: Validate your Fixtures
I realized today how important it can be to validate the fixtures you use in your Test::Unit tests or RSpec specifications. I made some schema and validation changes and neglected to update all my fixtures which lead to a long and tedious debugging session. I added this RSpec specification to make sure I never have invalid fixtures again:
describe "fixtures" do
it "should be valid" do
ActiveRecord::Base.fixture_tables.each do |table_name|
klass = table_name.to_s.classify.constantize
klass.send(:find, :all).each do |object|
puts(" is invalid: ") if !object.valid?
object.should be_valid
end
end
end
end
Note: the fixtures_tables method is just a method I have defined that returns a list of all my fixture tables and I use it to set global fixtures in my test_helper.rb and spec_helper.rb files. If you are not using global fixtures, you can use this spec instead:
describe "fixtures" do
it "should be valid" do
Fixtures.create_fixtures(fixture_path, all_fixture_tables)
all_fixture_tables.each do |table_name|
begin
klass = table_name.to_s.classify.constantize
klass.send(:find, :all).each do |object|
puts(" is invalid: ") if !object.valid?
object.should be_valid
end
rescue NameError
# Probably a has and belongs to many mapping table with no ActiveRecord model
end
end
end
Spec::Runner.configuration.fixture_path
end
Dir[File.join(fixture_path, "*.yml")].map {|file| File.basename(file[/^(.+)\.[^.]+?$/, 1]) }
end
end
I think it would be nice if Rails/RSpec has fixture validation built in and turned on by default.
Rails Tip: Validating Option Arguments in your Methods
I think it's a good convention to validate that options passed to methods have valid keys and values. Misspellings can otherwise lead to unnecessary debugging sessions. Rails comes with the Hash#assert_valid_keys method. I added the assert_value method:
#:nodoc:
#:nodoc:
#:nodoc:
# Assert that option with given key is in list
options.assert_valid_keys([:in])
if !(options[:in].map(&:to_s) + ['']).include?(self[key].to_s)
raise(ArgumentError, "Invalid value '' for option '' must be one of ''")
end
end
end
end
end
end
Example usage:
options.assert_valid_keys([:billing_period])
options.assert_value(:billing_period, :in => ["annual", "monthly"])
...
Corresponding RSpec specifications:
it "cannot be invoked with an invalid option" do
lambda { @campaign.price([23], :foobar => true)
}.should raise_error(ArgumentError)
end
it "cannot be invoked with an invalid billing period" do
lambda { @campaign.price([23], :billing_period => :foobar)
}.should raise_error(ArgumentError)
end
RSpec Presentation
I gave a presentation on RSpec today at Diino.com - an online backup provider - and the slides are available here.
Stockholm Ruby User Group Meetup Tonight
We are having a Stockholm Ruby User Group (SHRUG) meetup tonight at Connecta here in Stockholm and it's good fun. Martin Kihlgren demoed his Grusome server based 2D game that uses a server written in Ruby and C for performance. Albert Ramstedt organized an RRobots workshop where you get to code your own little Ruby Robot that will fight other robots.
I gave the presentation "Building Web Apps with Rails 2 - Conventions and Plugins I Use" and the slides are available.