Anyone have a list of rails plugins that are both stable and give you enough functionality to be worth the extra effort of supporting?
Edit:
I am mostly interested in the best, most complete list of plugins so I can use it the next I'm starting a rails app. I don't currently need a particular plugin.
You can use bort as reference
Plugins Installed
Bort comes with a few commonly used
plugins installed and already setup.
RESTful Authentication
RESTful Authentication is already
setup. The routes are setup, along
with the mailers and observers.
Forgotten password comes setup, so you
don’t have to mess around setting it
up with every project.
The AASM plugin comes pre-installed.
RESTful Authentication is also setup
to use user activation.
User Roles
Bort now comes with Role Requirement
by Tim Harper. A default admin role is
predefined along with a default admin
user. See the migrations for the admin
login details.
Open ID Authentication
Bort, as of 0.3, has Open ID
integrated with RESTful
Authentication. Rejoice!
Will Paginate
We use will_paginate in pretty much
every project we use, so Bort comes
with it pre-installed.
Rspec & Rspec-rails
You should be testing your code, so
Bort comes with Rspec and Rspec-rails
already installed so you’re ready to
roll.
Exception Notifier
You don’t want your applications to
crash and burn so Exception Notifier
is already installed to let you know
when everything goes to shit.
Asset Packager
Packages up your css/javascript so
you’re not sending 143 files down to
the user at the same time. Reduces
load times and saves you bandwidth.
p/s: agree with #eric, specifics
restful_authentication for sign in, sign out, sign up.
paperclip for file uploads.
rspec and shoulda for testing.
Could you be more specific in what you are looking for? There are so many great plugins for so many different tasks, it's hard to guess the right ones for you.
Try resource_controller. http://jamesgolick.com/2007/10/19/introducing-resource_controller-focus-on-what-makes-your-controller-special
It seriously dries up your RESTful controllers. And is the only plausible way of implementing polymorphic actions that I've come across.
Loads of other good stuff too. Give it a try.
I can imagine why you are asking that. I used to work in a project with more than 20 plugins in use. Sure, it speeded up the development early on, but later debugging became difficult. Also, updating to a new version of Rails was a lengthy process.
My advice is that don't start using a plugin before have a reasonable understanding of how it works and of the trade-offs involved. For small plugins you should probably read the source code. For larger ones, see what other people are saying about them, when the plugin was updated the last time, etc.
For scanning popular plugins, see the most popular github projects. Quite a few of them are Rails plugins.
For me, Haml is excellent. It's not for everyone but if it clicks with you you'll love it. Set aside 30 min and give it a shot. It reduces the clutter in my views by about 50%.
It's easy to install using Rails 2.1+'s gem dependencies :
# environment.rb
config.gem 'haml'
Then:
rake gems:install
Ruby Trends is a good place to check what the most popular plugins/gems/books/practices are. It's like StackOverflow (i.e., voting plugins up/down) but is more fine-grained and has the ability to search/filter.
I my rails time I used http://github.com/mbleigh/acts-as-taggable-on/tree/master with success.
Related
How do Ruby developers keep updated on ruby and rubygem security alerts and updates?. I found out about this today:
https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately
and wonder how developers usually keep up with these types of alerts. Thanks in advance.
For Rails, just register for email updates in the Rails security google group :
https://groups.google.com/forum/?fromgroups#!forum/rubyonrails-security
The Ruby Security Announcements list is specifically for security issues in Ruby and Rubygems.
Also check out the bundler-audit gem to automate this process. It will check your gems for known vulnerabilities and also recommend some improvements regarding the update process in general.
I actually wrote about this a few weeks back. These are the things that I would recommend:
Follow the Ruby and Rails security mailing lists.
Use CVE Reports to get details of security alerts as soon as you can. CVE stands for "Common Vulnerabilities and Exposures" and it's an industry standard reporting mechanism.
Keep your dependencies as up to date as you can. Run bundle outdated to get this information. Keeping your test suite at > 85% is going to make dependency upgrading much easier.
Create a process for your team so you can stay up to date on squashing security issues. I elaborate in the blog post on how to do that.
Use tooling like bundle-audit, AppCanary, Hakiri, or Gemnasium to auto-detect gem security issues. These are easy tools to insert into a CI environment.
I think these two sources should get you that info as soon as it's available. You could also sign up for an account at rubygems.org and add Rails to your RSS feed.
Ruby on Rails on Twitter
Rails core mailing list
Also the Ruby 5 Podcast is a twice weekly resource and only takes 10 minutes of your time per week.
Also, if you find it hard to keep find the time to look for updates or perform the actual update: Use mini habits to e.g. update software every Monday, as I described in the week with a Rails security strategy
I'm feeling fairly seasoned in Ruby on Rails by now, and have attempted to build my own Rails plugins. Going through that process, however, I realized that I really have not found very many good resources that clearly spell out what the conventions are for creating Rails gems/plugins, and how to efficiently accomplish some of the things that I wanted to do with my plugin.
It seems to me that the documentation for buildings Rails gems is not very good, but maybe I'm not looking in the right places. In an attempt to gain insight into how other gems are built, I've read through some of the source code of the Devise plugin for user authentication. I have found virtually nothing describing a procedure similar to how Devise injects its own methods into an existing model, even though this seems like it may be a very useful thing for a lot of good gems to do.
My question is this: Where should I go to learn how to build good Rails gems? Are there spelled out conventions for how to do certain things?
The currently popular method to do what you are trying to achieve is to use Engines. Engines basically let you mount one application inside another, allowing you to do anything from add a method or two, to adding a complete blog. The official guides have a very nice step-by-step guide to getting started, and there are many good unofficial guides, as well. An engine basically consists of a little bit of initialization code, the application code, and a dummy application for testing and development. It might look intimidating, at first, but it's much easier than it sounds, at first. Good luck
Here is the most modern approach to gem crafting with Bundler:
bundle gem your_gem
cd your_gem
edit your_gem.gemspec and add description, summary and optional website.
Add required gems such as rspec to the Gemfile.
rspec --init
touch spec/your_gem_spec.rb
Write good tests.
Add your code to lib/your_gem.rb.
When you're finished its time to build and push to rubygems.org:
gem build your_gem.gemspec
gem push your_gem-0.0.1.gem
And thats it. Next time you make a change be sure to change the version number in version.rb.
see below link that will help you how to build a good rails gem
Making a Gem
It seems that a lot of Ruby on Rails questions are related to AuthLogic. What are the advantages of it that it is so popular?
It's popular because with Rails 2.2, it was the most complete authentication plugin system.
The authentication is often the base of each web application. It's quickly used on a lot of projects and often beginners start by blindly adding the authlogic plugin. The beginner doesn't understand how it's works, and ask some questions on SO.
There is a new, great, and complete plugin for Rails 2.2 and Rails 3. It's called devise. A lot of people come with questions about it as well.
Each plugin is good, each is different. You just need to choose what you want.
There are a few self-contained user frameworks, and AuthLogic is one of the earliest full-featured varieties. Thoughtbot is also pretty good at marketing their technology, and their other gem, Paperclip, is very popular as well.
The advantage of AuthLogic is that you can get slap on a user authentication system quite easily to an existing application without having to roll your own, something that is challenging for someone unfamiliar with Rails.
Because it works.
Does anyone know of a good guide on building your own authentication system in ruby on rails?
I want to roll my own system to use with my community im building :)
Thanks!
I'd recommend starting with Warden - it'll handle the very basics of sessions for you, and give you a good foundation to build your logic on top of. The Rails Warden plugin is a rather small library that helps integrate it into Rails. Both of these projects are fairly mature and well-constructed yet still under active development - they're good choices all around.
You should be aware of Devise, another authentication framework (like Authlogic or Restful Authentication) that is based on Warden. It may not be a good fit for your project (it wasn't for mine), but looking through the source might give you a few ideas on how best to use Warden.
The other thing I'll note is that, in terms of hashing passwords, you should absolutely use bcrypt.
michael hartl has a good book coming out soon and the first 8 chapters are available in pdf format for free here: http://www.railstutorial.org/ - they cover the entire process of creating a very solid rspec-driven authentication system - can't recommend it highly enough
Well, it came out a while after you asked your question but the best answer if you're keen to build your own authentication system rather than use something like Devise would probably have to be Ryan Bates' Authentication from Scratch Screencast.
Since authentication is a common problem that has been solved many times already, I would start by investigating the solutions already out there.
For example, have a look at Restful Authentication which provides a good foundation for authentication in Rails. Even if you'd rather roll your own system, playing around with Restful Authentication and understanding how it works should give you a good understanding of the components needed when you start building your own system.
Check out this article:
http://www.aidanf.net/rails_user_authentication_tutorial
The author goes, step by step, through an entire authentication framework, with suggestions on further improvements. Even tests are discussed.
I agree with Ritchie... Devise has some very nice features but it doesn't play nice with others. For many use-cases, the way it hijacks the routing can make your job more difficult. In many situations you may be better off rolling your own.
Devise has caused circular references in my Rails asset pipeline, and the settings in the initializer as installed (in the latest version as of yesterday) conflicted with the defaults in the migration it generated.
I have built enterprise-level authentication systems, including email verification, password recovery, etc. And none of it required the routing shenanigans that Devise uses. If you really need all the features, it may be for you. But there are lots of reasons to not use it, too.
We are evaluating plugins for Authorization in Rails. The two at the top of our list are
cancan and declarative_authorization.
I would like to get some feedback from anyone currently using either of these plugins.
The problem we are going to face with any authorization plugin is that we have a
database per customer model and will need to modify the plugin to work within that
model. Because of this fact I'm interested in hearing from anyone who has had to tweak the
plugins at all as well.
I'm just starting to look around at the code. It seems like cancan might be a little easier to customize.
Any thoughts?
Cancan is a lighter weight plugin for smaller sites. You can see a video on railscasts.
http://railscasts.com/episodes/192-authorization-with-cancan
I've used declarative_authorization with authlogic/restful_auth for several projects. It has everything you would need. 1) Model security. 2) Controller security 3) methods available to the view to check auth.
The only frustrating thing I've run into with declarative_authorization is me not reading the rdocs.
http://railscasts.com/episodes/188-declarative-authorization
Authority
I'd suggest you also check out my new gem, Authority. Because you do the actual logic in plain Ruby classes and methods, you can check any data source you need to: different databases, static files, phases of the moon via a web request, you name it. :)
I ended up using declarative_authorization. Now it seems that auth_logic is where the community is headed.
declarative_auth would have been really simple if it wasn't for our apps multi-tennant db
model. I had to modify the source a bit to make it all work, but it wasn't too tough to do, and
I was pretty green when I started this project.
It seems like you really can't go wrong with any of the solutions. cancan seemed cool too
but it would have needed more mods for what I was doing so I decided against it.
Its written by Ryan Bates though which is cool. Love rails casts! :)
I know this post is old but I figured I'll update any because you never know.