kellyfelkins.org: restlater

I'll rest later...

One of my early rails projects is a to-do list. But this is no ordinary to-do list. Think of it as a team to-do list. It’s called RestLater and you can find it at http://restlater.com.

Team? Yes, that’s right. It’s for teams. It helps you work together effectively.

The problem is simply this: Often there is a small group of people that need to work together to get some set of tasks done. Restlater is a service that allows you to specify the team members and the tasks. Then team members can go about their work. As they complete tasks they mark them completed on Restlater. Since all team members are viewing the task list on-line they all know what tasks are not complete, which have been completed and by who.

Simplicity

Restlater strives to provide this simple functionality simply. I hope that anyone can get started immediately. However it’s not simple enough — yet. Just be aware that simple will continue to be a goal for this service.

Security

I think one of the hardest things to do in ASP services is to guard against unauthorized access by authorized users. Think about that a minute. Guard against unauthorized access by authorized users. How do we as developers traditionally do this? Well, most of the time we put a bunch of “if” statements in our code. And we add “where” clauses to our SQL. Most of us code very carefully in these situations, and we hold our breath during releases. You always wonder if you covered every situation.

One approach is to push the access control down into something beyond the normal coding realm. Get it right there and you don’t have to worry. But this is normally pretty hard to do.

Restlater is implemented using Ruby on Rails. Rails has an object/relational mapping API called ActiveRecord. For this project I modified ActiveRecord, overriding many of the methods with versions that check access. The methods work the same, but they only operate on data that is available to the logged in user. I still add many of the normal ‘if’ statements so that the UI is friendly. But if I miss one, and an attempt is made to access, modify or delete a record that the current user doesn’t have specific access to, an exception is thrown — or in some cases the record is simply not found, as if it didn’t exist.

There is still a lot to be done to improve security. Rest assured, this is important to me.

There

A service like restlater needs to be there. If you can’t depend on it you will not use it. And it needs to be responsive. This is something I’m watching and will continue to improve upon.

Stats

One of the reasons for this blog entry is to record the project stats. Here they are:

+----------------------+-------+-------+---------+---------+-----+-------+
| Name                 | Lines |   LOC | Classes | Methods | M/C | LOC/M |
+----------------------+-------+-------+---------+---------+-----+-------+
| Helpers              |    69 |    58 |       0 |       8 |   0 |     5 |
| Controllers          |   268 |   223 |       4 |      24 |   6 |     7 |
| APIs                 |     0 |     0 |       0 |       0 |   0 |     0 |
| Components           |     0 |     0 |       0 |       0 |   0 |     0 |
|   Functional tests   |   496 |   301 |       6 |      57 |   9 |     3 |
| Models               |   404 |   302 |      10 |      32 |   3 |     7 |
|   Unit tests         |   590 |   476 |       6 |      54 |   9 |     6 |
| Libraries            |    87 |    35 |       0 |       9 |   0 |     1 |
+----------------------+-------+-------+---------+---------+-----+-------+
| Total                |  1914 |  1395 |      26 |     184 |   7 |     5 |
+----------------------+-------+-------+---------+---------+-----+-------+
  Code LOC: 618     Test LOC: 777     Code to Test Ratio: 1:1.3

Share this article on

Comment

* * *