Now that the holidays are almost over, I’ve started work on a new version of Lockdown. I’ve created a ‘future’ branch on github for this purpose.
I have a couple of technologies I’m switching to:
1. Mr Bones: I like the clean design of Mr. Bones.
2. Templater: I’m going to simplify how Lockdown is mixed in to your application.
3. Compatibility with Resource Controller will be tackled as well.
I would like to know what you would like. If there is a feature that’s missing that has kept you from using Lockdown, what is it? I’m going to work hard to make Lockdown the security system of choice for Rails applications. I need your help to let me know what you want.
Of course, if you’d like to help out and contribute some code, that would be great!
As I’m posting this in a few places, please tweet your suggestions to me. [http://twitter.com/stonean]
If it’s a longer suggestion, just email it to andy at stonean. com, this way I won’t miss it.
thanks,
stonean
Update:
After some discussions with Dr. Nic, I’m going to take a step back and re-review Rubigen. It may be best to help out the Rubigen project.
I haven’t toyed with/improved rubigen in a while, but recently started some cleanup efforts in an attempt to refit it back into rails-core.
Looking at your lockdown app_generator, http://github.com/stonean/lockdown/tree/master/app_generators/lockdown/lockdown_generator.rb, I think we could come up with a nice subclass of RubiGen::Base for app generators that would make our code here much smaller.
I also want a “just clone/template over all the files in my templates/ folder, please” function for generators. I think Yehuda and/or Hassox suggested this idea to me when they were working on Merb generators before moving to Templater from RubiGen.
From your experiences, and not many ppl write generators so experiences are hard to find, what else is unclean/could be improved/is deficient in rubigen/rails_generator?
Dr. Nic,
Thanks for your comments and I appreciate your efforts to improve both NewGem and Rubigen, I’ve followed both for a while now.
My main concern with Rubigen/Rails generator is the association with Rails framework. For the purpose of Lockdown, I need a generator that is framework agnostic. Even though Merb + Rails are merging, I would like (one day) to have Lockdown work with Mack, Sinatra, and all Ruby frameworks that want the functionality. So, it’s not important to me to have it recognized with script/generate.
I’m not sure if Templater is my answer, but it looks like it is following this path. If this turns out to be false, then I’m not sure. I know Haml support is not there yet, and that is a concern.
I’m sure my ideas of what I want and what actually works well will change as I refactor this functionality. I’d be happy to share my feature needs as I go through this process. I don’t know if my requirements for Lockdown are typical, but I would imagine there is a common feature base everyone needs in a generator.
rubigen was extracted from rails so it could be used independently; for example, newgem uses it (developing newgem sucked before rubigen).
To support different component generators for each framework, use a different subfolder in your gem. E.g. rails_generators/lockdown – is a script/generate lockdown generator for rails. sinatra_generators/lockdown would be where you’d put your lockdown generator for a sinatra app.
Based on the context of where you then ran “script/generate lockdown” or “rubigen *scope* lockdown” (though the latter is new, and I’m thinking of changing it to “rubigen lockdown *scope*”) the particular generator would be run. As another example, inside a newgem project the “script/generator” looks for generators in “rubygems_generators” folders of install gems. “rubigen rubygems xxx” would do the same.
I don’t yet know how Templater solves this issue (diff generators for different scenarios). I hope I can find time to play with it soon and experiment.
Lockdown seems like a cool project. If you want help with your generators, I could perhaps help and I might find some nice extractions to put back into rubigen (subclasses or new APIs etc).
So many projects to play with and only so much time :)
Thanks for the offer to help out and I will definitely let you know. I’m going to spend the next couple of days planning how I want this new version of Lockdown to integrate within applications.
What’s the best way to contact you? You can email me: andy at stonean. com
thanks again!