What infuriates me about Rails

Python and RubyDHH, creator of Rails, drew attention to my least favorite aspect of the framework in his wrap-up of the recent Snakes and Rubies throw-down.

To me, such an elaborate administration interface with login, permissions, and groups and what have you is out of scope for inclusion in the core framework.

Show of hands, how many deployed Rails apps have no concept of users?

I’m sure there are some, but the majority have some sort of registration, login and authorization. How many programmer hours are going into either re-inventing the wheel or customizing existing solutions?

Worse, a lot of projects will start with one of the many existing solutions only to realize too late that they need something different. Then they wind up having to maintain a customized solution that doesn’t participate in the network effects of community development.

There is a “less software” solution to this complexity.

Here’s what you do: Make an ActionUser module part of the Rails core. Add a good API for ActionController and ActiveRecord to authenticate methods against the current user. That’s it.

Just as important, here’s what you don’t do: Don’t implement permissions. Don’t implement roles. Don’t implement ACLs. Don’t create fancy permission management views, or even login controllers. That doesn’t belong in the core framework.

Just like ActiveRecord is database-agnostic, allow people to write pluggable auth. modules so that do the dirty work. Need to authenticate against LDAP? Make ActionUser::LDAP. Just need to keep anonymous users out of an admin section? Make ActionUser::Simple. Need to authenticate with cookies, or HTTP auth, or Kerberos? Interchangeable modules. Develop locally with SQLite and HTTP auth, then deploy to production with Oracle and Kerberos.

I know DHH isn’t interested in including this in the core, but it’s not like ActionMailer shows up in Martin Fowler’s Patterns of Enterprise Application Architecture. With so many different auth projects going on I can’t help but think that a standard interface for auth would benefit the community as a whole.

Am I the only Rails developer sick of repeating myself, cobbling together auth for each new project?

PHP on Rails

The funny thing about working with Ruby on Rails is that its made me a better PHP developer.

A client wanted something developed and chose being able to support the app with their in-house PHP experience over Rails’ speed of development. I’m now using tools like DB_DataObject to emulate some of what I love about ActiveRecord. I’m making each PHP file its own controller, and using Smarty for the V in MVC. If you look at my include directory it looks suspiciously like a Rails directory.

Yes, I know about Cake, but I only have so much time to invest in learning frameworks, and I still prefer Rails.