I have decided that I want to basically create an application (in RoR) that would be built off one of the premade social network frameworks such as Insoshi or Lovdbyless (unless someone can give me other suggestions).
So i want this application to have all the social network features but I would like to add a key functionality for it...The ability for people to add books to the database and then browse through the database and see other books that have been put there by other people and add them to their own personal bookshelf.
I am looking for some direction on how I would go about implementing this. Any help would be greatly appreciated
Explore the existing models, views and controllers.
Plan your user interface, and undertand how the users will interact with your
service. Decide in what views will you change or create from new.
Plan your data structures. Create the models, migrations,
validations, associations etc. Think about user access limitations.
Plan and create your RESTful resources
Create your views and controllers
Related
I'm preparing for the finals. I'm wondering what architecture I should use if I was told the following:
only one actor(librarian) is involved in the interaction with the system and he is responsible to initiate all the use cases of the system. System also does not store the information about Library staff and single user, the librarian is supposed to manage members and books in the system.
The choices are layered/Client-server/both. Someone told me that if there is only one actor then we do not use the client server architecture; but I'm confused if that was the case, why that's the case?
Also, what does the system not saving information have to do with this?
I don't thing having a single actor has anything to do with the system architecture in terms of layered or client/server.
the librarian uses the system to manage library members and books, so lets assume there are use cases to add a new book to the library, loan a book, add a new member, view lists of books and members, search, etc.
the librarian surely uses some client (doesn't matter if it's a web app or desktop app) that communicates with a server to get data for the librarian, and send his commands back to the server.
the server works with some DB (mySql, local files, mongoDB, whatever) to store the data.
I would assume for this kind of app to use n-tiers architecture. any app the has some client, some business logic, and data is probably 3-tiers at least.
the client renders data for the user, and submits his commands to the business logic tier. the business logic validates, processes, and writes/reads data from the data layer, which in turn communicates with a data store.
seems like you have at least a simple N-tier (or layered) application here. see here for a short and clear description of this subject.
regarding the "what does the system not saving information have to do with this?", I think it relates to "System also does not store the information about Library staff and single user" - meaning library staff management is not in the scope of the app, only books & members management.
I recently finished one of my first AgilityJS projects, which is a web-based file browser that lets you create and manage folders and files, and navigate around the folder tree. I followed the various AgilityJS recommendations regarding the design and ended up with all my HTML and Javascript in a single Javascript file.
Now, I would like to provide a "read-only" version of this app which does not have the ability to add/edit/remove files and folders. I'd like to have 2 user types on the website, one type which can only read the files and folders, and another user type who can administer.
My question is, how do I proliferate these permission differences to my AgilityJS app? I know how to secure my endpoints and operations on the server side, but I'm wonder about the best way to do this on the client side. Should I create a separate version of the app with a limited set of functionality? Should I simply hide certain buttons/features? Are there theories, frameworks, etc.? which deal with this issue? Any point in the right direction would be helpful.
LOL - probably one could write books about that topic. Some very basic ideas:
I would start with the philosophical debate according to MVC. There are people argue with the help of MVC that any piece of code and also any piece of data model should never be implemented twice. Business logic and model to the server. The opposite view is focussing on serving users at any cost - even if that means to double maintain code or the model for the sake of avoiding extra round trips. The way in between defines a master source for business code and model and makes sure to follow on other places that leading master (the master will be changed first). Take your choice. Your answer to that question results into boundaries for how the user interface can/have to look like for the user.
You need to think by hard about a permissions concept. Looking at Microsoft I would assume that they invested for all their applications a couple of dozens man years to make up the permission concepts. The ideal permission concept very much depends on your application. So it is close to impossible to work this out without knowing at least a very little of your application. However the permission concept has to come up with policies deciding on roles, groups, access rigths, access levels, context driven permissions (eg. based IP address), permissions black or white listing (permissions each user has at creation). An example from Microsoft: http://office.microsoft.com/en-us/windows-sharepoint-services-help/permission-levels-and-permissions-HA010100149.aspx
Data on the client is not secured!!! Whatever you do on the client, be it data hiding, encryption, compression... - if this is done on the client there are ways to read the data (even by disabling the data manipulation) or by reverting those. Somebody can send data to your server, where the client should not even have given an update form could be implemented by hackers. So as soon as you start to implement permissions make sure, that for all data you send to clients users are permitted to read and that you inlcude permissions checking for each time you add/update data to the database.
What is the best way to manage users with PirhanaCMS?
I would like to prevent some users from adding content (posts etc...) in some categories and prevent that some sites be listed for some users. (For people who don't know it, PirhanaCMS is a micro CMS programmer oriented).
I would like to use the sites features because I'm working on a project in which I'll have a "network" of several sites managed by different entities of an organization. I would like that each entity be only able to see its own site but that the big organization at the top be able to manage every sites. Moreover, within a site I would like that some users be only able to edit some part of the site.
Are these features built-in ? Otherwise what is the best way to implement them myself around the CMS ?
I am using ASP.NET MVC 4 and EF5.
If you take a look at System > Permissions in the manager area you can see that there are permissions you can give to groups for different parts of the manager interface.
There's however currently no built in support for restricting access to different site trees, but you are free to add a feature request for this at GitHub or maybe participate by implementing it and sending a pull request!
I know of 2 ways to implement admins:
add admin role flag to the user entity
add a new admin entity
I don't know if there are more ways of doing it
1. Does it matter in terms of admin usability? security?
2. which is easier to scale or maintain?
for a rails-specific (but not limited to) sub-question
Is using a premade admin services such as active_admin or adminium are worth it for the long run (heavy use application, not small sized), or would it just be better to make my own admin panel and incrementally add features as I need them?
The answer to that question depends on your needs for a particular project.
Using the premade admin services makes life easier as what you can do is to customize the services by the help of ease that they provide and then use them in your application.
In ActiveAdmin railscasts, there is a video about ActiveAdmin that shows that how it is very customizable. Apart from that there are comments by various people in the railscasts from their experience about its usage.
This will clearly give you the idea in the right direction.
There is also a very good article by batsov which explains the differences between RailsAdmin and ActiveAdmin.
Short version: Do it yourself with the admin role flag. For security do not allow mass assignment of this flag. Build your own admin interface, especially for a big project nothing premade will suit your needs.
Long Version:
I haven't actually used any of the premade admin services as in general my experience has shown me that my users are either normal/admin or semi-admin.
Having your own flag means that you have full control over how to add admin users.
Example: some apps I have allowed anyone with admin access to make anyone else an admin.
Rails allows you to quickly scaffold/build your own custom admin interface and here I can't see anything 'off the shelf' beating the add as you go/need mentality as the end result will be custom built to fully suit your needs vs spending your time with an admin interface that you have to customize yourself.
I am working on a system using php/mysql where I am allowing users to subscribe monthly to various, small browser based web apps. Each app will have different subscription terms and plans. The apps are all currently built and they reside within the same framework.
I am in the modeling phase so I am looking to make this system as flexible as possible wheren the terms from one plan to the next will vary. Any thoughts on how to elegantly model this?
Rather than building this yourself you could look into using something like Zuora.com. Please note that I haven't used these guys or have any affiliation, I just remember reading something about services like this starting to emerge for web-app publishers needing a simple billing/metering solution.
Of course, you also need to consider which payment gateways you support, but I think that Zuora does that behind the scenes.