Topic: Five Rails Tips
1. ActionView Helpers
Spend some time browsing through all of the ActionView::Helpers on http://api.rails.org. You will probably find something useful for one of your current or future applications. For example, time_ago_in_words and distance_of_time_in_words are great for converting timestamps into a human-friendly form. If you have user-entered text and you want to automatically convert URL and email addresses to hyperlinks, check out auto_link. There are also methods for truncating, word-wrapping, pluralizing, and sanitizing text. Nothing is more annoying than writing up your own implementation of something only to find it's already built-in to your framework!
2. Haml
Haml is an alternative to ERB that I have found to be clearer and less cluttered. It takes just minutes to learn and you can easily use both Haml and ERB templates in the same Rails project. It works great for both simple and complex views, and there is something to be said for never having to type a closing tag! Install the plugin, convert one of your views, and see how you like it. You may find that you only prefer it for certain views in your application, or you may become a convert and use it full-time like me!
3. Developing with Rails on Windows
Rails development is really nice on a Mac. On Windows it is ... not so nice. Developing at work on my Windows machine was fairly frustrating, mostly because Ruby seems somewhat slow. Dealing with cygwin wasn't that great of a solution. I found that virtualizing a small Linux installation worked really well. You can use the free VMware Player along with a base server install of Ubuntu. This runs quite well with just 256MB of memory. By sharing a folder with Samba on the Linux virtual machine, I can use any Windows editor for writing code while keeping a PuTTY window open for shell commands. This is also really nice because the virtual machine is completely portable and easy to back up.
4. Don't forget about security
It is too easy to overlook security when developing web applications. I encourage every Rails developer to read up on security. Sites like http://www.rorsecurity.info have a lot of good information. Don't make security an afterthought; it needs to be something you keep in mind during the entire development process. Every time you deal with user-supplied data you should think about how someone could exploit your application. It is very common to see applications save form data into models and then display it inside a view without properly sanitizing it. What if the form input contained javascript? Be careful with hidden fields, too. When you send them to the browser as part of a form, you cannot guarantee that they won't be modified. This means you should be extra careful when your application needs to separate information from users. For example, if users are restricted to only viewing or modifying models that belong to them, be careful with your find statements:
# don't do this:
note = Note.find(params[:id])# when you really mean this:
note = current_user.notes.find(params[:id])
Learn about SQL injection, cross-site scripting and cross-site request forgeries. Once you understand how these exploits work, you'll be able to see how they might be used against your own applications. Security is difficult, but addressing security issues as you develop your application is a heck of a lot easier than going back through line-by-line after you're done because someone figured out how to break your app!
5. Build for your users
It is often tempting to jump in and build super-complex forms with all the latest whiz-bang features for your application. That approach certainly forces you to learn a lot about Rails very quickly, but you can easily get so caught up in getting your forms working that you don't think about your application's usability. Most of the Rails applications I develop are used internally by a small number of people as part of their day-to-day job. Since I'm not actually using the application, I have to be careful not to add superfluous features just to make the application more "Web 2.0." I always keep in mind that as a software developer I often have a different intuitive sense of how my application should behave than the people who actually use my application.
When you create a form-heavy application, try to observe your users while they use it. Figure out what takes the most time for them and work on simplifying that operation. Rails was designed to be very developer-friendly. As Rails developers, we should make sure our applications are user-friendly. The iterative development process encouraged by Rails works great. You can quickly tweak your form, get feedback from your users, and repeat as necessary.
Last edited by jeffj312 (2008-04-22 17:32:58)