Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Mess with security and authentication and it ends in clusterfuck.
Custom auth code or security is "bad idea TM". -
@IntrusionCM tell me about it. That’s why I’ve started a cleaner and clearer way of doing the roles but looking into the plug-in as I was told there was custom code in there. There isn’t haha they’ve created a few methods but that’s it nothing groundbreaking that cancancan can’t do.
One method is counting the amount of user roles for whatever reason -
shine9693y1. add cancancan
2. Monkey-patch method names to resemble method names from <custom plugin>
3. Obscur-ify monkey-patching logic away from main codebase
4. Import monkey-patched custom plugin
5. Done.
PS : I assumed that your colleagues are dumb enough to detect monkey-patching since they still cling on to decade-old plugins. They probably didn't get the OAuth 2.0 memo either? -
@shine Honestly that isn't even the worse part. Funny thing is, the rails-authorization-plugin is using "has_role?", "add_role?" so it already is using the same naming convention, I've just had to also patch a method called "all_params_permitted" as adding strong params would be "a lot of code changes".
Also... I've just found quite a ridiculous amount of custom code extending ruby (not joking), there are classes that extend BigDecimal, Time, Array, Floats even Hash as well as a number of other things and it's pretty mind-boggling.
It's insane. -
shine9693y@HolyTeabags okay, new strategy - GTFO of the company!
start applying to new places ( somewhere, anywhere that does not patch basic types ) and leave while you still have your sanity! -
shine9693yif you want you could even ask that question during your interviews.
there would be definitely be a point in interviews where you get to ask the interviewer questions about the company. if there is someone technical on the interview board, ask them literally this, "do you patch the base classes of the programming language you use?" -
shine9693y@HolyTeabags ow, wait, you said extend... extending base classes is still bad, but not as bad as I imagined it; because I imagined some non-cryptographer-developer patching the Hash base class.
I'd rather leave all my dues with the company and console myself that I got to keep my sanity.
( actually, no, I have no savings enough to let my dues go though ) -
@shine Sorry I meant both haha here's an example of the custom code we have. I've been in this company for slightly just over a year but doing this upgrade I've spotted so many weird things and monkey patching that is just insane. I'll add a few more below
-
shine9693y@HolyTeabags you can stop now; you lost me when I saw a StackOverflow link in a method extending a base class.
But, to look at the bright side, there was a developer who was considerate enough to admit that they extended a base class by copy-pasting code off of StackOverflow. Class 👌 👏 -
@shine haha I know right, it's pretty insane, so this is what I'm trying to get cleared up but if I can't even do strong params because of it "being too big of a code change" then what can I do haha.
It's a mess and a big one at that, I'm actually passionate about the app and get it back into working order but I'm being shot down at every turn, honestly it might be easier just to do it anyway and take the hit if people don't like it. -
shine9693y@HolyTeabags the risk was my suggestion earlier,
but looking at all that code, I don't think they deserve to be in the game at all. neither do they deserve your time or effort. take your money and GTFO! -
@shine Yeah I was referring to your suggestion earlier. The thing is though I actually want to learn because I still have a lot to learn, I'm not even a snr dev, I'm midway between jr and snr. My line manager wants to promote me at some point and get me "ready" for that role but he doesn't think I'm ready yet.
Looking at the code standards though, honestly, every file I look at it gets worse. I'm more than happy to clean it up because I can get a lot of benefit from that personally but yeah it sucks haha -
shine9693y@HolyTeabags But before you leave, you should extract all this 'custom' code and put it online somewhere so that the 'whole open source community can benefit from it'.
I'm sure ruby would be more than willing to include to_time_ago_string, fixxes, make_websafe to the ruby::stdlib so that they wouldn't have to add 'custom code' anymore.
also, isn't there a sanitize_url gem? or do they not know about rubygems either? -
shine9693y@HolyTeabags I feel you. I was super enthusiastic about optimizing obscure code when I was in your place in my career. And with the same goal - the learning experience of working with something closer to the lower-level.
I was fortunate enough to be given the opportunity to at least try. I wasn't shot down at every suggestion I made.
however, I was not warned of potential troubles either. they laughed when I screwed up. they told me later that they knew that it was going to happen.
but that is better than getting shot down before even trying. -
@shine haha I enjoy the sarcasm very much. Honestly, the most advanced gem that was in the app before I got my hands on it was either will_paginate or acts-as-taggable-on, there's wicked_pdf and things like that but not many gems at all. But even the implementation of will_paginate is odd.
So as an example, country selection, normally done using the "country_select" gem, right? Nope they had a CSV in the root of the project listing all countries written by hand, and a model looping through the CSV and importing them, so you did something like `CountryCodes.new()` on form fields. There's no serializer gems, currency/money gems (it's an accounting app).... I know. No gems for nested fields nothing. -
@shine In regards to your last comment, I agree completely, I told everyone "A lot of stuff is going to break here", I said and warned everyone time and time again. Now it's happened there all like "oh why did that happen, let's look into it before ripping out the code and replacing it"
-
shine9693y@HolyTeabags I should stop saying GTFO; but I can't stop myself after reading all your comments.
I hope you come back here when you finally GTFO and reflect on this memory in a nostalgic mood. -
hjk10157313yDon't you need three X's to indicate the code it fucked?
Honestly really like the time range stuff it's so pretty with the expanding orange encased in purple -
shine9693y@HolyTeabags no, not me. I'm a pure green on black person. vim is the only IDE I use. ( Though I have my beginnings with Windows Notepad )
-
@shine I’ve tried vim before for about a month or so purely using vim, setting up a confit with plugins etc I just couldn’t get used to the bindings haha
-
shine9693y@HolyTeabags I use the terminal for everything except browsing the JavaScript web ( which is 95% )
-
hjk10157313y@shine the theme helps but the code itself is very ascii artistic. Was sarcastically referring to the other interpretation of beautiful code.
Related Rants
Another tale of the legacy app, so I'm redoing the user roles using the cancancan gem.
Hop into a meeting to go over why I'm re-doing the authorisation, currently, the app is using the rails-authorization-plugin, yes from Rails 2.0.
me: *explains why this is the way to do it*
other dev: "Can we just fix the custom code we have added in that plugin?"
me: "Well given that it's a massively out of date plugin and we have a ton of deprecations, probably not"
other dev: "so let's try and fix it"
Christ, why are we still clinging onto 10+-year-old plugins if were going to keep getting errors when we upgrade?
rant
why
ruby
rails
legacy