So, given the opinion of Rails-core regarding the it’s-a-feature-not-
a-bug lack of access of the session to models, what has been the
“rails way” of dealing with these cases:
– stamping records with created_by and updated_by fields with user
name or id
– writing breadcrumb logs of user actions where user-specific
details must be written per record
– I have a third case, less common, that essentially puts records on
“hold” – in an attempt to cleanup after users who abandon these
holds prior to completing the work for which the hold is originally
secured, I maintain a list of what records are on hold and call a
cleanup function when the user visits a page that clearly is an act
of abandonment (otherwise the time experation eventually results in a
release). I have always used the session to store the list (which
requires that models be able to store to sessions).Pushing storage
off to a database doesn’t solve it – the user & data still has to be
correlated, and you’re right back into a scenario just like the above
two.
– I have a pessimistic locking system that has worked very well for
me that’s very similar in behavior to the “hold” system
All I can see are fairly lame workarounds:
– subclass ActiveRecord so I can bury the manual passing of the
session into the model a layer away from the app code
– extend ActiveRecord to modify save and update methods (basically
same approach as above)
– pass session or user details into abstracted save/update methods
that have to be written/included for every model
All these are just monkey patches IMO that fake the appearance that
“the framework” is handling those details like it does for created_at
and updated_at.
Sure, allowing models to read/write to a session can be abused, but
so can erb in a view, or every other aspect of programming. So what.
IMO, a session is a system wide bucket for dealing with state. Why
there’s such a rabid opinion that it is solely the domain of the
controller seems rather odd. Especially when it’s exactly this kind
of widely used pattern (connected record transactions to users) that
I would expect a framework to embrace in enabling in the name of
system-level integration for the greater good which trumps MVC
extremism.
created_at is handled, so why not created_by? Because of implentation
details? Well, if we had this thing that stored arbitrary data about
the current user that each model in a given system could deal with on
its own, we could… oh, wait. We do. Sessions.
However, I recognize that debate has long lost its luster in these
halls, so, enlighten a poor, ignorant soul as to god’s way of
handling these scenarios.
Am I really supposed to pass these details along with every model
modification call, or abstract my own layer to fake appearances?
I’ve never considered a way other than allowing a model to access a
session as a system-wide resource, so seriously… what option am I
not seeing (or just not accepting as the “correct” way in an MVC
extremist world).
– gw