Combining rails intrAnet and public site

Rails
1

Hello, everyone!

I was wondering if somebody has some insight on this issue.

[h]A little background:[/h]
I work for a midsize electronic manufacturing company with 2 people in
IT dept - a network admin and a developer (me).

We’ve been using rails to migrate from an old dBase and VB based system
to build internal company IntrAnet that does things like label printing,
invetory control, shipping, etc.

[h]The Dilemma[/h]
Right now we need to replace an old website that was done in Java, that
would connect to our internal system for out clients to use. We want to
be able to pull information like live inventory, order placement,
account statements.

[h]Actual Question[/h]
Does anyone have any suggestion on how to accomplish this in a better
way?

Here are three options that I see:
a) Build a separate Rails app on a web server, that will connect to the
same DB that our internal app connects to.
+++ Pluses:
Live data - same thing that our internal apps see, i.e.
orders are created in real time, inventory is depleted right away,
— Minuses:
Potential security risk, duplication of code - i.e. I need to
duplicate all the controllers, models, views, etc. that deal with
orders.
b) Build a separate Rails app on a web server, that will connect to a
different DB from our internal app.
+++ Pluses:
Less security exposure.
— Minuses:
Extra effort to sync web DB and internal DB, extra code to
handle inventory depletion and order # creationg ,duplication of code -
i.e. I need to duplicate all the controllers, models, views, etc. that
deal with orders.

c) Expose internal app to the web
+++ Pluses:
all the problems from above eliminated
— Minuses:
A lot more security headaches. Duplication of login systems -
one for web - one for internal users using LDAP.

So any thoughts? Anyone had similar problem to solve?

2

Hi nick !

We have been doing exactly that with zena for years (public visitor =
anonymous login). I think your use case could be very interesting to try
with the new zena as gem:

  1. single login system

  2. in all your current controllers
    before_filter :check_visitor_rights

def check_visitor_rights
unless visitor.group_ids.include?(INTRANET_ID) raise
ActiveRecord::RecordMissing
end

  1. You create some bridges between the public (zena) site to your
    intranet by creating “Proxy” models
    class Client< Contact
    zafu_context :inventory => [“Product”], :orders => [“Order”]

def orders
return nil unless client_id = version.dyn[‘client_id’]
res = Order.find(:all, :conditions => [‘client_id = ?’, client_id])
res == [] ? nil : res
end
end

NB: “Contact” is a native class in Zena.

  1. Declare what can be seen from you existing “Order” class:
    class Order
    include RubyLess::SafeClass
    safe_method :created_at => Time, :shipping_date => Time, :shipped =>
    Boolean, :description => String
    end

  2. In the templates for the site, you can customize the look of the site
    everywhere depending on the visitor or just the visitor’s “own” page:

----- Client.zafu
<r:include template=‘Node’>
<r:with part=‘main’>


  • <r:if test=‘shipped’>Order shipped on <r:else>Order shipping due on
    </r:else></r:if>


</r:with>
</r:include>

Final note: this has not been done before because zena needed to mature.
Now that it’s a “config.gem” away, it would be a very interesting use
case and I’d be very happy to help make this real. From what I see right
now, there might be some name clashing and we might need to move all
zena models into Zena:: scope (that would be a good thing anyway).

Let me know what you think.

Gaspard

PS: zena’s website http://zenadmin.org

Hello, everyone!

I was wondering if somebody has some insight on this issue.

[h]A little background:[/h]
I work for a midsize electronic manufacturing company with 2 people in
IT dept - a network admin and a developer (me).

We’ve been using rails to migrate from an old dBase and VB based system
to build internal company IntrAnet that does things like label printing,
invetory control, shipping, etc.

[h]The Dilemma[/h]
Right now we need to replace an old website that was done in Java, that
would connect to our internal system for out clients to use. We want to
be able to pull information like live inventory, order placement,
account statements.

[h]Actual Question[/h]
Does anyone have any suggestion on how to accomplish this in a better
way?

Here are three options that I see:
a) Build a separate Rails app on a web server, that will connect to the
same DB that our internal app connects to.
+++ Pluses:
Live data - same thing that our internal apps see, i.e.
orders are created in real time, inventory is depleted right away,
— Minuses:
Potential security risk, duplication of code - i.e. I need to
duplicate all the controllers, models, views, etc. that deal with
orders.
b) Build a separate Rails app on a web server, that will connect to a
different DB from our internal app.
+++ Pluses:
Less security exposure.
— Minuses:
Extra effort to sync web DB and internal DB, extra code to
handle inventory depletion and order # creationg ,duplication of code -
i.e. I need to duplicate all the controllers, models, views, etc. that
deal with orders.

c) Expose internal app to the web
+++ Pluses:
all the problems from above eliminated
— Minuses:
A lot more security headaches. Duplication of login systems -
one for web - one for internal users using LDAP.

So any thoughts? Anyone had similar problem to solve?

3

Gaspard,

thank you for a reply.

I checked out zena before, and while it is a good CMS in it’s own right
I don’t think I can use it as it would require me to rewrite a huge a
existing application, or write api hooks.

I was mostly looking for a “RAILS WAY” strategy to implement this. It
looks like you are suggesting option #3. Which is what I got from a few
other sources.

Thank you for reply thou.

4

nick ger wrote:

Gaspard,

thank you for a reply.

I checked out zena before, and while it is a good CMS in it’s own right
I don’t think I can use it as it would require me to rewrite a huge a
existing application, or write api hooks.

I was mostly looking for a “RAILS WAY” strategy to implement this. It
looks like you are suggesting option #3. Which is what I got from a few
other sources.

Thank you for reply thou.

No problem. And don’t worry too much about “exposing” your app. Putting
a “before_filter” in ApplicationController and a careful handling of the
login system works good (I am migrating to authlogic). Just take care of
two things:

  1. no cache :wink:
  2. keep your clients happy !

Gaspard

5

nick ger wrote:

Gaspard,
while we are on the subject i was recently considering different
systems, and while right now I’m using restful_authentication I looked
at authlogic as well.

Any particular reason you prefer it over other rails authorization
systems?

I’m not Gaspard, but my reasons for preferring Authlogic are many:

  • It’s easier to work with.
  • It doesn’t clutter your model files with framework code (I’m ripping
    restful_auth out of Quorum [ http://quorum.sf.net ] at the moment, and
    the amount of framework-generated crap that I removed from user.rb is
    staggering).
  • You get more handy features for free.
  • Testing generally seems easier.

The only downside is that Authlogic does slightly more magic.

Best,

Marnen Laibow-Koser
http://www.marnen.org
[email protected]

6

Marnen Laibow-Koser wrote:

nick ger wrote:

Gaspard,
while we are on the subject i was recently considering different
systems, and while right now I’m using restful_authentication I looked
at authlogic as well.

Any particular reason you prefer it over other rails authorization
systems?

I’m not Gaspard, but my reasons for preferring Authlogic are many:

  • It’s easier to work with.
  • It doesn’t clutter your model files with framework code (I’m ripping
    restful_auth out of Quorum [ http://quorum.sf.net ] at the moment, and
    the amount of framework-generated crap that I removed from user.rb is
    staggering).
  • You get more handy features for free.
  • Testing generally seems easier.

The only downside is that Authlogic does slightly more magic.

Best,

Marnen Laibow-Koser
http://www.marnen.org
[email protected]

For all the reasons above and easy transitions from password hashing
schemes:

My current hashing method on passwords is not the best possible solution
so I can write an ‘InitialCryptoProvider’ to hash and match my old
passwords and write a single line in my User class to smoothly
transition from one hashing scheme to another without stressing my
users.

acts_as_authentic :transition_from_crypto_provider =>
Zena::BetaCryptoProvider, :crypto_provider =>
Authlogic::CryptoProviders::BCrypt

And authlogic makes it easy to support new authentications (ldap,
openid, etc).

G.

7

Gaspard,
while we are on the subject i was recently considering different
systems, and while right now I’m using restful_authentication I looked
at authlogic as well.

Any particular reason you prefer it over other rails authorization
systems?