Activity
I'm a big yes too. Possibly in a way that directs towards some of Sandi's 'guide/rules' that they keep talking about on Ruby Rogues and Giant Robots Smashing Into Other Giant Robots (ie breaking big things into little things, explaining the whole methods sending messages between each other).
Another idea for you would be to have a 'these are the specs to go with an episode'. So when you do a cast on Twitter omniauth login etc we have another cast showing how to test it. From a beginner point of view that's the biggest gap in my knowledge. Everyone says 'test first' but it is hardly ever tackled like that in the teaching methods. I know it could be cumbersome so a seperate episode might work.
Posted in Styling with Bootstrap Sass Discussion
Nailed it! Thank you. Would be interesting to see how we can get that site wide search feature to work :)
What video did you create the navbar partial?
If you are intending to use an authorisation gem such as cancancan or pundit then the the other videos use 'rails generate devise User role'. Save you a couple of clicks going back to see.
Posted in Authorization with Pundit Discussion
Pundit seems to look more like the rest of my app. I do like that in cancancan you can do the can? wrap which looks really sweet and you have the authorize resources in your controllers but once I get into abilities.rb things start to get messy.
Testing with Rspec seems to look quite similar for both after viewing an existing app I have inherited and looked at this article from Thunderbolt Labs http://thunderboltlabs.com/....
This article was also a good read to get the initial purpose for pundit http://www.elabs.se/blog/52....
Posted in Authorization With CanCanCan Discussion
That was really good thank you. I'll take a look at the Pundit one. I am interested in understanding more around the Permission model and storing the abilities in a database. I think at this stage I will build it out in abilities.rb but concerned it may be difficult to migrate to a Permission model later down the track.
Doesn't that get a bit dangerous if the user forwards their email to someone else? We had a scenario where a HR Manager was forwarding an email to people in their team, which then got emailed to people in the business. Before you know it people are logging in as HR Manager and could potentially see salary information etc.
OR
Is this why we expire tokens for the one's sent out on emails etc?