Activity
Posted in What are the benefits of using rails-assets version of Bootstrap over bootstrap-sass version?
The main benefit is that rails-assets just generates a gem based upon the original source code. It's nothing special but easily updated. The custom gems like bootstrap-sass sometimes lose the maintainer and don't get updated making it hard to use when newer versions come out. That said, I still usually prefer the custom maintained gem because I've had trouble with rails-assets a handful of times and can at least maintain the custom gems myself.
It's really personal preference. Not a huge benefit either way, just different takes on it.
Great idea! I think this would be important. There's a lot that goes into orchestrating a good deploy like that especially when database migrations are involved.
I would definitely recommend checking out Heroku's Preboot feature in the meantime. https://devcenter.heroku.com/articles/preboot
Posted in Using Webhooks with Stripe Discussion
If you're doing recurring donations, you'll need to store a User model of some sort so they can come back in and cancel it. You may not need passwords in that case, a secret token that you log them in with via email would work. You could make it work similar to a password reset token basically so they could manage their monthly donation via email.
Posted in Advanced Search, Autocomplete and Suggestions with ElasticSearch and the Searchkick gem Discussion
You can generate a scaffold for it just like you did with the posts in the Rails class. You'll possibly want different fields, but you can create it the same way.
Those would be flags for bash, not cron itself. -l helps make sure your command for runs in a login shell so everything runs as expected and -c just says "hey we're passing the command through as an argument instead of running a script.
Posted in Setup MacOS 10.11 El Capitan Discussion
You shouldn't ever have to use sudo for this. If you do, you're going to end up with permissions errors later on. Homebrew might in order to change permissions for some of its own folders where you install apps from, but the rest of it shouldn't ever use sudo.
Posted in Activity Feed with Public Activity Gem ?
I can! In the meantime, check out Ryan Bates' episode on it: http://railscasts.com/episodes/406-public-activity A little old, but the gem hasn't changed much.
Yep that's it!
You can just associate all the records with the user_id. The only time you need Apartment is if the data should be kept private in their own databases for security reasons. You should be fine associating them to the user and making sure you don't load the other users's records.
Yeah, so you could have one Rails app that responds to all those domains and looks up the store like that. This would be easy to implement and manage (basically how Shopify works). I think you may possibly still need some sort of SSO in order to have the user logged in on the separate domains, but the code can all live in the single app.
Yep, that should basically be it, but the last step with the redirect, there will be something like a token that gets sent back that is verified.
The reason for that is because separate domains can only set cookies for their own. Subdomains can be included but not different domains which would be a security issue. Browsers won't let you set cookies between separate domains.
You'll have to get a token back that you can verify and set a cookie on the other domain as well to know that you're logged in on the other site. Basically you're making a microservice for authentication.
Not entirely sure what you'll need to do with the analytics, but that's definitely no fun.
Hey Thomas,
You'll definitely want some sort of single sign on process. Most of the results will probably come up on google if you search for that. I did a little searching and couldn't find anything really good. Basically you'll want a primary site that can handle the authentication and then send you back securely to the main sites so they can log you in. It's kind of similar to how OAuth works.
You may want to check out CAS whcih is a central authentication service. There's a devise plugin for it (https://github.com/nbudin/devise_cas_authenticatable) but I've never built anything with it. Pretty sure a project like 6 years ago that I worked on used a CAS but I wasn't around when they set it up. I should probably make some screencasts on this at some point. It seems really convoluted from all the tutorials but I'm sure it's simpler than they make it out to be.
I would say try your best to eager load as many of the subrecords as you can so that you're not querying as much. You may be able to cache that in the controller instead of the partial and save some query time that way.
Posted in Advanced Search, Autocomplete and Suggestions with ElasticSearch and the Searchkick gem Discussion
You might check this out: http://brudtkuhl.com/securi...
I meant to mention this in the video so thanks for bringing it up! :)
Absolutely correct on that. Normally I would write a test for it, but this is not core functionality to Devise and tests for little tiny things like this don't really add much other than slowing down your test suite. There are still tests that make sure the generators still run correctly so it still works. If the functionality ever got reverted back to the original on accident, it wouldn't be a big deal. You could certainly add a test, but I'd argue how much value you actually get out of it in this case.
I think for resque, you'll need to pass in the tenant into the job as an extra parameter so that you can set the tenant in the beginning.
This is how apartment-sidekiq works https://github.com/influitive/apartment-sidekiq
Sidekiq is probably a better solution anymore than Resque. It's a lot faster and much better supported so if you haven't written too much Resque code, it might be worth switch to using the apartment-sidekiq gem with Sidekiq. It'll take care of passing in and switching to the tenant for you automatically.
For security, there's a few things you can do like setup a firewall and only open port 80 or 443 for web, setup fail2ban, and disable password authentication over SSH. You'll want to be careful not to lock yourself out of the server, but the recovery console can still let you in if you do. :) More stuff to checkout https://wiki.ubuntu.com/Bas...
Pingdom is probably the most used one, but there are a bunch if you search for monitoring. I use Pingdom's free service I think.
There's a cool little trick that if you change the youtube URL from "youtube.com" to "ssyoutube.com" it will redirect and give you a link to download the video like this:
This might work. You'll have to test it inside the class methods to find out if the Apartment::Tenant is correctly set to verify that it's working. I imagine it would, but you can just print out the current tenant to verify it.
Possibly a better solution would be to loop through the companies inside the methods themselves instead. That would give you a bit more control over setting the tenants.