The article contradicts itself... At one point he says
If your web application serves a 302 when it should have served a 401 or 405, you're not complying with the HTTP spec and therefore doing something wrong. And at another... Controllers are great places for defining algorithms that need to run when certain URIs are requested; They're horrible places to store state. ... That's the job of the Session. Yet ... HTTP is stateless, so storing state goes against the HTTP spec. (well, not literally, but it does violate the spirit of HTTP). And what exactly does "Controllers are great places for defining algorithms;... they're horrible places to store state" mean? Last I checked, in object oriented programming, Objects (which Controllers are) are used to store data, and the methods that perform functions on that data. Since HTTP is stateless, then the elements of authorization that a controller requires should be stored on the controller. One more... ... no more Rails development for me. Too bloated, too kludgy, too opinionated, and by far and away too egotistical I'm pretty sure the pot is calling the kettle black. It's interesting that the opinionated and egotistical rails team have been asked on many occasions to include, in Rails, common functionality like authentication. They have always refused because they believe that authentication is one of those areas where it is done differently by everyone. Which is good, since it ensure that rails doesn't get bloated or kludgy ;p. Darren On Fri, Sep 5, 2008 at 7:13 AM, Matt Aimonetti <[EMAIL PROTECTED]>wrote: > I know some of you had serious concerns about restful auth and wanted to > write your own plugin, read this post first: > > http://www.reddit.com/goto?id=6ztwb > > -Matt > --~--~---------~--~----~------------~-------~--~----~ SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby -~----------~----~----~----~------~----~------~--~---
