Bad practices in Ruby on Rails [closed]

Question

I'm looking for some examples of bad practices in Ruby on Rails, for a presentation on to what not to do.

My biggest on is to use update_attribute on a model after_save hook.

Object.update_attribute(:only_one_field, "Some Value")  

As this is a very open ended question, I will wait a week or 2 and select as answer the most voted answer.

Have fun!

Answer 1

1. Too much mass-assignment without using attr_protected

2. Use of too many plugins - There are so many gems and Rails has sooo many plugins available for use in your applications. However, when you use a gem or a plugin, you rarely understand how your code is operating (unless you actually look at the source, which most people never do). This is a HUGE problem. You don't know how to debug code properly, plugins and gems clash with one another, security becomes a major concern, etc. For that reason, I always recommend writing all your own code. Sure, Devise is nice for authentication, but can you tell me exactly how it works and what queries are run? Do you have control over optimization? (I'm not picking on Devise, just showing a clear example that many RoR developers are familiar with)/

3. Keeping unwanted pages/actions - so many Rails developers use scaffolding (because it is nice), but then they don't bother to remove unwanted actions. It is as simple as adding :only => [] or :except => [] in your routes file, but most people never do! I don't know how many Rails sites that have been hacked or damaged because people didn't restrict the delete action

4. Trying to go against Ruby - developers who come from another language often have difficulties with the "Ruby-way." One of the most notable examples is having non-incrementing or non-integer primary keys.

5. Too much controller, not enough model - Rails had a "Fat Model, Skinny Controller" principle that all too many developers break.

6. Violations of MVC - accessing params in Models, trying to hack things into controllers, etc.

7. Not changing the default Rails unique session token (which is not actually random)

8. Writing sloppy code - Ruby has this great way of making code look readable. If you come from Java or PHP or even Python, your code is just plain ugly until you learn Ruby

9. Saying that Rails "is a language" or "I code in Rails" - absolutely, positively jerks me the wrong way when I hear someone say "I code in Rails" or "Rails is my favorite language", etc. RAILS IS NOT A LANGUAGE. Rails is a framework built on Ruby. This isn't related to security or the like, but you'll really irritate a LOT of RUBY developers if you start saying that RAILS is a language. It's a framework.

10. Comparing PHP and Rails - don't do it. Again, PHP is a language, Rails is a framework. Comparing them is unfair. (You can compare Ruby and PHP OR Rails and CodeIgnitor or CakePHP, etc)

11. Not properly catching errors - if it can go wrong, someone, assume it will, and plan ahead

12. Failing to optimize queries - this absolutely kills me. Rails doesn't force you to know SQL like PHP did (before ORM's like Doctrine), so Rails apps tend to be SLLLLOOOOWWW unless the developer is actually aware that you can optimize a query (joins say what??)

13. Using too many generators - you should be able to create a class (controller, model, test, view) without the use of a generator.

14. Using Rails for a large-scale system - yeah, most of you aren't going to like this, but ask Twitter and GitHub what happens if you build your front and backend in Rails... Let's just say Twitter uses a custom Java backend now...

15. Have a freaking clue - I get so annoyed because people don't actually know how a has_many relationship works (just one of 21914232 examples of dumb Rails developers)!

16. Not commenting code

17. Relying on Rails instead of SQL or DOM (javascript/html) to perform functions