Consumer Guide to Rails Plugins, Part I

acts_as_commentable: It’s easy to add to an existing application. It works as advertised: any object can have comments associated with it. It’s super-useful. If you’re developing anything that involves comments, like a commerce site with reviews, a CRM tool, a collaboration site or any number of other things, it’s pretty swell. It’s also very lightly documented, and since it’s a plugin, it’s a bit constrained in how one can go about extending it beyond simply adding more fields, short of modifying the plugin. I’m using it to hold comments and system-generated log entries (like status changes) for the same objects, and I’d love to be able to use single-table inheritance to segregate the custom finders and different validations required by each one, instead of cluttering application.rb or an external library with clunky helper methods. Then again, maybe I just haven’t tried hard enough. Either way, it’s pretty swell. GRADE: A MINUS
login_engine/user_engine (from rails-engines.org): They’re fussy. The underlying Engines plugin that they run on top of breaks with every significant new update to Rails. Once it’s up and going, the Engines approach is nifty: extending the engines is as simple as overriding or adding methods to models and controllers you create in your own application, all without having to mess with the plugins themselves. Does it work? Yep. LoginEngine does rudimentary account management, lost-password recovery and basic access control at the application, controller or method level, and UserEngine adds simple role-based authentication. Am I using it in production? Yep. Well, LoginEngine, anyway. After a while, it became clear that the UserEngine approach to RBAC didn’t really fit where FLHomeprices was going, so while I haven’t actually removed it from the app yet, I’m doing my administrative access control with my own methods. Frankly, the whole clever-hack aspect of Engines is a turnoff. Unless it becomes part of the Rails core, it’s vulnerable to being abandoned sometime down the road and may cause problems for applications that depend on it. For my next project, I’m probably going to write my own athentication and authorization framework so I’m not as dependent on someone else’s fragile code. That said, LoginEngine is the most polished drop-in authentication module I’ve tried, and if time is of the essence, it’s not bad. GRADE: B PLUS