Review: Beginning Ruby on Rails E-Commerce

Posted by Jamis on January 25, 2007 @ 10:19 AM

I was recently asked to review Beginning Ruby on Rails E-Commerce, a book by Christian Hellsten and Jarkko Laine, published by Apress. It was plugged on the Riding Rails weblog back in November, so it’s not exactly “hot off the presses”, and unfortunately it was written against Rails 1.1 (not their fault—Rails is a moving target that makes any author go gray prematurely). That said, it is still a compelling book, packed with all kinds of good stuff.

To start, I’ll say that I really liked the writing style. They tie the chapters together using a story about an online store owner named George, who has hired them as contractors to build a new bookstore, using Rails. George is very, very believable (is he a real person, Christian and Jarkko??), and he adds a nice dash of humor. It makes what is otherwise a very information-heavy book fun to read.

Another plus: the book preaches test-driven development (TDD), which is something I’ve not seen other Rails books try to do. It demonstrates it by example, showing how you would write your tests first and your code after. It’s a technique that I’m still learning to love, but which has all kinds of wonderful benefits. On the downside, their use of TDD in the book is a bit inconsistent, but at lease they are upfront about when they are going to go test-first, and when they aren’t.

They also advocate using Rails migrations right off the bat, which is definitely a best practice. If you aren’t using migrations yet, you should be. And yes, that is chastisement you hear!

Other techniques and technologies they present in the book:

  • Ferret (a full-text search engine inspired by Lucene, written in Ruby), though actually it is more a demonstration of the acts_as_ferret Rails plugin. I was a little disappointed that they didn’t delve into things like maintaining a Ferret installation, since from what I’ve heard that’s the hard part.
  • Simple HTML sanitization by using the h() method. Did you know you can do <%=h person.name %> in your views to prevent script-kiddies from messing with your pages? Well, you can. And you should.
  • Foiling form and URL manipulating by using attr_protected. This is a feature that many people don’t know about—I often forget about it myself, and wind up doing things the hard way. They also talk about avoiding SQL injection vulnerabilities and cross-site scripting issues.
  • Integration with payment gateways, using a few different Rails plugins.
  • Internationalization (I18N) and localization (L10N). Not having ever done this myself, I found their discussion of these topics very enlightening.
  • RJS and render.
  • Using Selenium with Rails applications to do automated acceptance testing. This is definitely something I’d like to explore more. Their discussion in this book was pretty compelling, and did a good job of showing off the strengths of this tool.
  • Capistrano! Any book that plugs something I wrote has to be good, right? ;) They did a good job of taking you from installing Capistrano to running your first deploy. In fact, they cover a lot more than just Capistrano—they take you through the whole process of installing an entire stack on your server, from lighttpd, to fcgi (or mongrel), to getting Ruby and all your assorted dependencies going.
  • Optimize your application with caching. They demonstrate all three caching techniques, too: action, page, and fragment caching.

That said, there were a few things I wasn’t so impressed with. For instance, they used request.xhr? to determine whether a request was Ajax or not, while the best practice since Rails 1.1 has been to use respond_to blocks:

1
2
3
4
5
6
7
8
9
10
11
12
# don't do this
if request.xhr?
  render(:update) { |page| ... }
else
  redirect_to(...)
end

# do this instead
respond_to do |format|
  format.html { redirect_to(...) }
  format.js   { render(:update) { |page| ... } }
end

Also, they used scaffolding to build parts of the application in the book… I know scaffolding has it’s place, and can be valuable to newcomers as an aid in getting them to the “meat” of Rails without stumbling over too many details, but I have lots of issues with scaffolding. It puts the emphasis on the application’s model, instead of the user interface, and that’s all backwards. I won’t rant too much here—I’ll save that for a separate post. :) That said, I have to grudgingly admit that a book that teaches Rails probably does well in using scaffolding as a shortcut, but I still wish it wasn’t so prevalently used as a “best practice”.

So, overall, I was quite impressed with the book. It covered a lot of ground, and covered it well for the most part. It’s a great “getting off the ground” book, and anyone wanting to write an e-commerce site in Rails could do much worse than reading this book. (Just keep in mind that some of what they demonstrate has been deprecated in Rails 1.2, like end_form_tag and assert_tag.)

Well done, Christian and Jarkko!

Posted in Reviews

Comments

Have something to add? Click here to leave a comment.

25 Jan 2007

1. Neeraj Kumar said...

Jamis,

I can’t help but wonder you mentioned everything but e-commerce. It’s my assumption that this book is not for newbies. If you are a newbie then you want to first learn Rails and for that you should buy a book similar to AWDWR. Then your second book should be to help you in your vertical domain (in this case e-commerce).

With that assumption the first book should cover RJS, migrations, h name, internationalzation, localization, caching, capistrano, sql injection etc.

Looking at the TOC of the book and your review, it seems like it’s another book on RoR with 20% time devoted on e-commerce. If that’s true then I find the title of the book intentionally misleading.

2. Jamis said...

Neeraj, perhaps we’re laboring under different definitions of e-commerce… building an e-commerce app is a lot more than just shopping carts and communicating with a payment gateway. This books does talk about payment gateways, and credit card security, and shopping carts, but it also talks about the stuff you need to do those things.

Frankly, I hate the term e-commerce, because (like “web 2.0”) it means something different to everybody.

3. Larry Myers said...

Jamis,

I bought this book when it came out several months ago, and I still think the most valuable parts are towards the end where they cover things like using ActiveMerchant, order tracking, and security (especially SSL w/ Lighttpd).

A lot of the frontend things they cover are an added bonus, but can be found elsewhere.

4. Mr. Kahn said...

I am most interested in this book for handling payment gateways, order tracking and security. Those are areas I am inexperienced in. So given those topics, would you recommend this book?

5. Jamis said...

This is not a book about payment gateways, order tracking, or security. It is about building a web application in Rails that depends on some of those things, and thus talks about them and points you in the right direction, and helps you get started, but it does not go into any depth on any of them.

If you are new to building online shops and want something to show you the lay of the land, and to give you pointers of where to look next, this book is great. If you want to really dig in and understand how payment gateways and internationalization and all of that really work, then this book will disappoint.

6. Guy Naor said...

I just got this book two days ago and was going to write a review today, only to find you did it already. And I agree with most of your points.

It’s a book I now recommend to many people. I mentor Java programmers on switching to rails, and I think this book is one of the best to help someone get the whole picture of rails development.

But I must confess that I bought it specificaly because of the TDD part. And they go with it into much greater detail than any other book I looked at, really making it clear how to practice it.

This book is now third in line for learning Rails as far as my recommendations go:

1) Programming Ruby – I truly believe you need to know ruby well to be good as a rails developer. No shortcuts here!

2) AWDR

3) Beginning Ruby on Rails E-Commerce

7. August Lilleaas said...

I agree with you list, Guy, except from 1). In my opinion, Ruby for Rails is a much better book for newcomers than the pickaxe. Pickaxe requires you to have done some programming before, while the Ruby for Rails book is more of a ground-up tutorial – which is more suitable for most cases of RoR-noobs (the RoR noob being a none-programmer).

8. Jarkko Laine said...

Thanks for the kind interview, Jamis.

Good point about the response.xhr? vs. respond_to. The chapter was originally written before respond_to was included in Rails and missed escaped the axe later on. However, I think there is a place for it, too, not just in this case. When you want to do things like deleting an object on the site the “right way” (http://jlaine.net/2005/8/25/using-rails-ajax-helpers-to-create-safe-state-changing-links), respond_to doesn’t help because it can’t be used to determine whether a request was using POST or GET. At least that’s my understanding.

I agree about scaffolding but it was just something we had to introduce there. It also doesn’t play well together with TDD (too much magic happening at once), that’s why we keep it to one chapter.

I’m going to fix the things changed in Rails 1.2 (there aren’t actually that many, like you said) for the next printing. But like you said, Rails goes forward like a … errr… TGV train, so a book buyer can never trust that everything said in a book will be 100% current in half a year anyway.

Cheers, //jarkko

26 Jan 2007

9. Nick Coyne said...

I’ve bought all of the Rails and Ruby books, and this one definitely features high up on my list.

Most tutorial work-through style books conveniently leave out one or more important real-world issues just to keep things simple. This book tackles the difficult area of TDD (and does it pretty well, IMHO) and shows how to practically use it in your projects.

Nice one.

10. Jamis said...

Jarkko, thanks for the great book. :) Regarding request.get? and request.post?, those are completely different animals from request.xhr?, and thus I have no beef with them. In fact, I use get? and post? myself to differentiate between the method used in the request. request.xhr?, on the other hand, I haven’t touched in months, if not a year.

11. joe said...

Yep, I agree… this is a great book. The heavy emphasis on TDD is worth the price of admission. However, the authors delve into much more such as working with various plugins, deployment and payment authorization. And though the book is information heavy, it is far from boring. The user stories and down-to-earth writing style keep things moving along quite nicely.

The authors have a google mailing list dedicated to this book and are very responsive in answering questions about the tutorial.

Great job guys!

28 Jan 2007

12. Shane said...

Cool, I’ve never heard of this book before. I’ll check it out. Although, the rails 1.1 bit scares me… So much has changed since then it seems like. I bought the first edition of the Ruby on Rails book, and it’s pretty unusable now(although the edition solves that problem). Rails changes so often, it’s hard for authors to keep up.

If any of you have read it, you should rank it on:

http://www.programmingbooks.org

(my rails-based programming book ranking site)

30 Jan 2007

13. Christian Hellsten said...

Thanks for writing a fair review of our book Jamis. Sadly, George is not a real person :)

You’re definitely right about the deprecated stuff. It’s difficult to keep up with all the changes in Rails and all the plugins we cover in the book.

As Joe pointed out, there’s a mailing list where we provide support and answer questions about the book: http://groups.google.com/group/railsecommerce

07 Feb 2007

14. hemant said...

Jamis, how does request.xhr? and respond_to are equivalent?

respond_to would always return some Javascript as you have demonstrated when using with RJS.

However, if one has code like this:
    elsif request.xhr?
      category = params[:fav_category][:category]
      # generate errors
      if category == 'None'
        flash[:error] = "Invalid category" 
        render :update do |page|
          page.redirect_to :action => "preferred_messages" 
        end
        return
      end
    end
I mean, here a HTML page fragment would be returned. So, how would respond_to handle this case.

May be I am missing something.

15. Jamis said...

hemant:

1
2
3
4
5
6
7
8
respond_to do |format|
  format.js do
    category = params[:fav_category][:category]
    if category == 'None'
      render(:update) { |pg| pg.redirect_to :action => ".." }
    end
  end
end

Basically, the respond_to replaces the if/elsif/else condition clause. One of the problems with request.xhr? is that it relies on a custom HTTP header, rather than on the existing infrastructure of the HTTP protocol. respond_to, on the other hand, relies on the HTTP Accept header to determine how to respond, and is therefore more compliant with existing standards.

08 Feb 2007

16. hemant said...

Jamis, thanks for clarifying things up.

17. mGee said...

You overlooked the fact this book’s code is RIDDLED with errors.

The book is an utter failure.

18. Jamis said...

mGee, wow, you obviously have strong feelings about this. Errors or not, I’d definitely would not call the book an utter failure. For the most part, it preaches practices that I agree with, and it encourages test-driven-development, which many books do not. I’d say it’s doing great.

FWIW, I didn’t notice any glaring errors. I hope you’ve emailed the authors with any errors you’ve found, though.

18 Feb 2007

19. Jarkko Laine said...

mGee: I think the amount of errors is a very subjective matter. I don’t think any technical book (at least in its first printing) can really be without any errors (although I do admire the Pragmatic Programmers’ beta book process). We’re only humans, after all. If you have any problems with the book, don’t hesitate to ask for help in the mailing list mentioned above in the comments.