Provides Javascript a simple CRUD API to the Ruby on Rails backend.
Check out live examples on the Databound website databound.me.
Backend gem repo github.com/Nedomas/databound-rails.
Usage
User = '/users' User; User; User;
Version support and dependencies
Works with:
- Ruby on Rails 3+
- Ruby 2.0+
- It can work with Angular as a better ngResource alternative
- Rails API
- ActiveRecord or Mongoid
- Active Model Serializers
- Chrome any, Firefox any, Opera any, IE 8+
Depends on:
- Lodash (should work with any version)
- jQuery 1.5+
jQuery is used for making requests and promises. You can use your own library instead. Read API docs on how to override those.
Installation
1 - Gemfile
2.1 - With asset pipeline (sprockets)
Run generator to add Databound to application.js
rails g databound:install
2.2 - Without asset pipeline
Download the databound-standalone.js and load it up
2.3 - With require.js
Download Javascript part with npm or bower
npm install databound
OR
bower install databound
Require it Javascript with:
var Databound = ;
3 - Add a route to config/routes.rb
Rails.application.routes.draw do databound :users, columns: [:name, :city]end
4 - (optional) Controller is autogenerated from route
But if you already have a controller, you can include Databound and specify the model yourself.
databound do model :user columns :name, :city endend
5 - Install dependencies (skip if with require.js
)
Easiest way is to use the official Ruby gems or include them from CDNs.
Lo-Dash - lodash-rails gem or CDN.
jQuery (already installed by default on Rails) - jquery-rails gem or CDN
6 - Use it in the Javascript
var User = '/users';
Security
Which parts can Javascript modify?
Specify columns
.
By default - no columns are modifiable.
How to secure the relation values?
You can use dsl(:your_column, :expected_value)
to only allow certain dsl values and convert them to relation ids in the backend.
How to protect the scope of the records?
If you need a reference to the record being modified, use permit
. It will give you a parsed record.
It also works with 3rd party libraries.
databound do model :project columns :name, :city # CanCanCan gem permit(:create) do authorize! :create, current_user end # Pundit permit(:update) do authorize current_user end # Plain Ruby permit(:destroy) do current_user.god? end endend
Which parts can Javascript show?
Use Active Model Serializers to serialize the record.
If you don't want to use that, you can overwrite as_json
method on the model.
Contributing ❤️
- Fork it
- Create your feature branch (git checkout -b my-new-feature)
- Commit your changes (git commit -am 'Add some feature')
- Push to the branch (git push origin my-new-feature)
- Create a new Pull Request
- Get ice cream 🍨
Changelog
Next release
- Better Javascript error messages.
.all
method.- Associations.
- Your contribution here.
3.0.3 - 2015-01-09
- Fix bootup of a default Rails stack in production with
databound
andeager_load
3.0.2 - 2015-01-08
read
action ofpermit
returningfalse
now returns empty scoped records
3.0.1 - 2015-01-08
- Minor bugfix
3.0.0 - 2015-01-08
- Simplify configuration setup and improve performance.
- Thanks to @Austio for docs on 3rd party authentication libraries.
databound do model :project columns :name, :city endend
2.0.1 - 2015-01-03
- Add support for specifying
permitted_columns
inroutes.rb
. No columns are modifiable by default.
1.1.0 - 2015-01-03
- You can specify
permit_update_destroy?
on a controller to manage the scope of the records that can be modified from the Javascript.
1.0.0 - 2015-01-03
- Destroy now accepts
id
instead of{ id: someid }
. extra_find_scopes
renamed toextra_where_scopes