Thursday, 19 May 2011

How not to invite me on LinkedIn

I'd like to add you to my professional network on LinkedIn.

- J Citizen

I hate that... I really do.

So - who the hell are you? and why should I add you to my LinkedIn? and is it really so hard to type just a few words into the text box?

If we've never met before - I don't know you from Adam. If you couldn't be bothered writing a few words about why we should link up - why should I be bothered accepting your invite?

Unsolicited invites with no effort read as SPAM to me, and will be ignored.

I find this particularly common from recruiters trying to fish for Rails developers. Yet the very people you most want to hire are the most likely to ignore a "form-letter" style invite. How many potential goldmine recruits are ignoring you because you didn't put in the effort to explain who the hell you are?

Or maybe I have met you - do you know how common some names are? Like most geeks I'm *crap* at names and I apologise, I've probably forgotten yours... it's nothing personal - but I've met thousands of people in the past year.

You and I probably hit it off at some networking event and we had a great conversation about your new startup and how we could work together... but that doesn't mean I remembered your *name*, it means I remembered who you *are*. Unfortunately, LinkedIn invites only show a name... so you'll have to remind me of who you are... it only takes a few words:

Hi, I'm John, we spoke at Launch48 last year about my new startup FuzzyKittens.com. 
I'm looking for an awesome Rails developer to help on my project. 
Add me to our network?

- J Citizen

*so* not hard.

Wednesday, 11 May 2011

Travel Hacking Cartel

I've been doing a *lot* of travel the last couple of years: taking advantage of my stay in the UK to see as much of Europe as I can before I have to head home to Aus.

Mostly I've been traveling on cheap airlines or even driving. However, I've just joined a website that helps you collect airmiles at a much increased rate. They guarantee that you'll gather a minimum of 100,000 airmiles a year (even if you aren't based in the USA) which adds up to at least one significant trip each year.

They find the deals for you and list them on the member homepage, and you then go and collect your points and mark them "done". The claim being that you only need to spend half an hour each month gathering your points. Seems fairly good so far, but I'll let you know as I go along if I think it's worth it.

If you're interested, click on the linked image below.

Official travel hacker

Friday, 6 May 2011

admin_login_required filter for rubyCAS

Setting up an admin-only login for rubyCAS is fairly straightforward.

First, you have to add an "is_admin" boolean flag to your *local* user class. Remember that you will probably want to restrict admin-rights differently on different applications - so it's better to put it in the local db for this.

If you are really sure that you want universal admins - then you can look into using the "extra attributes" aspects of rubyCAS - but I won't cover this here today.

Now it's just a matter of adding this helper-method to application_controller.rb (note, this depends on logged_in? and current_user)

    # overload the restful_auth version
    def admin_login_required
      # send them to 404 so we don't leak the page's existence
      # Note: implementation of this method left as exercise for the reader...
      render_four_oh_four and return(false) unless logged_in? && @current_user.is_admin?
      true
    end

Now you can add this as a before_filter to whatever actions you need... but make sure it comes *after* the actual login filters eg:

  class MyController < ApplicationController
    # this is the before_filter provided by rubyCAS client
    before_filter CASClient::Frameworks::Rails::Filter
    # this is a call to our own new before_filter which populates the cas user
    before_filter :setup_cas_user

    before_filter :admin_login_required, :only => :admin_homepage

  
    # actions here
    def admin_homepage
      # load cool admin-only stuff here...
    end
  end

To actually update that flag - you'll need to have local versions of user CRUD pages as per any other CRUD pages - affecting the local user values.

This is one article in a series on Rails single-sign-on with rubyCAS