So, first off, big news! We have a bunch of new rubycorns. This is very exciting! Welcome! We hope more people will continue to join and come hack with us! We're very nice, we promise, and Malwine promised to bring cake.
Second bit of news... we ran into our first MAJOR bug. Back in August, we noticed that a new user of the app was suddenly an admin. This was very strange. We un-adminified this person, wondered a bit why this might have happened, and moved on. However, this evening, we checked the app and found out that there were suddenly two new admins, that we had not adminified!! PANIC!!!!!
As you can see in our github code, admins are only made in one place. We have tests for this, and we have a callback. This made no sense. Utterly confused, we turned to the logs.
We knew that the latest unofficial admin was a new rubycorn who signed up for the app today. So we searched today's logs with this in mind. We found nothing strange. Then we searched for
add_role (a method which comes from the rolify gem), and found the culprit!
The logs were complaining about a method called
has_role, telling us it was deprecated, and that we should use
add_role instead. So we searched for
It was in the blog. THE BLOG. We were using
current_person.has_role(:admin) instead of
current_person.has_role?(:admin) . This means, whenever anyone went to the blog, instead of checking to see if that person was an admin... they BECAME an admin.
But, we fixed it (try all you like, you can no longer become an admin accidentally.... we hope), and learned a valuable lesson and hunted down a crazy weird bug. Yay us?