Puakma: Under the hood

I'm Brendon Upson, jack-of-all-trades, master of one or two. I'm talking about life running a small ISV tackling business issues and leaping technology hurdles in a single bound.

webWise Network Consultants is based in Sydney, Australia and develops the groundbreaking Tornado Server technology.

Tornado is not just CRUD

Filed under: by Brendon Upson on 2006-09-19

For a long time now there has been various debates about the amount of "effort" required to build a web app in the different frameworks/languages. It has only been in the last couple of weeks that I am beginning to understand the real power of Tornado. Sure, we've been saying for *ages* it's perfect for complex, database driven web apps - but what does that mean?

Ruby this, ruby that is all we seem to hear these days. But Ruby (on rails) is all about CRUD . Create, Read, Update, Delete. All projects seem to start out like this and on the surface all you need is a framework to manipulate the data in the database. All those whizz bang demos show Ruby is brilliant at this. The reality is somewhat different. Everything we have built with Tornado to date has started out fairly simply then the clients have asked for more and more. The biggest area of complexity is security. Clients always want to lock down who can see and do what with a particular ROW in a database. To do this, the framework needs to be able to access the data and the decide on a complex set of business rules if the current user should be able to CRUD the record and even hide certain parts of the data from the user.

A recent project is for forecasting costs of construction jobs (eg bridges, roads etc worth millions of dollars). The security is simple and complex. A certain group of people can create new jobs in the system and assign project managers. Those project managers can update only their projects. Area managers can view and update jobs in their area. Management can view reports for all jobs but not change any data. A plain role based security model would just be unweildly for this project. We'd need a new role for every job and with (over time) hundred of jobs in the system, very complicated to administer. Instead the framework looks at the data and decides if the current user should have access or not.

CRUD is fine, but if you are developing web apps that are true applications (rather than a simplified way of CRUDing data) Tornado is certainly worth a look.