aboutsummaryrefslogtreecommitdiffstats
path: root/guides/source
diff options
context:
space:
mode:
authorVijay Dev <vijaydev.cse@gmail.com>2012-10-11 01:05:14 +0530
committerVijay Dev <vijaydev.cse@gmail.com>2012-10-11 01:05:14 +0530
commitf638ef951b4d185b2bfd3d0d8be241cb23001890 (patch)
tree6fc5b981d4e8cc148ff5a63d6a753804247db375 /guides/source
parent3401d5089ba4802b6554483a4de7739e6f914e50 (diff)
parent26ec070b09ceb798b471fd6999ae1da319120899 (diff)
downloadrails-f638ef951b4d185b2bfd3d0d8be241cb23001890.tar.gz
rails-f638ef951b4d185b2bfd3d0d8be241cb23001890.tar.bz2
rails-f638ef951b4d185b2bfd3d0d8be241cb23001890.zip
Merge branch 'master' of github.com:lifo/docrails
Conflicts: activerecord/lib/active_record/persistence.rb railties/lib/rails/generators/rails/resource_route/resource_route_generator.rb
Diffstat (limited to 'guides/source')
-rw-r--r--guides/source/action_mailer_basics.md2
-rw-r--r--guides/source/active_record_querying.md2
-rw-r--r--guides/source/active_record_validations_callbacks.md3
-rw-r--r--guides/source/association_basics.md23
-rw-r--r--guides/source/caching_with_rails.md15
-rw-r--r--guides/source/configuring.md18
-rw-r--r--guides/source/engines.md47
-rw-r--r--guides/source/getting_started.md43
-rw-r--r--guides/source/i18n.md4
-rw-r--r--guides/source/migrations.md14
-rw-r--r--guides/source/rails_on_rack.md4
-rw-r--r--guides/source/routing.md106
-rw-r--r--guides/source/security.md35
-rw-r--r--guides/source/upgrading_ruby_on_rails.md6
14 files changed, 199 insertions, 123 deletions
diff --git a/guides/source/action_mailer_basics.md b/guides/source/action_mailer_basics.md
index b992defa6d..a938db6265 100644
--- a/guides/source/action_mailer_basics.md
+++ b/guides/source/action_mailer_basics.md
@@ -476,7 +476,7 @@ The following configuration options are best made in one of the environment file
|`logger`|Generates information on the mailing run if available. Can be set to `nil` for no logging. Compatible with both Ruby's own `Logger` and `Log4r` loggers.|
|`smtp_settings`|Allows detailed configuration for `:smtp` delivery method:<ul><li>`:address` - Allows you to use a remote mail server. Just change it from its default "localhost" setting.</li><li>`:port` - On the off chance that your mail server doesn't run on port 25, you can change it.</li><li>`:domain` - If you need to specify a HELO domain, you can do it here.</li><li>`:user_name` - If your mail server requires authentication, set the username in this setting.</li><li>`:password` - If your mail server requires authentication, set the password in this setting.</li><li>`:authentication` - If your mail server requires authentication, you need to specify the authentication type here. This is a symbol and one of `:plain`, `:login`, `:cram_md5`.</li><li>`:enable_starttls_auto` - Set this to `false` if there is a problem with your server certificate that you cannot resolve.</li></ul>|
|`sendmail_settings`|Allows you to override options for the `:sendmail` delivery method.<ul><li>`:location` - The location of the sendmail executable. Defaults to `/usr/sbin/sendmail`.</li><li>`:arguments` - The command line arguments to be passed to sendmail. Defaults to `-i -t`.</li></ul>|
-|`raise_delivery_errors`|Whether or not errors should be raised if the email fails to be delivered.|
+|`raise_delivery_errors`|Whether or not errors should be raised if the email fails to be delivered. This only works if the external email server is configured for immediate delivery.|
|`delivery_method`|Defines a delivery method. Possible values are `:smtp` (default), `:sendmail`, `:file` and `:test`.|
|`perform_deliveries`|Determines whether deliveries are actually carried out when the `deliver` method is invoked on the Mail message. By default they are, but this can be turned off to help functional testing.|
|`deliveries`|Keeps an array of all the emails sent out through the Action Mailer with delivery_method :test. Most useful for unit and functional testing.|
diff --git a/guides/source/active_record_querying.md b/guides/source/active_record_querying.md
index 1ae6a1f204..66e6390f67 100644
--- a/guides/source/active_record_querying.md
+++ b/guides/source/active_record_querying.md
@@ -375,8 +375,6 @@ end
Another example would be if you wanted multiple workers handling the same processing queue. You could have each worker handle 10000 records by setting the appropriate `:start` option on each worker.
-NOTE: The `:include` option allows you to name associations that should be loaded alongside with the models.
-
#### `find_in_batches`
The `find_in_batches` method is similar to `find_each`, since both retrieve batches of records. The difference is that `find_in_batches` yields _batches_ to the block as an array of models, instead of individually. The following example will yield to the supplied block an array of up to 1000 invoices at a time, with the final block containing any remaining invoices:
diff --git a/guides/source/active_record_validations_callbacks.md b/guides/source/active_record_validations_callbacks.md
index f32c1050ce..333cbdd90b 100644
--- a/guides/source/active_record_validations_callbacks.md
+++ b/guides/source/active_record_validations_callbacks.md
@@ -50,6 +50,7 @@ end
We can see how it works by looking at some `rails console` output:
```ruby
+$ rails console
>> p = Person.new(:name => "John Doe")
=> #<Person id: nil, name: "John Doe", created_at: nil, updated_at: nil>
>> p.new_record?
@@ -60,6 +61,8 @@ We can see how it works by looking at some `rails console` output:
=> false
```
+TIP: All lines starting with a dollar sign `$` are intended to be run on the command line.
+
Creating and saving a new record will send an SQL `INSERT` operation to the database. Updating an existing record will send an SQL `UPDATE` operation instead. Validations are typically run before these commands are sent to the database. If any validations fail, the object will be marked as invalid and Active Record will not perform the `INSERT` or `UPDATE` operation. This helps to avoid storing an invalid object in the database. You can choose to have specific validations run when an object is created, saved, or updated.
CAUTION: There are many ways to change the state of an object in the database. Some methods will trigger validations, but some will not. This means that it's possible to save an object in the database in an invalid state if you aren't careful.
diff --git a/guides/source/association_basics.md b/guides/source/association_basics.md
index dbf18b511c..42c7c07745 100644
--- a/guides/source/association_basics.md
+++ b/guides/source/association_basics.md
@@ -1130,6 +1130,7 @@ When you declare a `has_many` association, the declaring class automatically gai
* `collection(force_reload = false)`
* `collection<<(object, ...)`
* `collection.delete(object, ...)`
+* `collection.destroy(object, ...)`
* `collection=objects`
* `collection_singular_ids`
* `collection_singular_ids=ids`
@@ -1156,6 +1157,7 @@ Each instance of the customer model will have these methods:
orders(force_reload = false)
orders<<(object, ...)
orders.delete(object, ...)
+orders.destroy(object, ...)
orders=objects
order_ids
order_ids=ids
@@ -1195,6 +1197,15 @@ The `collection.delete` method removes one or more objects from the collection b
WARNING: Additionally, objects will be destroyed if they're associated with `:dependent => :destroy`, and deleted if they're associated with `:dependent => :delete_all`.
+##### `collection.destroy(object, ...)`
+
+The `collection.destroy` method removes one or more objects from the collection by running `destroy` on each object.
+
+```ruby
+@customer.orders.destroy(@order1)
+```
+
+WARNING: Objects will _always_ be removed from the database, ignoring the `:dependent` option.
##### `collection=objects`
@@ -1564,6 +1575,7 @@ When you declare a `has_and_belongs_to_many` association, the declaring class au
* `collection(force_reload = false)`
* `collection<<(object, ...)`
* `collection.delete(object, ...)`
+* `collection.destroy(object, ...)`
* `collection=objects`
* `collection_singular_ids`
* `collection_singular_ids=ids`
@@ -1590,6 +1602,7 @@ Each instance of the part model will have these methods:
assemblies(force_reload = false)
assemblies<<(object, ...)
assemblies.delete(object, ...)
+assemblies.destroy(object, ...)
assemblies=objects
assembly_ids
assembly_ids=ids
@@ -1636,6 +1649,16 @@ The `collection.delete` method removes one or more objects from the collection b
@part.assemblies.delete(@assembly1)
```
+WARNING: This does not trigger callbacks on the join records.
+
+##### `collection.destroy(object, ...)`
+
+The `collection.destroy` method removes one or more objects from the collection by running `destroy` on each record in the join table, including running callbacks. This does not destroy the objects.
+
+```ruby
+@part.assemblies.destroy(@assembly1)
+```
+
##### `collection=objects`
The `collection=` method makes the collection contain only the supplied objects, by adding and deleting as appropriate.
diff --git a/guides/source/caching_with_rails.md b/guides/source/caching_with_rails.md
index ce1a01d313..e4d2ecaba1 100644
--- a/guides/source/caching_with_rails.md
+++ b/guides/source/caching_with_rails.md
@@ -5,17 +5,20 @@ This guide will teach you what you need to know about avoiding that expensive ro
After reading this guide, you should be able to use and configure:
-* Page, action, and fragment caching
-* Sweepers
-* Alternative cache stores
-* Conditional GET support
+* Page, action, and fragment caching.
+* Sweepers.
+* Alternative cache stores.
+* Conditional GET support.
--------------------------------------------------------------------------------
Basic Caching
-------------
-This is an introduction to the three types of caching techniques that Rails provides by default without the use of any third party plugins.
+This is an introduction to three types of caching techniques: page, action and
+fragment caching. Rails provides by default fragment caching. In order to use
+page and action caching, you will need to add `actionpack-page_caching` and
+`actionpack-action_caching` to your Gemfile.
To start playing with caching you'll want to ensure that `config.action_controller.perform_caching` is set to `true`, if you're running in development mode. This flag is normally set in the corresponding `config/environments/*.rb` and caching is disabled by default for development and test, and enabled for production.
@@ -44,7 +47,7 @@ Let's say you have a controller called `ProductsController` and an `index` actio
By default, the page cache directory is set to `Rails.public_path` (which is usually set to the `public` folder) and this can be configured by changing the configuration setting `config.action_controller.page_cache_directory`. Changing the default from `public` helps avoid naming conflicts, since you may want to put other static html in `public`, but changing this will require web server reconfiguration to let the web server know where to serve the cached files from.
-The Page Caching mechanism will automatically add a `.html` extension to requests for pages that do not have an extension to make it easy for the webserver to find those pages and this can be configured by changing the configuration setting `config.action_controller.page_cache_extension`.
+The Page Caching mechanism will automatically add a `.html` extension to requests for pages that do not have an extension to make it easy for the webserver to find those pages and this can be configured by changing the configuration setting `config.action_controller.default_static_extension`.
In order to expire this page when a new product is added we could extend our example controller like this:
diff --git a/guides/source/configuring.md b/guides/source/configuring.md
index 8efc1f655f..2131a6c6a8 100644
--- a/guides/source/configuring.md
+++ b/guides/source/configuring.md
@@ -282,12 +282,8 @@ config.middleware.delete ActionDispatch::BestStandardsSupport
* `config.active_record.lock_optimistically` controls whether Active Record will use optimistic locking and is true by default.
-* `config.active_record.whitelist_attributes` will create an empty whitelist of attributes available for mass-assignment security for all models in your app.
-
* `config.active_record.auto_explain_threshold_in_seconds` configures the threshold for automatic EXPLAINs (`nil` disables this feature). Queries exceeding the threshold get their query plan logged. Default is 0.5 in development mode.
-* `config.active_record.mass_assignment_sanitizer` will determine the strictness of the mass assignment sanitization within Rails. Defaults to `:strict`. In this mode, mass assigning any non-`attr_accessible` attribute in a `create` or `update_attributes` call will raise an exception. Setting this option to `:logger` will only print to the log file when an attribute is being assigned and will not raise an exception.
-
The MySQL adapter adds one additional configuration option:
* `ActiveRecord::ConnectionAdapters::MysqlAdapter.emulate_booleans` controls whether Active Record will consider all `tinyint(1)` columns in a MySQL database to be booleans and is true by default.
@@ -304,27 +300,21 @@ The schema dumper adds one additional configuration option:
* `config.action_controller.asset_path` takes a block which configures where assets can be found. Shorter version of `config.action_controller.asset_path`.
-* `config.action_controller.page_cache_directory` should be the document root for the web server and is set using `Base.page_cache_directory = "/document/root"`. For Rails, this directory has already been set to `Rails.public_path` (which is usually set to `Rails.root ` "/public"`). Changing this setting can be useful to avoid naming conflicts with files in `public/`, but doing so will likely require configuring your web server to look in the new location for cached files.
-
-* `config.action_controller.page_cache_extension` configures the extension used for cached pages saved to `page_cache_directory`. Defaults to `.html`.
-
* `config.action_controller.perform_caching` configures whether the application should perform caching or not. Set to false in development mode, true in production.
+* `config.action_controller.default_static_extension` configures the extension used for cached pages. Defaults to `.html`.
+
* `config.action_controller.default_charset` specifies the default character set for all renders. The default is "utf-8".
* `config.action_controller.logger` accepts a logger conforming to the interface of Log4r or the default Ruby Logger class, which is then used to log information from Action Controller. Set to `nil` to disable logging.
* `config.action_controller.request_forgery_protection_token` sets the token parameter name for RequestForgery. Calling `protect_from_forgery` sets it to `:authenticity_token` by default.
-* `config.action_controller.allow_forgery_protection` enables or disables CSRF protection. By default this is false in test mode and true in all other modes.
+* `config.action_controller.allow_forgery_protection` enables or disables CSRF protection. By default this is `false` in test mode and `true` in all other modes.
* `config.action_controller.relative_url_root` can be used to tell Rails that you are deploying to a subdirectory. The default is `ENV['RAILS_RELATIVE_URL_ROOT']`.
-The caching code adds two additional settings:
-
-* `ActionController::Base.page_cache_directory` sets the directory where Rails will create cached pages for your web server. The default is `Rails.public_path` (which is usually set to `Rails.root + "/public"`).
-
-* `ActionController::Base.page_cache_extension` sets the extension to be used when generating pages for the cache (this is ignored if the incoming request already has an extension). The default is `.html`.
+* `config.action_controller.permit_all_parameters` sets all the parameters for mass assignment to be permitted by default. The default value is `false`.
### Configuring Action Dispatch
diff --git a/guides/source/engines.md b/guides/source/engines.md
index 7aef0f150f..97af423f3e 100644
--- a/guides/source/engines.md
+++ b/guides/source/engines.md
@@ -33,10 +33,10 @@ Finally, engines would not have been possible without the work of James Adam, Pi
Generating an engine
--------------------
-To generate an engine with Rails 3.1, you will need to run the plugin generator and pass it the `--full` and `--mountable` options. To generate the beginnings of the "blorgh" engine you will need to run this command in a terminal:
+To generate an engine with Rails 3.2, you will need to run the plugin generator and pass it options as appropriate to the need. For the "blorgh" example, you will need to create a "mountable" engine, running this command in a terminal:
```bash
-$ rails plugin new blorgh --full --mountable
+$ rails plugin new blorgh --mountable
```
The full list of options for the plugin generator may be seen by typing:
@@ -45,9 +45,48 @@ The full list of options for the plugin generator may be seen by typing:
$ rails plugin --help
```
-The `--full` option tells the plugin generator that you want to create an engine, creating the basic directory structure of an engine by providing things such as an `app` directory and a `config/routes.rb` file. This generator also provides a file at `lib/blorgh/engine.rb` which is identical in function to a standard Rails application's `config/application.rb` file.
+The `--full` option tells the generator that you want to create an engine, including a skeleton structure by providing the following:
-The `--mountable` option tells the generator to mount the engine inside the dummy testing application located at `test/dummy`. It does this by placing this line into the dummy application's routes file at `test/dummy/config/routes.rb`:
+ * An `app` directory tree
+ * A `config/routes.rb` file:
+
+ ```ruby
+ Rails.application.routes.draw do
+ end
+ ```
+ * A file at `lib/blorgh/engine.rb` which is identical in function to a standard Rails application's `config/application.rb` file:
+
+ ```ruby
+ module Blorgh
+ class Engine < ::Rails::Engine
+ end
+ end
+ ```
+
+The `--mountable` option tells the generator that you want to create a "mountable" and namespace-isolated engine. This generator will provide the same skeleton structure as would the `--full` option, and will add:
+
+ * Asset manifest files (`application.js` and `application.css`)
+ * A namespaced `ApplicationController` stub
+ * A namespaced `ApplicationHelper` stub
+ * A layout view template for the engine
+ * Namespace isolation to `config/routes.rb`:
+
+ ```ruby
+ Blorgh::Engine.routes.draw do
+ end
+ ```
+
+ * Namespace isolation to `lib/blorgh/engine.rb`:
+
+ ```ruby
+ module Blorgh
+ class Engine < ::Rails::Engine
+ isolate_namespace Blorgh
+ end
+ end
+ ```
+
+Additionally, the `--mountable` option tells the generator to mount the engine inside the dummy testing application located at `test/dummy` by adding the following to the dummy application's routes file at `test/dummy/config/routes.rb`:
```ruby
mount Blorgh::Engine, :at => "blorgh"
diff --git a/guides/source/getting_started.md b/guides/source/getting_started.md
index 3fbe64c4a7..9f23f9fc42 100644
--- a/guides/source/getting_started.md
+++ b/guides/source/getting_started.md
@@ -77,10 +77,17 @@ TIP: The examples below use # and $ to denote superuser and regular user termina
### Installing Rails
+Open up a command line prompt. On a mac this is called terminal, on windows it is called command prompt. Any commands prefaced with a dollar sign `$` should be run in the command line. Verify sure you have a current version of Ruby installed:
+
+```bash
+$ ruby -v
+ruby 1.9.3p194
+```
+
To install Rails, use the `gem install` command provided by RubyGems:
```bash
-# gem install rails
+$ gem install rails
```
TIP. A number of tools exist to help you quickly install Ruby and Ruby
@@ -154,11 +161,11 @@ $ rails server
TIP: Compiling CoffeeScript to JavaScript requires a JavaScript runtime and the absence of a runtime will give you an `execjs` error. Usually Mac OS X and Windows come with a JavaScript runtime installed. Rails adds the `therubyracer` gem to Gemfile in a commented line for new apps and you can uncomment if you need it. `therubyrhino` is the recommended runtime for JRuby users and is added by default to Gemfile in apps generated under JRuby. You can investigate about all the supported runtimes at [ExecJS](https://github.com/sstephenson/execjs#readme).
-This will fire up WEBrick, a webserver built into Ruby by default. To see your application in action, open a browser window and navigate to [http://localhost:3000](http://localhost:3000). You should see the Rails default information page:
+This will fire up WEBrick, a webserver built into Ruby by default. To see your application in action, open a browser window and navigate to <http://localhost:3000>. You should see the Rails default information page:
![Welcome Aboard screenshot](images/rails_welcome.png)
-TIP: To stop the web server, hit Ctrl+C in the terminal window where it's running. In development mode, Rails does not generally require you to restart the server; changes you make in files will be automatically picked up by the server.
+TIP: To stop the web server, hit Ctrl+C in the terminal window where it's running. To verify the server has stopped you should see your command prompt cursor again. For most unix like systems including mac this will be a dollar sign `$`. In development mode, Rails does not generally require you to restart the server; changes you make in files will be automatically picked up by the server.
The "Welcome Aboard" page is the _smoke test_ for a new Rails application: it makes sure that you have your software configured correctly enough to serve a page. You can also click on the _About your application’s environment_ link to see a summary of your application's environment.
@@ -207,11 +214,11 @@ Open the `app/views/welcome/index.html.erb` file in your text editor and edit it
### Setting the Application Home Page
-Now that we have made the controller and view, we need to tell Rails when we want Hello Rails! to show up. In our case, we want it to show up when we navigate to the root URL of our site, [http://localhost:3000](http://localhost:3000). At the moment, however, the "Welcome Aboard" smoke test is occupying that spot.
+Now that we have made the controller and view, we need to tell Rails when we want Hello Rails! to show up. In our case, we want it to show up when we navigate to the root URL of our site, <http://localhost:3000>. At the moment, however, the "Welcome Aboard" smoke test is occupying that spot.
To fix this, delete the `index.html` file located inside the `public` directory of the application.
-You need to do this because Rails will serve any static file in the `public` directory that matches a route in preference to any dynamic content you generate from the controllers. The `index.html` file is special: it will be served if a request comes in at the root route, e.g. [http://localhost:3000](http://localhost:3000). If another request such as [http://localhost:3000/welcome](http://localhost:3000/welcome) happened, a static file at `public/welcome.html` would be served first, but only if it existed.
+You need to do this because Rails will serve any static file in the `public` directory that matches a route in preference to any dynamic content you generate from the controllers. The `index.html` file is special: it will be served if a request comes in at the root route, e.g. <http://localhost:3000>. If another request such as <http://localhost:3000/welcome> happened, a static file at `public/welcome.html` would be served first, but only if it existed.
Next, you have to tell Rails where your actual home page is located.
@@ -235,9 +242,9 @@ This is your application's _routing file_ which holds entries in a special DSL (
root :to => "welcome#index"
```
-The `root :to => "welcome#index"` tells Rails to map requests to the root of the application to the welcome controller's index action and `get "welcome/index"` tells Rails to map requests to [http://localhost:3000/welcome/index](http://localhost:3000/welcome/index) to the welcome controller's index action. This was created earlier when you ran the controller generator (`rails generate controller welcome index`).
+The `root :to => "welcome#index"` tells Rails to map requests to the root of the application to the welcome controller's index action and `get "welcome/index"` tells Rails to map requests to <http://localhost:3000/welcome/index> to the welcome controller's index action. This was created earlier when you ran the controller generator (`rails generate controller welcome index`).
-If you navigate to [http://localhost:3000](http://localhost:3000) in your browser, you'll see the `Hello, Rails!` message you put into `app/views/welcome/index.html.erb`, indicating that this new route is indeed going to `WelcomeController`'s `index` action and is rendering the view correctly.
+If you navigate to <http://localhost:3000> in your browser, you'll see the `Hello, Rails!` message you put into `app/views/welcome/index.html.erb`, indicating that this new route is indeed going to `WelcomeController`'s `index` action and is rendering the view correctly.
NOTE. For more information about routing, refer to [Rails Routing from the Outside In](routing.html).
@@ -256,7 +263,7 @@ It will look a little basic for now, but that's ok. We'll look at improving the
### Laying down the ground work
-The first thing that you are going to need to create a new post within the application is a place to do that. A great place for that would be at `/posts/new`. If you attempt to navigate to that now -- by visiting [http://localhost:3000/posts/new](http://localhost:3000/posts/new) -- Rails will give you a routing error:
+The first thing that you are going to need to create a new post within the application is a place to do that. A great place for that would be at `/posts/new`. If you attempt to navigate to that now -- by visiting <http://localhost:3000/posts/new> -- Rails will give you a routing error:
![A routing error, no route matches /posts/new](images/getting_started/routing_error_no_route_matches.png)
@@ -270,7 +277,7 @@ get "posts/new"
This route is a super-simple route: it defines a new route that only responds to `GET` requests, and that the route is at `posts/new`. But how does it know where to go without the use of the `:to` option? Well, Rails uses a sensible default here: Rails will assume that you want this route to go to the new action inside the posts controller.
-With the route defined, requests can now be made to `/posts/new` in the application. Navigate to [http://localhost:3000/posts/new](http://localhost:3000/posts/new) and you'll see another routing error:
+With the route defined, requests can now be made to `/posts/new` in the application. Navigate to <http://localhost:3000/posts/new> and you'll see another routing error:
![Another routing error, uninitialized constant PostsController](images/getting_started/routing_error_no_controller.png)
@@ -289,7 +296,7 @@ end
A controller is simply a class that is defined to inherit from `ApplicationController`. It's inside this class that you'll define methods that will become the actions for this controller. These actions will perform CRUD operations on the posts within our system.
-If you refresh [http://localhost:3000/posts/new](http://localhost:3000/posts/new) now, you'll get a new error:
+If you refresh <http://localhost:3000/posts/new> now, you'll get a new error:
![Unknown action new for PostsController!](images/getting_started/unknown_action_new_for_posts.png)
@@ -302,7 +309,7 @@ def new
end
```
-With the `new` method defined in `PostsController`, if you refresh [http://localhost:3000/posts/new](http://localhost:3000/posts/new) you'll see another error:
+With the `new` method defined in `PostsController`, if you refresh <http://localhost:3000/posts/new> you'll see another error:
![Template is missing for posts/new](images/getting_started/template_is_missing_posts_new.png)
@@ -330,7 +337,7 @@ Go ahead now and create a new file at `app/views/posts/new.html.erb` and write t
<h1>New Post</h1>
```
-When you refresh [http://localhost:3000/posts/new](http://localhost:3000/posts/new) you'll now see that the page has a title. The route, controller, action and view are now working harmoniously! It's time to create the form for a new post.
+When you refresh <http://localhost:3000/posts/new> you'll now see that the page has a title. The route, controller, action and view are now working harmoniously! It's time to create the form for a new post.
### The first form
@@ -579,7 +586,7 @@ content:
```
Finally, if you now go to
-[http://localhost:3000/posts/new](http://localhost:3000/posts/new) you'll
+<http://localhost:3000/posts/new> you'll
be able to create a post. Try it!
![Show action for posts](images/getting_started/show_action_for_posts.png)
@@ -756,7 +763,7 @@ Notice that inside the `create` action we use `render` instead of `redirect_to`
returns `false`. The `render` method is used so that the `@post` object is passed back to the `new` template when it is rendered. This rendering is done within the same request as the form submission, whereas the `redirect_to` will tell the browser to issue another request.
If you reload
-[http://localhost:3000/posts/new](http://localhost:3000/posts/new) and
+<http://localhost:3000/posts/new> and
try to save a post without a title, Rails will send you back to the
form, but that's not very useful. You need to tell the user that
something went wrong. To do that, you'll modify
@@ -1037,7 +1044,7 @@ Then do the same for the `app/views/posts/edit.html.erb` view:
<%= link_to 'Back', :action => :index %>
```
-Point your browser to [http://localhost:3000/posts/new](http://localhost:3000/posts/new) and
+Point your browser to <http://localhost:3000/posts/new> and
try creating a new post. Everything still works. Now try editing the
post and you'll receive the following error:
@@ -1057,10 +1064,10 @@ If you run `rake routes` from the console you'll see that we already
have a `posts_path` route, which was created automatically by Rails when we
defined the route for the index action.
However, we don't have a `post_path` yet, which is the reason why we
-received an error before.
+received an error before. With your server running you can view your routes by visiting [localhost:3000/rails/info/routes](http://localhost:3000/rails/info/routes), or you can generate them from the command line by running `rake routes`:
```bash
-# rake routes
+$ rake routes
posts GET /posts(.:format) posts#index
posts_new GET /posts/new(.:format) posts#new
@@ -1198,7 +1205,7 @@ If you run `rake routes`, you'll see that all the routes that we
declared before are still available:
```bash
-# rake routes
+$ rake routes
posts GET /posts(.:format) posts#index
POST /posts(.:format) posts#create
new_post GET /posts/new(.:format) posts#new
diff --git a/guides/source/i18n.md b/guides/source/i18n.md
index a3c6b514a4..eda1881e73 100644
--- a/guides/source/i18n.md
+++ b/guides/source/i18n.md
@@ -94,13 +94,13 @@ This means, that in the `:en` locale, the key _hello_ will map to the _Hello wor
The I18n library will use **English** as a **default locale**, i.e. if you don't set a different locale, `:en` will be used for looking up translations.
-NOTE: The i18n library takes a **pragmatic approach** to locale keys (after [some discussion](http://groups.google.com/group/rails-i18n/browse_thread/thread/14dede2c7dbe9470/80eec34395f64f3c?hl=en), including only the _locale_ ("language") part, like `:en`, `:pl`, not the _region_ part, like `:en-US` or `:en-GB`, which are traditionally used for separating "languages" and "regional setting" or "dialects". Many international applications use only the "language" element of a locale such as `:cs`, `:th` or `:es` (for Czech, Thai and Spanish). However, there are also regional differences within different language groups that may be important. For instance, in the `:en-US` locale you would have $ as a currency symbol, while in `:en-GB`, you would have £. Nothing stops you from separating regional and other settings in this way: you just have to provide full "English - United Kingdom" locale in a `:en-GB` dictionary. Various [Rails I18n plugins](http://rails-i18n.org/wiki) such as [Globalize2](ht)
+NOTE: The i18n library takes a **pragmatic approach** to locale keys (after [some discussion](http://groups.google.com/group/rails-i18n/browse_thread/thread/14dede2c7dbe9470/80eec34395f64f3c?hl=en), including only the _locale_ ("language") part, like `:en`, `:pl`, not the _region_ part, like `:en-US` or `:en-GB`, which are traditionally used for separating "languages" and "regional setting" or "dialects". Many international applications use only the "language" element of a locale such as `:cs`, `:th` or `:es` (for Czech, Thai and Spanish). However, there are also regional differences within different language groups that may be important. For instance, in the `:en-US` locale you would have $ as a currency symbol, while in `:en-GB`, you would have £. Nothing stops you from separating regional and other settings in this way: you just have to provide full "English - United Kingdom" locale in a `:en-GB` dictionary. Various [Rails I18n plugins](http://rails-i18n.org/wiki) such as [Globalize2](https://github.com/joshmh/globalize2/tree/master) may help you implement it.
The **translations load path** (`I18n.load_path`) is just a Ruby Array of paths to your translation files that will be loaded automatically and available in your application. You can pick whatever directory and translation file naming scheme makes sense for you.
NOTE: The backend will lazy-load these translations when a translation is looked up for the first time. This makes it possible to just swap the backend with something else even after translations have already been announced.
-The default `application.rb` files has instructions on how to add locales from another directory and how to set a different default locale. Just uncomment and edit the specific lines.
+The default initializer `locale.rb` file has instructions on how to add locales from another directory and how to set a different default locale. Just uncomment and edit the specific lines.
```ruby
# The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
diff --git a/guides/source/migrations.md b/guides/source/migrations.md
index 705b65ee8b..67538b85e8 100644
--- a/guides/source/migrations.md
+++ b/guides/source/migrations.md
@@ -85,7 +85,7 @@ existing users.
### Using the change method
-Rails 3.1 makes migrations smarter by providing a new `change` method.
+Rails 3.1 and up makes migrations smarter by providing a `change` method.
This method is preferred for writing constructive migrations (adding columns or
tables). The migration knows how to migrate your database and reverse it when
the migration is rolled back without the need to write a separate `down` method.
@@ -235,6 +235,8 @@ adding these columns will also be created. For example, running
$ rails generate model Product name:string description:text
```
+TIP: All lines starting with a dollar sign `$` are intended to be run on the command line.
+
will create a migration that looks like this
```ruby
@@ -544,7 +546,7 @@ support](#active-record-and-referential-integrity).
If the helpers provided by Active Record aren't enough you can use the `execute`
method to execute arbitrary SQL.
-For more details and examples of individual methods, check the API documentation.
+For more details and examples of individual methods, check the API documentation.
In particular the documentation for
[`ActiveRecord::ConnectionAdapters::SchemaStatements`](http://api.rubyonrails.org/classes/ActiveRecord/ConnectionAdapters/SchemaStatements.html)
(which provides the methods available in the `up` and `down` methods),
@@ -700,6 +702,14 @@ will run the `up` method from the 20080906120000 migration. This task will first
check whether the migration is already performed and will do nothing if Active Record believes
that it has already been run.
+### Running Migrations in Different Environments
+
+By default running `rake db:migrate` will run in the `development` environment. To run migrations against another environment you can specify it using the `RAILS_ENV` environment variable while running the command. For example to run migrations against the `test` environment you could run:
+
+```bash
+$ rake db:migrate RAILS_ENV=test
+```
+
### Changing the Output of Running Migrations
By default migrations tell you exactly what they're doing and how long it took.
diff --git a/guides/source/rails_on_rack.md b/guides/source/rails_on_rack.md
index 0e59395c8a..ba96c0c0a9 100644
--- a/guides/source/rails_on_rack.md
+++ b/guides/source/rails_on_rack.md
@@ -162,8 +162,8 @@ You can add a new middleware to the middleware stack using any of the following
config.middleware.use Rack::BounceFavicon
# Add Lifo::Cache after ActiveRecord::QueryCache.
-# Pass { :page_cache => false } argument to Lifo::Cache.
-config.middleware.insert_after ActiveRecord::QueryCache, Lifo::Cache, :page_cache => false
+# Pass { page_cache: false } argument to Lifo::Cache.
+config.middleware.insert_after ActiveRecord::QueryCache, Lifo::Cache, page_cache: false
```
#### Swapping a Middleware
diff --git a/guides/source/routing.md b/guides/source/routing.md
index 3acb7fa0e5..469fcf49fb 100644
--- a/guides/source/routing.md
+++ b/guides/source/routing.md
@@ -30,14 +30,14 @@ it asks the router to match it to a controller action. If the first matching rou
get "/patients/:id" => "patients#show"
```
-the request is dispatched to the `patients` controller's `show` action with `{ :id => "17" }` in `params`.
+the request is dispatched to the `patients` controller's `show` action with `{ id: "17" }` in `params`.
### Generating Paths and URLs from Code
You can also generate paths and URLs. If the route above is modified to be
```ruby
-get "/patients/:id" => "patients#show", :as => "patient"
+get "/patients/:id" => "patients#show", as: "patient"
```
If your application contains this code:
@@ -73,7 +73,7 @@ it asks the router to map it to a controller action. If the first matching route
resources :photos
```
-Rails would dispatch that request to the `destroy` method on the `photos` controller with `{ :id => "17" }` in `params`.
+Rails would dispatch that request to the `destroy` method on the `photos` controller with `{ id: "17" }` in `params`.
### CRUD, Verbs, and Actions
@@ -186,7 +186,7 @@ This will create a number of routes for each of the `posts` and `comments` contr
If you want to route `/posts` (without the prefix `/admin`) to `Admin::PostsController`, you could use
```ruby
-scope :module => "admin" do
+scope module: "admin" do
resources :posts, :comments
end
```
@@ -194,7 +194,7 @@ end
or, for a single case
```ruby
-resources :posts, :module => "admin"
+resources :posts, module: "admin"
```
If you want to route `/admin/posts` to `PostsController` (without the `Admin::` module prefix), you could use
@@ -208,7 +208,7 @@ end
or, for a single case
```ruby
-resources :posts, :path => "/admin/posts"
+resources :posts, path: "/admin/posts"
```
In each of these cases, the named routes remain the same as if you did not use `scope`. In the last case, the following paths map to `PostsController`:
@@ -375,7 +375,7 @@ Within the block of member routes, each route name specifies the HTTP verb that
```ruby
resources :photos do
- get 'preview', :on => :member
+ get 'preview', on: :member
end
```
@@ -397,7 +397,7 @@ Just as with member routes, you can pass `:on` to a route:
```ruby
resources :photos do
- get 'search', :on => :collection
+ get 'search', on: :collection
end
```
@@ -407,7 +407,7 @@ To add an alternate new action using the `:on` shortcut:
```ruby
resources :comments do
- get 'preview', :on => :new
+ get 'preview', on: :new
end
```
@@ -449,10 +449,10 @@ An incoming path of `/photos/show/1/2` will be dispatched to the `show` action o
NOTE: You can't use `:namespace` or `:module` with a `:controller` path segment. If you need to do this then use a constraint on :controller that matches the namespace you require. e.g:
```ruby
-get ':controller(/:action(/:id))', :controller => /admin\/[^\/]+/
+get ':controller(/:action(/:id))', controller: /admin\/[^\/]+/
```
-TIP: By default dynamic segments don't accept dots - this is because the dot is used as a separator for formatted routes. If you need to use a dot within a dynamic segment, add a constraint that overrides this – for example, `:id => /[^\/]+/` allows anything except a slash.
+TIP: By default dynamic segments don't accept dots - this is because the dot is used as a separator for formatted routes. If you need to use a dot within a dynamic segment, add a constraint that overrides this – for example, `id: /[^\/]+/` allows anything except a slash.
### Static Segments
@@ -462,7 +462,7 @@ You can specify static segments when creating a route:
get ':controller/:action/:id/with_user/:user_id'
```
-This route would respond to paths such as `/photos/show/1/with_user/2`. In this case, `params` would be `{ :controller => "photos", :action => "show", :id => "1", :user_id => "2" }`.
+This route would respond to paths such as `/photos/show/1/with_user/2`. In this case, `params` would be `{ controller: "photos", action: "show", id: "1", user_id: "2" }`.
### The Query String
@@ -472,7 +472,7 @@ The `params` will also include any parameters from the query string. For example
get ':controller/:action/:id'
```
-An incoming path of `/photos/show/1?user_id=2` will be dispatched to the `show` action of the `Photos` controller. `params` will be `{ :controller => "photos", :action => "show", :id => "1", :user_id => "2" }`.
+An incoming path of `/photos/show/1?user_id=2` will be dispatched to the `show` action of the `Photos` controller. `params` will be `{ controller: "photos", action: "show", id: "1", user_id: "2" }`.
### Defining Defaults
@@ -487,7 +487,7 @@ With this route, Rails will match an incoming path of `/photos/12` to the `show`
You can also define other defaults in a route by supplying a hash for the `:defaults` option. This even applies to parameters that you do not specify as dynamic segments. For example:
```ruby
-get 'photos/:id' => 'photos#show', :defaults => { :format => 'jpg' }
+get 'photos/:id' => 'photos#show', defaults: { format: 'jpg' }
```
Rails would match `photos/12` to the `show` action of `PhotosController`, and set `params[:format]` to `"jpg"`.
@@ -497,7 +497,7 @@ Rails would match `photos/12` to the `show` action of `PhotosController`, and se
You can specify a name for any route using the `:as` option.
```ruby
-get 'exit' => 'sessions#destroy', :as => :logout
+get 'exit' => 'sessions#destroy', as: :logout
```
This will create `logout_path` and `logout_url` as named helpers in your application. Calling `logout_path` will return `/exit`
@@ -505,7 +505,7 @@ This will create `logout_path` and `logout_url` as named helpers in your applica
You can also use this to override routing methods defined by resources, like this:
```ruby
-get ':username', :to => "users#show", :as => :user
+get ':username', to: "users#show", as: :user
```
This will define a `user_path` method that will be available in controllers, helpers and views that will go to a route such as `/bob`. Inside the `show` action of `UsersController`, `params[:username]` will contain the username for the user. Change `:username` in the route definition if you do not want your parameter name to be `:username`.
@@ -515,13 +515,13 @@ This will define a `user_path` method that will be available in controllers, hel
In general, you should use the `get`, `post`, `put` and `delete` methods to constrain a route to a particular verb. You can use the `match` method with the `:via` option to match multiple verbs at once:
```ruby
-match 'photos' => 'photos#show', :via => [:get, :post]
+match 'photos' => 'photos#show', via: [:get, :post]
```
-You can match all verbs to a particular route using `:via => :all`:
+You can match all verbs to a particular route using `via: :all`:
```ruby
-match 'photos' => 'photos#show', :via => :all
+match 'photos' => 'photos#show', via: :all
```
You should avoid routing all verbs to an action unless you have a good reason to, as routing both `GET` requests and `POST` requests to a single action has security implications.
@@ -531,19 +531,19 @@ You should avoid routing all verbs to an action unless you have a good reason to
You can use the `:constraints` option to enforce a format for a dynamic segment:
```ruby
-get 'photos/:id' => 'photos#show', :constraints => { :id => /[A-Z]\d{5}/ }
+get 'photos/:id' => 'photos#show', constraints: { id: /[A-Z]\d{5}/ }
```
This route would match paths such as `/photos/A12345`. You can more succinctly express the same route this way:
```ruby
-get 'photos/:id' => 'photos#show', :id => /[A-Z]\d{5}/
+get 'photos/:id' => 'photos#show', id: /[A-Z]\d{5}/
```
`:constraints` takes regular expressions with the restriction that regexp anchors can't be used. For example, the following route will not work:
```ruby
-get '/:id' => 'posts#show', :constraints => {:id => /^\d/}
+get '/:id' => 'posts#show', constraints: {id: /^\d/}
```
However, note that you don't need to use anchors because all routes are anchored at the start.
@@ -551,7 +551,7 @@ However, note that you don't need to use anchors because all routes are anchored
For example, the following routes would allow for `posts` with `to_param` values like `1-hello-world` that always begin with a number and `users` with `to_param` values like `david` that never begin with a number to share the root namespace:
```ruby
-get '/:id' => 'posts#show', :constraints => { :id => /\d.+/ }
+get '/:id' => 'posts#show', constraints: { id: /\d.+/ }
get '/:username' => 'users#show'
```
@@ -562,14 +562,14 @@ You can also constrain a route based on any method on the <a href="action_contro
You specify a request-based constraint the same way that you specify a segment constraint:
```ruby
-get "photos", :constraints => {:subdomain => "admin"}
+get "photos", constraints: {subdomain: "admin"}
```
You can also specify constraints in a block form:
```ruby
namespace :admin do
- constraints :subdomain => "admin" do
+ constraints subdomain: "admin" do
resources :photos
end
end
@@ -592,7 +592,7 @@ end
TwitterClone::Application.routes.draw do
get "*path" => "blacklist#index",
- :constraints => BlacklistConstraint.new
+ constraints: BlacklistConstraint.new
end
```
@@ -601,7 +601,7 @@ You can also specify constraints as a lambda:
```ruby
TwitterClone::Application.routes.draw do
get "*path" => "blacklist#index",
- :constraints => lambda { |request| Blacklist.retrieve_ips.include?(request.remote_ip) }
+ constraints: lambda { |request| Blacklist.retrieve_ips.include?(request.remote_ip) }
end
```
@@ -639,16 +639,16 @@ NOTE: Starting from Rails 3.1, wildcard routes will always match the optional fo
get '*pages' => 'pages#show'
```
-NOTE: By requesting `"/foo/bar.json"`, your `params[:pages]` will be equals to `"foo/bar"` with the request format of JSON. If you want the old 3.0.x behavior back, you could supply `:format => false` like this:
+NOTE: By requesting `"/foo/bar.json"`, your `params[:pages]` will be equals to `"foo/bar"` with the request format of JSON. If you want the old 3.0.x behavior back, you could supply `format: false` like this:
```ruby
-get '*pages' => 'pages#show', :format => false
+get '*pages' => 'pages#show', format: false
```
-NOTE: If you want to make the format segment mandatory, so it cannot be omitted, you can supply `:format => true` like this:
+NOTE: If you want to make the format segment mandatory, so it cannot be omitted, you can supply `format: true` like this:
```ruby
-get '*pages' => 'pages#show', :format => true
+get '*pages' => 'pages#show', format: true
```
### Redirection
@@ -681,10 +681,10 @@ In all of these cases, if you don't provide the leading host (`http://www.exampl
Instead of a String, like `"posts#index"`, which corresponds to the `index` action in the `PostsController`, you can specify any <a href="rails_on_rack.html">Rack application</a> as the endpoint for a matcher.
```ruby
-match "/application.js" => Sprockets, :via => :all
+match "/application.js" => Sprockets, via: :all
```
-As long as `Sprockets` responds to `call` and returns a `[status, headers, body]`, the router won't know the difference between the Rack application and an action. This is an appropriate use of `:via => :all`, as you will want to allow your Rack application to handle all verbs as it considers appropriate.
+As long as `Sprockets` responds to `call` and returns a `[status, headers, body]`, the router won't know the difference between the Rack application and an action. This is an appropriate use of `via: :all`, as you will want to allow your Rack application to handle all verbs as it considers appropriate.
NOTE: For the curious, `"posts#index"` actually expands out to `PostsController.action(:index)`, which returns a valid Rack application.
@@ -693,7 +693,7 @@ NOTE: For the curious, `"posts#index"` actually expands out to `PostsController.
You can specify what Rails should route `"/"` to with the `root` method:
```ruby
-root :to => 'pages#main'
+root to: 'pages#main'
root 'pages#main' # shortcut for the above
```
@@ -719,7 +719,7 @@ While the default routes and helpers generated by `resources :posts` will usuall
The `:controller` option lets you explicitly specify a controller to use for the resource. For example:
```ruby
-resources :photos, :controller => "images"
+resources :photos, controller: "images"
```
will recognize incoming paths beginning with `/photos` but route to the `Images` controller:
@@ -741,7 +741,7 @@ NOTE: Use `photos_path`, `new_photo_path`, etc. to generate paths for this resou
You can use the `:constraints` option to specify a required format on the implicit `id`. For example:
```ruby
-resources :photos, :constraints => {:id => /[A-Z][A-Z][0-9]+/}
+resources :photos, constraints: {id: /[A-Z][A-Z][0-9]+/}
```
This declaration constrains the `:id` parameter to match the supplied regular expression. So, in this case, the router would no longer match `/photos/1` to this route. Instead, `/photos/RR27` would match.
@@ -749,7 +749,7 @@ This declaration constrains the `:id` parameter to match the supplied regular ex
You can specify a single constraint to apply to a number of routes by using the block form:
```ruby
-constraints(:id => /[A-Z][A-Z][0-9]+/) do
+constraints(id: /[A-Z][A-Z][0-9]+/) do
resources :photos
resources :accounts
end
@@ -757,14 +757,14 @@ end
NOTE: Of course, you can use the more advanced constraints available in non-resourceful routes in this context.
-TIP: By default the `:id` parameter doesn't accept dots - this is because the dot is used as a separator for formatted routes. If you need to use a dot within an `:id` add a constraint which overrides this - for example `:id => /[^\/]+/` allows anything except a slash.
+TIP: By default the `:id` parameter doesn't accept dots - this is because the dot is used as a separator for formatted routes. If you need to use a dot within an `:id` add a constraint which overrides this - for example `id: /[^\/]+/` allows anything except a slash.
### Overriding the Named Helpers
The `:as` option lets you override the normal naming for the named route helpers. For example:
```ruby
-resources :photos, :as => "images"
+resources :photos, as: "images"
```
will recognize incoming paths beginning with `/photos` and route the requests to `PhotosController`, but use the value of the :as option to name the helpers.
@@ -784,7 +784,7 @@ will recognize incoming paths beginning with `/photos` and route the requests to
The `:path_names` option lets you override the automatically-generated "new" and "edit" segments in paths:
```ruby
-resources :photos, :path_names => { :new => 'make', :edit => 'change' }
+resources :photos, path_names: { new: 'make', edit: 'change' }
```
This would cause the routing to recognize paths such as
@@ -799,7 +799,7 @@ NOTE: The actual action names aren't changed by this option. The two paths shown
TIP: If you find yourself wanting to change this option uniformly for all of your routes, you can use a scope.
```ruby
-scope :path_names => { :new => "make" } do
+scope path_names: { new: "make" } do
# rest of your routes
end
```
@@ -810,7 +810,7 @@ You can use the `:as` option to prefix the named route helpers that Rails genera
```ruby
scope "admin" do
- resources :photos, :as => "admin_photos"
+ resources :photos, as: "admin_photos"
end
resources :photos
@@ -821,7 +821,7 @@ This will provide route helpers such as `admin_photos_path`, `new_admin_photo_pa
To prefix a group of route helpers, use `:as` with `scope`:
```ruby
-scope "admin", :as => "admin" do
+scope "admin", as: "admin" do
resources :photos, :accounts
end
@@ -847,7 +847,7 @@ This will provide you with URLs such as `/bob/posts/1` and will allow you to ref
By default, Rails creates routes for the seven default actions (index, show, new, create, edit, update, and destroy) for every RESTful route in your application. You can use the `:only` and `:except` options to fine-tune this behavior. The `:only` option tells Rails to create only the specified routes:
```ruby
-resources :photos, :only => [:index, :show]
+resources :photos, only: [:index, :show]
```
Now, a `GET` request to `/photos` would succeed, but a `POST` request to `/photos` (which would ordinarily be routed to the `create` action) will fail.
@@ -855,7 +855,7 @@ Now, a `GET` request to `/photos` would succeed, but a `POST` request to `/photo
The `:except` option specifies a route or list of routes that Rails should _not_ create:
```ruby
-resources :photos, :except => :destroy
+resources :photos, except: :destroy
```
In this case, Rails will create all of the normal routes except the route for `destroy` (a `DELETE` request to `/photos/:id`).
@@ -867,8 +867,8 @@ TIP: If your application has many RESTful routes, using `:only` and `:except` to
Using `scope`, we can alter path names generated by resources:
```ruby
-scope(:path_names => { :new => "neu", :edit => "bearbeiten" }) do
- resources :categories, :path => "kategorien"
+scope(path_names: { new: "neu", edit: "bearbeiten" }) do
+ resources :categories, path: "kategorien"
end
```
@@ -900,7 +900,7 @@ The `:as` option overrides the automatically-generated name for the resource in
```ruby
resources :magazines do
- resources :ads, :as => 'periodical_ads'
+ resources :ads, as: 'periodical_ads'
end
```
@@ -952,8 +952,8 @@ Routes should be included in your testing strategy (just like the rest of your a
`assert_generates` asserts that a particular set of options generate a particular path and can be used with default routes or custom routes.
```ruby
-assert_generates "/photos/1", { :controller => "photos", :action => "show", :id => "1" }
-assert_generates "/about", :controller => "pages", :action => "about"
+assert_generates "/photos/1", { controller: "photos", action: "show", id: "1" }
+assert_generates "/about", controller: "pages", action: "about"
```
#### The `assert_recognizes` Assertion
@@ -961,13 +961,13 @@ assert_generates "/about", :controller => "pages", :action => "about"
`assert_recognizes` is the inverse of `assert_generates`. It asserts that a given path is recognized and routes it to a particular spot in your application.
```ruby
-assert_recognizes({ :controller => "photos", :action => "show", :id => "1" }, "/photos/1")
+assert_recognizes({ controller: "photos", action: "show", id: "1" }, "/photos/1")
```
You can supply a `:method` argument to specify the HTTP verb:
```ruby
-assert_recognizes({ :controller => "photos", :action => "create" }, { :path => "photos", :method => :post })
+assert_recognizes({ controller: "photos", action: "create" }, { path: "photos", method: :post })
```
#### The `assert_routing` Assertion
@@ -975,5 +975,5 @@ assert_recognizes({ :controller => "photos", :action => "create" }, { :path => "
The `assert_routing` assertion checks the route both ways: it tests that the path generates the options, and that the options generate the path. Thus, it combines the functions of `assert_generates` and `assert_recognizes`.
```ruby
-assert_routing({ :path => "photos", :method => :post }, { :controller => "photos", :action => "create" })
+assert_routing({ path: "photos", method: :post }, { controller: "photos", action: "create" })
```
diff --git a/guides/source/security.md b/guides/source/security.md
index 0186386059..5ef68d2272 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -96,8 +96,8 @@ That means the security of this storage depends on this secret (and on the diges
```ruby
config.action_dispatch.session = {
- :key => '_app_session',
- :secret => '0x0dkfj3927dkc7djdh36rkckdfzsg...'
+ key: '_app_session',
+ secret: '0x0dkfj3927dkc7djdh36rkckdfzsg...'
}
```
@@ -233,7 +233,7 @@ Or the attacker places the code into the onmouseover event handler of an image:
There are many other possibilities, including Ajax to attack the victim in the background.
The _solution to this is including a security token in non-GET requests_ which check on the server-side. In Rails 2 or higher, this is a one-liner in the application controller:
```ruby
-protect_from_forgery :secret => "123456789012345678901234567890..."
+protect_from_forgery secret: "123456789012345678901234567890..."
```
This will automatically include a security token, calculated from the current session and the server-side secret, in all forms and Ajax requests generated by Rails. You won't need the secret, if you use CookieStorage as session storage. If the security token doesn't match what was expected, the session will be reset. **Note:** In Rails versions prior to 3.0.4, this raised an `ActionController::InvalidAuthenticityToken` error.
@@ -264,7 +264,7 @@ Whenever the user is allowed to pass (parts of) the URL for redirection, it is p
```ruby
def legacy
- redirect_to(params.update(:action=>'main'))
+ redirect_to(params.update(action:'main'))
end
```
@@ -334,7 +334,7 @@ basename = File.expand_path(File.join(File.dirname(__FILE__), '../../files'))
filename = File.expand_path(File.join(basename, @file.public_filename))
raise if basename !=
File.expand_path(File.join(File.dirname(filename), '../../../'))
-send_file filename, :disposition => 'inline'
+send_file filename, disposition: 'inline'
```
Another (additional) approach is to store the file names in the database and name the files on the disk after the ids in the database. This is also a good approach to avoid possible code in an uploaded file to be executed. The attachment_fu plugin does this in a similar way.
@@ -383,7 +383,7 @@ any model's attributes by manipulating the hash passed to a model's `new()` meth
```ruby
def signup
- params[:user] # => {:name=>"ow3ned", :admin=>true}
+ params[:user] # => {name:"ow3ned", admin:true}
@user = User.new(params[:user])
end
```
@@ -402,7 +402,7 @@ http://www.example.com/user/signup?user[name]=ow3ned&user[admin]=1
This will set the following parameters in the controller:
```ruby
-params[:user] # => {:name=>"ow3ned", :admin=>true}
+params[:user] # => {name:"ow3ned", admin:true}
```
So if you create a new user using mass-assignment, it may be too easy to become
@@ -459,9 +459,9 @@ should be allowed for mass updating using the slice pattern. For example:
```ruby
def signup
params[:user]
- # => {:name=>"ow3ned", :admin=>true}
+ # => {name:"ow3ned", admin:true}
permitted_params = params.require(:user).permit(:name)
- # => {:name=>"ow3ned"}
+ # => {name:"ow3ned"}
@user = User.new(permitted_params)
end
@@ -499,10 +499,11 @@ attributes.
```ruby
def user_params
- filters = [:name]
- filters << :admin if current_user.try(:admin?)
-
- params.require(:user).permit(*filters)
+ if current_user.admin?
+ params.require(:user).permit(:name, :admin)
+ else
+ params.require(:user).permit(:name)
+ end
end
```
@@ -647,7 +648,7 @@ Since this is a frequent mistake, the format validator (validates_format_of) now
```ruby
# content should include a line "Meanwhile" anywhere in the string
- validates :content, :format => { :with => /^Meanwhile$/, :multiline => true }
+ validates :content, format: { with: /^Meanwhile$/, multiline: true }
```
Note that this only protects you against the most common mistake when using the format validator - you always need to keep in mind that ^ and $ match the **line** beginning and line end in Ruby, and not the beginning and end of a string.
@@ -685,7 +686,7 @@ NOTE: _When sanitizing, protecting or verifying something, whitelists over black
A blacklist can be a list of bad e-mail addresses, non-public actions or bad HTML tags. This is opposed to a whitelist which lists the good e-mail addresses, public actions, good HTML tags and so on. Although sometimes it is not possible to create a whitelist (in a SPAM filter, for example), _prefer to use whitelist approaches_:
-* Use before_filter :only => [...] instead of :except => [...]. This way you don't forget to turn it off for newly added actions.
+* Use before_filter only: [...] instead of except: [...]. This way you don't forget to turn it off for newly added actions.
* Use attr_accessible instead of attr_protected. See the mass-assignment section for details
* Allow &lt;strong&gt; instead of removing &lt;script&gt; against Cross-Site Scripting (XSS). See below for details.
* Don't try to correct user input by blacklists:
@@ -768,7 +769,7 @@ Model.where("login = ? AND password = ?", entered_user_name, entered_password).f
As you can see, the first part of the array is an SQL fragment with question marks. The sanitized versions of the variables in the second part of the array replace the question marks. Or you can pass a hash for the same result:
```ruby
-Model.where(:login => entered_user_name, :password => entered_password).first
+Model.where(login: entered_user_name, password: entered_password).first
```
The array or hash form is only available in model instances. You can try `sanitize_sql()` elsewhere. _Make it a habit to think about the security consequences when using an external string in SQL_.
@@ -863,7 +864,7 @@ This returned "some&lt;script&gt;alert('hello')&lt;/script&gt;", which makes an
```ruby
tags = %w(a acronym b strong i em li ul ol h1 h2 h3 h4 h5 h6 blockquote br cite sub sup ins p)
-s = sanitize(user_input, :tags => tags, :attributes => %w(href title))
+s = sanitize(user_input, tags: tags, attributes: %w(href title))
```
This allows only the given tags and does a good job, even against all kinds of tricks and malformed tags.
diff --git a/guides/source/upgrading_ruby_on_rails.md b/guides/source/upgrading_ruby_on_rails.md
index 0ae0e30ab7..148316d170 100644
--- a/guides/source/upgrading_ruby_on_rails.md
+++ b/guides/source/upgrading_ruby_on_rails.md
@@ -255,7 +255,7 @@ ActiveSupport.on_load(:active_record) do
end
```
-h4(#config_session3_1). config/initializers/session_store.rb
+### config/initializers/session_store.rb
You need to change your session key to something new, or remove all sessions:
@@ -266,4 +266,6 @@ AppName::Application.config.session_store :cookie_store, :key => 'SOMETHINGNEW'
or
-<tt>$ rake db:sessions:clear</tt>
+```bash
+$ rake db:sessions:clear
+```