path: root/railties/guides
diff options
authorAaron Patterson <aaron.patterson@gmail.com>2011-03-29 17:38:43 -0700
committerAaron Patterson <aaron.patterson@gmail.com>2011-03-29 17:38:43 -0700
commit0471fc9f1cf95865a9810b46f1227783fee40ab5 (patch)
tree50c6a1990e7b97b7960a692c9441e686cbcb4902 /railties/guides
parent28c73f012328c8386acfc608f0dfb1a459dbf170 (diff)
parent58becf116580c37c63b89f4a660ebe293f6e7c4e (diff)
Merge branch 'master' into zomg
* master: (51 commits) order is not guaranteed by this select, so add an order and call first! oracle stores this with microseconds, so convert to seconds before comparing make sure that active connections are not cleared during test when an exception happens clearing active connections in the ConnectionManagement middleware if an exception happens proxy body responses so we close database connections after body is flushed Pass the proper method_name instead of hardcoding to action_name. Quote find_in_batches ORDER BY clause [#6620 state:resolved] Delegate first!, last!, any? and many? to scoped Dont call authenticate_or_request_with_http_basic twice Remove 'warning: ambiguous first argument' when running ActionPack tests Change exists? so that it doesn't instantiate records [#6127 state:resolved] Move mapper_test to the appropriate location Update the wildcard route to be non-greedy by default, therefore be able to match the (.:format) segment [#6605 state:resolved] Fix examples Added Base.http_basic_authenticate_with to do simple http basic authentication with a single class method call [DHH] make sure we have an active database connection before running each connection management test adding active_connections? to the connection pool for finding open connections adding active_connection? to the connection pool testing app delegation from the ConnectionManagement middleware namespacing connection management tests. :heart: ...
Diffstat (limited to 'railties/guides')
7 files changed, 101 insertions, 4 deletions
diff --git a/railties/guides/source/action_controller_overview.textile b/railties/guides/source/action_controller_overview.textile
index ecb03a48e4..178d98c2d6 100644
--- a/railties/guides/source/action_controller_overview.textile
+++ b/railties/guides/source/action_controller_overview.textile
@@ -816,6 +816,28 @@ end
NOTE: Certain exceptions are only rescuable from the +ApplicationController+ class, as they are raised before the controller gets initialized and the action gets executed. See Pratik Naik's "article":http://m.onkey.org/2008/7/20/rescue-from-dispatching on the subject for more information.
+h3. Force HTTPS protocol
+Sometime you might want to force a particular controller to only be accessible via an HTTPS protocol for security reason. Since Rails 3.1 you can now use +force_ssl+ method in your controller to enforce that:
+class DinnerController
+ force_ssl
+Just like the filter, you could also passing +:only+ and +:except+ to enforce the secure connection only to specific actions
+class DinnerController
+ force_ssl :only => :cheeseburger
+ # or
+ force_ssl :except => :cheeseburger
+Please note that if you found yourself adding +force_ssl+ to many controllers, you may found yourself wanting to force the whole application to use HTTPS instead. In that case, you can set the +config.force_ssl+ in your environment file.
h3. Changelog
* February 17, 2009: Yet another proofread by Xavier Noria.
diff --git a/railties/guides/source/active_record_querying.textile b/railties/guides/source/active_record_querying.textile
index 009d541106..f3a10b8b92 100644
--- a/railties/guides/source/active_record_querying.textile
+++ b/railties/guides/source/active_record_querying.textile
@@ -76,7 +76,7 @@ Primary operation of <tt>Model.find(options)</tt> can be summarized as:
h4. Retrieving a Single Object
-Active Record lets you retrieve a single object using three different ways.
+Active Record lets you retrieve a single object using five different ways.
h5. Using a Primary Key
@@ -130,6 +130,40 @@ SELECT * FROM clients ORDER BY clients.id DESC LIMIT 1
<tt>Model.last</tt> returns +nil+ if no matching record is found. No exception will be raised.
+h5. +first!+
+<tt>Model.first!</tt> finds the first record. For example:
+client = Client.first!
+=> #<Client id: 1, first_name: "Lifo">
+SQL equivalent of the above is:
+SELECT * FROM clients LIMIT 1
+<tt>Model.first!</tt> raises +RecordNotFound+ if no matching record is found.
+h5. +last!+
+<tt>Model.last!</tt> finds the last record. For example:
+client = Client.last!
+=> #<Client id: 221, first_name: "Russel">
+SQL equivalent of the above is:
+SELECT * FROM clients ORDER BY clients.id DESC LIMIT 1
+<tt>Model.last!</tt> raises +RecordNotFound+ if no matching record is found.
h4. Retrieving Multiple Objects
h5. Using Multiple Primary Keys
@@ -928,6 +962,26 @@ Client.exists?
The above returns +false+ if the +clients+ table is empty and +true+ otherwise.
+You can also use +any?+ and +many?+ to check for existence on a model or relation.
+# via a model
+# via a named scope
+# via a relation
+Post.where(:published => true).any?
+Post.where(:published => true).many?
+# via an association
h3. Calculations
This section uses count as an example method in this preamble, but the options described apply to all sub-sections.
diff --git a/railties/guides/source/active_record_validations_callbacks.textile b/railties/guides/source/active_record_validations_callbacks.textile
index e5349d546c..514d0322b9 100644
--- a/railties/guides/source/active_record_validations_callbacks.textile
+++ b/railties/guides/source/active_record_validations_callbacks.textile
@@ -84,6 +84,7 @@ The following methods skip validations, and will save the object to the database
* +toggle!+
* +update_all+
* +update_attribute+
+* +update_column+
* +update_counters+
Note that +save+ also has the ability to skip validations if passed +:validate => false+ as argument. This technique should be used with caution.
@@ -993,6 +994,7 @@ Just as with validations, it's also possible to skip callbacks. These methods sh
* +increment+
* +increment_counter+
* +toggle+
+* +update_column+
* +update_all+
* +update_counters+
diff --git a/railties/guides/source/configuring.textile b/railties/guides/source/configuring.textile
index 62b846e871..298335d484 100644
--- a/railties/guides/source/configuring.textile
+++ b/railties/guides/source/configuring.textile
@@ -81,6 +81,8 @@ end
* +config.filter_parameters+ used for filtering out the parameters that you don't want shown in the logs, such as passwords or credit card numbers.
+* +config.force_ssl+ forcing all requests to be under HTTPS protocol by using +Rack::SSL+ middleware. This will secure your application from a session hijack attempt.
* +config.helper_paths+ configures where Rails can find helpers for this application.
* +config.log_level+ defines the verbosity of the Rails logger. In production mode, this defaults to +:info+. In development mode, it defaults to +:debug+.
@@ -147,6 +149,7 @@ h4. Configuring Middleware
Every Rails application comes with a standard set of middleware which it uses in this order in the development environment:
+* +Rack::SSL+ Will force every requests to be under HTTPS protocol. Will be available if +config.force_ssl+ is set to _true_.
* +ActionDispatch::Static+ is used to serve static assets. Disabled if +config.serve_static_assets+ is _true_.
* +Rack::Lock+ Will wrap the app in mutex so it can only be called by a single thread at a time. Only enabled if +config.action_controller.allow_concurrency+ is set to _false_, which it is by default.
* +ActiveSupport::Cache::Strategy::LocalCache+ Serves as a basic memory backed cache. This cache is not thread safe and is intended only for serving as a temporary memory cache for a single thread.
diff --git a/railties/guides/source/routing.textile b/railties/guides/source/routing.textile
index c447fd911a..58b75b9a1d 100644
--- a/railties/guides/source/routing.textile
+++ b/railties/guides/source/routing.textile
@@ -557,6 +557,18 @@ match '*a/foo/*b' => 'test#index'
would match +zoo/woo/foo/bar/baz+ with +params[:a]+ equals +"zoo/woo"+, and +params[:b]+ equals +"bar/baz"+.
+NOTE: Starting from Rails 3.1, wildcard route will always matching the optional format segment by default. For example if you have this route:
+map '*pages' => 'pages#show'
+NOTE: By requesting +"/foo/bar.json"+, your +params[:pages]+ will be equals to +"foo/bar"+ with the request format of JSON. If you want the old 3.0.x behavior back, you could supply +:format => false+ like this:
+map '*pages' => 'pages#show', :format => false
h4. Redirection
You can redirect any path to another path using the +redirect+ helper in your router:
diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile
index 182f3631ef..893f65856c 100644
--- a/railties/guides/source/security.textile
+++ b/railties/guides/source/security.textile
@@ -57,7 +57,11 @@ Many web applications have an authentication system: a user provides a user name
Hence, the cookie serves as temporary authentication for the web application. Everyone who seizes a cookie from someone else, may use the web application as this user – with possibly severe consequences. Here are some ways to hijack a session, and their countermeasures:
-* Sniff the cookie in an insecure network. A wireless LAN can be an example of such a network. In an unencrypted wireless LAN it is especially easy to listen to the traffic of all connected clients. This is one more reason not to work from a coffee shop. For the web application builder this means to _(highlight)provide a secure connection over SSL_.
+* Sniff the cookie in an insecure network. A wireless LAN can be an example of such a network. In an unencrypted wireless LAN it is especially easy to listen to the traffic of all connected clients. This is one more reason not to work from a coffee shop. For the web application builder this means to _(highlight)provide a secure connection over SSL_. In Rails 3.1 and later, this could be accomplished by always forcing SSL connection in your application config file:
+config.force_ssl = true
* Most people don't clear out the cookies after working at a public terminal. So if the last user didn't log out of a web application, you would be able to use it as this user. Provide the user with a _(highlight)log-out button_ in the web application, and _(highlight)make it prominent_.
diff --git a/railties/guides/source/testing.textile b/railties/guides/source/testing.textile
index 4ebdb3edf6..d3f72509c6 100644
--- a/railties/guides/source/testing.textile
+++ b/railties/guides/source/testing.textile
@@ -81,7 +81,7 @@ Each fixture is given a name followed by an indented list of colon-separated key
h5. ERb'in It Up
-ERb allows you embed ruby code within templates. Both the YAML and CSV fixture formats are pre-processed with ERb when you load fixtures. This allows you to use Ruby to help you generate some sample data.
+ERb allows you to embed ruby code within templates. Both the YAML and CSV fixture formats are pre-processed with ERb when you load fixtures. This allows you to use Ruby to help you generate some sample data.
<% earth_size = 20 %>
@@ -227,7 +227,7 @@ $ rake db:migrate
$ rake db:test:load
-Above +rake db:migrate+ runs any pending migrations on the _development_ environment and updates +db/schema.rb+. +rake db:test:load+ recreates the test database from the current +db/schema.rb+. On subsequent attempts, it is a good idea to first run +db:test:prepare+, as it first checks for pending migrations and warns you appropriately.
+The +rake db:migrate+ above runs any pending migrations on the _development_ environment and updates +db/schema.rb+. The +rake db:test:load+ recreates the test database from the current +db/schema.rb+. On subsequent attempts, it is a good idea to first run +db:test:prepare+, as it first checks for pending migrations and warns you appropriately.
NOTE: +db:test:prepare+ will fail with an error if +db/schema.rb+ doesn't exist.