aboutsummaryrefslogtreecommitdiffstats
path: root/railties/guides/source
diff options
context:
space:
mode:
Diffstat (limited to 'railties/guides/source')
-rw-r--r--railties/guides/source/2_2_release_notes.textile2
-rw-r--r--railties/guides/source/action_mailer_basics.textile2
-rw-r--r--railties/guides/source/active_record_validations_callbacks.textile18
-rw-r--r--railties/guides/source/active_support_core_extensions.textile49
-rw-r--r--railties/guides/source/active_support_instrumentation.textile57
-rw-r--r--railties/guides/source/association_basics.textile2
-rw-r--r--railties/guides/source/configuring.textile2
-rw-r--r--railties/guides/source/contributing_to_ruby_on_rails.textile2
-rw-r--r--railties/guides/source/documents.yaml5
-rw-r--r--railties/guides/source/form_helpers.textile4
-rw-r--r--railties/guides/source/security.textile2
11 files changed, 88 insertions, 57 deletions
diff --git a/railties/guides/source/2_2_release_notes.textile b/railties/guides/source/2_2_release_notes.textile
index 8e2d528eee..3a0f2efbaf 100644
--- a/railties/guides/source/2_2_release_notes.textile
+++ b/railties/guides/source/2_2_release_notes.textile
@@ -229,7 +229,7 @@ This will enable recognition of (among others) these routes:
* Lead Contributor: "S. Brent Faulkner":http://www.unwwwired.net/
* More information:
-** "Rails Routing from the Outside In":http://guides.rubyonrails.org/routing.html#_nested_resources
+** "Rails Routing from the Outside In":http://guides.rubyonrails.org/routing.html#nested-resources
** "What's New in Edge Rails: Shallow Routes":http://ryandaigle.com/articles/2008/9/7/what-s-new-in-edge-rails-shallow-routes
h4. Method Arrays for Member or Collection Routes
diff --git a/railties/guides/source/action_mailer_basics.textile b/railties/guides/source/action_mailer_basics.textile
index 26c95be031..2760e03be1 100644
--- a/railties/guides/source/action_mailer_basics.textile
+++ b/railties/guides/source/action_mailer_basics.textile
@@ -244,7 +244,7 @@ It is possible to send email to one or more recipients in one email (for e.g. in
<ruby>
class AdminMailer < ActionMailer::Base
- default :to => Admin.all.map(&:email),
+ default :to => Proc.new { Admin.all.map(&:email) },
:from => "notification@example.com"
def new_registration(user)
diff --git a/railties/guides/source/active_record_validations_callbacks.textile b/railties/guides/source/active_record_validations_callbacks.textile
index 349d02c1f6..88c4481e5e 100644
--- a/railties/guides/source/active_record_validations_callbacks.textile
+++ b/railties/guides/source/active_record_validations_callbacks.textile
@@ -531,7 +531,7 @@ Person.new.valid? => ActiveModel::StrictValidationFailed: Name can't be blank
h3. Conditional Validation
-Sometimes it will make sense to validate an object just when a given predicate is satisfied. You can do that by using the +:if+ and +:unless+ options, which can take a symbol, a string or a +Proc+. You may use the +:if+ option when you want to specify when the validation *should* happen. If you want to specify when the validation *should not* happen, then you may use the +:unless+ option.
+Sometimes it will make sense to validate an object just when a given predicate is satisfied. You can do that by using the +:if+ and +:unless+ options, which can take a symbol, a string, a +Proc+ or an +Array+. You may use the +:if+ option when you want to specify when the validation *should* happen. If you want to specify when the validation *should not* happen, then you may use the +:unless+ option.
h4. Using a Symbol with +:if+ and +:unless+
@@ -583,6 +583,20 @@ end
All validations inside of +with_options+ block will have automatically passed the condition +:if => :is_admin?+
+h4. Combining validation conditions
+
+On the other hand, when multiple conditions define whether or not a validation should happen, an +Array+ can be used. Moreover, you can apply both +:if:+ and +:unless+ to the same validation.
+
+<ruby>
+class Computer < ActiveRecord::Base
+ validates :mouse, :presence => true,
+ :if => ["market.retail?", :desktop?]
+ :unless => Proc.new { |c| c.trackpad.present? }
+end
+</ruby>
+
+The validation only runs when all the +:if+ conditions and none of the +:unless+ conditions are evaluated to +true+.
+
h3. Performing Custom Validations
When the built-in validation helpers are not enough for your needs, you can write your own validators or validation methods as you prefer.
@@ -1107,7 +1121,7 @@ Post destroyed
h3. Conditional Callbacks
-As with validations, we can also make the calling of a callback method conditional on the satisfaction of a given predicate. We can do this using the +:if+ and +:unless+ options, which can take a symbol, a string or a +Proc+. You may use the +:if+ option when you want to specify under which conditions the callback *should* be called. If you want to specify the conditions under which the callback *should not* be called, then you may use the +:unless+ option.
+As with validations, we can also make the calling of a callback method conditional on the satisfaction of a given predicate. We can do this using the +:if+ and +:unless+ options, which can take a symbol, a string, a +Proc+ or an +Array+. You may use the +:if+ option when you want to specify under which conditions the callback *should* be called. If you want to specify the conditions under which the callback *should not* be called, then you may use the +:unless+ option.
h4. Using +:if+ and +:unless+ with a +Symbol+
diff --git a/railties/guides/source/active_support_core_extensions.textile b/railties/guides/source/active_support_core_extensions.textile
index 2091ce0395..5d0a3f82e8 100644
--- a/railties/guides/source/active_support_core_extensions.textile
+++ b/railties/guides/source/active_support_core_extensions.textile
@@ -509,55 +509,6 @@ end
NOTE: Defined in +active_support/core_ext/module/aliasing.rb+.
-h5. +attr_accessor_with_default+
-
-The method +attr_accessor_with_default+ serves the same purpose as the Ruby macro +attr_accessor+ but allows you to set a default value for the attribute:
-
-<ruby>
-class Url
- attr_accessor_with_default :port, 80
-end
-
-Url.new.port # => 80
-</ruby>
-
-The default value can be also specified with a block, which is called in the context of the corresponding object:
-
-<ruby>
-class User
- attr_accessor :name, :surname
- attr_accessor_with_default(:full_name) do
- [name, surname].compact.join(" ")
- end
-end
-
-u = User.new
-u.name = 'Xavier'
-u.surname = 'Noria'
-u.full_name # => "Xavier Noria"
-</ruby>
-
-The result is not cached, the block is invoked in each call to the reader.
-
-You can overwrite the default with the writer:
-
-<ruby>
-url = Url.new
-url.host # => 80
-url.host = 8080
-url.host # => 8080
-</ruby>
-
-The default value is returned as long as the attribute is unset. The reader does not rely on the value of the attribute to know whether it has to return the default. It rather monitors the writer: if there's any assignment the value is no longer considered to be unset.
-
-Active Resource uses this macro to set a default value for the +:primary_key+ attribute:
-
-<ruby>
-attr_accessor_with_default :primary_key, 'id'
-</ruby>
-
-NOTE: Defined in +active_support/core_ext/module/attr_accessor_with_default.rb+.
-
h5. Internal Attributes
When you are defining an attribute in a class that is meant to be subclassed, name collisions are a risk. That's remarkably important for libraries.
diff --git a/railties/guides/source/active_support_instrumentation.textile b/railties/guides/source/active_support_instrumentation.textile
index f9452400ad..8e2866dfc3 100644
--- a/railties/guides/source/active_support_instrumentation.textile
+++ b/railties/guides/source/active_support_instrumentation.textile
@@ -21,10 +21,67 @@ You are even able to create your own events inside your application which you ca
h3. Rails framework hooks
+Within the Ruby on Rails framework, there are a number of hooks provided for common events. These are detailed below.
+
h4. Action Mailer
+h5. receive.action_mailer
+
+This hook is called when the +receive+ method of an +ActionMailer::Base+ class is called:
+
+<ruby>
+ class Mailer < ActionMailer::Base
+ def receive(mail)
+
+ end
+ end
+</ruby>
+
+The payload for this event has the following parameters related to the incoming email:
+
+|_.Key |_.Value|
+|mailer |Name of the mailer class|
+|message_id |ID of the message, generated by the Mail gem|
+|subject |Subject of the mail|
+|to |To address(es) of the mail|
+|from |From address of the mail|
+|bcc |BCC addresses of the mail|
+|cc |CC addresses of the mail|
+|date |Date of the mail|
+|mail |The encoded form of the mail|
+
+h5. deliver.action_mailer
+
+This hook is called when the +deliver+ method is called on a +Mail::Message+ object. This is due to a hook inserted by Action Mailer, rather than a specific feature of the Mail gem itself.
+
+The payload for this event has the following parameters related to the outgoing email:
+
+|_.Key |_.Value|
+|mailer |Name of the mailer class|
+|message_id |ID of the message, generated by the Mail gem|
+|subject |Subject of the mail|
+|to |To address(es) of the mail|
+|from |From address of the mail|
+|bcc |BCC addresses of the mail|
+|cc |CC addresses of the mail|
+|date |Date of the mail|
+|mail |The encoded form of the mail|
+
+
h4. Action Controller
+h5. write_fragment.action_controller
+
+h5. read_fragment.action_controller
+
+h5. exist_fragment?.action_controller
+
+h5. expire_fragment.action_controller
+
+h5. write_page.action_controller
+
+h5. expire_page.action_controller
+
h4. Action View
h4. Active Record
diff --git a/railties/guides/source/association_basics.textile b/railties/guides/source/association_basics.textile
index ba92aedbd0..493b7c30be 100644
--- a/railties/guides/source/association_basics.textile
+++ b/railties/guides/source/association_basics.textile
@@ -1322,7 +1322,7 @@ If you need to evaluate conditions dynamically at runtime, use a proc:
<ruby>
class Customer < ActiveRecord::Base
has_many :latest_orders, :class_name => "Order",
- :conditions => proc { ["orders.created_at > ?, 10.hours.ago] }
+ :conditions => proc { ["orders.created_at > ?", 10.hours.ago] }
end
</ruby>
diff --git a/railties/guides/source/configuring.textile b/railties/guides/source/configuring.textile
index 619c0ae16c..d6e500fc4b 100644
--- a/railties/guides/source/configuring.textile
+++ b/railties/guides/source/configuring.textile
@@ -294,6 +294,8 @@ h4. Configuring Active Record
* +config.active_record.dependent_restrict_raises+ will control the behavior when an object with a <tt>:dependent => :restrict</tt> association is deleted. Setting this to false will prevent +DeleteRestrictionError+ from being raised and instead will add an error on the model object. Defaults to false in the development mode.
+* +config.active_record.mass_assignment_sanitizer+ will determine the strictness of the mass assignment sanitization within Rails. Defaults to +:strict+. In this mode, mass assigning any non-+attr_accessible+ attribute in a +create+ or +update_attributes+ call will raise an exception. Setting this option to +:logger+ will only print to the log file when an attribute is being assigned and will not raise an exception.
+
The MySQL adapter adds one additional configuration option:
* +ActiveRecord::ConnectionAdapters::MysqlAdapter.emulate_booleans+ controls whether Active Record will consider all +tinyint(1)+ columns in a MySQL database to be booleans and is true by default.
diff --git a/railties/guides/source/contributing_to_ruby_on_rails.textile b/railties/guides/source/contributing_to_ruby_on_rails.textile
index e082fd2941..df8b16eb9e 100644
--- a/railties/guides/source/contributing_to_ruby_on_rails.textile
+++ b/railties/guides/source/contributing_to_ruby_on_rails.textile
@@ -332,6 +332,8 @@ When you're happy with the code on your computer, you need to commit the changes
$ git commit -a -m "Here is a commit message on what I changed in this commit"
</shell>
+TIP. Please squash your commits into a single commit when appropriate. This simplifies future cherry picks, and also keeps the git log clean.
+
h4. Update master
It’s pretty likely that other changes to master have happened while you were working. Go get them:
diff --git a/railties/guides/source/documents.yaml b/railties/guides/source/documents.yaml
index 08aafda288..2acdcca39c 100644
--- a/railties/guides/source/documents.yaml
+++ b/railties/guides/source/documents.yaml
@@ -97,6 +97,11 @@
url: asset_pipeline.html
description: This guide documents the asset pipeline.
-
+ name: Getting Started with Engines
+ url: engines.html
+ description: This guide explains how to write a mountable engine.
+ work_in_progress: true
+ -
name: The Rails Initialization Process
work_in_progress: true
url: initialization.html
diff --git a/railties/guides/source/form_helpers.textile b/railties/guides/source/form_helpers.textile
index 6d9cd5440b..8934667c5e 100644
--- a/railties/guides/source/form_helpers.textile
+++ b/railties/guides/source/form_helpers.textile
@@ -39,7 +39,7 @@ When called without arguments like this, it creates a +&lt;form&gt;+ tag which,
</form>
</html>
-Now, you'll notice that the HTML contains something extra: a +div+ element with two hidden input elements inside. This div is important, because the form cannot be successfully submitted without it. The first input element with name +utf8+ enforces browsers to properly respect your form's character encoding and is generated for all forms whether their actions are "GET" or "POST". The second input element with name +authenticity_token+ is a security feature of Rails called *cross-site request forgery protection*, and form helpers generate it for every non-GET form (provided that this security feature is enabled). You can read more about this in the "Security Guide":./security.html#_cross_site_reference_forgery_csrf.
+Now, you'll notice that the HTML contains something extra: a +div+ element with two hidden input elements inside. This div is important, because the form cannot be successfully submitted without it. The first input element with name +utf8+ enforces browsers to properly respect your form's character encoding and is generated for all forms whether their actions are "GET" or "POST". The second input element with name +authenticity_token+ is a security feature of Rails called *cross-site request forgery protection*, and form helpers generate it for every non-GET form (provided that this security feature is enabled). You can read more about this in the "Security Guide":./security.html#cross-site-request-forgery-csrf.
NOTE: Throughout this guide, the +div+ with the hidden input elements will be excluded from code samples for brevity.
@@ -428,7 +428,7 @@ As with other helpers, if you were to use the +select+ helper on a form builder
<%= f.select(:city_id, ...) %>
</erb>
-WARNING: If you are using +select+ (or similar helpers such as +collection_select+, +select_tag+) to set a +belongs_to+ association you must pass the name of the foreign key (in the example above +city_id+), not the name of association itself. If you specify +city+ instead of +city_id+ Active Record will raise an error along the lines of <tt> ActiveRecord::AssociationTypeMismatch: City(#17815740) expected, got String(#1138750) </tt> when you pass the +params+ hash to +Person.new+ or +update_attributes+. Another way of looking at this is that form helpers only edit attributes. You should also be aware of the potential security ramifications of allowing users to edit foreign keys directly. You may wish to consider the use of +attr_protected+ and +attr_accessible+. For further details on this, see the "Ruby On Rails Security Guide":security.html#_mass_assignment.
+WARNING: If you are using +select+ (or similar helpers such as +collection_select+, +select_tag+) to set a +belongs_to+ association you must pass the name of the foreign key (in the example above +city_id+), not the name of association itself. If you specify +city+ instead of +city_id+ Active Record will raise an error along the lines of <tt> ActiveRecord::AssociationTypeMismatch: City(#17815740) expected, got String(#1138750) </tt> when you pass the +params+ hash to +Person.new+ or +update_attributes+. Another way of looking at this is that form helpers only edit attributes. You should also be aware of the potential security ramifications of allowing users to edit foreign keys directly. You may wish to consider the use of +attr_protected+ and +attr_accessible+. For further details on this, see the "Ruby On Rails Security Guide":security.html#mass-assignment.
h4. Option Tags from a Collection of Arbitrary Objects
diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile
index b1a09c0c05..747a4d6791 100644
--- a/railties/guides/source/security.textile
+++ b/railties/guides/source/security.textile
@@ -374,7 +374,7 @@ end
Mass-assignment saves you much work, because you don't have to set each value individually. Simply pass a hash to the +new+ method, or +assign_attributes=+ a hash value, to set the model's attributes to the values in the hash. The problem is that it is often used in conjunction with the parameters (params) hash available in the controller, which may be manipulated by an attacker. He may do so by changing the URL like this:
<pre>
-"name":http://www.example.com/user/signup?user[name]=ow3ned&user[admin]=1
+http://www.example.com/user/signup?user[name]=ow3ned&user[admin]=1
</pre>
This will set the following parameters in the controller: