diff options
Diffstat (limited to 'railties/guides/source')
31 files changed, 1990 insertions, 581 deletions
diff --git a/railties/guides/source/3_0_release_notes.textile b/railties/guides/source/3_0_release_notes.textile index fbb684978a..d22c76dd81 100644 --- a/railties/guides/source/3_0_release_notes.textile +++ b/railties/guides/source/3_0_release_notes.textile @@ -59,12 +59,12 @@ The +config.gem+ method is gone and has been replaced by using +bundler+ and a + h4. Upgrade Process -To help with the upgrade process, a plugin named "Rails Upgrade":http://github.com/jm/rails_upgrade has been created to automate part of it. +To help with the upgrade process, a plugin named "Rails Upgrade":http://github.com/rails/rails_upgrade has been created to automate part of it. Simply install the plugin, then run +rake rails:upgrade:check+ to check your app for pieces that need to be updated (with links to information on how to update them). It also offers a task to generate a +Gemfile+ based on your current +config.gem+ calls and a task to generate a new routes file from your current one. To get the plugin, simply run the following: <shell> -$ ruby script/plugin install git://github.com/jm/rails_upgrade.git +$ ruby script/plugin install git://github.com/rails/rails_upgrade.git </shell> You can see an example of how that works at "Rails Upgrade is now an Official Plugin":http://omgbloglol.com/post/364624593/rails-upgrade-is-now-an-official-plugin diff --git a/railties/guides/source/3_1_release_notes.textile b/railties/guides/source/3_1_release_notes.textile new file mode 100644 index 0000000000..087926f98d --- /dev/null +++ b/railties/guides/source/3_1_release_notes.textile @@ -0,0 +1,429 @@ +h2. Ruby on Rails 3.1 Release Notes + +Highlights in Rails 3.1: + +* Streaming +* Reversible Migrations +* Assets Pipeline +* jQuery as the default JavaScript library + +This release notes cover the major changes, but don't include every little bug fix and change. If you want to see everything, check out the "list of commits":https://github.com/rails/rails/commits/master in the main Rails repository on GitHub. + +endprologue. + +h3. Upgrading to Rails 3.1 + +If you're upgrading an existing application, it's a great idea to have good test coverage before going in. You should also first upgrade to Rails 3 in case you haven't and make sure your application still runs as expected before attempting to update to Rails 3.1. Then take heed of the following changes: + +h4. Rails 3.1 requires at least Ruby 1.8.7 + +Rails 3.1 requires Ruby 1.8.7 or higher. Support for all of the previous Ruby versions has been dropped officially and you should upgrade as early as possible. Rails 3.1 is also compatible with Ruby 1.9.2. + +TIP: Note that Ruby 1.8.7 p248 and p249 have marshaling bugs that crash Rails. Ruby Enterprise Edition have these fixed since release 1.8.7-2010.02 though. On the 1.9 front, Ruby 1.9.1 is not usable because it outright segfaults, so if you want to use 1.9.x jump on 1.9.2 for smooth sailing. + +h3. Creating a Rails 3.1 application + +<shell> +# You should have the 'rails' rubygem installed +$ rails new myapp +$ cd myapp +</shell> + +h4. Vendoring Gems + +Rails now uses a +Gemfile+ in the application root to determine the gems you require for your application to start. This +Gemfile+ is processed by the "Bundler":https://github.com/carlhuda/bundler gem, which then installs all your dependencies. It can even install all the dependencies locally to your application so that it doesn't depend on the system gems. + +More information: - "bundler homepage":http://gembundler.com + +h4. Living on the Edge + ++Bundler+ and +Gemfile+ makes freezing your Rails application easy as pie with the new dedicated +bundle+ command. If you want to bundle straight from the Git repository, you can pass the +--edge+ flag: + +<shell> +$ rails new myapp --edge +</shell> + +If you have a local checkout of the Rails repository and want to generate an application using that, you can pass the +--dev+ flag: + +<shell> +$ ruby /path/to/rails/bin/rails new myapp --dev +</shell> + +h3. Rails Architectural Changes + +h4. Assets Pipeline + +The major change in Rails 3.1 is the Assets Pipeline. It makes CSS and JavaScript first-class code citizens and enables proper organization, including use in plugins and engines. + +The assets pipeline is powered by "Sprockets":https://github.com/sstephenson/sprockets and is covered in the "Asset Pipeline":asset_pipeline.html guide. + +h4. HTTP Streaming + +HTTP Streaming is another change that is new in Rails 3.1. This lets the browser download your stylesheets and JavaScript files while the server is still generating the response. This requires Ruby 1.9.2, is opt-in and requires support from the web server as well, but the popular combo of nginx and unicorn is ready to take advantage of it. + +h4. Default JS library is now jQuery + +jQuery is the default JavaScript library that ships with Rails 3.1. But if you use Prototype, it's simple to switch. + +<shell> +$ rails new myapp -j prototype +</shell> + +h4. Identity Map + +Active Record has an Identity Map in Rails 3.1. An identity map keeps previously instantiated records and returns the object associated with the record if accessed again. The identity map is created on a per-request basis and is flushed at request completion. + +Rails 3.1 comes with the identity map turned off by default. + +h3. Railties + +* jQuery is the new default JavaScript library. + +* jQuery and Prototype are no longer vendored and is provided from now on by the jquery-rails and prototype-rails gems. + +* The application generator accepts an option +-j+ which can be an arbitrary string. If passed "foo", the gem "foo-rails" is added to the +Gemfile+, and the application JavaScript manifest requires "foo" and "foo_ujs". Currently only "prototype-rails" and "jquery-rails" exist and provide those files via the asset pipeline. + +* Generating an application or a plugin runs +bundle install+ unless +--skip-gemfile+ or +--skip-bundle+ is specified. + +* The controller and resource generators will now automatically produce asset stubs (this can be turned off with +--skip-assets+). These stubs will use CoffeeScript and Sass, if those libraries are available. + +* Scaffold and app generators use the Ruby 1.9 style hash when running on Ruby 1.9. To generate old style hash, +--old-style-hash+ can be passed. + +* Scaffold controller generator creates format block for JSON instead of XML. + +* Active Record logging is directed to STDOUT and shown inline in the console. + +* Added +config.force_ssl+ configuration which loads <tt>Rack::SSL</tt> middleware and force all requests to be under HTTPS protocol. + +* Added +rails plugin new+ command which generates a Rails plugin with gemspec, tests and a dummy application for testing. + +* Added <tt>Rack::Etag</tt> and <tt>Rack::ConditionalGet</tt> to the default middleware stack. + +* Added <tt>Rack::Cache</tt> to the default middleware stack. + +* Engines received a major update - You can mount them at any path, enable assets, run generators etc. + +h3. Action Pack + +h4. Action Controller + +* A warning is given out if the CSRF token authenticity cannot be verified. + +* Specify +force_ssl+ in a controller to force the browser to transfer data via HTTPS protocol on that particular controller. To limit to specific actions, +:only+ or +:except+ can be used. + +* Sensitive query string parameters specified in <tt>config.filter_parameters</tt> will now be filtered out from the request paths in the log. + +* URL parameters which return +nil+ for +to_param+ are now removed from the query string. + +* Added <tt>ActionController::ParamsWrapper</tt> to wrap parameters into a nested hash, and will be turned on for JSON request in new applications by default. This can be customized in <tt>config/initializers/wrap_parameters.rb</tt>. + +* Added <tt>config.action_controller.include_all_helpers</tt>. By default <tt>helper :all</tt> is done in <tt>ActionController::Base</tt>, which includes all the helpers by default. Setting +include_all_helpers+ to +false+ will result in including only application_helper and the helper corresponding to controller (like foo_helper for foo_controller). + +* +url_for+ and named url helpers now accept +:subdomain+ and +:domain+ as options. + +* Added +Base.http_basic_authenticate_with+ to do simple http basic authentication with a single class method call. + +<ruby> +class PostsController < ApplicationController + USER_NAME, PASSWORD = "dhh", "secret" + + before_filter :authenticate, :except => [ :index ] + + def index + render :text => "Everyone can see me!" + end + + def edit + render :text => "I'm only accessible if you know the password" + end + + private + def authenticate + authenticate_or_request_with_http_basic do |user_name, password| + user_name == USER_NAME && password == PASSWORD + end + end +end +</ruby> + +..can now be written as + +<ruby> +class PostsController < ApplicationController + http_basic_authenticate_with :name => "dhh", :password => "secret", :except => :index + + def index + render :text => "Everyone can see me!" + end + + def edit + render :text => "I'm only accessible if you know the password" + end +end +</ruby> + +* Added streaming support, you can enable it with: + +<ruby> +class PostsController < ActionController::Base + stream +end +</ruby> + +You can restrict it to some actions by using +:only+ or +:except+. Please read the docs at "<tt>ActionController::Streaming</tt>":http://edgeapi.rubyonrails.org/classes/ActionController/Streaming.html for more information. + +* The redirect route method now also accepts a hash of options which will only change the parts of the url in question, or an object which responds to call, allowing for redirects to be reused. + +h4. Action Dispatch + +* <tt>config.action_dispatch.x_sendfile_header</tt> now defaults to +nil+ and <tt>config/environments/production.rb</tt> doesn't set any particular value for it. This allows servers to set it through <tt>X-Sendfile-Type</tt>. + +* <tt>ActionDispatch::MiddlewareStack</tt> now uses composition over inheritance and is no longer an array. + +* Added <tt>ActionDispatch::Request.ignore_accept_header</tt> to ignore accept headers. + +* Added <tt>Rack::Cache</tt> to the default stack. + +* Moved etag responsibility from <tt>ActionDispatch::Response</tt> to the middleware stack. + +* Rely on <tt>Rack::Session</tt> stores API for more compatibility across the Ruby world. This is backwards incompatible since <tt>Rack::Session</tt> expects <tt>#get_session</tt> to accept four arguments and requires <tt>#destroy_session</tt> instead of simply <tt>#destroy</tt>. + +* Template lookup now searches further up in the inheritance chain. + +h4. Action View + +* Added an +:authenticity_token+ option to +form_tag+ for custom handling or to omit the token by passing <tt>:authenticity_token => false</tt>. + +* Created <tt>ActionView::Renderer</tt> and specified an API for <tt>ActionView::Context</tt>. + +* In place +SafeBuffer+ mutation is prohibited in Rails 3.1. + +* Added HTML5 +button_tag+ helper. + +* +file_field+ automatically adds <tt>:multipart => true</tt> to the enclosing form. + +* Added a convenience idiom to generate HTML5 data-* attributes in tag helpers from a +:data+ hash of options: + +<plain> +tag("div", :data => {:name => 'Stephen', :city_state => %w(Chicago IL)}) +# => <div data-name="Stephen" data-city-state="["Chicago","IL"]" /> +</plain> + +Keys are dasherized. Values are JSON-encoded, except for strings and symbols. + +* +csrf_meta_tag+ is renamed to +csrf_meta_tags+ and aliases +csrf_meta_tag+ for backwards compatibility. + +* The old template handler API is deprecated and the new API simply requires a template handler to respond to call. + +* rhtml and rxml are finally removed as template handlers. + +* <tt>config.action_view.cache_template_loading</tt> is brought back which allows to decide whether templates should be cached or not. + +* The submit form helper does not generate an id "object_name_id" anymore. + +* Allows <tt>FormHelper#form_for</tt> to specify the +:method+ as a direct option instead of through the +:html+ hash. <tt>form_for(==@==post, remote: true, method: :delete)</tt> instead of <tt>form_for(==@==post, remote: true, html: { method: :delete })</tt>. + +* Provided <tt>JavaScriptHelper#j()</tt> as an alias for <tt>JavaScriptHelper#escape_javascript()</tt>. This supersedes the <tt>Object#j()</tt> method that the JSON gem adds within templates using the JavaScriptHelper. + +* Allows AM/PM format in datetime selectors. + +* +auto_link+ has been removed from Rails and extracted into the "rails_autolink gem":https://github.com/tenderlove/rails_autolink + +h3. Active Record + +* Added a class method <tt>pluralize_table_names</tt> to singularize/pluralize table names of individual models. Previously this could only be set globally for all models through <tt>ActiveRecord::Base.pluralize_table_names</tt>. +<ruby> +class User < ActiveRecord::Base + self.pluralize_table_names = false +end +</ruby> + +* Added block setting of attributes to singular associations. The block will get called after the instance is initialized. + +<ruby> +class User < ActiveRecord::Base + has_one :account +end + +user.build_account{ |a| a.credit_limit => 100.0 } +</ruby> + +* Added <tt>ActiveRecord::Base.attribute_names</tt> to return a list of attribute names. This will return an empty array if the model is abstract or the table does not exist. + +* CSV Fixtures are deprecated and support will be removed in Rails 3.2.0. + +* <tt>ActiveRecord#new</tt>, <tt>ActiveRecord#create</tt> and <tt>ActiveRecord#update_attributes</tt> all accept a second hash as an option that allows you to specify which role to consider when assigning attributes. This is built on top of Active Model's new mass assignment capabilities: + +<ruby> +class Post < ActiveRecord::Base + attr_accessible :title + attr_accessible :title, :published_at, :as => :admin +end + +Post.new(params[:post], :as => :admin) +</ruby> + +* +default_scope+ can now take a block, lambda, or any other object which responds to call for lazy evaluation. + +* Default scopes are now evaluated at the latest possible moment, to avoid problems where scopes would be created which would implicitly contain the default scope, which would then be impossible to get rid of via Model.unscoped. + +* PostgreSQL adapter only supports PostgreSQL version 8.2 and higher. + +* +ConnectionManagement+ middleware is changed to clean up the connection pool after the rack body has been flushed. + +* Added an +update_column+ method on Active Record. This new method updates a given attribute on an object, skipping validations and callbacks. It is recommended to use +update_attribute+ unless you are sure you do not want to execute any callback, including the modification of the +updated_at+ column. It should not be called on new records. + +* Associations with a +:through+ option can now use any association as the through or source association, including other associations which have a +:through+ option and +has_and_belongs_to_many+ associations. + +* The configuration for the current database connection is now accessible via <tt>ActiveRecord::Base.connection_config</tt>. + +* limits and offsets are removed from COUNT queries unless both are supplied. +<ruby> +People.limit(1).count # => 'SELECT COUNT(*) FROM people' +People.offset(1).count # => 'SELECT COUNT(*) FROM people' +People.limit(1).offset(1).count # => 'SELECT COUNT(*) FROM people LIMIT 1 OFFSET 1' +</ruby> + +* <tt>ActiveRecord::Associations::AssociationProxy</tt> has been split. There is now an +Association+ class (and subclasses) which are responsible for operating on associations, and then a separate, thin wrapper called +CollectionProxy+, which proxies collection associations. This prevents namespace pollution, separates concerns, and will allow further refactorings. + +* Singular associations (+has_one+, +belongs_to+) no longer have a proxy and simply returns the associated record or +nil+. This means that you should not use undocumented methods such as +bob.mother.create+ - use +bob.create_mother+ instead. + +* Support the <tt>:dependent</tt> option on <tt>has_many :through</tt> associations. For historical and practical reasons, +:delete_all+ is the default deletion strategy employed by <tt>association.delete(*records)</tt>, despite the fact that the default strategy is +:nullify+ for regular has_many. Also, this only works at all if the source reflection is a belongs_to. For other situations, you should directly modify the through association. + +* The behavior of +association.destroy+ for +has_and_belongs_to_many+ and <tt>has_many :through</tt> is changed. From now on, 'destroy' or 'delete' on an association will be taken to mean 'get rid of the link', not (necessarily) 'get rid of the associated records'. + +* Previously, <tt>has_and_belongs_to_many.destroy(*records)</tt> would destroy the records themselves. It would not delete any records in the join table. Now, it deletes the records in the join table. + +* Previously, <tt>has_many_through.destroy(*records)</tt> would destroy the records themselves, and the records in the join table. [Note: This has not always been the case; previous version of Rails only deleted the records themselves.] Now, it destroys only the records in the join table. + +* Note that this change is backwards-incompatible to an extent, but there is unfortunately no way to 'deprecate' it before changing it. The change is being made in order to have consistency as to the meaning of 'destroy' or 'delete' across the different types of associations. If you wish to destroy the records themselves, you can do <tt>records.association.each(&:destroy)</tt>. + +* Add <tt>:bulk => true</tt> option to +change_table+ to make all the schema changes defined in a block using a single ALTER statement. + +<ruby> +change_table(:users, :bulk => true) do |t| + t.string :company_name + t.change :birthdate, :datetime +end +</ruby> + +* Removed support for accessing attributes on a +has_and_belongs_to_many+ join table. <tt>has_many :through</tt> needs to be used. + +* Added a +create_association!+ method for +has_one+ and +belongs_to+ associations. + +* Migrations are now reversible, meaning that Rails will figure out how to reverse your migrations. To use reversible migrations, just define the +change+ method. +<ruby> +class MyMigration < ActiveRecord::Migration + def change + create_table(:horses) do + t.column :content, :text + t.column :remind_at, :datetime + end + end +end +</ruby> + +* Some things cannot be automatically reversed for you. If you know how to reverse those things, you should define +up+ and +down+ in your migration. If you define something in change that cannot be reversed, an +IrreversibleMigration+ exception will be raised when going down. + +* Migrations now use instance methods rather than class methods: +<ruby> +class FooMigration < ActiveRecord::Migration + def up # Not self.up + ... + end +end +</ruby> + +* Migration files generated from model and constructive migration generators (for example, add_name_to_users) use the reversible migration's +change+ method instead of the ordinary +up+ and +down+ methods. + +* Removed support for interpolating string SQL conditions on associations. Instead, a proc should be used. + +<ruby> +has_many :things, :conditions => 'foo = #{bar}' # before +has_many :things, :conditions => proc { "foo = #{bar}" } # after +</ruby> + +Inside the proc, +self+ is the object which is the owner of the association, unless you are eager loading the association, in which case +self+ is the class which the association is within. + +You can have any "normal" conditions inside the proc, so the following will work too: +<ruby> +has_many :things, :conditions => proc { ["foo = ?", bar] } +</ruby> + +* Previously +:insert_sql+ and +:delete_sql+ on +has_and_belongs_to_many+ association allowed you to call 'record' to get the record being inserted or deleted. This is now passed as an argument to the proc. + +* Added <tt>ActiveRecord::Base#has_secure_password</tt> (via <tt>ActiveModel::SecurePassword</tt>) to encapsulate dead-simple password usage with BCrypt encryption and salting. +<ruby> +# Schema: User(name:string, password_digest:string, password_salt:string) +class User < ActiveRecord::Base + has_secure_password +end +</ruby> + +* When a model is generated +add_index+ is added by default for +belongs_to+ or +references+ columns. + +* Setting the id of a +belongs_to+ object will update the reference to the object. + +* <tt>ActiveRecord::Base#dup</tt> and <tt>ActiveRecord::Base#clone</tt> semantics have changed to closer match normal Ruby dup and clone semantics. + +* Calling <tt>ActiveRecord::Base#clone</tt> will result in a shallow copy of the record, including copying the frozen state. No callbacks will be called. + +* Calling <tt>ActiveRecord::Base#dup</tt> will duplicate the record, including calling after initialize hooks. Frozen state will not be copied, and all associations will be cleared. A duped record will return +true+ for <tt>new_record?</tt>, have a +nil+ id field, and is saveable. + +* The query cache now works with prepared statements. No changes in the applications are required. + +h3. Active Model + +* +attr_accessible+ accepts an option +:as+ to specify a role. + +* +InclusionValidator+, +ExclusionValidator+, and +FormatValidator+ now accepts an option which can be a proc, a lambda, or anything that respond to +call+. This option will be called with the current record as an argument and returns an object which respond to +include?+ for +InclusionValidator+ and +ExclusionValidator+, and returns a regular expression object for +FormatValidator+. + +* Added <tt>ActiveModel::SecurePassword</tt> to encapsulate dead-simple password usage with BCrypt encryption and salting. + +* <tt>ActiveModel::AttributeMethods</tt> allows attributes to be defined on demand. + +* Added support for selectively enabling and disabling observers. + +* Alternate <tt>I18n</tt> namespace lookup is no longer supported. + +h3. Active Resource + +* The default format has been changed to JSON for all requests. If you want to continue to use XML you will need to set <tt>self.format = :xml</tt> in the class. For example, + +<ruby> +class User < ActiveResource::Base + self.format = :xml +end +</ruby> + +h3. Active Support + +* <tt>ActiveSupport::Dependencies</tt> now raises +NameError+ if it finds an existing constant in +load_missing_constant+. + +* Added a new reporting method <tt>Kernel#quietly</tt> which silences both +STDOUT+ and +STDERR+. + +* Added <tt>String#inquiry</tt> as a convenience method for turning a String into a +StringInquirer+ object. + +* Added <tt>Object#in?</tt> to test if an object is included in another object. + +* +LocalCache+ strategy is now a real middleware class and no longer an anonymous class. + +* <tt>ActiveSupport::Dependencies::ClassCache</tt> class has been introduced for holding references to reloadable classes. + +* <tt>ActiveSupport::Dependencies::Reference</tt> has been refactored to take direct advantage of the new +ClassCache+. + +* Backports <tt>Range#cover?</tt> as an alias for <tt>Range#include?</tt> in Ruby 1.8. + +* Added +weeks_ago+ and +prev_week+ to Date/DateTime/Time. + +* Added +before_remove_const+ callback to <tt>ActiveSupport::Dependencies.remove_unloadable_constants!</tt>. + +Deprecations: + +* <tt>ActiveSupport::SecureRandom</tt> is deprecated in favor of +SecureRandom+ from the Ruby standard library. + +h3. Credits + +See the "full list of contributors to Rails":http://contributors.rubyonrails.org/ for the many people who spent many hours making Rails, the stable and robust framework it is. Kudos to all of them. + +Rails 3.1 Release Notes were compiled by "Vijay Dev":https://github.com/vijaydev. diff --git a/railties/guides/source/action_mailer_basics.textile b/railties/guides/source/action_mailer_basics.textile index 2eaee158ff..142b9dba7e 100644 --- a/railties/guides/source/action_mailer_basics.textile +++ b/railties/guides/source/action_mailer_basics.textile @@ -8,7 +8,7 @@ WARNING. This Guide is based on Rails 3.0. Some of the code shown here will not h3. Introduction -Action Mailer allows you to send emails from your application using a mailer model and views. So, in Rails, emails are used by creating mailers that inherit from +ActionMailer::Base+ and live in +app/mailers+. Those mailers have associated views that appear alongside controller views in +app/views+. +Action Mailer allows you to send emails from your application using a mailer model and views. So, in Rails, emails are used by creating mailers that inherit from +ActionMailer::Base+ and live in +app/mailers+. Those mailers have associated views that appear alongside controller views in +app/views+. h3. Sending Emails @@ -48,10 +48,8 @@ class UserMailer < ActionMailer::Base def welcome_email(user) @user = user @url = "http://example.com/login" - mail(:to => user.email, - :subject => "Welcome to My Awesome Site") + mail(:to => user.email, :subject => "Welcome to My Awesome Site") end - end </ruby> @@ -142,17 +140,17 @@ end This provides a much simpler implementation that does not require the registering of observers and the like. -The method +welcome_email+ returns a Mail::Message object which can then just be told +deliver+ to send itself out. +The method +welcome_email+ returns a <tt>Mail::Message</tt> object which can then just be told +deliver+ to send itself out. NOTE: In previous versions of Rails, you would call +deliver_welcome_email+ or +create_welcome_email+. This has been deprecated in Rails 3.0 in favour of just calling the method name itself. -WARNING: Sending out one email should only take a fraction of a second, if you are planning on sending out many emails, or you have a slow domain resolution service, you might want to investigate using a background process like delayed job. +WARNING: Sending out an email should only take a fraction of a second, but if you are planning on sending out many emails, or you have a slow domain resolution service, you might want to investigate using a background process like Delayed Job. h4. Auto encoding header values Action Mailer now handles the auto encoding of multibyte characters inside of headers and bodies. -If you are using UTF-8 as your character set, you do not have to do anything special, just go ahead and send in UTF-8 data to the address fields, subject, keywords, filenames or body of the email and ActionMailer will auto encode it into quoted printable for you in the case of a header field or Base64 encode any body parts that are non US-ASCII. +If you are using UTF-8 as your character set, you do not have to do anything special, just go ahead and send in UTF-8 data to the address fields, subject, keywords, filenames or body of the email and Action Mailer will auto encode it into quoted printable for you in the case of a header field or Base64 encode any body parts that are non US-ASCII. For more complex examples such as defining alternate character sets or self encoding text first, please refer to the Mail library. @@ -213,7 +211,7 @@ NOTE: If you specify an encoding, Mail will assume that your content is already h5. Making Inline Attachments -ActionMailer 3.0 makes inline attachments, which involved a lot of hacking in pre 3.0 versions, much simpler and trivial as they should be. +Action Mailer 3.0 makes inline attachments, which involved a lot of hacking in pre 3.0 versions, much simpler and trivial as they should be. * Firstly, to tell Mail to turn an attachment into an inline attachment, you just call <tt>#inline</tt> on the attachments method within your Mailer: @@ -242,32 +240,33 @@ end h5. Sending Email To Multiple Recipients -It is possible to send email to one or more recipients in one email (for e.g. informing all admins of a new signup) by setting the list of emails to the <tt>:to</tt> key. The <tt>to:</tt> key however expects a string so you have join the list of recipients using a comma. +It is possible to send email to one or more recipients in one email (for e.g. informing all admins of a new signup) by setting the list of emails to the <tt>:to</tt> key. The list of emails can be an array of email addresses or a single string with the addresses separated by commas. <ruby> - class AdminMailer < ActionMailer::Base - default :to => Admin.all.map(&:email).join(", "), - :from => "notification@example.com" +class AdminMailer < ActionMailer::Base + default :to => Admin.all.map(&:email), + :from => "notification@example.com" - def new_registration(user) - @user = user - mail(:subject => "New User Signup: #{@user.email}") - end + def new_registration(user) + @user = user + mail(:subject => "New User Signup: #{@user.email}") end +end </ruby> +The same format can be used to set carbon copy (Cc:) and blind carbon copy (Bcc:) recipients, by using the <tt>:cc</tt> and <tt>:bcc</tt> keys respectively. + h5. Sending Email With Name Sometimes you wish to show the name of the person instead of just their email address when they receive the email. The trick to doing that is to format the email address in the format <tt>"Name <email>"</tt>. <ruby> - def welcome_email(user) - @user = user - email_with_name = "#{@user.name} <#{@user.email}>" - mail(:to => email_with_name, - :subject => "Welcome to My Awesome Site") - end +def welcome_email(user) + @user = user + email_with_name = "#{@user.name} <#{@user.email}>" + mail(:to => email_with_name, :subject => "Welcome to My Awesome Site") +end </ruby> h4. Mailer Views @@ -287,9 +286,7 @@ class UserMailer < ActionMailer::Base :subject => "Welcome to My Awesome Site", :template_path => 'notifications', :template_name => 'another') - end end - end </ruby> @@ -404,7 +401,7 @@ Will put the HTML part first, and the plain text part second. h4. Sending Emails with Attachments -Attachments can be added by using the +attachment+ method: +Attachments can be added by using the +attachments+ method: <ruby> class UserMailer < ActionMailer::Base @@ -422,7 +419,7 @@ The above will send a multipart email with an attachment, properly nested with t h3. Receiving Emails -Receiving and parsing emails with Action Mailer can be a rather complex endeavour. Before your email reaches your Rails app, you would have had to configure your system to somehow forward emails to your app, which needs to be listening for that. So, to receive emails in your Rails app you'll need to: +Receiving and parsing emails with Action Mailer can be a rather complex endeavor. Before your email reaches your Rails app, you would have had to configure your system to somehow forward emails to your app, which needs to be listening for that. So, to receive emails in your Rails app you'll need to: * Implement a +receive+ method in your mailer. @@ -459,14 +456,14 @@ h3. Action Mailer Configuration The following configuration options are best made in one of the environment files (environment.rb, production.rb, etc...) -|template_root|Determines the base from which template references will be made.| -|logger|Generates information on the mailing run if available. Can be set to nil for no logging. Compatible with both Ruby's own Logger and Log4r loggers.| -|smtp_settings|Allows detailed configuration for :smtp delivery method:<ul><li>:address - Allows you to use a remote mail server. Just change it from its default "localhost" setting.</li><li>:port - On the off chance that your mail server doesn't run on port 25, you can change it.</li><li>:domain - If you need to specify a HELO domain, you can do it here.</li><li>:user_name - If your mail server requires authentication, set the username in this setting.</li><li>:password - If your mail server requires authentication, set the password in this setting.</li><li>:authentication - If your mail server requires authentication, you need to specify the authentication type here. This is a symbol and one of :plain, :login, :cram_md5.</li></ul>| -|sendmail_settings|Allows you to override options for the :sendmail delivery method.<ul><li>:location - The location of the sendmail executable. Defaults to /usr/sbin/sendmail.</li><li>:arguments - The command line arguments to be passed to sendmail. Defaults to -i -t.</li></ul>| -|raise_delivery_errors|Whether or not errors should be raised if the email fails to be delivered.| -|delivery_method|Defines a delivery method. Possible values are :smtp (default), :sendmail, :file and :test.| -|perform_deliveries|Determines whether deliveries are actually carried out when the +deliver+ method is invoked on the Mail message. By default they are, but this can be turned off to help functional testing.| -|deliveries|Keeps an array of all the emails sent out through the Action Mailer with delivery_method :test. Most useful for unit and functional testing.| +|+template_root+|Determines the base from which template references will be made.| +|+logger+|Generates information on the mailing run if available. Can be set to +nil+ for no logging. Compatible with both Ruby's own +Logger+ and +Log4r+ loggers.| +|+smtp_settings+|Allows detailed configuration for <tt>:smtp</tt> delivery method:<ul><li><tt>:address</tt> - Allows you to use a remote mail server. Just change it from its default "localhost" setting.</li><li><tt>:port</tt> - On the off chance that your mail server doesn't run on port 25, you can change it.</li><li><tt>:domain</tt> - If you need to specify a HELO domain, you can do it here.</li><li><tt>:user_name</tt> - If your mail server requires authentication, set the username in this setting.</li><li><tt>:password</tt> - If your mail server requires authentication, set the password in this setting.</li><li><tt>:authentication</tt> - If your mail server requires authentication, you need to specify the authentication type here. This is a symbol and one of <tt>:plain</tt>, <tt>:login</tt>, <tt>:cram_md5</tt>.</li></ul>| +|+sendmail_settings+|Allows you to override options for the <tt>:sendmail</tt> delivery method.<ul><li><tt>:location</tt> - The location of the sendmail executable. Defaults to <tt>/usr/sbin/sendmail</tt>.</li><li><tt>:arguments</tt> - The command line arguments to be passed to sendmail. Defaults to <tt>-i -t</tt>.</li></ul>| +|+raise_delivery_errors+|Whether or not errors should be raised if the email fails to be delivered.| +|+delivery_method+|Defines a delivery method. Possible values are <tt>:smtp</tt> (default), <tt>:sendmail</tt>, <tt>:file</tt> and <tt>:test</tt>.| +|+perform_deliveries+|Determines whether deliveries are actually carried out when the +deliver+ method is invoked on the Mail message. By default they are, but this can be turned off to help functional testing.| +|+deliveries+|Keeps an array of all the emails sent out through the Action Mailer with delivery_method :test. Most useful for unit and functional testing.| h4. Example Action Mailer Configuration diff --git a/railties/guides/source/action_view_overview.textile b/railties/guides/source/action_view_overview.textile index 7703d6c720..5a1e8b1247 100644 --- a/railties/guides/source/action_view_overview.textile +++ b/railties/guides/source/action_view_overview.textile @@ -478,7 +478,6 @@ javascript_include_tag :monkey # => <script type="text/javascript" src="/javascripts/tail.js"></script> </ruby> - h5. register_stylesheet_expansion Register one or more stylesheet files to be included when symbol is passed to +stylesheet_link_tag+. This method is typically intended to be called from plugin initialization to register stylesheet files that the plugin installed in +public/stylesheets+. @@ -870,7 +869,7 @@ h4. FormHelper Form helpers are designed to make working with models much easier compared to using just standard HTML elements by providing a set of methods for creating forms based on your models. This helper generates the HTML for forms, providing a method for each sort of input (e.g., text, password, select, and so on). When the form is submitted (i.e., when the user hits the submit button or form.submit is called via JavaScript), the form inputs will be bundled into the params object and passed back to the controller. -There are two types of form helpers: those that specifically work with model attributes and those that don't. This helper deals with those that work with model attributes; to see an example of form helpers that don‘t work with model attributes, check the ActionView::Helpers::FormTagHelper documentation. +There are two types of form helpers: those that specifically work with model attributes and those that don't. This helper deals with those that work with model attributes; to see an example of form helpers that don't work with model attributes, check the ActionView::Helpers::FormTagHelper documentation. The core method of this helper, form_for, gives you the ability to create a form for a model instance; for example, let's say that you have a model Person and want to create a new instance of it: @@ -914,7 +913,7 @@ check_box("post", "validated") h5. fields_for -Creates a scope around a specific model object like form_for, but doesn‘t create the form tags themselves. This makes fields_for suitable for specifying additional model objects in the same form: +Creates a scope around a specific model object like form_for, but doesn't create the form tags themselves. This makes fields_for suitable for specifying additional model objects in the same form: <ruby> <%= form_for @person, :url => { :action => "update" } do |person_form| %> diff --git a/railties/guides/source/active_model_basics.textile b/railties/guides/source/active_model_basics.textile new file mode 100644 index 0000000000..0672669dc5 --- /dev/null +++ b/railties/guides/source/active_model_basics.textile @@ -0,0 +1,208 @@ +h2. Active Model Basics + +This guide should provide you with all you need to get started using model classes. Active Model allow for Action Pack helpers to interact with non-ActiveRecord models. Active Model also helps building custom ORMs for use outside of the Rails framework. + +endprologue. + +WARNING. This Guide is based on Rails 3.0. Some of the code shown here will not work in earlier versions of Rails. + +h3. Introduction + +Active Model is a library containing various modules used in developing frameworks that need to interact with the Rails Action Pack library. Active Model provides a known set of interfaces for usage in classes. Some of modules are explained below - + +h4. AttributeMethods + +AttributeMethods module can add custom prefixes and suffixes on methods of a class. It is used by defining the prefixes and suffixes, which methods on the object will use them. + +<ruby> +class Person + include ActiveModel::AttributeMethods + + attribute_method_prefix 'reset_' + attribute_method_suffix '_highest?' + define_attribute_methods ['age'] + + attr_accessor :age + +private + def reset_attribute(attribute) + send("#{attribute}=", 0) + end + + def attribute_highest?(attribute) + send(attribute) > 100 ? true : false + end + +end + +person = Person.new +person.age = 110 +person.age_highest? # true +person.reset_age # 0 +person.age_highest? # false + +</ruby> + +h4. Callbacks + +Callbacks gives Active Record style callbacks. This provides the ability to define the callbacks and those will run at appropriate time. After defining a callbacks you can wrap with before, after and around custom methods. + +<ruby> +class Person + extend ActiveModel::Callbacks + + define_model_callbacks :update + + before_update :reset_me + + def update + _run_update_callbacks do + # This will call when we are trying to call update on object. + end + end + + def reset_me + # This method will call when you are calling update on object as a before_update callback as defined. + end +end +</ruby> + +h4. Conversion + +If a class defines persisted? and id methods then you can include Conversion module in that class and you can able to call Rails conversion methods to objects of that class. + +<ruby> +class Person + include ActiveModel::Conversion + + def persisted? + false + end + + def id + nil + end +end + +person = Person.new +person.to_model == person #=> true +person.to_key #=> nil +person.to_param #=> nil +</ruby> + +h4. Dirty + +An object becomes dirty when an object is gone through one or more changes to its attributes and not yet saved. This gives the ability to check whether an object has been changed or not. It also has attribute based accessor methods. Lets consider a Person class with attributes first_name and last_name + +<ruby> +require 'rubygems' +require 'active_model' + +class Person + include ActiveModel::Dirty + define_attribute_methods [:first_name, :last_name] + + def first_name + @first_name + end + + def first_name=(value) + first_name_will_change! + @first_name = value + end + + def last_name + @last_name + end + + def last_name=(value) + last_name_will_change! + @last_name = value + end + + def save + @previously_changed = changes + end + +end +</ruby> + +h5. Querying object directly for its list of all changed attributes. + +<ruby> +person = Person.new +person.first_name = "First Name" + +person.first_name #=> "First Name" +person.first_name = "First Name Changed" + +person.changed? #=> true + +#returns an list of fields arry which all has been changed before saved. +person.changed #=> ["first_name"] + +#returns a hash of the fields that have changed with their original values. +person.changed_attributes #=> {"first_name" => "First Name Changed"} + +#returns a hash of changes, with the attribute names as the keys, and the values will be an array of the old and new value for that field. +person.changes #=> {"first_name" => ["First Name","First Name Changed"]} +</ruby> + +h5. Attribute based accessor methods + +Track whether the particular attribute has been changed or not. + +<ruby> +#attr_name_changed? +person.first_name #=> "First Name" + +#assign some other value to first_name attribute +person.first_name = "First Name 1" + +person.first_name_changed? #=> true +</ruby> + +Track what was the previous value of the attribute. +<ruby> +#attr_name_was accessor +person.first_name_was #=> "First Name" +</ruby> + +Track both previous and current value of the changed attribute. Returns an array if changed else returns nil +<ruby> +#attr_name_change +person.first_name_change #=> ["First Name", "First Name 1"] +person.last_name_change #=> nil +</ruby> + +h4. Validations + +Validations module adds the ability to class objects to validate them in Active Record style. + +<ruby> +class Person + include ActiveModel::Validations + + attr_accessor :name, :email, :token + + validates :name, :presence => true + validates_format_of :email, :with => /^([^\s]+)((?:[-a-z0-9]\.)[a-z]{2,})$/i + validates! :token, :presence => true + +end + +person = Person.new(:token => "2b1f325") +person.valid? #=> false +person.name = 'vishnu' +person.email = 'me' +person.valid? #=> false +person.email = 'me@vishnuatrai.com' +person.valid? #=> true +person.token = nil +person.valid? #=> raises ActiveModel::StrictValidationFailed +</ruby> + +h3. Changelog + +* August 24, 2011: Add strict validation usage example. "Bogdan Gusiev":http://gusiev.com +* August 5, 2011: Initial version by "Arun Agrawal":http://github.com/arunagw diff --git a/railties/guides/source/active_record_basics.textile b/railties/guides/source/active_record_basics.textile index 3e46e7df9f..cab8c80866 100644 --- a/railties/guides/source/active_record_basics.textile +++ b/railties/guides/source/active_record_basics.textile @@ -204,7 +204,6 @@ Likewise, once retrieved an Active Record object can be destroyed which removes user.destroy </ruby> - h3. Validations Active Record allows you to validate the state of a model before it gets written into the database. There are several methods that you can use to check your models and validate that an attribute value is not empty, is unique and not already in the database, follows a specific format and many more. You can learn more about validations in the "Active Record Validations and Callbacks guide":active_record_validations_callbacks.html#validations-overview. diff --git a/railties/guides/source/active_record_querying.textile b/railties/guides/source/active_record_querying.textile index 082f9eda7d..4e77a6e803 100644 --- a/railties/guides/source/active_record_querying.textile +++ b/railties/guides/source/active_record_querying.textile @@ -560,6 +560,7 @@ Client.where("orders_count > 10").order(:name).reverse_order </ruby> The SQL that would be executed: + <sql> SELECT * FROM clients WHERE orders_count > 10 ORDER BY name DESC </sql> @@ -571,6 +572,7 @@ Client.where("orders_count > 10").reverse_order </ruby> The SQL that would be executed: + <sql> SELECT * FROM clients WHERE orders_count > 10 ORDER BY clients.id DESC </sql> @@ -621,8 +623,6 @@ You're then responsible for dealing with the conflict by rescuing the exception NOTE: You must ensure that your database schema defaults the +lock_version+ column to +0+. -<br /> - This behavior can be turned off by setting <tt>ActiveRecord::Base.lock_optimistically = false</tt>. To override the name of the +lock_version+ column, +ActiveRecord::Base+ provides a class method called +set_locking_column+: @@ -1016,6 +1016,7 @@ You can specify an exclamation point (<tt>!</tt>) on the end of the dynamic find If you want to find both by name and locked, you can chain these finders together by simply typing +and+ between the fields. For example, +Client.find_by_first_name_and_locked("Ryan", true)+. +WARNING: Up to and including Rails 3.1, when the number of arguments passed to a dynamic finder method is lesser than the number of fields, say <tt>Client.find_by_name_and_locked("Ryan")</tt>, the behavior is to pass +nil+ as the missing argument. This is *unintentional* and this behavior will be changed in Rails 3.2 to throw an +ArgumentError+. There's another set of dynamic finders that let you find or create/initialize objects if they aren't found. These work in a similar fashion to the other finders and can be used like +find_or_create_by_first_name(params[:first_name])+. Using this will first perform a find and then create if the find returns +nil+. The SQL looks like this for +Client.find_or_create_by_first_name("Ryan")+: diff --git a/railties/guides/source/active_record_validations_callbacks.textile b/railties/guides/source/active_record_validations_callbacks.textile index 50ff1c9ff7..aba3224ba7 100644 --- a/railties/guides/source/active_record_validations_callbacks.textile +++ b/railties/guides/source/active_record_validations_callbacks.textile @@ -569,11 +569,50 @@ end All validations inside of +with_options+ block will have automatically passed the condition +:if => :is_admin?+ -h3. Creating Custom Validation Methods +h3. Performing Custom Validations -When the built-in validation helpers are not enough for your needs, you can write your own validation methods. +When the built-in validation helpers are not enough for your needs, you can write your own validators or validation methods as you prefer. -Simply create methods that verify the state of your models and add messages to the +errors+ collection when they are invalid. You must then register these methods by using one or more of the +validate+, +validate_on_create+ or +validate_on_update+ class methods, passing in the symbols for the validation methods' names. +h4. Custom Validators + +Custom validators are classes that extend <tt>ActiveModel::Validator</tt>. These classes must implement a +validate+ method which takes a record as an argument and performs the validation on it. The custom validator is called using the +validates_with+ method. + +<ruby> +class MyValidator < ActiveModel::Validator + def validate(record) + if record.name.starts_with? 'X' + record.errors[:name] << 'Need a name starting with X please!' + end + end +end + +class Person + include ActiveModel::Validations + validates_with MyValidator +end +</ruby> + +The easiest way to add custom validators for validating individual attributes is with the convenient <tt>ActiveModel::EachValidator</tt>. In this case, the custom validator class must implement a +validate_each+ method which takes three arguments: record, attribute and value which correspond to the instance, the attribute to be validated and the value of the attribute in the passed instance. + +<ruby> +class EmailValidator < ActiveModel::EachValidator + def validate_each(record, attribute, value) + unless value =~ /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i + record.errors[attribute] << (options[:message] || "is not an email") + end + end +end + +class Person < ActiveRecord::Base + validates :email, :presence => true, :email => true +end +</ruby> + +As shown in the example, you can also combine standard validations with your own custom validators. + +h4. Custom Methods + +You can also create methods that verify the state of your models and add messages to the +errors+ collection when they are invalid. You must then register these methods by using one or more of the +validate+, +validate_on_create+ or +validate_on_update+ class methods, passing in the symbols for the validation methods' names. You can pass more than one symbol for each class method and the respective validations will be run in the same order as they were registered. @@ -583,13 +622,15 @@ class Invoice < ActiveRecord::Base :discount_cannot_be_greater_than_total_value def expiration_date_cannot_be_in_the_past - errors.add(:expiration_date, "can't be in the past") if - !expiration_date.blank? and expiration_date < Date.today + if !expiration_date.blank? and expiration_date < Date.today + errors.add(:expiration_date, "can't be in the past") + end end def discount_cannot_be_greater_than_total_value - errors.add(:discount, "can't be greater than total value") if - discount > total_value + if discount > total_value + errors.add(:discount, "can't be greater than total value") + end end end </ruby> @@ -710,8 +751,6 @@ class Person < ActiveRecord::Base end </ruby> - - h4. +errors.clear+ The +clear+ method is used when you intentionally want to clear all the messages in the +errors+ collection. Of course, calling +errors.clear+ upon an invalid object won't actually make it valid: the +errors+ collection will now be empty, but the next time you call +valid?+ or any method that tries to save this object to the database, the validations will run again. If any of the validations fail, the +errors+ collection will be filled again. @@ -758,6 +797,7 @@ h3. Displaying Validation Errors in the View Rails maintains an official plugin that provides helpers to display the error messages of your models in your view templates. You can install it as a plugin or as a Gem. h4. Installing as a plugin + <shell> $ rails plugin install git://github.com/joelmoss/dynamic_form.git </shell> @@ -765,6 +805,7 @@ $ rails plugin install git://github.com/joelmoss/dynamic_form.git h4. Installing as a Gem Add this line in your Gemfile: + <ruby> gem "dynamic_form" </ruby> @@ -848,7 +889,7 @@ The way form fields with errors are treated is defined by +ActionView::Base.fiel * A string with the HTML tag * An instance of +ActionView::Helpers::InstanceTag+. -Here is a simple example where we change the Rails behaviour to always display the error messages in front of each of the form fields with errors. The error messages will be enclosed by a +span+ element with a +validation-error+ CSS class. There will be no +div+ element enclosing the +input+ element, so we get rid of that red border around the text field. You can use the +validation-error+ CSS class to style it anyway you want. +Here is a simple example where we change the Rails behavior to always display the error messages in front of each of the form fields with errors. The error messages will be enclosed by a +span+ element with a +validation-error+ CSS class. There will be no +div+ element enclosing the +input+ element, so we get rid of that red border around the text field. You can use the +validation-error+ CSS class to style it anyway you want. <ruby> ActionView::Base.field_error_proc = Proc.new do |html_tag, instance| @@ -941,7 +982,7 @@ The +after_initialize+ callback will be called whenever an Active Record object The +after_find+ callback will be called whenever Active Record loads a record from the database. +after_find+ is called before +after_initialize+ if both are defined. -The +after_initialize+ and +after_find+ callbacks are a bit different from the others. They have no +before_*+ counterparts, and the only way to register them is by defining them as regular methods. If you try to register +after_initialize+ or +after_find+ using macro-style class methods, they will just be ignored. This behaviour is due to performance reasons, since +after_initialize+ and +after_find+ will both be called for each record found in the database, significantly slowing down the queries. +The +after_initialize+ and +after_find+ callbacks are a bit different from the others. They have no +before_*+ counterparts, and the only way to register them is by defining them as regular methods. If you try to register +after_initialize+ or +after_find+ using macro-style class methods, they will just be ignored. This behavior is due to performance reasons, since +after_initialize+ and +after_find+ will both be called for each record found in the database, significantly slowing down the queries. <ruby> class User < ActiveRecord::Base @@ -1102,8 +1143,9 @@ Here's an example where we create a class with an +after_destroy+ callback for a <ruby> class PictureFileCallbacks def after_destroy(picture_file) - File.delete(picture_file.filepath) - if File.exists?(picture_file.filepath) + if File.exists?(picture_file.filepath) + File.delete(picture_file.filepath) + end end end </ruby> @@ -1121,8 +1163,9 @@ Note that we needed to instantiate a new +PictureFileCallbacks+ object, since we <ruby> class PictureFileCallbacks def self.after_destroy(picture_file) - File.delete(picture_file.filepath) - if File.exists?(picture_file.filepath) + if File.exists?(picture_file.filepath) + File.delete(picture_file.filepath) + end end end </ruby> @@ -1172,7 +1215,7 @@ As usual, settings in +config/environments+ take precedence over those in +confi h4. Sharing Observers -By default, Rails will simply strip "Observer" from an observer's name to find the model it should observe. However, observers can also be used to add behaviour to more than one model, and so it's possible to manually specify the models that our observer should observe. +By default, Rails will simply strip "Observer" from an observer's name to find the model it should observe. However, observers can also be used to add behavior to more than one model, and so it's possible to manually specify the models that our observer should observe. <ruby> class MailerObserver < ActiveRecord::Observer diff --git a/railties/guides/source/active_resource_basics.textile b/railties/guides/source/active_resource_basics.textile new file mode 100644 index 0000000000..3294227f7b --- /dev/null +++ b/railties/guides/source/active_resource_basics.textile @@ -0,0 +1,124 @@ +h2. Active Resource Basics + +This guide should provide you with all you need to get started managing the connection between business objects and RESTful web services. It implements a way to map web-based resources to local objects with CRUD semantics. + +endprologue. + +WARNING. This Guide is based on Rails 3.0. Some of the code shown here will not work in earlier versions of Rails. + +h3. Introduction + +Active Resource allows you to connect with RESTful web services. So, in Rails, Resource classes inherited from +ActiveResource::Base+ and live in +app/models+. + +h3. Configuration and Usage + +Putting Active Resource to use is very similar to Active Record. It's as simple as creating a model class +that inherits from ActiveResource::Base and providing a <tt>site</tt> class variable to it: + +<ruby> +class Person < ActiveResource::Base + self.site = "http://api.people.com:3000/" +end +</ruby> + +Now the Person class is REST enabled and can invoke REST services very similarly to how Active Record invokes +life cycle methods that operate against a persistent store. + +h3. Reading and Writing Data + +Active Resource make request over HTTP using a standard JSON format. It mirrors the RESTful routing built into Action Controller but will also work with any other REST service that properly implements the protocol. + +h4. Read + +Read requests use the GET method and expect the JSON form of whatever resource/resources is/are being requested. + +<ruby> +# Find a person with id = 1 +person = Person.find(1) +# Check if a person exists with id = 1 +Person.exists?(1) # => true +# Get all resources of Person class +Person.all +</ruby> + +h4. Create + +Creating a new resource submits the JSON form of the resource as the body of the request with HTTP POST method and parse the response into Active Resource object. + +<ruby> +person = Person.create(:name => 'Vishnu') +person.id # => 1 +</ruby> + +h4. Update + +To update an existing resource, 'save' method is used. This method make a HTTP PUT request in JSON format. + +<ruby> +person = Person.find(1) +person.name = 'Atrai' +person.save +</ruby> + +h4. Delete + +'destroy' method makes a HTTP DELETE request for an existing resource in JSON format to delete that resource. + +<ruby> +person = Person.find(1) +person.destroy +</ruby> + +h3. Validations + +Module to support validation and errors with Active Resource objects. The module overrides Base#save to rescue ActiveResource::ResourceInvalid exceptions and parse the errors returned in the web service response. The module also adds an errors collection that mimics the interface of the errors provided by ActiveRecord::Errors. + +h4. Validating client side resources by overriding validation methods in base class + +<ruby> +class Person < ActiveResource::Base + self.site = "http://api.people.com:3000/" + + protected + + def validate + errors.add("last", "has invalid characters") unless last =~ /[a-zA-Z]*/ + end +end +</ruby> + +h4. Validating client side resources + +Consider a Person resource on the server requiring both a first_name and a last_name with a validates_presence_of :first_name, :last_name declaration in the model: + +<ruby> +person = Person.new(:first_name => "Jim", :last_name => "") +person.save # => false (server returns an HTTP 422 status code and errors) +person.valid? # => false +person.errors.empty? # => false +person.errors.count # => 1 +person.errors.full_messages # => ["Last name can't be empty"] +person.errors[:last_name] # => ["can't be empty"] +person.last_name = "Halpert" +person.save # => true (and person is now saved to the remote service) +</ruby> + +h4. Public instance methods + +ActiveResource::Validations have three public instance methods + +h5. errors() + +This will return errors object that holds all information about attribute error messages + +h5. save_with_validation(options=nil) + +This validates the resource with any local validations written in base class and then it will try to POST if there are no errors. + +h5. valid? + +Runs all the local validations and will return true if no errors. + +h3. Changelog + +* July 30, 2011: Initial version by "Vishnu Atrai":http://github.com/vatrai
\ No newline at end of file diff --git a/railties/guides/source/active_support_core_extensions.textile b/railties/guides/source/active_support_core_extensions.textile index a0ed85cf01..b2436a2e68 100644 --- a/railties/guides/source/active_support_core_extensions.textile +++ b/railties/guides/source/active_support_core_extensions.textile @@ -78,12 +78,14 @@ The following values are considered to be blank in a Rails application: * +nil+ and +false+, -* strings composed only of whitespace, i.e. matching +/\A\s*\z/+, +* strings composed only of whitespace (see note below), * empty arrays and hashes, and * any other object that responds to +empty?+ and it is empty. +INFO: In Ruby 1.9 the predicate for strings uses the Unicode-aware character class <tt>[:space:]</tt>, so for example U+2029 (paragraph separator) is considered to be whitespace. In Ruby 1.8 whitespace is considered to be <tt>\s</tt> together with the ideographic space U+3000. + WARNING: Note that numbers are not mentioned, in particular 0 and 0.0 are *not* blank. For example, this method from +ActionDispatch::Session::AbstractStore+ uses +blank?+ for checking whether a session key is present: @@ -498,7 +500,7 @@ ActionController::TestCase.class_eval do end </ruby> -Rails uses +alias_method_chain+ all over the code base. For example validations are added to +ActiveRecord::Base#save+ by wrapping the method that way in a separate module specialised in validations. +Rails uses +alias_method_chain+ all over the code base. For example validations are added to +ActiveRecord::Base#save+ by wrapping the method that way in a separate module specialized in validations. NOTE: Defined in +active_support/core_ext/module/aliasing.rb+. @@ -862,7 +864,9 @@ end It is shorter, and the intention more obvious. -The macro accepts several methods: +The method must be public in the target. + +The +delegate+ macro accepts several methods: <ruby> delegate :name, :age, :address, :twitter, :to => :profile @@ -2067,6 +2071,30 @@ shape_types = [Circle, Square, Triangle].sample(2) NOTE: Defined in +active_support/core_ext/array/random_access.rb+. +h4. Adding Elements + +h5. +prepend+ + +This method is an alias of <tt>Array#unshift</tt>. + +<ruby> +%w(a b c d).prepend('e') # => %w(e a b c d) +[].prepend(10) # => [10] +</ruby> + +NOTE: Defined in +active_support/core_ext/array/prepend_and_append.rb+. + +h5. +append+ + +This method is an alias of <tt>Array#<<</tt>. + +<ruby> +%w(a b c d).append('e') # => %w(a b c d e) +[].append([1,2]) # => [[1,2]] +</ruby> + +NOTE: Defined in +active_support/core_ext/array/prepend_and_append.rb+. + h4. Options Extraction When the last argument in a method call is a hash, except perhaps for a +&block+ argument, Ruby allows you to omit the brackets: @@ -2694,6 +2722,18 @@ hash # => {:a => 1} NOTE: Defined in +active_support/core_ext/hash/slice.rb+. +h4. Extracting + +The method +extract!+ removes and returns the key/value pairs matching the given keys. + +<ruby> +hash = {:a => 1, :b => 2} +rest = hash.extract!(:a) # => {:a => 1} +hash # => {:b => 2} +</ruby> + +NOTE: Defined in +active_support/core_ext/hash/slice.rb+. + h4. Indifferent Access The method +with_indifferent_access+ returns an +ActiveSupport::HashWithIndifferentAccess+ out of its receiver: diff --git a/railties/guides/source/ajax_on_rails.textile b/railties/guides/source/ajax_on_rails.textile index 8b72e20c33..77f7661deb 100644 --- a/railties/guides/source/ajax_on_rails.textile +++ b/railties/guides/source/ajax_on_rails.textile @@ -24,16 +24,12 @@ h4. Standard HTML communication vs AJAX How do 'standard' and AJAX requests differ, why does this matter for understanding AJAX on Rails (tie in for *_remote helpers, the next section) - - - - - h3. Built-in Rails Helpers Rails' JavaScript framework of choice is "Prototype":http://www.prototypejs.org. Prototype is a generic-purpose JavaScript framework that aims to ease the development of dynamic web applications by offering DOM manipulation, AJAX and other JavaScript functionality ranging from utility functions to object oriented constructs. It is not specifically written for any language, so Rails provides a set of helpers to enable seamless integration of Prototype with your Rails views. To get access to these helpers, all you have to do is to include the prototype framework in your pages - typically in your master layout, application.html.erb - like so: + <ruby> javascript_include_tag 'prototype' </ruby> @@ -59,7 +55,6 @@ link_to_remote "Add to cart", </ruby> * The very first parameter, a string, is the text of the link which appears on the page. - * The second parameter, the +options+ hash is the most interesting part as it has the AJAX specific stuff: ** *:url* This is the only parameter that is always required to generate the simplest remote link (technically speaking, it is not required, you can pass an empty +options+ hash to +link_to_remote+ - but in this case the URL used for the POST request will be equal to your current URL which is probably not your intention). This URL points to your AJAX action handler. The URL is typically specified by Rails REST view helpers, but you can use the +url_for+ format too. ** *:update* Specifying a DOM id of the element we would like to update. The above example demonstrates the simplest way of accomplishing this - however, we are in trouble if the server responds with an error message because that will be injected into the page too! However, Rails has a solution for this situation: @@ -193,7 +188,6 @@ end What happens here is that by specifying the Content-Type header variable, we instruct the browser to evaluate the text we are sending over (rather than displaying it as plain text, which is the default behavior). - h3. Testing JavaScript JavaScript testing reminds me the definition of the world 'classic' by Mark Twain: "A classic is something that everybody wants to have read and nobody wants to read." It's similar with JavaScript testing: everyone would like to have it, yet it's not done by too much developers as it is tedious, complicated, there is a proliferation of tools and no consensus/accepted best practices, but we will nevertheless take a stab at it: diff --git a/railties/guides/source/api_documentation_guidelines.textile b/railties/guides/source/api_documentation_guidelines.textile index 50e86e05a8..3ebf0e10f1 100644 --- a/railties/guides/source/api_documentation_guidelines.textile +++ b/railties/guides/source/api_documentation_guidelines.textile @@ -35,7 +35,7 @@ Use the article "an" for "SQL", as in "an SQL statement". Also "an SQLite databa h3. English -Please use American English (_color_, _center_, _modularize_, etc.). See "a list of American and British English spelling differences here":http://en.wikipedia.org/wiki/American_and_British_English_spelling_differences. +Please use American English (<em>color</em>, <em>center</em>, <em>modularize</em>, etc.). See "a list of American and British English spelling differences here":http://en.wikipedia.org/wiki/American_and_British_English_spelling_differences. h3. Example Code @@ -78,14 +78,14 @@ The result of expressions follow them and are introduced by "# => ", vertically If a line is too long, the comment may be placed on the next line: <ruby> - # label(:post, :title) - # # => <label for="post_title">Title</label> - # - # label(:post, :title, "A short title") - # # => <label for="post_title">A short title</label> - # - # label(:post, :title, "A short title", :class => "title_label") - # # => <label for="post_title" class="title_label">A short title</label> +# label(:post, :title) +# # => <label for="post_title">Title</label> +# +# label(:post, :title, "A short title") +# # => <label for="post_title">A short title</label> +# +# label(:post, :title, "A short title", :class => "title_label") +# # => <label for="post_title" class="title_label">A short title</label> </ruby> Avoid using any printing methods like +puts+ or +p+ for that purpose. @@ -106,7 +106,6 @@ routes.rb # NO RAILS_ROOT/config/routes.rb # NO </plain> - h3. Fonts h4. Fixed-width Font @@ -188,4 +187,3 @@ self.class_eval %{ h3. Changelog * July 17, 2010: ported from the docrails wiki and revised by "Xavier Noria":credits.html#fxn - diff --git a/railties/guides/source/asset_pipeline.textile b/railties/guides/source/asset_pipeline.textile index 563c1c79ae..4fbdda4c07 100644 --- a/railties/guides/source/asset_pipeline.textile +++ b/railties/guides/source/asset_pipeline.textile @@ -1,6 +1,6 @@ h2. Asset Pipeline -This guide will cover the ideology of the asset pipeline introduced in Rails 3.1. +This guide covers the ideology of the asset pipeline introduced in Rails 3.1. By referring to this guide you will be able to: * Understand what the asset pipeline is and what it does @@ -11,40 +11,37 @@ By referring to this guide you will be able to: endprologue. -h3. What Is The Asset Pipeline? +h3. What is the Asset Pipeline? -The asset pipeline provides a framework to concatenate and minify or compress Javascript and CSS assets. It also adds the ability to write these assets in other languages such as CoffeeScript, SCSS and ERB. +The asset pipeline provides a framework to concatenate and minify or compress JavaScript and CSS assets. It also adds the ability to write these assets in other languages such as CoffeeScript, SCSS and ERB. Prior to Rails 3.1 these features were added through third-party Ruby libraries such as Jammit and Sprockets. Rails 3.1 includes the +sprockets-rails+ gem, which depends on the +sprockets+ gem, by default. By having this as a core feature of Rails, all developers can benefit from the power of having their assets pre-processed, compressed and minified by one central library, Sprockets. This is part of Rails' "Fast by default" strategy as outlined by DHH in his 2011 keynote at Railsconf. -In new Rails 3.1 application the asset pipeline is enable by default. It can be disabled in +application.rb+ by putting this line inside the +Application+ class definition: +In new Rails 3.1 application the asset pipeline is enabled by default. It can be disabled in +application.rb+ by putting this line inside the +Application+ class definition: <plain> - config.assets.enabled = false +config.assets.enabled = false </plain> It is recommended that you use the defaults for all new apps. - h4. Main Features -The first is to concatenate of assets. This is important in a production environment to reduce the number of requests that a client browser has to make to render a web page. While Rails already has a feature to concatenate these types of asset--by placing +:cache => true+ at the end of tags such as +javascript_include_tag+ and +stylesheet_link_tag+--, many people do not use it. - -The default behavior in Rails 3.1 and onward is to concatenate all files into one master file each for JS and CSS, however you can separate files or groups of files if required (see below). In production an MD5 fingerprint is inserted into each filename. +The first feature of the pipeline is to concatenate assets. This is important in a production environment, as it reduces the number of requests that a browser must make to render a web page. While Rails already has a feature to concatenate these types of assetsi -- by placing +:cache => true+ at the end of tags such as +javascript_include_tag+ and +stylesheet_link_tag+ -- many people do not use it. -The second feature of the pipeline is to minify or compress. For CSS this usually involves removing whitespace and comments. For Javascript more complex processes can be applied. +The default behavior in Rails 3.1 and onward is to concatenate all files into one master file each for JS and CSS. However, you can separate files or groups of files if required (see below). In production, an MD5 fingerprint is inserted into each filename so that the file is cached by the web browser but can be invalidated if the fingerprint is altered. -You can choose from a set of built in options or specify your own. +The second feature is to minify or compress assets. For CSS, this usually involves removing whitespace and comments. For JavaScript, more complex processes can be applied. You can choose from a set of built in options or specify your own. -The third feature is the ability to code these assets using another language, or language extension. These include SCSS or Sass for CSS, CoffeeScript for Javascript, and ERB for both. +The third feature is the ability to code these assets using another language, or language extension. These include SCSS or Sass for CSS, CoffeeScript for JavaScript, and ERB for both. -h4. What is fingerprinting and why should I care? +h4. What is Fingerprinting and Why Should I Care? -Fingerprinting is a technique where the filenames of content that is static or infrequently updated is altered to be unique to the content contained in the file. +Fingerprinting is a technique whereby the filenames of content that is static or infrequently updated is altered to be unique to the content contained in the file. -When a filename is unique and based on its content, http headers can be set to encourage caches everywhere (at ISPs, in browsers) to keep there own copy of the content. When the content is updated, the fingerprint will change and the remote clients will request the new file. This is generally known as _cachebusting_. +When a filename is unique and based on its content, HTTP headers can be set to encourage caches everywhere (at ISPs, in browsers) to keep their own copy of the content. When the content is updated, the fingerprint will change and the remote clients will request the new file. This is generally known as _cachebusting_. The most effective technique is to insert a hash of the content into the name, usually at the end. For example a CSS file +global.css+ is hashed and the filename is updated to incorporate the hash. @@ -54,7 +51,7 @@ global.css => global-908e25f4bf641868d8683022a5b62f54.css This is the strategy adopted by the Rails asset pipeline. -Rails old strategy was to append a query string to every asset linked with a built-in helper. In the source the generated code looked like this: +Rails' old strategy was to append a query string to every asset linked with a built-in helper. In the source the generated code looked like this: <plain> /stylesheets/global.css?1309495796 @@ -62,31 +59,33 @@ Rails old strategy was to append a query string to every asset linked with a bui This has several disadvantages: -1. Not all caches will cache content with a query string - -"Steve Souders recommends":http://www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/, "...avoiding a querystring for cacheable resources". He found that in these case 5-20% of requests will not be cached. - -2. The filename can change between nodes in multi-server environments. - -The query string in Rails is based on the files mtime (mtime is the file modification time). When assets are deployed to a cluster, there is no guarantee that the timestamps will be the same, resulting in different values being used depending on which server handles the request. +<ol> + <li> + <strong>Not all caches will cache content with a query string</strong><br> + "Steve Souders recommends":http://www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/, "...avoiding a querystring for cacheable resources". He found that in these case 5-20% of requests will not be cached. + </li> + <li> + <strong>The file name can change between nodes in multi-server environments.</strong><br> + The query string in Rails is based on the modification time of the files. When assets are deployed to a cluster, there is no guarantee that the timestamps will be the same, resulting in different values being used depending on which server handles the request. + </li> +</ol> -The other problems is that when static assets are deployed with each new release of code, the mtime of *all* these files changes, forcing all remote clients to fetch them again, even when the content of those assets has not changed. +The other problem is that when static assets are deployed with each new release of code, the mtime of *all* these files changes, forcing all remote clients to fetch them again, even when the content of those assets has not changed. -Fingerprinting avoids all these problems be ensuring filenames are consistent based on the content. +Fingerprinting avoids all these problems by ensuring filenames are consistent based on their content. More reading: * "Optimize caching":http://code.google.com/speed/page-speed/docs/caching.html * "Revving Filenames: don’t use querystring":http://www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/ - h3. How to Use the Asset Pipeline -In previous versions of Rails, all assets were located in subdirectories of +public+ such as +images+, +javascripts+ and +stylesheets+. With the asset pipeline, the preferred location for these assets is now the +app/assets+ directory. Files in this directory will be served by the Sprockets middleware included in the sprockets gem. +In previous versions of Rails, all assets were located in subdirectories of +public+ such as +images+, +javascripts+ and +stylesheets+. With the asset pipeline, the preferred location for these assets is now the +app/assets+ directory. Files in this directory are served by the Sprockets middleware included in the sprockets gem. -This is not to say that assets can (or should) no longer be placed in +public+. They still can be and will be served as static files by the application or web server. You would only use +app/assets+ if you wish your files to undergo some pre-processing before they are served. +This is not to say that assets can (or should) no longer be placed in +public+; they still can be and will be served as static files by the application or web server. You would only use +app/assets+ if you wish your files to undergo some pre-processing before they are served. -When a scaffold or controller is generated for the application, Rails will also generate a JavaScript file (or CoffeeScript if the +coffee-script+ gem is in the +Gemfile+) and a Cascading Style Sheet file (or SCSS if +sass-rails+ is in the +Gemfile+) file for that controller. +When a scaffold or controller is generated for the application, Rails also generates a JavaScript file (or CoffeeScript file if the +coffee-script+ gem is in the +Gemfile+) and a Cascading Style Sheet file (or SCSS file if +sass-rails+ is in the +Gemfile+) for that controller. For example, if a +ProjectsController+ is generated, there will be a new file at +app/assets/javascripts/projects.js.coffee+ and another at +app/assets/stylesheets/projects.css.scss+. You should put any JavaScript or CSS unique to a controller inside their respective asset files, as these files can then be loaded just for these controllers with lines such as +<%= javascript_include_tag params[:controller] %>+ or +<%= stylesheet_link_tag params[:controller] %>+. @@ -100,32 +99,72 @@ Assets can be placed inside an application in one of three locations: +app/asset +vendor/assets+ is for assets that are owned by outside entities, such as code for JavaScript plugins. -All subdirectories that exists within these three locations will be added to the search path for Sprockets (visible by calling +Rails.application.config.assets.paths+ in a console). When an asset is requested, these paths will be looked through to see if they contain an asset matching the name specified. Once an asset has been found, it's processed by Sprockets and served. +All subdirectories that exist within these three locations are added to the search path for Sprockets (visible by calling +Rails.application.config.assets.paths+ in a console). When an asset is requested, these paths are looked through to see if they contain an asset matching the name specified. Once an asset has been found, it's processed by Sprockets and served. + +h4. Coding Links to Assets -h4. Coding links to Assets +To access assets, you use the same tags that you are generally familiar with: -To access assets, we can use the same tags that we are generally familiar with: +Sprockets does not add any new methods to require your assets, you still use the familiar +javascript_include_tag+ and +stylesheet_link_tag+. <erb> - <%= image_tag "rails.png" %> +<%= stylesheet_link_tag "application" %> +<%= javascript_include_tag "application" %> </erb> -Providing that assets are enabled within our application (+config.assets.enabled+ in the current environment's file is not set to +false+), this file will be served by Sprockets unless a file at +public/assets/rails.png+ exists, in which case that file will be served. Alternatively, a file with an MD5 hash after its name such as +public/assets/rails-af27b6a414e6da00003503148be9b409.png+ will also be picked up by Sprockets. How these hashes are generated is covered in the "Production Assets":#production_assets section later on in this guide. +In regular views you can access images in the +assets/images+ directory like this: -Otherwise, Sprockets will look through the available paths until it finds a file that matches the name and then will serve it, first looking in the application's assets directories and then falling back to the various engines of the application. +<erb> +<%= image_tag "rails.png" %> +</erb> -Sprockets does not add any new methods to require your assets, we still use the familiar +javascript_include_tag+ and +stylesheet_link_tag+. +Images can be organized into directories if required, and they can be accessed by specifying the directory's name in the tag: <erb> - <%= stylesheet_link_tag "application" %> - <%= javascript_include_tag "application" %> +<%= image_tag "icons/rails.png" %> </erb> -These helpers (when the pipeline is on) are providing links to the compiled manifest with the specified name (or names). +Providing that assets are enabled within your application (+config.assets.enabled+ in the current environment's file is not set to +false+), this file is served by Sprockets unless a file at +public/assets/rails.png+ exists, in which case that file is served. + +Alternatively, a file with an MD5 hash after its name such as +public/assets/rails-af27b6a414e6da00003503148be9b409.png+ is also picked up by Sprockets. How these hashes are generated is covered in the "Production Assets":#production_assets section later on in this guide. + +Otherwise, Sprockets looks through the available paths until it finds a file that matches the name and then serves it, first looking in the application's assets directories and then falling back to the various engines of the application. + +If you want to use a "css data URI":http://en.wikipedia.org/wiki/Data_URI_scheme -- a method of embedding the image data directly into the CSS file -- you can use the +asset_data_uri+ helper. + +<plain> +#logo { background: url(<%= asset_data_uri 'logo.png' %>) +</plain> + +This inserts a correctly-formatted data URI into the CSS source. + +h5. CSS and ERB + +If you add an +erb+ extension to a CSS asset, making it something such as +application.css.erb+, then you can use the +asset_path+ helper in your CSS rules: + +<plain> +.class{background-image:<%= asset_path 'image.png' %>} +</plain> + +This writes the path to the particular asset being referenced. In this example, it would make sense to have an image in one of the asset load paths, such as +app/assets/images/image.png+, which would be referenced here. If this image is already available in +public/assets+ as a fingerprinted file, then that path is referenced. + +Note that the closing tag cannot be of the style +-%>+. + +h5. CSS and SCSS + +When using the asset pipeline, paths to assets must be re-written and +sass-rails+ provides +_url+ and +_path+ helpers for the following asset classes: image, font, video, audio, javascript, stylesheet. + +* +image_url("rails.png")+ becomes +url(/assets/rails.png)+ +* +image_path("rails.png")+ becomes +"/assets/rails.png"+. + +The more generic form can also be used but the asset path and class must both be specified: + +* +asset_url("rails.png", "image")+ becomes +url(/assets/rails.png)+ +* +asset_path("rails.png", "image")+ becomes +"/assets/rails.png"+ h4. Manifest Files and Directives -Sprockets uses manifest files to determine which assets to include and serve. These manifest files contain _directives_ - instructions that tell Sprockets which files to require in order to build a single CSS or JavaScript file. With these directives, Sprockets will load the files specified, process them if necessary, concatenate them into one single file and then compress them (if +Rails.application.config.assets.compress+ is set to +true+). By serving one file rather than many, a page's load time is greatly reduced. +Sprockets uses manifest files to determine which assets to include and serve. These manifest files contain _directives_ -- instructions that tell Sprockets which files to require in order to build a single CSS or JavaScript file. With these directives, Sprockets loads the files specified, processes them if necessary, concatenates them into one single file and then compresses them (if +Rails.application.config.assets.compress+ is set to +true+). By serving one file rather than many, the load time of pages are greatly reduced as there are fewer requests to make. For example, in the default Rails application there's a +app/assets/javascripts/application.js+ file which contains the following lines: @@ -135,9 +174,11 @@ For example, in the default Rails application there's a +app/assets/javascripts/ //= require_tree . </plain> -In JavaScript files, directives begin with +//=+. In this case, the following file is using the +require+ directive and the +require_tree+ directive. The +require+ directive tells Sprockets that we would like to require a file called +jquery.js+ that is available somewhere in the search path for Sprockets. By default, this is located inside the +vendor/assets/javascripts+ directory contained within the +jquery-rails+ gem. An identical event takes place for the +jquery_ujs+ require +In JavaScript files, the directives begin with +//=+. In this case, the file is using the +require+ and the +require_tree+ directives. The +require+ directive is used to tell Sprockets the files that you wish to require. Here, you are requiring the files +jquery.js+ and +jquery_ujs.js+ that are available somewhere in the search path for Sprockets. You need not supply the extensions explicitly. Sprockets assumes you are requiring a +.js+ file when done from within a +.js+ file. + +NOTE. In Rails 3.1, the +jquery.js+ and +jquery_ujs.js+ files are located inside the +vendor/assets/javascripts+ directory contained within the +jquery-rails+ gem. -The +require_tree .+ directive tells Sprockets to include _all_ JavaScript files in this directory into the output. Only a path relative to the file can be specified. +The +require_tree .+ directive tells Sprockets to include _all_ JavaScript files in this directory into the output. Only a path relative to the file can be specified. There is also a +require_directory+ directive which includes all JavaScript files only in the directory specified (no nesting). There's also a default +app/assets/stylesheets/application.css+ file which contains these lines: @@ -148,13 +189,13 @@ There's also a default +app/assets/stylesheets/application.css+ file which conta */ </plain> -The directives that work in the JavaScript files will also work in stylesheets, obviously including stylesheets rather than JavaScript files. The +require_tree+ directive here works the same way as the JavaScript one, requiring all stylesheets from the current directory. +The directives that work in the JavaScript files also work in stylesheets, obviously including stylesheets rather than JavaScript files. The +require_tree+ directive here works the same way as the JavaScript one, requiring all stylesheets from the current directory. -In this example +require_self+ is used. This will put the CSS contained within the file (if any) at the top of any other CSS in this file unless +require_self+ is specified after another +require+ directive. +In this example +require_self+ is used. This puts the CSS contained within the file (if any) at the top of any other CSS in this file unless +require_self+ is specified after another +require+ directive. You can have as many manifest files as you need. For example the +admin.css+ and +admin.js+ manifest could contain the JS and CSS files that are used for the admin section of an application. -For some assets (like CSS) the compiled order is important. You can specify individual files and they will be compiled in the order specified: +For some assets (like CSS) the compiled order is important. You can specify individual files and they are compiled in the order specified: <plain> /* ... @@ -167,132 +208,161 @@ For some assets (like CSS) the compiled order is important. You can specify indi h4. Preprocessing -The file extensions used on an asset will determine what preprocssing will be applied. When a controller or a scaffold is generated with the default Rails gemset, a CoffeeScript file and a SCSS file will be generated in place of a regular JavaScript and CSS file. The example used before was a controller called "projects", which generated an +app/assets/javascripts/projects.js.coffee+ and a +app/assets/stylesheets/projects.css.scss+ file. +The file extensions used on an asset determine what preprocessing is applied. When a controller or a scaffold is generated with the default Rails gemset, a CoffeeScript file and a SCSS file are generated in place of a regular JavaScript and CSS file. The example used before was a controller called "projects", which generated an +app/assets/javascripts/projects.js.coffee+ and a +app/assets/stylesheets/projects.css.scss+ file. -When these files are requested, they will be processed by the processors provided by the +coffee-script+ and +sass-rails+ gems and then sent back to the browser as JavaScript and CSS respectively. +When these files are requested, they are processed by the processors provided by the +coffee-script+ and +sass-rails+ gems and then sent back to the browser as JavaScript and CSS respectively. -Additional layers of pre-processing can be requested by adding other extensions. These should be used in the order the processing should be applied. For example, a stylesheet called +app/assets/stylesheets/projects.css.scss.erb+ would first be processed as ERB, then SCSS and finally served as CSS. The same applies to a JavaScript file - +app/assets/javascripts/projects.js.coffee.erb+ would be process as ERB, CoffeeScript and served as JavaScript. +Additional layers of pre-processing can be requested by adding other extensions, where each extension is processed in a right-to-left manner. These should be used in the order the processing should be applied. For example, a stylesheet called +app/assets/stylesheets/projects.css.scss.erb+ is first processed as ERB, then SCSS and finally served as CSS. The same applies to a JavaScript file -- +app/assets/javascripts/projects.js.coffee.erb+ is processed as ERB, CoffeeScript and served as JavaScript. -Keep in mind that the order of these pre-processors is important. For example, if we called our JavaScript file +app/assets/javascripts/projects.js.erb.coffee+ then it would be processed with the CoffeeScript interpreter first, which wouldn't understand ERB and therefore we would run into problems. +Keep in mind that the order of these pre-processors is important. For example, if you called your JavaScript file +app/assets/javascripts/projects.js.erb.coffee+ then it is processed with the CoffeeScript interpreter first, which wouldn't understand ERB and therefore you would run into problems. h3. In Development -TODO: Talk about: Rack::Cache's caching (used in dev and production. The only difference is hashing and headers). +In the development environment assets are compiled and cached on the first request after the server is started. Sprockets sets a +must-validate+ Cache-Control HTTP header to reduce request overhead on subsequent requests - on these the browser gets a 304 (not-modified) response. -In the development environment assets are compiled and cached on the first request after the server is started. Sprockets sets a +must-validate+ cache-control http header to reduce request overhead on subsequent requests - on these the browser gets a 304 (not-modified) response. - -If any of the files in the manifest have changed between requests, the server will respond with a new compiled file. +If any of the files in the manifest have changed between requests, the server responds with a new compiled file. h4. Debugging Assets -You can put +?debug_assets=true+ or +?debug_assets=1+ at the end of a URL and Sprockets will expand the lines which load the assets. For example, if we had an +app/assets/javascripts/application.js+ file containing these lines: +You can put +?debug_assets=true+ or +?debug_assets=1+ at the end of a URL or set +config.assets.debug+ and Sprockets expands the lines which load the assets. For example, if you had an +app/assets/javascripts/application.js+ file containing these lines: <plain> //= require "projects" //= require "tickets" </plain> -By default, this would only render this line when used with +<%= javascript_include_tag "application" %>+ in a view or layout: +By default, this only renders this line when used with +<%= javascript_include_tag "application" %>+ in a view or layout: <html> - <script src='/assets/application.js'></script> +<script src='/assets/application.js'></script> </html> -When the +debug_assets+ parameter is set, this line will be expanded out into three separate lines, separating out the combined file into their parts. +When the +debug_assets+ parameter is set, this line is expanded out into three separate lines, separating out the combined file into their parts. <html> - <script src='/assets/application.js'></script> - <script src='/assets/projects.js'></script> - <script src='/assets/tickets.js'></script> +<script src='/assets/application.js'></script> +<script src='/assets/projects.js'></script> +<script src='/assets/tickets.js'></script> </html> This allows the individual parts of an asset to be rendered and debugged separately. +Additionally if the +config.assets.debug+ is set to true you can debug your assets passing the +:debug+ option to the assets tags: + +<erb> +<%= javascript_include_tag :application, :debug => true %> +</erb> + + +NOTE. Assets debugging is turned on by default in development and test environments. You can set +config.assets.allow_debugging+ to false to turn it off. + h3. In Production In the production environment, assets are served slightly differently. -On the first request the assets are compiled and cached as described above, however the manifest names are altered to include an MD5 hash. Files names typically will look like these: +On the first request the assets are compiled and cached as described above, however the manifest names are altered to include an MD5 hash. Files names typically look like these: <plain> /assets/application-908e25f4bf641868d8683022a5b62f54.js /assets/application-4dd5b109ee3439da54f5bdfd78a80473.css </plain> -The MD5 is generated from the contents of the compiled files, and is included in the http +Content-MD5+ header. +The MD5 is generated from the contents of the compiled files, and is included in the HTTP +Content-MD5+ header. -Sprockets also sets the +Cache-Control+ http header to +max-age=31536000+. This signals all caches between your server and the client browser that this content (the file served) can be cached for 1 year. The effect of this is to reduce the number of requests for this asset from your server; the asset has a good chance of being in the local browser cache or some intermediate cache. +Sprockets also sets the +Cache-Control+ HTTP header to +max-age=31536000+. This signals all caches between your server and the client browser that this content (the file served) can be cached for 1 year. The effect of this is to reduce the number of requests for this asset from your server; the asset has a good chance of being in the local browser cache or some intermediate cache. This behavior is controlled by the setting of +config.action_controller.perform_caching+ setting in Rails (which is +true+ for production, +false+ for everything else). This value is propagated to Sprockets during initialization for use when action_controller is not available. -TODO: -describe each and the differences between: - * Sass-rails's handy +image_url+ helpers - * ERB pre-processing and +asset_path+ - -h4. Precompiling assets +h4. Precompiling Assets Even though assets are served by Rack::Cache with far-future headers, in high traffic sites this may not be fast enough. -Rails comes bundled with a rake task to compile the manifests to files on disc. These are located in the +public/assets+ directory where they will be served by your web server instead of the Rails application. - -TODO: Add section about image assets +Rails comes bundled with a rake task to compile the manifests to files on disc. These are located in the +public/assets+ directory where they are served by your web server instead of the Rails application. The rake task is: -<erb> +<plain> rake assets:precompile +</plain> + +Capistrano (v2.8.0+) has a recipe to handle this in deployment. Add the following line to +Capfile+: + +<erb> +load 'deploy/assets' </erb> -TODO: explain where to use this with Capistrano +This links the folder specified in +config.assets.prefix+ to +shared/assets+. If you already use this folder you'll need to write your own deployment task. + +It is important that this folder is shared between deployments so that remotely cached pages that reference the old compiled assets still work for the life of the cached page. + +The default matcher for compiling files includes +application.js+, +application.css+ and all files that do not end in +js+ or +css+: -TODO: talk about the +config.assets.precompile+ option and the default matcher for files: +<ruby> +[ /\w+\.(?!js|css).+/, /application.(css|js)$/ ] +</ruby> + +If you have other manifests or individual stylesheets and JavaScript files to include, you can append them to the +precompile+ array: <erb> -[ /\w+\.(?!js|css).+/, "application.js", "application.css" ] +config.assets.precompile += ['admin.js', 'admin.css', 'swfObject.js'] </erb> +Precompiled assets exist on the filesystem and are served directly by your webserver. They do not have far-future headers by default, so to get the benefit of fingerprinting you'll have to update your server configuration to add them. + +For Apache: -Sprockets also creates a "gzip":http://en.wikipedia.org/wiki/Gzip (.gz) of your assets. This prevents your server from contently compressing your assets for each request. You must configure your server to use gzip compression and serve the compressed assets that will be stored in the public/assets folder. The following are some configuration blocks that you can use for common servers. -NGINX & Apache examples? +<plain> +<LocationMatch "^/assets/.*$"> + # Some browsers still send conditional-GET requests if there's a + # Last-Modified header or an ETag header even if they haven't + # reached the expiry date sent in the Expires header. + Header unset Last-Modified + Header unset ETag + FileETag None + # RFC says only cache for 1 year + ExpiresActive On + ExpiresDefault "access plus 1 year" +</LocationMatch> +</plain> +TODO: NGINX instructions +When files are precompiled, Sprockets also creates a "Gzip":http://en.wikipedia.org/wiki/Gzip (.gz) version of your assets. This avoids the server having to do this for any requests; it can simply read the compressed files from disc. You must configure your server to use gzip compression and serve the compressed assets that will be stored in the public/assets folder. The following configuration options can be used: -h3. Customizing The Pipeline +TODO: Apache instructions -h4. CSS +h3. Customizing the Pipeline -There is currently one option for processing CSS - SCSS. This Gem extends the CSS syntax and offers minification. -The following line will enable SCSS in you project. +h4. CSS Compression + +There is currently one option for compressing CSS - YUI. This Gem extends the CSS syntax and offers minification. + +The following line enables YUI compression, and requires the +yui-compressor+ gem. <erb> -config.assets.css_compressor = :scss +config.assets.css_compressor = :yui </erb> -This option is for compression only and does not relate to the SCSS language extensions that apply when using the +.scss+ file extension on CSS assets. +The +config.assets.compress+ must be set to +true+ to enable CSS compression -h4. Javascript +h4. JavaScript -There are three options available to process javascript - uglifier, closure and yui. +Possible options for JavaScript compression are +:closure+, +:uglifier+ and +:yui+. These require the use of the +closure-compiler+, +uglifier+ or +yui-compressor+ gems respectively. -The default Gemfile includes "uglifier":https://github.com/lautis/uglifier. This gem wraps "UglifierJS":https://github.com/mishoo/UglifyJS (written for NodeJS) in Ruby. It compress your code by removing white spaces and other magical things like changing your if and else statements to ternary operators when possible. +The default Gemfile includes "uglifier":https://github.com/lautis/uglifier. This gem wraps "UglifierJS":https://github.com/mishoo/UglifyJS (written for NodeJS) in Ruby. It compresses your code by removing white space and other magical things like changing your +if+ and +else+ statements to ternary operators where possible. -TODO: Add detail about the other two - -The following line will invoke uglifier for Javascript compression. +The following line invokes +uglifier+ for JavaScript compression. <erb> -config.assets.js_compressor = :uglifier +config.assets.js_compressor = :uglifier </erb> +The +config.assets.compress+ must be set to +true+ to enable JavaScript compression +h4. Using Your Own Compressor -h4. Using your own compressor - -The compressor config settings for CSS and Javascript will also take an Object. - -This object must have a +compress+ method that takes a string as the sole argument and it must return a string. +The compressor config settings for CSS and JavaScript also take any Object. This object must have a +compress+ method that takes a string as the sole argument and it must return a string. <erb> class Transformer @@ -302,14 +372,13 @@ class Transformer end </erb> -To enable this pass a +new+ Object to the config option in +application.rb+: +To enable this, pass a +new+ Object to the config option in +application.rb+: <erb> config.assets.css_compressor = Transformer.new </erb> - -h4. Changing the _assets_ path +h4. Changing the _assets_ Path The public path that Sprockets uses by default is +/assets+. @@ -319,8 +388,26 @@ This can be changed to something else: config.assets.prefix = "/some_other_path" </erb> -This is a handy option if you have any existing project (pre Rails 3.1) that already uses this path. +This is a handy option if you have any existing project (pre Rails 3.1) that already uses this path or you wish to use this path for a new resource. + +h4. X-Sendfile Headers + +The X-Sendfile header is a directive to the server to ignore the response from the application, and instead serve the file specified in the headers. This option is off by default, but can be enabled if your server supports it. When enabled, this passes responsibility for serving the file to the web server, which is faster. + +Apache and nginx support this option which is enabled in <tt>config/environments/production.rb</tt>. + +<erb> +# config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache +# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx +</erb> + +WARNING: If you are upgrading an existing application and intend to use this option, take care to paste this configuration option only into +production.rb+ (and not +application.rb+) and any other environment you define with production behavior. + +h3. How Caching Works +Sprockets uses the default rails cache store to cache assets in dev and production. The only difference is file names are fingerprinted and get far-future headers in production. + +TODO: Add more about changing the default store. h3. Adding Assets to Your Gems @@ -330,6 +417,4 @@ A good example of this is the +jquery-rails+ gem which comes with Rails as the s h3. Making Your Library or Gem a Pre-Processor -"You should be able to register [your gems] on Tilt and Sprockets will find them." - Josh -Tilt: https://github.com/rtomayko/tilt - +TODO: Registering gems on "Tilt":https://github.com/rtomayko/tilt enabling Sprockets to find them. diff --git a/railties/guides/source/association_basics.textile b/railties/guides/source/association_basics.textile index 3c2497e83a..ce4ff0389d 100644 --- a/railties/guides/source/association_basics.textile +++ b/railties/guides/source/association_basics.textile @@ -443,7 +443,7 @@ class CreateAssemblyPartJoinTable < ActiveRecord::Migration end </ruby> -We pass +:id => false+ to +create_table+ because that table does not represent a model. That's required for the association to work properly. If you observe any strange behaviour in a +has_and_belongs_to_many+ association like mangled models IDs, or exceptions about conflicting IDs chances are you forgot that bit. +We pass +:id => false+ to +create_table+ because that table does not represent a model. That's required for the association to work properly. If you observe any strange behavior in a +has_and_belongs_to_many+ association like mangled models IDs, or exceptions about conflicting IDs chances are you forgot that bit. h4. Controlling Association Scope diff --git a/railties/guides/source/caching_with_rails.textile b/railties/guides/source/caching_with_rails.textile index 252003edd0..693303950d 100644 --- a/railties/guides/source/caching_with_rails.textile +++ b/railties/guides/source/caching_with_rails.textile @@ -15,7 +15,7 @@ h3. Basic Caching This is an introduction to the three types of caching techniques that Rails provides by default without the use of any third party plugins. -To start playing with testing you'll want to ensure that +config.action_controller.perform_caching+ is set to +true+ if you're running in development mode. This flag is normally set in the corresponding +config/environments/*.rb+ and caching is disabled by default for development and test, and enabled for production. +To start playing with caching you'll want to ensure that +config.action_controller.perform_caching+ is set to +true+, if you're running in development mode. This flag is normally set in the corresponding +config/environments/*.rb+ and caching is disabled by default for development and test, and enabled for production. <ruby> config.action_controller.perform_caching = true @@ -23,9 +23,9 @@ config.action_controller.perform_caching = true h4. Page Caching -Page caching is a Rails mechanism which allows the request for a generated page to be fulfilled by the webserver (i.e. apache or nginx), without ever having to go through the Rails stack at all. Obviously, this is super-fast. Unfortunately, it can't be applied to every situation (such as pages that need authentication) and since the webserver is literally just serving a file from the filesystem, cache expiration is an issue that needs to be dealt with. +Page caching is a Rails mechanism which allows the request for a generated page to be fulfilled by the webserver (i.e. Apache or nginx), without ever having to go through the Rails stack at all. Obviously, this is super-fast. Unfortunately, it can't be applied to every situation (such as pages that need authentication) and since the webserver is literally just serving a file from the filesystem, cache expiration is an issue that needs to be dealt with. -So, how do you enable this super-fast cache behavior? Simple, let's say you have a controller called +ProductsController+ and an +index+ action that lists all the products +To enable page caching, you need to use the +caches_page+ method. <ruby> class ProductsController < ActionController @@ -35,11 +35,10 @@ class ProductsController < ActionController def index @products = Products.all end - end </ruby> -The first time anyone requests +/products+, Rails will generate a file called +products.html+ and the webserver will then look for that file before it passes the next request for +/products+ to your Rails application. +Let's say you have a controller called +ProductsController+ and an +index+ action that lists all the products. The first time anyone requests +/products+, Rails will generate a file called +products.html+ and the webserver will then look for that file before it passes the next request for +/products+ to your Rails application. By default, the page cache directory is set to +Rails.public_path+ (which is usually set to the +public+ folder) and this can be configured by changing the configuration setting +config.action_controller.page_cache_directory+. Changing the default from +public+ helps avoid naming conflicts, since you may want to put other static html in +public+, but changing this will require web server reconfiguration to let the web server know where to serve the cached files from. @@ -104,7 +103,7 @@ INFO: Action caching runs in an after filter. Thus, invalid requests won't gener h4. Fragment Caching -Life would be perfect if we could get away with caching the entire contents of a page or action and serving it out to the world. Unfortunately, dynamic web applications usually build pages with a variety of components not all of which have the same caching characteristics. In order to address such a dynamically created page where different parts of the page need to be cached and expired differently Rails provides a mechanism called Fragment Caching. +Life would be perfect if we could get away with caching the entire contents of a page or action and serving it out to the world. Unfortunately, dynamic web applications usually build pages with a variety of components not all of which have the same caching characteristics. In order to address such a dynamically created page where different parts of the page need to be cached and expired differently, Rails provides a mechanism called Fragment Caching. Fragment Caching allows a fragment of view logic to be wrapped in a cache block and served out of the cache store when the next request comes in. @@ -405,7 +404,6 @@ h3. Further reading * "Scaling Rails Screencasts":http://railslab.newrelic.com/scaling-rails - h3. Changelog * Feb 17, 2011: Document 3.0.0 changes to ActiveSupport::Cache diff --git a/railties/guides/source/command_line.textile b/railties/guides/source/command_line.textile index 9e3b25d794..f6b33d283c 100644 --- a/railties/guides/source/command_line.textile +++ b/railties/guides/source/command_line.textile @@ -85,6 +85,8 @@ h4. +rails generate+ The +rails generate+ command uses templates to create a whole lot of things. Running +rails generate+ by itself gives a list of available generators: +You can also use the alias "g" to invoke the generator command: <tt>rails g</tt>. + <shell> $ rails generate Usage: rails generate GENERATOR [args] [options] @@ -311,6 +313,8 @@ h4. +rails runner+ $ rails runner "Model.long_running_method" </shell> +You can also use the alias "r" to invoke the runner: <tt>rails r</tt>. + You can specify the environment in which the +runner+ command should operate using the +-e+ switch. <shell> @@ -321,6 +325,8 @@ h4. +rails destroy+ Think of +destroy+ as the opposite of +generate+. It'll figure out what generate did, and undo it. +You can also use the alias "d" to invoke the destroy command: <tt>rails d</tt>. + <shell> $ rails generate model Oops exists app/models/ @@ -377,19 +383,22 @@ Ruby version 1.8.7 (x86_64-linux) RubyGems version 1.3.6 Rack version 1.1 Rails version 3.1.0 +JavaScript Runtime Node.js (V8) Active Record version 3.1.0 Action Pack version 3.1.0 Active Resource version 3.1.0 Action Mailer version 3.1.0 Active Support version 3.1.0 -Middleware ActionDispatch::Static, Rack::Lock, Rack::Runtime, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::RemoteIp, Rack::Sendfile, ActionDispatch::Callbacks, ActionDispatch::Cookies, ActionDispatch::Session::CookieStore, ActionDispatch::Flash, ActionDispatch::ParamsParser, Rack::MethodOverride, ActionDispatch::Head +Middleware ActionDispatch::Static, Rack::Lock, Rack::Runtime, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::RemoteIp, ActionDispatch::Callbacks, ActionDispatch::Cookies, ActionDispatch::Session::CookieStore, ActionDispatch::Flash, ActionDispatch::ParamsParser, Rack::MethodOverride, ActionDispatch::Head Application root /home/foobar/commandsapp Environment development +Database adapter sqlite3 +Database schema version 20110805173523 </shell> h4. +assets+ -You can precompile the assets in <tt>app/assets</tt> using <tt>rake assets:precompile</tt> and remove compiled assets using <tt>rake assets:clean</tt>. +You can precompile the assets in <tt>app/assets</tt> using <tt>rake assets:precompile</tt> and remove those compiled assets using <tt>rake assets:clean</tt>. h4. +db+ @@ -454,13 +463,18 @@ h4. +test+ INFO: A good description of unit testing in Rails is given in "A Guide to Testing Rails Applications":testing.html -Rails comes with a test suite called Test::Unit. It is through the use of tests that Rails itself is so stable, and the slew of people working on Rails can prove that everything works as it should. - -The +test:+ namespace helps in running the different tests you will (hopefully!) write. +Rails comes with a test suite called <tt>Test::Unit</tt>. Rails owes its stability to the use of tests. The tasks available in the +test:+ namespace helps in running the different tests you will hopefully write. h4. +tmp+ -The <tt>Rails.root/tmp</tt> directory is, like the *nix /tmp directory, the holding place for temporary files like sessions (if you're using a file store for files), process id files, and cached actions. The +tmp:+ namespace tasks will help you clear them if you need to if they've become overgrown, or create them in case of deletions gone awry. +The <tt>Rails.root/tmp</tt> directory is, like the *nix /tmp directory, the holding place for temporary files like sessions (if you're using a file store for files), process id files, and cached actions. + +The +tmp:+ namespaced tasks will help you clear the <tt>Rails.root/tmp</tt> directory: + +* +rake tmp:cache:clear+ clears <tt>tmp/cache</tt>. +* +rake tmp:sessions:clear+ clears <tt>tmp/sessions</tt>. +* +rake tmp:sockets:clear+ clears <tt>tmp/sockets</tt>. +* +rake tmp:clear+ clears all the three: cache, sessions and sockets. h4. Miscellaneous diff --git a/railties/guides/source/configuring.textile b/railties/guides/source/configuring.textile index 8e6010ff79..110c04f66e 100644 --- a/railties/guides/source/configuring.textile +++ b/railties/guides/source/configuring.textile @@ -120,10 +120,12 @@ h4. Configuring Assets Rails 3.1, by default, is set up to use the +sprockets+ gem to manage assets within an application. This gem concatenates and compresses assets in order to make serving them much less painful. -* +config.assets.css_compressor+ defines the CSS compressor to use. Only supported value at the moment is +:yui+, which uses the +yui-compressor+ gem. - * +config.assets.enabled+ a flag that controls whether the asset pipeline is enabled. It is explicitly initialized in +config/application.rb+. +* +config.assets.compress+ a flag that enables the compression of compiled assets. It is explicitly set to true in +config/production.rb+. + +* +config.assets.css_compressor+ defines the CSS compressor to use. Only supported value at the moment is +:yui+, which uses the +yui-compressor+ gem. + * +config.assets.js_compressor+ defines the JavaScript compressor to use. Possible values are +:closure+, +:uglifier+ and +:yui+ which require the use of the +closure-compiler+, +uglifier+ or +yui-compressor+ gems respectively. * +config.assets.paths+ contains the paths which are used to look for assets. Appending paths to this configuration option will cause those paths to be used in the search for assets. @@ -521,7 +523,7 @@ The error occurred while evaluating nil.each *+action_view.cache_asset_ids+* Sets +ActionView::Helpers::AssetTagHelper::AssetPaths.cache_asset_ids+ to +false+ when Active Support loads, but only if +config.cache_classes+ is too. -*+action_view.javascript_expansions+* Registers the expansions set up by +config.action_view.javascript_expansions+ and +config.action_view.stylesheet_expansions+ to be recognised by Action View and therefore usable in the views. +*+action_view.javascript_expansions+* Registers the expansions set up by +config.action_view.javascript_expansions+ and +config.action_view.stylesheet_expansions+ to be recognized by Action View and therefore usable in the views. *+action_view.set_configs+* Sets up Action View by using the settings in +config.action_view+ by +send+'ing the method names as setters to +ActionView::Base+ and passing the values through. @@ -555,7 +557,7 @@ The error occurred while evaluating nil.each *+set_load_path+* This initializer runs before +bootstrap_hook+. Adds the +vendor+, +lib+, all directories of +app+ and any paths specified by +config.load_paths+ to +$LOAD_PATH+. -*+set_autoload_path+* This initializer runs before +bootstrap_hook+. Adds all sub-directories of +app+ and paths specified by +config.autoload_paths+ to +ActiveSupport::Dependencies.autoload_paths+. +*+set_autoload_paths+* This initializer runs before +bootstrap_hook+. Adds all sub-directories of +app+ and paths specified by +config.autoload_paths+ to +ActiveSupport::Dependencies.autoload_paths+. *+add_routing_paths+* Loads (by default) all +config/routes.rb+ files (in the application and railties, including engines) and sets up the routes for the application. diff --git a/railties/guides/source/contributing_to_ruby_on_rails.textile b/railties/guides/source/contributing_to_ruby_on_rails.textile index e6ec061c9a..4706725bb6 100644 --- a/railties/guides/source/contributing_to_ruby_on_rails.textile +++ b/railties/guides/source/contributing_to_ruby_on_rails.textile @@ -104,7 +104,6 @@ $ cd railties $ TEST_DIR=generators rake test </shell> - h4. Warnings The test suite runs with warnings enabled. Ideally Ruby on Rails should issue no warning, but there may be a few, and also some from third-party libraries. Please ignore (or fix!) them if any, and submit patches that do not issue new warnings. diff --git a/railties/guides/source/form_helpers.textile b/railties/guides/source/form_helpers.textile index 9051ede9dd..c277f5723a 100644 --- a/railties/guides/source/form_helpers.textile +++ b/railties/guides/source/form_helpers.textile @@ -27,9 +27,7 @@ The most basic form helper is +form_tag+. <% end %> </erb> -When called without arguments like this, it creates a form element that has the current page as its action and "post" as its method (some line breaks added for readability): - -Sample output from +form_tag+: +When called without arguments like this, it creates a +<form>+ tag which, when submitted, will POST to the current page. For instance, assuming the current page is +/home/index+, the generated HTML will look like this (some line breaks added for readability): <html> <form accept-charset="UTF-8" action="/home/index" method="post"> @@ -41,36 +39,30 @@ Sample output from +form_tag+: </form> </html> -If you carefully observe this output, you can see that the helper generated something you didn't specify: a +div+ element with two hidden input elements inside. The first input element with name +utf8+ enforces browsers to properly respect your form's character encoding and is generated for all forms whether action is "get" or "post". Second input element with name +authenticity_token+ is a security feature of Rails called *cross-site request forgery protection* and form helpers generate it for every form whose action is not "get" (provided that this security feature is enabled). You can read more about this in the "Ruby On Rails Security Guide":./security.html#_cross_site_reference_forgery_csrf. +Now, you'll notice that the HTML contains something extra: a +div+ element with two hidden input elements inside. This div is important, because the form cannot be successfully submitted without it. The first input element with name +utf8+ enforces browsers to properly respect your form's character encoding and is generated for all forms whether their actions are "GET" or "POST". The second input element with name +authenticity_token+ is a security feature of Rails called *cross-site request forgery protection*, and form helpers generate it for every non-GET form (provided that this security feature is enabled). You can read more about this in the "Security Guide":./security.html#_cross_site_reference_forgery_csrf. -NOTE: Throughout this guide, this +div+ with the hidden input elements will be stripped away to have clearer code samples. +NOTE: Throughout this guide, the +div+ with the hidden input elements will be excluded from code samples for brevity. h4. A Generic Search Form -Probably the most minimal form often seen on the web is a search form with a single text input for search terms. This form consists of: +One of the most basic forms you see on the web is a search form. This form contains: # a form element with "GET" method, # a label for the input, # a text input element, and # a submit element. -IMPORTANT: Always use "GET" as the method for search forms. This allows users to bookmark a specific search and get back to it. More generally Rails encourages you to use the right HTTP verb for an action. - -To create this form you will use +form_tag+, +label_tag+, +text_field_tag+, and +submit_tag+, respectively. - -A basic search form +To create this form you will use +form_tag+, +label_tag+, +text_field_tag+, and +submit_tag+, respectively. Like this: <erb> -<%= form_tag(search_path, :method => "get") do %> +<%= form_tag("/search", :method => "get") do %> <%= label_tag(:q, "Search for:") %> <%= text_field_tag(:q) %> <%= submit_tag("Search") %> <% end %> </erb> -TIP: +search_path+ can be a named route specified in "routes.rb" as: <br /><code>match "search" => "search"</code> This declares that path "/search" will be handled by action "search" belonging to controller "search". - -The above view code will result in the following markup: +This will generate the following HTML: <html> <form accept-charset="UTF-8" action="/search" method="get"> @@ -80,47 +72,35 @@ The above view code will result in the following markup: </form> </html> +TIP: For every form input, an ID attribute is generated from its name ("q" in the example). These IDs can be very useful for CSS styling or manipulation of form controls with JavaScript. + Besides +text_field_tag+ and +submit_tag+, there is a similar helper for _every_ form control in HTML. -TIP: For every form input, an ID attribute is generated from its name ("q" in the example). These IDs can be very useful for CSS styling or manipulation of form controls with JavaScript. +IMPORTANT: Always use "GET" as the method for search forms. This allows users to bookmark a specific search and get back to it. More generally Rails encourages you to use the right HTTP verb for an action. h4. Multiple Hashes in Form Helper Calls -By now you've seen that the +form_tag+ helper accepts 2 arguments: the path for the action and an options hash. This hash specifies the method of form submission and HTML options such as the form element's class. +The +form_tag+ helper accepts 2 arguments: the path for the action and an options hash. This hash specifies the method of form submission and HTML options such as the form element's class. -As with the +link_to+ helper, the path argument doesn't have to be given a string. It can be a hash of URL parameters that Rails' routing mechanism will turn into a valid URL. However, this is a bad way to pass multiple hashes as method arguments: +As with the +link_to+ helper, the path argument doesn't have to be given a string; it can be a hash of URL parameters recognizable by Rails' routing mechanism, which will turn the hash into a valid URL. However, since both arguments to +form_tag+ are hashes, you can easily run into a problem if you would like to specify both. For instance, let's say you write this: <ruby> form_tag(:controller => "people", :action => "search", :method => "get", :class => "nifty_form") -# => <form accept-charset="UTF-8" action="/people/search?method=get&class=nifty_form" method="post"> +# => '<form accept-charset="UTF-8" action="/people/search?method=get&class=nifty_form" method="post">' </ruby> -Here you wanted to pass two hashes, but the Ruby interpreter sees only one hash, so Rails will construct a URL with extraneous parameters. The correct way of passing multiple hashes as arguments is to delimit the first hash (or both hashes) with curly brackets: +Here, +method+ and +class+ are appended to the query string of the generated URL because you even though you mean to write two hashes, you really only specified one. So you need to tell Ruby which is which by delimiting the first hash (or both) with curly brackets. This will generate the HTML you expect: <ruby> form_tag({:controller => "people", :action => "search"}, :method => "get", :class => "nifty_form") -# => <form accept-charset="UTF-8" action="/people/search" method="get" class="nifty_form"> +# => '<form accept-charset="UTF-8" action="/people/search" method="get" class="nifty_form">' </ruby> -This is a common pitfall when using form helpers, since many of them accept multiple hashes. So in future, if a helper produces unexpected output, make sure that you have delimited the hash parameters properly. - -WARNING: Do not delimit the second hash without doing so with the first hash, otherwise your method invocation will result in an +expecting tASSOC+ syntax error. - h4. Helpers for Generating Form Elements -Rails provides a series of helpers for generating form elements such as checkboxes, text fields and radio buttons. These basic helpers, with names ending in <notextile>_tag</notextile> such as +text_field_tag+ and +check_box_tag+ generate just a single +<input>+ element. The first parameter to these is always the name of the input. In the controller this name will be the key in the +params+ hash used to get the value entered by the user. For example, if the form contains +Rails provides a series of helpers for generating form elements such as checkboxes, text fields, and radio buttons. These basic helpers, with names ending in "_tag" (such as +text_field_tag+ and +check_box_tag+), generate just a single +<input>+ element. The first parameter to these is always the name of the input. When the form is submitted, the name will be passed along with the form data, and will make its way to the +params+ hash in the controller with the value entered by the user for that field. For example, if the form contains +<%= text_field_tag(:query) %>+, then you would be able to get the value of this field in the controller with +params[:query]+. -<erb> -<%= text_field_tag(:query) %> -</erb> - -then the controller code should use - -<ruby> -params[:query] -</ruby> - -to retrieve the value entered by the user. When naming inputs, be aware that Rails uses certain conventions that control whether values are at the top level of the +params+ hash, inside an array or a nested hash and so on. You can read more about them in the parameter_names section. For details on the precise usage of these helpers, please refer to the "API documentation":http://api.rubyonrails.org/classes/ActionView/Helpers/FormTagHelper.html. +When naming inputs, Rails uses certain conventions that make it possible to submit parameters with non-scalar values such as arrays or hashes, which will also be accessible in +params+. You can read more about them in "chapter 7 of this guide":#understanding-parameter-naming-conventions. For details on the precise usage of these helpers, please refer to the "API documentation":http://api.rubyonrails.org/classes/ActionView/Helpers/FormTagHelper.html. h5. Checkboxes @@ -133,7 +113,7 @@ Checkboxes are form controls that give the user a set of options they can enable <%= label_tag(:pet_cat, "I own a cat") %> </erb> -output: +This generates the following: <html> <input id="pet_dog" name="pet_dog" type="checkbox" value="1" /> @@ -142,11 +122,11 @@ output: <label for="pet_cat">I own a cat</label> </html> -The second parameter to +check_box_tag+ is the value of the input. This is the value that will be submitted by the browser if the checkbox is ticked (i.e. the value that will be present in the +params+ hash). With the above form you would check the value of +params[:pet_dog]+ and +params[:pet_cat]+ to see which pets the user owns. +The first parameter to +check_box_tag+, of course, is the name of the input. The second parameter, naturally, is the value of the input. This value will be included in the form data (and be present in +params+) when the checkbox is checked. h5. Radio Buttons -Radio buttons, while similar to checkboxes, are controls that specify a set of options in which they are mutually exclusive (i.e. the user can only pick one): +Radio buttons, while similar to checkboxes, are controls that specify a set of options in which they are mutually exclusive (i.e., the user can only pick one): <erb> <%= radio_button_tag(:age, "child") %> @@ -155,7 +135,7 @@ Radio buttons, while similar to checkboxes, are controls that specify a set of o <%= label_tag(:age_adult, "I'm over 21") %> </erb> -output: +Output: <html> <input id="age_child" name="age" type="radio" value="child" /> @@ -164,32 +144,41 @@ output: <label for="age_adult">I'm over 21</label> </html> -As with +check_box_tag+ the second parameter to +radio_button_tag+ is the value of the input. Because these two radio buttons share the same name (age) the user will only be able to select one and +params[:age]+ will contain either "child" or "adult". +As with +check_box_tag+, the second parameter to +radio_button_tag+ is the value of the input. Because these two radio buttons share the same name (age) the user will only be able to select one, and +params[:age]+ will contain either "child" or "adult". -IMPORTANT: Always use labels for each checkbox and radio button. They associate text with a specific option and provide a larger clickable region. +NOTE: Always use labels for checkbox and radio buttons. They associate text with a specific option and make it easier for users to click the inputs by expanding the clickable region. h4. Other Helpers of Interest -Other form controls worth mentioning are the text area, password input and hidden input: +Other form controls worth mentioning are textareas, password fields, hidden fields, search fields, telephone fields, URL fields and email fields: <erb> <%= text_area_tag(:message, "Hi, nice site", :size => "24x6") %> <%= password_field_tag(:password) %> <%= hidden_field_tag(:parent_id, "5") %> +<%= search_field(:user, :name) %> +<%= telephone_field(:user, :phone) %> +<%= url_field(:user, :homepage) %> +<%= email_field(:user, :address) %> </erb> -output: +Output: <html> <textarea id="message" name="message" cols="24" rows="6">Hi, nice site</textarea> <input id="password" name="password" type="password" /> <input id="parent_id" name="parent_id" type="hidden" value="5" /> +<input id="user_name" name="user[name]" size="30" type="search" /> +<input id="user_phone" name="user[phone]" size="30" type="tel" /> +<input id="user_homepage" size="30" name="user[homepage]" type="url" /> +<input id="user_address" size="30" name="user[address]" type="email" /> </html> -Hidden inputs are not shown to the user, but they hold data like any textual input. Values inside them can be changed with JavaScript. +Hidden inputs are not shown to the user but instead hold data like any textual input. Values inside them can be changed with JavaScript. -TIP: If you're using password input fields (for any purpose), you might want to configure your application to prevent those parameters from being logged. +IMPORTANT: The search, telephone, URL, and email inputs are HTML5 controls. If you require your app to have a consistent experience in older browsers, you will need an HTML5 polyfill (provided by CSS and/or JavaScript). There is definitely "no shortage of solutions for this":https://github.com/Modernizr/Modernizr/wiki/HTML5-Cross-Browser-Polyfills, although a couple of popular tools at the moment are "Modernizr":http://www.modernizr.com/ and "yepnope":http://yepnopejs.com/, which provide a simple way to add functionality based on the presence of detected HTML5 features. +TIP: If you're using password input fields (for any purpose), you might want to configure your application to prevent those parameters from being logged. You can learn about this in the "Security Guide":security.html#logging. h3. Dealing with Model Objects @@ -353,7 +342,6 @@ output: When parsing POSTed data, Rails will take into account the special +_method+ parameter and acts as if the HTTP method was the one specified inside it ("PUT" in this example). - h3. Making Select Boxes with Ease Select boxes in HTML require a significant amount of markup (one +OPTION+ element for each option to choose from), therefore it makes the most sense for them to be dynamically generated. diff --git a/railties/guides/source/getting_started.textile b/railties/guides/source/getting_started.textile index 6aca5d3420..d2bfcfdbb4 100644 --- a/railties/guides/source/getting_started.textile +++ b/railties/guides/source/getting_started.textile @@ -1,6 +1,7 @@ h2. Getting Started with Rails -This guide covers getting up and running with Ruby on Rails. After reading it, you should be familiar with: +This guide covers getting up and running with Ruby on Rails. After reading it, +you should be familiar with: * Installing Rails, creating a new Rails application, and connecting your application to a database * The general layout of a Rails application @@ -9,20 +10,32 @@ This guide covers getting up and running with Ruby on Rails. After reading it, y endprologue. -WARNING. This Guide is based on Rails 3.0. Some of the code shown here will not work in earlier versions of Rails. +WARNING. This Guide is based on Rails 3.1. Some of the code shown here will not +work in earlier versions of Rails. h3. Guide Assumptions -This guide is designed for beginners who want to get started with a Rails application from scratch. It does not assume that you have any prior experience with Rails. However, to get the most out of it, you need to have some prerequisites installed: +This guide is designed for beginners who want to get started with a Rails +application from scratch. It does not assume that you have any prior experience +with Rails. However, to get the most out of it, you need to have some +prerequisites installed: * The "Ruby":http://www.ruby-lang.org/en/downloads language version 1.8.7 or higher -TIP: Note that Ruby 1.8.7 p248 and p249 have marshaling bugs that crash Rails 3.0. Ruby Enterprise Edition have these fixed since release 1.8.7-2010.02 though. On the 1.9 front, Ruby 1.9.1 is not usable because it outright segfaults on Rails 3.0, so if you want to use Rails 3 with 1.9.x jump on 1.9.2 for smooth sailing. +TIP: Note that Ruby 1.8.7 p248 and p249 have marshaling bugs that crash Rails +3.0. Ruby Enterprise Edition have these fixed since release 1.8.7-2010.02 +though. On the 1.9 front, Ruby 1.9.1 is not usable because it outright segfaults +on Rails 3.0, so if you want to use Rails 3 with 1.9.x jump on 1.9.2 for smooth +sailing. * The "RubyGems":http://rubyforge.org/frs/?group_id=126 packaging system + ** If you want to learn more about RubyGems, please read the "RubyGems User Guide":http://docs.rubygems.org/read/book/1 * A working installation of the "SQLite3 Database":http://www.sqlite.org -Rails is a web application framework running on the Ruby programming language. If you have no prior experience with Ruby, you will find a very steep learning curve diving straight into Rails. There are some good free resources on the internet for learning Ruby, including: +Rails is a web application framework running on the Ruby programming language. +If you have no prior experience with Ruby, you will find a very steep learning +curve diving straight into Rails. There are some good free resources on the +internet for learning Ruby, including: * "Mr. Neighborly's Humble Little Ruby Book":http://www.humblelittlerubybook.com * "Programming Ruby":http://www.ruby-doc.org/docs/ProgrammingRuby/ @@ -30,19 +43,32 @@ Rails is a web application framework running on the Ruby programming language. I h3. What is Rails? -Rails is a web application development framework written in the Ruby language. It is designed to make programming web applications easier by making assumptions about what every developer needs to get started. It allows you to write less code while accomplishing more than many other languages and frameworks. Experienced Rails developers also report that it makes web application development more fun. +Rails is a web application development framework written in the Ruby language. +It is designed to make programming web applications easier by making assumptions +about what every developer needs to get started. It allows you to write less +code while accomplishing more than many other languages and frameworks. +Experienced Rails developers also report that it makes web application +development more fun. -Rails is opinionated software. It makes the assumption that there is a "best" way to do things, and it's designed to encourage that way - and in some cases to discourage alternatives. If you learn "The Rails Way" you'll probably discover a tremendous increase in productivity. If you persist in bringing old habits from other languages to your Rails development, and trying to use patterns you learned elsewhere, you may have a less happy experience. +Rails is opinionated software. It makes the assumption that there is a "best" +way to do things, and it's designed to encourage that way - and in some cases to +discourage alternatives. If you learn "The Rails Way" you'll probably discover a +tremendous increase in productivity. If you persist in bringing old habits from +other languages to your Rails development, and trying to use patterns you +learned elsewhere, you may have a less happy experience. The Rails philosophy includes several guiding principles: * DRY - "Don't Repeat Yourself" - suggests that writing the same code over and over again is a bad thing. -* Convention Over Configuration - means that Rails makes assumptions about what you want to do and how you're going to do it, rather than requiring you to specify every little thing through endless configuration files. -* REST is the best pattern for web applications - organizing your application around resources and standard HTTP verbs is the fastest way to go. +* Convention Over Configuration - means that Rails makes assumptions about what you want to do and how you're going to +d o it, rather than requiring you to specify every little thing through endless configuration files. +* REST is the best pattern for web applications - organizing your application around resources and standard HTTP verbs +i s the fastest way to go. h4. The MVC Architecture -At the core of Rails is the Model, View, Controller architecture, usually just called MVC. MVC benefits include: +At the core of Rails is the Model, View, Controller architecture, usually just +called MVC. MVC benefits include: * Isolation of business logic from the user interface * Ease of keeping code DRY @@ -50,19 +76,34 @@ At the core of Rails is the Model, View, Controller architecture, usually just c h5. Models -A model represents the information (data) of the application and the rules to manipulate that data. In the case of Rails, models are primarily used for managing the rules of interaction with a corresponding database table. In most cases, one table in your database will correspond to one model in your application. The bulk of your application's business logic will be concentrated in the models. +A model represents the information (data) of the application and the rules to +manipulate that data. In the case of Rails, models are primarily used for +managing the rules of interaction with a corresponding database table. In most +cases, each table in your database will correspond to one model in your +application. The bulk of your application's business logic will be concentrated +in the models. h5. Views -Views represent the user interface of your application. In Rails, views are often HTML files with embedded Ruby code that perform tasks related solely to the presentation of the data. Views handle the job of providing data to the web browser or other tool that is used to make requests from your application. +Views represent the user interface of your application. In Rails, views are +often HTML files with embedded Ruby code that perform tasks related solely to +the presentation of the data. Views handle the job of providing data to the web +browser or other tool that is used to make requests from your application. h5. Controllers -Controllers provide the "glue" between models and views. In Rails, controllers are responsible for processing the incoming requests from the web browser, interrogating the models for data, and passing that data on to the views for presentation. +Controllers provide the "glue" between models and views. In Rails, controllers +are responsible for processing the incoming requests from the web browser, +interrogating the models for data, and passing that data on to the views for +presentation. h4. The Components of Rails -Rails ships as many individual components. +Rails ships as many individual components. Each of these components are briefly +explained below. If you are new to Rails, as you read this section, don't get +hung up on the details of each component, as they will be explained in further +detail later. For instance, we will bring up Rack applications, but you don't +need to know anything about them to continue with this guide. * Action Pack ** Action Controller @@ -75,70 +116,107 @@ Rails ships as many individual components. * Active Support * Railties - h5. Action Pack -Action Pack is a single gem that contains Action Controller, Action View and Action Dispatch. The "VC" part of "MVC". +Action Pack is a single gem that contains Action Controller, Action View and +Action Dispatch. The "VC" part of "MVC". -h5. Action Controller +h6. Action Controller -Action Controller is the component that manages the controllers in a Rails application. The Action Controller framework processes incoming requests to a Rails application, extracts parameters, and dispatches them to the intended action. Services provided by Action Controller include session management, template rendering, and redirect management. +Action Controller is the component that manages the controllers in a Rails +application. The Action Controller framework processes incoming requests to a +Rails application, extracts parameters, and dispatches them to the intended +action. Services provided by Action Controller include session management, +template rendering, and redirect management. -h5. Action View +h6. Action View -Action View manages the views of your Rails application. It can create both HTML and XML output by default. Action View manages rendering templates, including nested and partial templates, and includes built-in AJAX support. +Action View manages the views of your Rails application. It can create both HTML +and XML output by default. Action View manages rendering templates, including +nested and partial templates, and includes built-in AJAX support. View +templates are covered in more detail in another guide called "Layouts and +Rendering":layouts_and_rendering.html. -h5. Action Dispatch +h6. Action Dispatch -Action Dispatch handles routing of web requests and dispatches them as you want, either to your application or any other Rack application. +Action Dispatch handles routing of web requests and dispatches them as you want, +either to your application or any other Rack application. Rack applications are +a more advanced topic and are covered in a separate guide called "Rails on +Rack":rails_on_rack.html. h5. Action Mailer -Action Mailer is a framework for building e-mail services. You can use Action Mailer to receive and process incoming email and send simple plain text or complex multipart emails based on flexible templates. +Action Mailer is a framework for building e-mail services. You can use Action +Mailer to receive and process incoming email and send simple plain text or +complex multipart emails based on flexible templates. h5. Active Model -Active Model provides a defined interface between the Action Pack gem services and Object Relationship Mapping gems such as Active Record. Active Model allows Rails to utilize other ORM frameworks in place of Active Record if your application needs this. +Active Model provides a defined interface between the Action Pack gem services +and Object Relationship Mapping gems such as Active Record. Active Model allows +Rails to utilize other ORM frameworks in place of Active Record if your +application needs this. h5. Active Record -Active Record is the base for the models in a Rails application. It provides database independence, basic CRUD functionality, advanced finding capabilities, and the ability to relate models to one another, among other services. +Active Record is the base for the models in a Rails application. It provides +database independence, basic CRUD functionality, advanced finding capabilities, +and the ability to relate models to one another, among other services. h5. Active Resource -Active Resource provides a framework for managing the connection between business objects and RESTful web services. It implements a way to map web-based resources to local objects with CRUD semantics. +Active Resource provides a framework for managing the connection between +business objects and RESTful web services. It implements a way to map web-based +resources to local objects with CRUD semantics. h5. Active Support -Active Support is an extensive collection of utility classes and standard Ruby library extensions that are used in Rails, both by the core code and by your applications. +Active Support is an extensive collection of utility classes and standard Ruby +library extensions that are used in Rails, both by the core code and by your +applications. h5. Railties -Railties is the core Rails code that builds new Rails applications and glues the various frameworks and plugins together in any Rails application. +Railties is the core Rails code that builds new Rails applications and glues the +various frameworks and plugins together in any Rails application. h4. REST -Rest stands for Representational State Transfer and is the foundation of the RESTful architecture. This is generally considered to be Roy Fielding's doctoral thesis, "Architectural Styles and the Design of Network-based Software Architectures":http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm. While you can read through the thesis, REST in terms of Rails boils down to two main principles: +Rest stands for Representational State Transfer and is the foundation of the +RESTful architecture. This is generally considered to be Roy Fielding's doctoral +thesis, "Architectural Styles and the Design of Network-based Software +Architectures":http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm. While +you can read through the thesis, REST in terms of Rails boils down to two main +principles: * Using resource identifiers such as URLs to represent resources. * Transferring representations of the state of that resource between system components. -For example, to a Rails application a request such as this: +For example, the following HTTP request: <tt>DELETE /photos/17</tt> -would be understood to refer to a photo resource with the ID of 17, and to indicate a desired action - deleting that resource. REST is a natural style for the architecture of web applications, and Rails hooks into this shielding you from many of the RESTful complexities and browser quirks. +would be understood to refer to a photo resource with the ID of 17, and to +indicate a desired action - deleting that resource. REST is a natural style for +the architecture of web applications, and Rails hooks into this shielding you +from many of the RESTful complexities and browser quirks. -If you'd like more details on REST as an architectural style, these resources are more approachable than Fielding's thesis: +If you'd like more details on REST as an architectural style, these resources +are more approachable than Fielding's thesis: * "A Brief Introduction to REST":http://www.infoq.com/articles/rest-introduction by Stefan Tilkov * "An Introduction to REST":http://bitworking.org/news/373/An-Introduction-to-REST (video tutorial) by Joe Gregorio * "Representational State Transfer":http://en.wikipedia.org/wiki/Representational_State_Transfer article in Wikipedia -* "How to GET a Cup of Coffee":http://www.infoq.com/articles/webber-rest-workflow by Jim Webber, Savas Parastatidis & Ian Robinson +* "How to GET a Cup of Coffee":http://www.infoq.com/articles/webber-rest-workflow by Jim Webber, Savas Parastatidis & +Ian Robinson h3. Creating a New Rails Project -If you follow this guide, you'll create a Rails project called <tt>blog</tt>, a (very) simple weblog. Before you can start building the application, you need to make sure that you have Rails itself installed. +If you follow this guide, you'll create a Rails project called <tt>blog</tt>, a +(very) simple weblog. Before you can start building the application, you need to +make sure that you have Rails itself installed. + +TIP: The examples below use # and $ to denote terminal prompts. If you are using Windows, your prompt will look something like c:\source_code> h4. Installing Rails @@ -149,13 +227,19 @@ Usually run this as the root user: # gem install rails </shell> -TIP. If you're working on Windows, you can quickly install Ruby and Rails with "Rails Installer":http://railsinstaller.org. +TIP. If you're working on Windows, you can quickly install Ruby and Rails with +"Rails Installer":http://railsinstaller.org. h4. Creating the Blog Application -The best way to use this guide is to follow each step as it happens, no code or step needed to make this example application has been left out, so you can literally follow along step by step. If you need to see the completed code, you can download it from "Getting Started Code":https://github.com/mikel/getting-started-code. +The best way to use this guide is to follow each step as it happens, no code or +step needed to make this example application has been left out, so you can +literally follow along step by step. If you need to see the completed code, you +can download it from "Getting Started +Code":https://github.com/mikel/getting-started-code. -To begin, open a terminal, navigate to a folder where you have rights to create files, and type: +To begin, open a terminal, navigate to a folder where you have rights to create +files, and type: <shell> $ rails new blog @@ -163,20 +247,27 @@ $ rails new blog This will create a Rails application called Blog in a directory called blog. -TIP: You can see all of the switches that the Rails application builder accepts by running <tt>rails new -h</tt>. +TIP: You can see all of the switches that the Rails application builder accepts +by running +<tt>rails new -h</tt>. -After you create the blog application, switch to its folder to continue work directly in that application: +After you create the blog application, switch to its folder to continue work +directly in that application: <shell> $ cd blog </shell> -In any case, Rails will create a folder in your working directory called <tt>blog</tt>. Open up that folder and explore its contents. Most of the work in this tutorial will happen in the <tt>app/</tt> folder, but here's a basic rundown on the function of each folder that Rails creates in a new application by default: +In any case, Rails will create a folder in your working directory called +<tt>blog</tt>. Open up that folder and explore its contents. Most of the work in +this tutorial will happen in the <tt>app/</tt> folder, but here's a basic +rundown on the function of each folder that Rails creates in a new application +by default: |_.File/Folder|_.Purpose| -|Gemfile|This file allows you to specify what gem dependencies are needed for your Rails application.| -|README|This is a brief instruction manual for your application. Use it to tell others what your application does, how to set it up, and so on.| -|Rakefile|This file contains batch jobs that can be run from the terminal.| +|Gemfile|This file allows you to specify what gem dependencies are needed for your Rails application. See section on Bundler, below.| +|README|This is a brief instruction manual for your application. You should edit this file to tell others what your application does, how to set it up, and so on.| +|Rakefile|This file locates and loads tasks that can be run from the command line. The task definitions are defined throughout the components of Rails. Rather than changing Rakefile, you should add your own tasks by adding files to the lib/tasks directory of your application.| |app/|Contains the controllers, models, views and assets for your application. You'll focus on this folder for the remainder of this guide.| |config/|Configure your application's runtime rules, routes, database, and more.| |config.ru|Rack configuration for Rack based servers used to start the application.| @@ -190,20 +281,13 @@ In any case, Rails will create a folder in your working directory called <tt>blo |tmp/|Temporary files| |vendor/|A place for all third-party code. In a typical Rails application, this includes Ruby Gems, the Rails source code (if you install it into your project) and plugins containing additional prepackaged functionality.| -h4. Installing the Required Gems - -Rails applications manage gem dependencies with "Bundler":http://gembundler.com/v1.0/index.html by default. As we don't need any other gems beyond the ones in the generated +Gemfile+ we can directly run - -<shell> -$ bundle install -</shell> - -to have them ready. - h4. Configuring a Database -Just about every Rails application will interact with a database. The database to use is specified in a configuration file, +config/database.yml+. -If you open this file in a new Rails application, you'll see a default database configuration using SQLite3. The file contains sections for three different environments in which Rails can run by default: +Just about every Rails application will interact with a database. The database +to use is specified in a configuration file, +config/database.yml+. If you open +this file in a new Rails application, you'll see a default database +configuration using SQLite3. The file contains sections for three different +environments in which Rails can run by default: * The +development+ environment is used on your development computer as you interact manually with the application. * The +test+ environment is used to run automated tests. @@ -211,9 +295,15 @@ If you open this file in a new Rails application, you'll see a default database h5. Configuring an SQLite3 Database -Rails comes with built-in support for "SQLite3":http://www.sqlite.org, which is a lightweight serverless database application. While a busy production environment may overload SQLite, it works well for development and testing. Rails defaults to using an SQLite database when creating a new project, but you can always change it later. +Rails comes with built-in support for "SQLite3":http://www.sqlite.org, which is +a lightweight serverless database application. While a busy production +environment may overload SQLite, it works well for development and testing. +Rails defaults to using an SQLite database when creating a new project, but you +can always change it later. -Here's the section of the default configuration file (<tt>config/database.yml</tt>) with connection information for the development environment: +Here's the section of the default configuration file +(<tt>config/database.yml</tt>) with connection information for the development +environment: <yaml> development: @@ -223,11 +313,17 @@ development: timeout: 5000 </yaml> -NOTE: In this guide we are using an SQLite3 database for data storage, because it is a zero configuration database that just works. Rails also supports MySQL and PostgreSQL "out of the box", and has plugins for many database systems. If you are using a database in a production environment Rails most likely has an adapter for it. +NOTE: In this guide we are using an SQLite3 database for data storage, because +it is a zero configuration database that just works. Rails also supports MySQL +and PostgreSQL "out of the box", and has plugins for many database systems. If +you are using a database in a production environment Rails most likely has an +adapter for it. h5. Configuring a MySQL Database -If you choose to use MySQL instead of the shipped SQLite3 database, your +config/database.yml+ will look a little different. Here's the development section: +If you choose to use MySQL instead of the shipped SQLite3 database, your ++config/database.yml+ will look a little different. Here's the development +section: <yaml> development: @@ -240,11 +336,14 @@ development: socket: /tmp/mysql.sock </yaml> -If your development computer's MySQL installation includes a root user with an empty password, this configuration should work for you. Otherwise, change the username and password in the +development+ section as appropriate. +If your development computer's MySQL installation includes a root user with an +empty password, this configuration should work for you. Otherwise, change the +username and password in the +development+ section as appropriate. h5. Configuring a PostgreSQL Database -If you choose to use PostgreSQL, your +config/database.yml+ will be customized to use PostgreSQL databases: +If you choose to use PostgreSQL, your +config/database.yml+ will be customized +to use PostgreSQL databases: <yaml> development: @@ -258,7 +357,8 @@ development: h5. Configuring an SQLite3 Database for JRuby Platform -If you choose to use SQLite3 and using JRuby, your +config/database.yml+ will look a little different. Here's the development section: +If you choose to use SQLite3 and using JRuby, your +config/database.yml+ will +look a little different. Here's the development section: <yaml> development: @@ -268,7 +368,8 @@ development: h5. Configuring a MySQL Database for JRuby Platform -If you choose to use MySQL and using JRuby, your +config/database.yml+ will look a little different. Here's the development section: +If you choose to use MySQL and using JRuby, your +config/database.yml+ will look +a little different. Here's the development section: <yaml> development: @@ -280,7 +381,9 @@ development: h5. Configuring a PostgreSQL Database for JRuby Platform -Finally if you choose to use PostgreSQL and using JRuby, your +config/database.yml+ will look a little different. Here's the development section: +Finally if you choose to use PostgreSQL and using JRuby, your ++config/database.yml+ will look a little different. Here's the development +section: <yaml> development: @@ -293,51 +396,79 @@ development: Change the username and password in the +development+ section as appropriate. -TIP: You don't have to update the database configurations manually. If you had a look at the options of application generator, you have seen that one of them is named <tt>--database</tt>. It lets you choose an adapter for couple of most used relational databases. You can even run the generator repeatedly: <tt>cd .. && rails new blog --database=mysql</tt>. When you confirm the overwriting of the +config/database.yml+ file, your application will be configured for MySQL instead of SQLite. +TIP: You don't have to update the database configurations manually. If you look at the +options of the application generator, you will see that one of the options +is named <tt>--database</tt>. This option allows you to choose an adapter from a +list of the most used relational databases. You can even run the generator +repeatedly: <tt>cd .. && rails new blog --database=mysql</tt>. When you confirm the overwriting + of the +config/database.yml+ file, your application will be configured for MySQL +instead of SQLite. h4. Creating the Database -Now that you have your database configured, it's time to have Rails create an empty database for you. You can do this by running a rake command: +Now that you have your database configured, it's time to have Rails create an +empty database for you. You can do this by running a rake command: <shell> $ rake db:create </shell> -This will create your development and test SQLite3 databases inside the <tt>db/</tt> folder. +This will create your development and test SQLite3 databases inside the +<tt>db/</tt> folder. -TIP: Rake is a general-purpose command-runner that Rails uses for many things. You can see the list of available rake commands in your application by running +rake -T+. +TIP: Rake is a general-purpose command-runner that Rails uses for many things. +You can see the list of available rake commands in your application by running ++rake -T+. h3. Hello, Rails! -One of the traditional places to start with a new language is by getting some text up on screen quickly. To do this, you need to get your Rails application server running. +One of the traditional places to start with a new language is by getting some +text up on screen quickly. To do this, you need to get your Rails application +server running. h4. Starting up the Web Server -You actually have a functional Rails application already. To see it, you need to start a web server on your development machine. You can do this by running: +You actually have a functional Rails application already. To see it, you need to +start a web server on your development machine. You can do this by running: <shell> $ rails server </shell> -This will fire up an instance of the WEBrick web server by default (Rails can also use several other web servers). To see your application in action, open a browser window and navigate to "http://localhost:3000":http://localhost:3000. You should see Rails' default information page: +This will fire up an instance of the WEBrick web server by default (Rails can +also use several other web servers). To see your application in action, open a +browser window and navigate to "http://localhost:3000":http://localhost:3000. +You should see Rails' default information page: !images/rails_welcome.png(Welcome Aboard screenshot)! -TIP: To stop the web server, hit Ctrl+C in the terminal window where it's running. In development mode, Rails does not generally require you to stop the server; changes you make in files will be automatically picked up by the server. +TIP: To stop the web server, hit Ctrl+C in the terminal window where it's +running. In development mode, Rails does not generally require you to stop the +server; changes you make in files will be automatically picked up by the server. -The "Welcome Aboard" page is the _smoke test_ for a new Rails application: it makes sure that you have your software configured correctly enough to serve a page. You can also click on the _About your application’s environment_ link to see a summary of your application's environment. +The "Welcome Aboard" page is the _smoke test_ for a new Rails application: it +makes sure that you have your software configured correctly enough to serve a +page. You can also click on the _About your application’s environment_ link to +see a summary of your application's environment. h4. Say "Hello", Rails -To get Rails saying "Hello", you need to create at minimum a controller and a view. Fortunately, you can do that in a single command. Enter this command in your terminal: +To get Rails saying "Hello", you need to create at minimum a controller and a +view. Fortunately, you can do that in a single command. Enter this command in +your terminal: <shell> $ rails generate controller home index </shell> -TIP: If you're on Windows, or your Ruby is set up in some non-standard fashion, you may need to explicitly pass Rails +rails+ commands to Ruby: <tt>ruby \path\to\your\application\script\rails generate controller home index</tt>. +TIP: If you get a command not found error when running this command, you +need to explicitly pass Rails +rails+ commands to Ruby: <tt>ruby +\path\to\your\application\script\rails generate controller home index</tt>. -Rails will create several files for you, including +app/views/home/index.html.erb+. This is the template that will be used to display the results of the +index+ action (method) in the +home+ controller. Open this file in your text editor and edit it to contain a single line of code: +Rails will create several files for you, including ++app/views/home/index.html.erb+. This is the template that will be used to +display the results of the +index+ action (method) in the +home+ controller. +Open this file in your text editor and edit it to contain a single line of code: <code class="html"> <h1>Hello, Rails!</h1> @@ -345,17 +476,30 @@ Rails will create several files for you, including +app/views/home/index.html.er h4. Setting the Application Home Page -Now that we have made the controller and view, we need to tell Rails when we want "Hello Rails" to show up. In our case, we want it to show up when we navigate to the root URL of our site, "http://localhost:3000":http://localhost:3000, instead of the "Welcome Aboard" smoke test. +Now that we have made the controller and view, we need to tell Rails when we +want "Hello Rails" to show up. In our case, we want it to show up when we +navigate to the root URL of our site, +"http://localhost:3000":http://localhost:3000, instead of the "Welcome Aboard" +smoke test. -The first step to doing this is to delete the default page from your application: +The first step to doing this is to delete the default page from your +application: <shell> $ rm public/index.html </shell> -We need to do this as Rails will deliver any static file in the +public+ directory in preference to any dynamic content we generate from the controllers. +We need to do this as Rails will deliver any static file in the +public+ +directory in preference to any dynamic content we generate from the controllers. -Now, you have to tell Rails where your actual home page is located. Open the file +config/routes.rb+ in your editor. This is your application's _routing file_ which holds entries in a special DSL (domain-specific language) that tells Rails how to connect incoming requests to controllers and actions. This file contains many sample routes on commented lines, and one of them actually shows you how to connect the root of your site to a specific controller and action. Find the line beginning with +root :to+, uncomment it and change it like the following: +Now, you have to tell Rails where your actual home page is located. Open the +file +config/routes.rb+ in your editor. This is your application's _routing +file_ which holds entries in a special DSL (domain-specific language) that tells +Rails how to connect incoming requests to controllers and actions. This file +contains many sample routes on commented lines, and one of them actually shows +you how to connect the root of your site to a specific controller and action. +Find the line beginning with +root :to+, uncomment it and change it like the +following: <ruby> Blog::Application.routes.draw do @@ -366,27 +510,33 @@ Blog::Application.routes.draw do root :to => "home#index" </ruby> -The +root :to => "home#index"+ tells Rails to map the root action to the home controller's index action. +The +root :to => "home#index"+ tells Rails to map the root action to the home +controller's index action. -Now if you navigate to "http://localhost:3000":http://localhost:3000 in your browser, you'll see +Hello, Rails!+. +Now if you navigate to "http://localhost:3000":http://localhost:3000 in your +browser, you'll see +Hello, Rails!+. -NOTE. For more information about routing, refer to "Rails Routing from the Outside In":routing.html. +NOTE. For more information about routing, refer to "Rails Routing from the +Outside In":routing.html. h3. Getting Up and Running Quickly with Scaffolding -Rails _scaffolding_ is a quick way to generate some of the major pieces of an application. If you want to create the models, views, and controllers for a new resource in a single operation, scaffolding is the tool for the job. +Rails _scaffolding_ is a quick way to generate some of the major pieces of an +application. If you want to create the models, views, and controllers for a new +resource in a single operation, scaffolding is the tool for the job. h3. Creating a Resource -In the case of the blog application, you can start by generating a scaffolded Post resource: this will represent a single blog posting. To do this, enter this command in your terminal: +In the case of the blog application, you can start by generating a scaffolded +Post resource: this will represent a single blog posting. To do this, enter this +command in your terminal: <shell> $ rails generate scaffold Post name:string title:string content:text </shell> -NOTE. While scaffolding will get you up and running quickly, the code it generates is unlikely to be a perfect fit for your application. You'll most probably want to customize the generated code. Many experienced Rails developers avoid scaffolding entirely, preferring to write all or most of their source code from scratch. Rails, however, makes it really simple to customize templates for generated models, controllers, views and other source files. You'll find more information in the "Creating and Customizing Rails Generators & Templates":generators.html guide. - -The scaffold generator will build 15 files in your application, along with some folders, and edit one more. Here's a quick overview of what it creates: +The scaffold generator will build several files in your application, along with some +folders, and edit <tt>config/routes.rb</tt>. Here's a quick overview of what it creates: |_.File |_.Purpose| |db/migrate/20100207214725_create_posts.rb |Migration to create the posts table in your database (your name will include a different timestamp)| @@ -400,16 +550,33 @@ The scaffold generator will build 15 files in your application, along with some |app/views/posts/_form.html.erb |A partial to control the overall look and feel of the form used in edit and new views| |app/helpers/posts_helper.rb |Helper functions to be used from the post views| |app/assets/stylesheets/scaffold.css.scss |Cascading style sheet to make the scaffolded views look better| +|app/assets/stylesheets/post.css.scss |Cascading style sheet for the posts controller| +|app/assets/javascripts/post.js.coffee |CoffeeScript for the posts controller| |test/unit/post_test.rb |Unit testing harness for the posts model| |test/functional/posts_controller_test.rb |Functional testing harness for the posts controller| |test/unit/helpers/posts_helper_test.rb |Unit testing harness for the posts helper| |config/routes.rb |Edited to include routing information for posts| +NOTE. While scaffolding will get you up and running quickly, the code it +generates is unlikely to be a perfect fit for your application. You'll most +probably want to customize the generated code. Many experienced Rails developers +avoid scaffolding entirely, preferring to write all or most of their source code +from scratch. Rails, however, makes it really simple to customize templates for +generated models, controllers, views and other source files. You'll find more +information in the "Creating and Customizing Rails Generators & +Templates":generators.html guide. + h4. Running a Migration -One of the products of the +rails generate scaffold+ command is a _database migration_. Migrations are Ruby classes that are designed to make it simple to create and modify database tables. Rails uses rake commands to run migrations, and it's possible to undo a migration after it's been applied to your database. Migration filenames include a timestamp to ensure that they're processed in the order that they were created. +One of the products of the +rails generate scaffold+ command is a _database +migration_. Migrations are Ruby classes that are designed to make it simple to +create and modify database tables. Rails uses rake commands to run migrations, +and it's possible to undo a migration after it's been applied to your database. +Migration filenames include a timestamp to ensure that they're processed in the +order that they were created. -If you look in the +db/migrate/20100207214725_create_posts.rb+ file (remember, yours will have a slightly different name), here's what you'll find: +If you look in the +db/migrate/20100207214725_create_posts.rb+ file (remember, +yours will have a slightly different name), here's what you'll find: <ruby> class CreatePosts < ActiveRecord::Migration @@ -425,7 +592,14 @@ class CreatePosts < ActiveRecord::Migration end </ruby> -The above migration creates a method name +change+ which will be called when you run this migration. The action defined in that method is also reversible, which means Rails knows how to reverse the change made by this migration, in case you want to reverse it at later date. By default, when you run this migration it will creates a +posts+ table with two string columns and a text column. It also creates two timestamp fields to track record creation and updating. More information about Rails migrations can be found in the "Rails Database Migrations":migrations.html guide. +The above migration creates a method name +change+ which will be called when you +run this migration. The action defined in that method is also reversible, which +means Rails knows how to reverse the change made by this migration, in case you +want to reverse it at later date. By default, when you run this migration it +will creates a +posts+ table with two string columns and a text column. It also +creates two timestamp fields to track record creation and updating. More +information about Rails migrations can be found in the "Rails Database +Migrations":migrations.html guide. At this point, you can use a rake command to run the migration: @@ -433,7 +607,8 @@ At this point, you can use a rake command to run the migration: $ rake db:migrate </shell> -Rails will execute this migration command and tell you it created the Posts table. +Rails will execute this migration command and tell you it created the Posts +table. <shell> == CreatePosts: migrating ==================================================== @@ -442,28 +617,43 @@ Rails will execute this migration command and tell you it created the Posts tabl == CreatePosts: migrated (0.0020s) =========================================== </shell> -NOTE. Because you're working in the development environment by default, this command will apply to the database defined in the +development+ section of your +config/database.yml+ file. If you would like to execute migrations in other environment, for instance in production, you must explicitly pass it when invoking the command: <tt>rake db:migrate RAILS_ENV=production</tt>. +NOTE. Because you're working in the development environment by default, this +command will apply to the database defined in the +development+ section of your ++config/database.yml+ file. If you would like to execute migrations in other +environment, for instance in production, you must explicitly pass it when +invoking the command: <tt>rake db:migrate RAILS_ENV=production</tt>. h4. Adding a Link -To hook the posts up to the home page you've already created, you can add a link to the home page. Open +app/views/home/index.html.erb+ and modify it as follows: +To hook the posts up to the home page you've already created, you can add a link +to the home page. Open +app/views/home/index.html.erb+ and modify it as follows: <ruby> <h1>Hello, Rails!</h1> <%= link_to "My Blog", posts_path %> </ruby> -The +link_to+ method is one of Rails' built-in view helpers. It creates a hyperlink based on text to display and where to go - in this case, to the path for posts. +The +link_to+ method is one of Rails' built-in view helpers. It creates a +hyperlink based on text to display and where to go - in this case, to the path +for posts. h4. Working with Posts in the Browser -Now you're ready to start working with posts. To do that, navigate to "http://localhost:3000":http://localhost:3000/ and then click the "My Blog" link: +Now you're ready to start working with posts. To do that, navigate to +"http://localhost:3000":http://localhost:3000/ and then click the "My Blog" +link: !images/posts_index.png(Posts Index screenshot)! -This is the result of Rails rendering the +index+ view of your posts. There aren't currently any posts in the database, but if you click the +New Post+ link you can create one. After that, you'll find that you can edit posts, look at their details, or destroy them. All of the logic and HTML to handle this was built by the single +rails generate scaffold+ command. +This is the result of Rails rendering the +index+ view of your posts. There +aren't currently any posts in the database, but if you click the +New Post+ link +you can create one. After that, you'll find that you can edit posts, look at +their details, or destroy them. All of the logic and HTML to handle this was +built by the single +rails generate scaffold+ command. -TIP: In development mode (which is what you're working in by default), Rails reloads your application with every browser request, so there's no need to stop and restart the web server. +TIP: In development mode (which is what you're working in by default), Rails +reloads your application with every browser request, so there's no need to stop +and restart the web server. Congratulations, you're riding the rails! Now it's time to see how it all works. @@ -476,11 +666,16 @@ class Post < ActiveRecord::Base end </ruby> -There isn't much to this file - but note that the +Post+ class inherits from +ActiveRecord::Base+. Active Record supplies a great deal of functionality to your Rails models for free, including basic database CRUD (Create, Read, Update, Destroy) operations, data validation, as well as sophisticated search support and the ability to relate multiple models to one another. +There isn't much to this file - but note that the +Post+ class inherits from ++ActiveRecord::Base+. Active Record supplies a great deal of functionality to +your Rails models for free, including basic database CRUD (Create, Read, Update, +Destroy) operations, data validation, as well as sophisticated search support +and the ability to relate multiple models to one another. h4. Adding Some Validation -Rails includes methods to help you validate the data that you send to models. Open the +app/models/post.rb+ file and edit it: +Rails includes methods to help you validate the data that you send to models. +Open the +app/models/post.rb+ file and edit it: <ruby> class Post < ActiveRecord::Base @@ -490,17 +685,24 @@ class Post < ActiveRecord::Base end </ruby> -These changes will ensure that all posts have a name and a title, and that the title is at least five characters long. Rails can validate a variety of conditions in a model, including the presence or uniqueness of columns, their format, and the existence of associated objects. +These changes will ensure that all posts have a name and a title, and that the +title is at least five characters long. Rails can validate a variety of +conditions in a model, including the presence or uniqueness of columns, their +format, and the existence of associated objects. h4. Using the Console -To see your validations in action, you can use the console. The console is a command-line tool that lets you execute Ruby code in the context of your application: +To see your validations in action, you can use the console. The console is a +command-line tool that lets you execute Ruby code in the context of your +application: <shell> $ rails console </shell> -TIP: The default console will make changes to your database. You can instead open a console that will roll back any changes you make by using +rails console --sandbox+. +TIP: The default console will make changes to your database. You can instead +open a console that will roll back any changes you make by using +rails console +--sandbox+. After the console loads, you can use it to work with your application's models: @@ -517,15 +719,21 @@ After the console loads, you can use it to work with your application's models: :name=>["can't be blank"] }> </shell> -This code shows creating a new +Post+ instance, attempting to save it and getting +false+ for a return value (indicating that the save failed), and inspecting the +errors+ of the post. +This code shows creating a new +Post+ instance, attempting to save it and +getting +false+ for a return value (indicating that the save failed), and +inspecting the +errors+ of the post. When you're finished, type +exit+ and hit +return+ to exit the console. -TIP: Unlike the development web server, the console does not automatically load your code afresh for each line. If you make changes to your models while the console is open, type +reload!+ at the console prompt to load them. +TIP: Unlike the development web server, the console does not automatically load +your code afresh for each line. If you make changes to your models while the +console is open, type +reload!+ at the console prompt to load them. h4. Listing All Posts -The easiest place to start looking at functionality is with the code that lists all posts. Open the file +app/controllers/posts_controller.rb+ and look at the +index+ action: +The easiest place to start looking at functionality is with the code that lists +all posts. Open the file +app/controllers/posts_controller.rb+ and look at the ++index+ action: <ruby> def index @@ -538,11 +746,19 @@ def index end </ruby> -+Post.all+ calls the +Post+ model to return all of the posts currently in the database. The result of this call is an array of posts that we store in an instance variable called +@posts+. ++Post.all+ calls the +Post+ model to return all of the posts currently in the +database. The result of this call is an array of posts that we store in an +instance variable called +@posts+. -TIP: For more information on finding records with Active Record, see "Active Record Query Interface":active_record_querying.html. +TIP: For more information on finding records with Active Record, see "Active +Record Query Interface":active_record_querying.html. -The +respond_to+ block handles both HTML and JSON calls to this action. If you browse to "http://localhost:3000/posts.json":http://localhost:3000/posts.json, you'll see a JSON containing all of the posts. The HTML format looks for a view in +app/views/posts/+ with a name that corresponds to the action name. Rails makes all of the instance variables from the action available to the view. Here's +app/views/posts/index.html.erb+: +The +respond_to+ block handles both HTML and JSON calls to this action. If you +browse to "http://localhost:3000/posts.json":http://localhost:3000/posts.json, +you'll see a JSON containing all of the posts. The HTML format looks for a view +in +app/views/posts/+ with a name that corresponds to the action name. Rails +makes all of the instance variables from the action available to the view. +Here's +app/views/posts/index.html.erb+: <erb> <h1>Listing posts</h1> @@ -574,18 +790,31 @@ The +respond_to+ block handles both HTML and JSON calls to this action. If you b <%= link_to 'New post', new_post_path %> </erb> -This view iterates over the contents of the +@posts+ array to display content and links. A few things to note in the view: +This view iterates over the contents of the +@posts+ array to display content +and links. A few things to note in the view: * +link_to+ builds a hyperlink to a particular destination * +edit_post_path+ and +new_post_path+ are helpers that Rails provides as part of RESTful routing. You'll see a variety of these helpers for the different actions that the controller includes. -NOTE. In previous versions of Rails, you had to use +<%=h post.name %>+ so that any HTML would be escaped before being inserted into the page. In Rails 3.0, this is now the default. To get unescaped HTML, you now use +<%= raw post.name %>+. +NOTE. In previous versions of Rails, you had to use +<%=h post.name %>+ so +that any HTML would be escaped before being inserted into the page. In Rails +3.0, this is now the default. To get unescaped HTML, you now use +<%= raw +post.name %>+. -TIP: For more details on the rendering process, see "Layouts and Rendering in Rails":layouts_and_rendering.html. +TIP: For more details on the rendering process, see "Layouts and Rendering in +Rails":layouts_and_rendering.html. h4. Customizing the Layout -The view is only part of the story of how HTML is displayed in your web browser. Rails also has the concept of +layouts+, which are containers for views. When Rails renders a view to the browser, it does so by putting the view's HTML into a layout's HTML. In previous versions of Rails, the +rails generate scaffold+ command would automatically create a controller specific layout, like +app/views/layouts/posts.html.erb+, for the posts controller. However this has been changed in Rails 3.0. An application specific +layout+ is used for all the controllers and can be found in +app/views/layouts/application.html.erb+. Open this layout in your editor and modify the +body+ tag: +The view is only part of the story of how HTML is displayed in your web browser. +Rails also has the concept of +layouts+, which are containers for views. When +Rails renders a view to the browser, it does so by putting the view's HTML into +a layout's HTML. In previous versions of Rails, the +rails generate scaffold+ +command would automatically create a controller specific layout, like ++app/views/layouts/posts.html.erb+, for the posts controller. However this has +been changed in Rails 3.0. An application specific +layout+ is used for all the +controllers and can be found in +app/views/layouts/application.html.erb+. Open +this layout in your editor and modify the +body+ tag: <erb> <!DOCTYPE html> @@ -604,11 +833,13 @@ The view is only part of the story of how HTML is displayed in your web browser. </html> </erb> -Now when you refresh the +/posts+ page, you'll see a gray background to the page. This same gray background will be used throughout all the views for posts. +Now when you refresh the +/posts+ page, you'll see a gray background to the +page. This same gray background will be used throughout all the views for posts. h4. Creating New Posts -Creating a new post involves two actions. The first is the +new+ action, which instantiates an empty +Post+ object: +Creating a new post involves two actions. The first is the +new+ action, which +instantiates an empty +Post+ object: <ruby> def new @@ -631,9 +862,15 @@ The +new.html.erb+ view displays this empty Post to the user: <%= link_to 'Back', posts_path %> </erb> -The +<%= render 'form' %>+ line is our first introduction to _partials_ in Rails. A partial is a snippet of HTML and Ruby code that can be reused in multiple locations. In this case, the form used to make a new post, is basically identical to a form used to edit a post, both have text fields for the name and title and a text area for the content with a button to make a new post or update the existing post. +The +<%= render 'form' %>+ line is our first introduction to _partials_ in +Rails. A partial is a snippet of HTML and Ruby code that can be reused in +multiple locations. In this case, the form used to make a new post, is basically +identical to a form used to edit a post, both have text fields for the name and +title and a text area for the content with a button to make a new post or update +the existing post. -If you take a look at +views/posts/_form.html.erb+ file, you will see the following: +If you take a look at +views/posts/_form.html.erb+ file, you will see the +following: <erb> <%= form_for(@post) do |f| %> @@ -666,17 +903,34 @@ If you take a look at +views/posts/_form.html.erb+ file, you will see the follow <% end %> </erb> -This partial receives all the instance variables defined in the calling view file, so in this case, the controller assigned the new Post object to +@post+ and so, this is available in both the view and partial as +@post+. +This partial receives all the instance variables defined in the calling view +file, so in this case, the controller assigned the new Post object to +@post+ +and so, this is available in both the view and partial as +@post+. -For more information on partials, refer to the "Layouts and Rendering in Rails":layouts_and_rendering.html#using-partials guide. +For more information on partials, refer to the "Layouts and Rendering in +Rails":layouts_and_rendering.html#using-partials guide. -The +form_for+ block is used to create an HTML form. Within this block, you have access to methods to build various controls on the form. For example, +f.text_field :name+ tells Rails to create a text input on the form, and to hook it up to the +name+ attribute of the instance being displayed. You can only use these methods with attributes of the model that the form is based on (in this case +name+, +title+, and +content+). Rails uses +form_for+ in preference to having you write raw HTML because the code is more succinct, and because it explicitly ties the form to a particular model instance. +The +form_for+ block is used to create an HTML form. Within this block, you have +access to methods to build various controls on the form. For example, ++f.text_field :name+ tells Rails to create a text input on the form, and to hook +it up to the +name+ attribute of the instance being displayed. You can only use +these methods with attributes of the model that the form is based on (in this +case +name+, +title+, and +content+). Rails uses +form_for+ in preference to +having you write raw HTML because the code is more succinct, and because it +explicitly ties the form to a particular model instance. -The +form_for+ block is also smart enough to work out if you are doing a _New Post_ or an _Edit Post_ action, and will set the form +action+ tags and submit button names appropriately in the HTML output. +The +form_for+ block is also smart enough to work out if you are doing a _New +Post_ or an _Edit Post_ action, and will set the form +action+ tags and submit +button names appropriately in the HTML output. -TIP: If you need to create an HTML form that displays arbitrary fields, not tied to a model, you should use the +form_tag+ method, which provides shortcuts for building forms that are not necessarily tied to a model instance. +TIP: If you need to create an HTML form that displays arbitrary fields, not tied +to a model, you should use the +form_tag+ method, which provides shortcuts for +building forms that are not necessarily tied to a model instance. -When the user clicks the +Create Post+ button on this form, the browser will send information back to the +create+ method of the controller (Rails knows to call the +create+ method because the form is sent with an HTTP POST request; that's one of the conventions that I mentioned earlier): +When the user clicks the +Create Post+ button on this form, the browser will +send information back to the +create+ method of the controller (Rails knows to +call the +create+ method because the form is sent with an HTTP POST request; +that's one of the conventions that I mentioned earlier): <ruby> def create @@ -697,15 +951,32 @@ def create end </ruby> -The +create+ action instantiates a new Post object from the data supplied by the user on the form, which Rails makes available in the +params+ hash. After successfully saving the new post, +create+ returns the appropriate format that the user has requested (HTML in our case). It then redirects the user to the resulting post +show+ action and sets a notice to the user that the Post was successfully created. - -If the post was not successfully saved, due to a validation error, then the controller returns the user back to the +new+ action with any error messages so that the user has the chance to fix the error and try again. - -The "Post was successfully created." message is stored inside of the Rails +flash+ hash, (usually just called _the flash_) so that messages can be carried over to another action, providing the user with useful information on the status of their request. In the case of +create+, the user never actually sees any page rendered during the Post creation process, because it immediately redirects to the new Post as soon Rails saves the record. The Flash carries over a message to the next action, so that when the user is redirected back to the +show+ action, they are presented with a message saying "Post was successfully created." +The +create+ action instantiates a new Post object from the data supplied by the +user on the form, which Rails makes available in the +params+ hash. After +successfully saving the new post, +create+ returns the appropriate format that +the user has requested (HTML in our case). It then redirects the user to the +resulting post +show+ action and sets a notice to the user that the Post was +successfully created. + +If the post was not successfully saved, due to a validation error, then the +controller returns the user back to the +new+ action with any error messages so +that the user has the chance to fix the error and try again. + +The "Post was successfully created." message is stored inside of the Rails ++flash+ hash, (usually just called _the flash_) so that messages can be carried +over to another action, providing the user with useful information on the status +of their request. In the case of +create+, the user never actually sees any page +rendered during the Post creation process, because it immediately redirects to +the new Post as soon Rails saves the record. The Flash carries over a message to +the next action, so that when the user is redirected back to the +show+ action, +they are presented with a message saying "Post was successfully created." h4. Showing an Individual Post -When you click the +show+ link for a post on the index page, it will bring you to a URL like +http://localhost:3000/posts/1+. Rails interprets this as a call to the +show+ action for the resource, and passes in +1+ as the +:id+ parameter. Here's the +show+ action: +When you click the +show+ link for a post on the index page, it will bring you +to a URL like +http://localhost:3000/posts/1+. Rails interprets this as a call +to the +show+ action for the resource, and passes in +1+ as the +:id+ parameter. +Here's the +show+ action: <ruby> def show @@ -718,7 +989,9 @@ def show end </ruby> -The +show+ action uses +Post.find+ to search for a single record in the database by its id value. After finding the record, Rails displays it by using +show.html.erb+: +The +show+ action uses +Post.find+ to search for a single record in the database +by its id value. After finding the record, Rails displays it by using ++show.html.erb+: <erb> <p class="notice"><%= notice %></p> @@ -745,7 +1018,9 @@ The +show+ action uses +Post.find+ to search for a single record in the database h4. Editing Posts -Like creating a new post, editing a post is a two-part process. The first step is a request to +edit_post_path(@post)+ with a particular post. This calls the +edit+ action in the controller: +Like creating a new post, editing a post is a two-part process. The first step +is a request to +edit_post_path(@post)+ with a particular post. This calls the ++edit+ action in the controller: <ruby> def edit @@ -753,7 +1028,8 @@ def edit end </ruby> -After finding the requested post, Rails uses the +edit.html.erb+ view to display it: +After finding the requested post, Rails uses the +edit.html.erb+ view to display +it: <erb> <h1>Editing post</h1> @@ -764,9 +1040,12 @@ After finding the requested post, Rails uses the +edit.html.erb+ view to display <%= link_to 'Back', posts_path %> </erb> -Again, as with the +new+ action, the +edit+ action is using the +form+ partial, this time however, the form will do a PUT action to the PostsController and the submit button will display "Update Post" +Again, as with the +new+ action, the +edit+ action is using the +form+ partial, +this time however, the form will do a PUT action to the PostsController and the +submit button will display "Update Post" -Submitting the form created by this view will invoke the +update+ action within the controller: +Submitting the form created by this view will invoke the +update+ action within +the controller: <ruby> def update @@ -786,11 +1065,17 @@ def update end </ruby> -In the +update+ action, Rails first uses the +:id+ parameter passed back from the edit view to locate the database record that's being edited. The +update_attributes+ call then takes the rest of the parameters from the request and applies them to this record. If all goes well, the user is redirected to the post's +show+ view. If there are any problems, it's back to the +edit+ view to correct them. +In the +update+ action, Rails first uses the +:id+ parameter passed back from +the edit view to locate the database record that's being edited. The ++update_attributes+ call then takes the rest of the parameters from the request +and applies them to this record. If all goes well, the user is redirected to the +post's +show+ view. If there are any problems, it's back to the +edit+ view to +correct them. h4. Destroying a Post -Finally, clicking one of the +destroy+ links sends the associated id to the +destroy+ action: +Finally, clicking one of the +destroy+ links sends the associated id to the ++destroy+ action: <ruby> def destroy @@ -804,15 +1089,25 @@ def destroy end </ruby> -The +destroy+ method of an Active Record model instance removes the corresponding record from the database. After that's done, there isn't any record to display, so Rails redirects the user's browser to the index view for the model. +The +destroy+ method of an Active Record model instance removes the +corresponding record from the database. After that's done, there isn't any +record to display, so Rails redirects the user's browser to the index view for +the model. h3. Adding a Second Model -Now that you've seen how a model built with scaffolding looks like, it's time to add a second model to the application. The second model will handle comments on blog posts. +Now that you've seen how a model built with scaffolding looks like, it's time to +add a second model to the application. The second model will handle comments on +blog posts. h4. Generating a Model -Models in Rails use a singular name, and their corresponding database tables use a plural name. For the model to hold comments, the convention is to use the name Comment. Even if you don't want to use the entire apparatus set up by scaffolding, most Rails developers still use generators to make things like models and controllers. To create the new model, run this command in your terminal: +Models in Rails use a singular name, and their corresponding database tables use +a plural name. For the model to hold comments, the convention is to use the name +Comment. Even if you don't want to use the entire apparatus set up by +scaffolding, most Rails developers still use generators to make things like +models and controllers. To create the new model, run this command in your +terminal: <shell> $ rails generate model Comment commenter:string body:text post:references @@ -832,9 +1127,12 @@ class Comment < ActiveRecord::Base end </ruby> -This is very similar to the +post.rb+ model that you saw earlier. The difference is the line +belongs_to :post+, which sets up an Active Record _association_. You'll learn a little about associations in the next section of this guide. +This is very similar to the +post.rb+ model that you saw earlier. The difference +is the line +belongs_to :post+, which sets up an Active Record _association_. +You'll learn a little about associations in the next section of this guide. -In addition to the model, Rails has also made a migration to create the corresponding database table: +In addition to the model, Rails has also made a migration to create the +corresponding database table: <ruby> class CreateComments < ActiveRecord::Migration @@ -852,13 +1150,16 @@ class CreateComments < ActiveRecord::Migration end </ruby> -The +t.references+ line sets up a foreign key column for the association between the two models. And the +add_index+ line sets up an index for this association column. Go ahead and run the migration: +The +t.references+ line sets up a foreign key column for the association between +the two models. And the +add_index+ line sets up an index for this association +column. Go ahead and run the migration: <shell> $ rake db:migrate </shell> -Rails is smart enough to only execute the migrations that have not already been run against the current database, so in this case you will just see: +Rails is smart enough to only execute the migrations that have not already been +run against the current database, so in this case you will just see: <shell> == CreateComments: migrating ================================================= @@ -869,12 +1170,16 @@ Rails is smart enough to only execute the migrations that have not already been h4. Associating Models -Active Record associations let you easily declare the relationship between two models. In the case of comments and posts, you could write out the relationships this way: +Active Record associations let you easily declare the relationship between two +models. In the case of comments and posts, you could write out the relationships +this way: * Each comment belongs to one post * One post can have many comments -In fact, this is very close to the syntax that Rails uses to declare this association. You've already seen the line of code inside the Comment model that makes each comment belong to a Post: +In fact, this is very close to the syntax that Rails uses to declare this +association. You've already seen the line of code inside the Comment model that +makes each comment belong to a Post: <ruby> class Comment < ActiveRecord::Base @@ -894,13 +1199,20 @@ class Post < ActiveRecord::Base end </ruby> -These two declarations enable a good bit of automatic behavior. For example, if you have an instance variable +@post+ containing a post, you can retrieve all the comments belonging to that post as the array +@post.comments+. +These two declarations enable a good bit of automatic behavior. For example, if +you have an instance variable +@post+ containing a post, you can retrieve all +the comments belonging to that post as the array +@post.comments+. -TIP: For more information on Active Record associations, see the "Active Record Associations":association_basics.html guide. +TIP: For more information on Active Record associations, see the "Active Record +Associations":association_basics.html guide. h4. Adding a Route for Comments -As with the +home+ controller, we will need to add a route so that Rails knows where we would like to navigate to see +comments+. Open up the +config/routes.rb+ file again, you will see an entry that was added automatically for +posts+ near the top by the scaffold generator, +resources :posts+, edit it as follows: +As with the +home+ controller, we will need to add a route so that Rails knows +where we would like to navigate to see +comments+. Open up the ++config/routes.rb+ file again, you will see an entry that was added +automatically for +posts+ near the top by the scaffold generator, +resources +:posts+, edit it as follows: <ruby> resources :posts do @@ -908,29 +1220,40 @@ resources :posts do end </ruby> -This creates +comments+ as a _nested resource_ within +posts+. This is another part of capturing the hierarchical relationship that exists between posts and comments. +This creates +comments+ as a _nested resource_ within +posts+. This is another +part of capturing the hierarchical relationship that exists between posts and +comments. -TIP: For more information on routing, see the "Rails Routing from the Outside In":routing.html guide. +TIP: For more information on routing, see the "Rails Routing from the Outside +In":routing.html guide. h4. Generating a Controller -With the model in hand, you can turn your attention to creating a matching controller. Again, there's a generator for this: +With the model in hand, you can turn your attention to creating a matching +controller. Again, there's a generator for this: <shell> $ rails generate controller Comments </shell> -This creates four files and one empty directory: +This creates six files and one empty directory: * +app/controllers/comments_controller.rb+ - The controller * +app/helpers/comments_helper.rb+ - A view helper file * +test/functional/comments_controller_test.rb+ - The functional tests for the controller * +test/unit/helpers/comments_helper_test.rb+ - The unit tests for the helper * +app/views/comments/+ - Views of the controller are stored here +* +app/assets/stylesheets/comment.css.scss+ - Cascading style sheet for the controller +* +app/assets/javascripts/comment.js.coffee+ - CoffeeScript for the controller -Like with any blog, our readers will create their comments directly after reading the post, and once they have added their comment, will be sent back to the post show page to see their comment now listed. Due to this, our +CommentsController+ is there to provide a method to create comments and delete SPAM comments when they arrive. +Like with any blog, our readers will create their comments directly after +reading the post, and once they have added their comment, will be sent back to +the post show page to see their comment now listed. Due to this, our ++CommentsController+ is there to provide a method to create comments and delete +SPAM comments when they arrive. -So first, we'll wire up the Post show template (+/app/views/posts/show.html.erb+) to let us make a new comment: +So first, we'll wire up the Post show template +(+/app/views/posts/show.html.erb+) to let us make a new comment: <erb> <p class="notice"><%= notice %></p> @@ -969,7 +1292,8 @@ So first, we'll wire up the Post show template (+/app/views/posts/show.html.erb+ <%= link_to 'Back to Posts', posts_path %> | </erb> -This adds a form on the Post show page that creates a new comment, which will call the +CommentsController+ +create+ action, so let's wire that up: +This adds a form on the Post show page that creates a new comment, which will +call the +CommentsController+ +create+ action, so let's wire that up: <ruby> class CommentsController < ApplicationController @@ -981,11 +1305,21 @@ class CommentsController < ApplicationController end </ruby> -You'll see a bit more complexity here than you did in the controller for posts. That's a side-effect of the nesting that you've set up; each request for a comment has to keep track of the post to which the comment is attached, thus the initial find action to the Post model to get the post in question. +You'll see a bit more complexity here than you did in the controller for posts. +That's a side-effect of the nesting that you've set up; each request for a +comment has to keep track of the post to which the comment is attached, thus the +initial find action to the Post model to get the post in question. -In addition, the code takes advantage of some of the methods available for an association. We use the +create+ method on +@post.comments+ to create and save the comment. This will automatically link the comment so that it belongs to that particular post. +In addition, the code takes advantage of some of the methods available for an +association. We use the +create+ method on +@post.comments+ to create and save +the comment. This will automatically link the comment so that it belongs to that +particular post. -Once we have made the new comment, we send the user back to the original post using the +post_path(@post)+ helper. As we have already seen, this calls the +show+ action of the +PostsController+ which in turn renders the +show.html.erb+ template. This is where we want the comment to show, so let's add that to the +app/views/posts/show.html.erb+. +Once we have made the new comment, we send the user back to the original post +using the +post_path(@post)+ helper. As we have already seen, this calls the ++show+ action of the +PostsController+ which in turn renders the +show.html.erb+ +template. This is where we want the comment to show, so let's add that to the ++app/views/posts/show.html.erb+. <erb> <p class="notice"><%= notice %></p> @@ -1039,15 +1373,20 @@ Once we have made the new comment, we send the user back to the original post us <%= link_to 'Back to Posts', posts_path %> | </erb> -Now you can add posts and comments to your blog and have them show up in the right places. +Now you can add posts and comments to your blog and have them show up in the +right places. h3. Refactoring -Now that we have Posts and Comments working, if we take a look at the +app/views/posts/show.html.erb+ template, it's getting long and awkward. We can use partials to clean this up. +Now that we have Posts and Comments working, if we take a look at the ++app/views/posts/show.html.erb+ template, it's getting long and awkward. We can +use partials to clean this up. h4. Rendering Partial Collections -First we will make a comment partial to extract showing all the comments for the post. Create the file +app/views/comments/_comment.html.erb+ and put the following into it: +First we will make a comment partial to extract showing all the comments for the +post. Create the file +app/views/comments/_comment.html.erb+ and put the +following into it: <erb> <p> @@ -1061,7 +1400,8 @@ First we will make a comment partial to extract showing all the comments for the </p> </erb> -Then in the +app/views/posts/show.html.erb+ you can change it to look like the following: +Then in the +app/views/posts/show.html.erb+ you can change it to look like the +following: <erb> <p class="notice"><%= notice %></p> @@ -1105,11 +1445,16 @@ Then in the +app/views/posts/show.html.erb+ you can change it to look like the f <%= link_to 'Back to Posts', posts_path %> | </erb> -This will now render the partial in +app/views/comments/_comment.html.erb+ once for each comment that is in the +@post.comments+ collection. As the +render+ method iterates over the <tt>@post.comments</tt> collection, it assigns each comment to a local variable named the same as the partial, in this case +comment+ which is then available in the partial for us to show. +This will now render the partial in +app/views/comments/_comment.html.erb+ once +for each comment that is in the +@post.comments+ collection. As the +render+ +method iterates over the <tt>@post.comments</tt> collection, it assigns each +comment to a local variable named the same as the partial, in this case ++comment+ which is then available in the partial for us to show. h4. Rendering a Partial Form -Lets also move that new comment section out to it's own partial, again, you create a file +app/views/comments/_form.html.erb+ and in it you put: +Lets also move that new comment section out to it's own partial, again, you +create a file +app/views/comments/_form.html.erb+ and in it you put: <erb> <%= form_for([@post, @post.comments.build]) do |f| %> @@ -1159,15 +1504,22 @@ Then you make the +app/views/posts/show.html.erb+ look like the following: <%= link_to 'Back to Posts', posts_path %> | </erb> -The second render just defines the partial template we want to render, <tt>comments/form</tt>, Rails is smart enough to spot the forward slash in that string and realize that you want to render the <tt>_form.html.erb</tt> file in the <tt>app/views/comments</tt> directory. +The second render just defines the partial template we want to render, +<tt>comments/form</tt>, Rails is smart enough to spot the forward slash in that +string and realize that you want to render the <tt>_form.html.erb</tt> file in +the <tt>app/views/comments</tt> directory. -The +@post+ object is available to any partials rendered in the view because we defined it as an instance variable. +The +@post+ object is available to any partials rendered in the view because we +defined it as an instance variable. h3. Deleting Comments -Another important feature on a blog is being able to delete SPAM comments. To do this, we need to implement a link of some sort in the view and a +DELETE+ action in the +CommentsController+. +Another important feature on a blog is being able to delete SPAM comments. To do +this, we need to implement a link of some sort in the view and a +DELETE+ action +in the +CommentsController+. -So first, let's add the delete link in the +app/views/comments/_comment.html.erb+ partial: +So first, let's add the delete link in the ++app/views/comments/_comment.html.erb+ partial: <erb> <p> @@ -1187,7 +1539,10 @@ So first, let's add the delete link in the +app/views/comments/_comment.html.erb </p> </erb> -Clicking this new "Destroy Comment" link will fire off a <tt>DELETE /posts/:id/comments/:id</tt> to our +CommentsController+, which can then use this to find the comment we want to delete, so let's add a destroy action to our controller: +Clicking this new "Destroy Comment" link will fire off a <tt>DELETE +/posts/:id/comments/:id</tt> to our +CommentsController+, which can then use +this to find the comment we want to delete, so let's add a destroy action to our +controller: <ruby> class CommentsController < ApplicationController @@ -1208,12 +1563,17 @@ class CommentsController < ApplicationController end </ruby> -The +destroy+ action will find the post we are looking at, locate the comment within the <tt>@post.comments</tt> collection, and then remove it from the database and send us back to the show action for the post. +The +destroy+ action will find the post we are looking at, locate the comment +within the <tt>@post.comments</tt> collection, and then remove it from the +database and send us back to the show action for the post. h4. Deleting Associated Objects -If you delete a post then its associated comments will also need to be deleted. Otherwise they would simply occupy space in the database. Rails allows you to use the +dependent+ option of an association to achieve this. Modify the Post model, +app/models/post.rb+, as follows: +If you delete a post then its associated comments will also need to be deleted. +Otherwise they would simply occupy space in the database. Rails allows you to +use the +dependent+ option of an association to achieve this. Modify the Post +model, +app/models/post.rb+, as follows: <ruby> class Post < ActiveRecord::Base @@ -1226,13 +1586,20 @@ end h3. Security -If you were to publish your blog online, anybody would be able to add, edit and delete posts or delete comments. +If you were to publish your blog online, anybody would be able to add, edit and +delete posts or delete comments. -Rails provides a very simple HTTP authentication system that will work nicely in this situation. +Rails provides a very simple HTTP authentication system that will work nicely in +this situation. -In the +PostsController+ we need to have a way to block access to the various actions if the person is not authenticated, here we can use the Rails <tt>http_basic_authenticate_with</tt> method, allowing access to the requested action if that method allows it. +In the +PostsController+ we need to have a way to block access to the various +actions if the person is not authenticated, here we can use the Rails +<tt>http_basic_authenticate_with</tt> method, allowing access to the requested +action if that method allows it. -To use the authentication system, we specify it at the top of our +PostsController+, in this case, we want the user to be authenticated on every action, except for +index+ and +show+, so we write that: +To use the authentication system, we specify it at the top of our ++PostsController+, in this case, we want the user to be authenticated on every +action, except for +index+ and +show+, so we write that: <ruby> class PostsController < ApplicationController @@ -1247,7 +1614,8 @@ class PostsController < ApplicationController # snipped for brevity </ruby> -We also only want to allow authenticated users to delete comments, so in the +CommentsController+ we write: +We also only want to allow authenticated users to delete comments, so in the ++CommentsController+ we write: <ruby> class CommentsController < ApplicationController @@ -1259,16 +1627,20 @@ class CommentsController < ApplicationController # snipped for brevity </ruby> -Now if you try to create a new post, you will be greeted with a basic HTTP Authentication challenge +Now if you try to create a new post, you will be greeted with a basic HTTP +Authentication challenge !images/challenge.png(Basic HTTP Authentication Challenge)! - h3. Building a Multi-Model Form -Another feature of your average blog is the ability to tag posts. To implement this feature your application needs to interact with more than one model on a single form. Rails offers support for nested forms. +Another feature of your average blog is the ability to tag posts. To implement +this feature your application needs to interact with more than one model on a +single form. Rails offers support for nested forms. -To demonstrate this, we will add support for giving each post multiple tags, right in the form where you create the post. First, create a new model to hold the tags: +To demonstrate this, we will add support for giving each post multiple tags, +right in the form where you create the post. First, create a new model to hold +the tags: <shell> $ rails generate model tag name:string post:references @@ -1280,7 +1652,9 @@ Again, run the migration to create the database table: $ rake db:migrate </shell> -Next, edit the +post.rb+ file to create the other side of the association, and to tell Rails (via the +accepts_nested_attributes_for+ macro) that you intend to edit tags via posts: +Next, edit the +post.rb+ file to create the other side of the association, and +to tell Rails (via the +accepts_nested_attributes_for+ macro) that you intend to +edit tags via posts: <ruby> class Post < ActiveRecord::Base @@ -1296,7 +1670,10 @@ class Post < ActiveRecord::Base end </ruby> -The +:allow_destroy+ option on the nested attribute declaration tells Rails to display a "remove" checkbox on the view that you'll build shortly. The +:reject_if+ option prevents saving new tags that do not have any attributes filled in. +The +:allow_destroy+ option on the nested attribute declaration tells Rails to +display a "remove" checkbox on the view that you'll build shortly. The ++:reject_if+ option prevents saving new tags that do not have any attributes +filled in. We will modify +views/posts/_form.html.erb+ to render a partial to make a tag: @@ -1335,13 +1712,20 @@ We will modify +views/posts/_form.html.erb+ to render a partial to make a tag: <% end %> </erb> -Note that we have changed the +f+ in +form_for(@post) do |f|+ to +post_form+ to make it easier to understand what is going on. +Note that we have changed the +f+ in +form_for(@post) do |f|+ to +post_form+ to +make it easier to understand what is going on. -This example shows another option of the render helper, being able to pass in local variables, in this case, we want the local variable +form+ in the partial to refer to the +post_form+ object. +This example shows another option of the render helper, being able to pass in +local variables, in this case, we want the local variable +form+ in the partial +to refer to the +post_form+ object. -We also add a <tt>@post.tags.build</tt> at the top of this form, this is to make sure there is a new tag ready to have it's name filled in by the user. If you do not build the new tag, then the form will not appear as there is no new Tag object ready to create. +We also add a <tt>@post.tags.build</tt> at the top of this form, this is to make +sure there is a new tag ready to have it's name filled in by the user. If you do +not build the new tag, then the form will not appear as there is no new Tag +object ready to create. -Now create the folder <tt>app/views/tags</tt> and make a file in there called <tt>_form.html.erb</tt> which contains the form for the tag: +Now create the folder <tt>app/views/tags</tt> and make a file in there called +<tt>_form.html.erb</tt> which contains the form for the tag: <erb> <%= form.fields_for :tags do |tag_form| %> @@ -1358,7 +1742,8 @@ Now create the folder <tt>app/views/tags</tt> and make a file in there called <t <% end %> </erb> -Finally, we will edit the <tt>app/views/posts/show.html.erb</tt> template to show our tags. +Finally, we will edit the <tt>app/views/posts/show.html.erb</tt> template to +show our tags. <erb> <p class="notice"><%= notice %></p> @@ -1394,13 +1779,18 @@ Finally, we will edit the <tt>app/views/posts/show.html.erb</tt> template to sho <%= link_to 'Back to Posts', posts_path %> | </erb> -With these changes in place, you'll find that you can edit a post and its tags directly on the same view. +With these changes in place, you'll find that you can edit a post and its tags +directly on the same view. -However, that method call <tt>@post.tags.map { |t| t.name }.join(", ")</tt> is awkward, we could handle this by making a helper method. +However, that method call <tt>@post.tags.map { |t| t.name }.join(", ")</tt> is +awkward, we could handle this by making a helper method. h3. View Helpers -View Helpers live in <tt>app/helpers</tt> and provide small snippets of reusable code for views. In our case, we want a method that strings a bunch of objects together using their name attribute and joining them with a comma. As this is for the Post show template, we put it in the PostsHelper. +View Helpers live in <tt>app/helpers</tt> and provide small snippets of reusable +code for views. In our case, we want a method that strings a bunch of objects +together using their name attribute and joining them with a comma. As this is +for the Post show template, we put it in the PostsHelper. Open up <tt>app/helpers/posts_helper.rb</tt> and add the following: @@ -1412,7 +1802,8 @@ module PostsHelper end </erb> -Now you can edit the view in <tt>app/views/posts/show.html.erb</tt> to look like this: +Now you can edit the view in <tt>app/views/posts/show.html.erb</tt> to look like +this: <erb> <p class="notice"><%= notice %></p> @@ -1450,7 +1841,10 @@ Now you can edit the view in <tt>app/views/posts/show.html.erb</tt> to look like h3. What's Next? -Now that you've seen your first Rails application, you should feel free to update it and experiment on your own. But you don't have to do everything without help. As you need assistance getting up and running with Rails, feel free to consult these support resources: +Now that you've seen your first Rails application, you should feel free to +update it and experiment on your own. But you don't have to do everything +without help. As you need assistance getting up and running with Rails, feel +free to consult these support resources: * The "Ruby on Rails guides":index.html * The "Ruby on Rails Tutorial":http://railstutorial.org/book @@ -1465,9 +1859,18 @@ Rails also comes with built-in help that you can generate using the rake command h3. Configuration Gotchas -The easiest way to work with Rails is to store all external data as UTF-8. If you don't, Ruby libraries and Rails will often be able to convert your native data into UTF-8, but this doesn't always work reliably, so you're better off ensuring that all external data is UTF-8. +The easiest way to work with Rails is to store all external data as UTF-8. If +you don't, Ruby libraries and Rails will often be able to convert your native +data into UTF-8, but this doesn't always work reliably, so you're better off +ensuring that all external data is UTF-8. -If you have made a mistake in this area, the most common symptom is a black diamond with a question mark inside appearing in the browser. Another common symptom is characters like "ü" appearing instead of "ü". Rails takes a number of internal steps to mitigate common causes of these problems that can be automatically detected and corrected. However, if you have external data that is not stored as UTF-8, it can occasionally result in these kinds of issues that cannot be automatically detected by Rails and corrected. +If you have made a mistake in this area, the most common symptom is a black +diamond with a question mark inside appearing in the browser. Another common +symptom is characters like "ü" appearing instead of "ü". Rails takes a number +of internal steps to mitigate common causes of these problems that can be +automatically detected and corrected. However, if you have external data that is +not stored as UTF-8, it can occasionally result in these kinds of issues that +cannot be automatically detected by Rails and corrected. Two very common sources of data that are not UTF-8: * Your text editor: Most text editors (such as Textmate), default to saving files as @@ -1487,7 +1890,7 @@ h3. Changelog * April 26, 2011: Change migration code from +up+, +down+ pair to +change+ method by "Prem Sichanugrist":http://sikachu.com * April 11, 2011: Change scaffold_controller generator to create format block for JSON instead of XML by "Sebastian Martinez":http://www.wyeworks.com -* August 30, 2010: Minor editing after Rails 3 release by "Joost Baaij":http://www.spacebabies.nl +* August 30, 2010: Minor editing after Rails 3 release by Joost Baaij * July 12, 2010: Fixes, editing and updating of code samples by "Jaime Iniesta":http://jaimeiniesta.com * May 16, 2010: Added a section on configuration gotchas to address common encoding problems that people might have by "Yehuda Katz":http://www.yehudakatz.com * April 30, 2010: Fixes, editing and updating of code samples by "Rohit Arondekar":http://rohitarondekar.com diff --git a/railties/guides/source/i18n.textile b/railties/guides/source/i18n.textile index 0c8e4e974d..4b6b08bcec 100644 --- a/railties/guides/source/i18n.textile +++ b/railties/guides/source/i18n.textile @@ -1,4 +1,4 @@ -lh2. Rails Internationalization (I18n) API +h2. Rails Internationalization (I18n) API The Ruby I18n (shorthand for _internationalization_) gem which is shipped with Ruby on Rails (starting from Rails 2.2) provides an easy-to-use and extensible framework for *translating your application to a single custom language* other than English or for *providing multi-language support* in your application. @@ -796,7 +796,6 @@ h5. Active Support Methods * +Array#to_sentence+ uses format settings as given in the "support.array":https://github.com/rails/rails/blob/master/activesupport/lib/active_support/locale/en.yml#L30 scope. - h3. Customize your I18n Setup h4. Using Different Backends diff --git a/railties/guides/source/index.html.erb b/railties/guides/source/index.html.erb index b48488d8a2..684251962c 100644 --- a/railties/guides/source/index.html.erb +++ b/railties/guides/source/index.html.erb @@ -124,7 +124,7 @@ Ruby on Rails Guides <p>This guide covers the basic configuration settings for a Rails application.</p> <% end %> -<%= guide("Rails Command Line Tools and Rake tasks", 'command_line.html', :work_in_progress => true) do %> +<%= guide("Rails Command Line Tools and Rake tasks", 'command_line.html') do %> <p>This guide covers the command line tools and rake tasks provided by Rails.</p> <% end %> diff --git a/railties/guides/source/initialization.textile b/railties/guides/source/initialization.textile index 340699419b..9cc4dd5f04 100644 --- a/railties/guides/source/initialization.textile +++ b/railties/guides/source/initialization.textile @@ -1,6 +1,6 @@ h2. The Rails Initialization Process -This guide explains the internals of the initialization process in Rails works as of Rails 3.1. It is an extremely in-depth guide and recommended for advanced Rails developers. +This guide explains the internals of the initialization process in Rails as of Rails 3.1. It is an extremely in-depth guide and recommended for advanced Rails developers. * Using +rails server+ * Using Passenger @@ -33,7 +33,7 @@ end This file will attempt to load +rails/cli+ and if it cannot find it then add the +railties/lib+ path to the load path (+$:+) and will then try to require it again. -h4. +railites/lib/rails/cli.rb+ +h4. +railties/lib/rails/cli.rb+ This file looks like this: @@ -71,7 +71,7 @@ module Rails end </ruby> -The +rails/script_rails_loader+ file uses +RbConfig::Config+ to gather up the +bin_dir+ and +ruby_install_name+ values for the configuration which will result in a path such as +/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/bin/ruby+, which is the default path on Mac OS X. If you're running Windows the path may be something such as +C:/Ruby192/bin/ruby+. Anyway, the path on your system may be different, but the point of this is that it will point at the known ruby executable location for your install. The +RbConfig::CONFIG["EXEEXT"]+ will suffix this path with ".exe" if the script is running on Windows. This constant is used later on in +exec_script_rails!+. As for the +SCRIPT_RAILS+ console, we'll see that when we get to the +in_rails_application?+ method. +The +rails/script_rails_loader+ file uses +RbConfig::Config+ to gather up the +bin_dir+ and +ruby_install_name+ values for the configuration which will result in a path such as +/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/bin/ruby+, which is the default path on Mac OS X. If you're running Windows the path may be something such as +C:/Ruby192/bin/ruby+. Anyway, the path on your system may be different, but the point of this is that it will point at the known ruby executable location for your install. The +RbConfig::CONFIG["EXEEXT"]+ will suffix this path with ".exe" if the script is running on Windows. This constant is used later on in +exec_script_rails!+. As for the +SCRIPT_RAILS+ constant, we'll see that when we get to the +in_rails_application?+ method. Back in +rails/cli+, the next line is this: @@ -190,7 +190,8 @@ aliases = { "g" => "generate", "c" => "console", "s" => "server", - "db" => "dbconsole" + "db" => "dbconsole", + "r" => "runner" } command = ARGV.shift @@ -348,10 +349,10 @@ The class *is* defined in +Rack::Server+, but is overwritten in +Rails::Server+ def parse!(args) args, options = args.dup, {} - opt_parser = OptionParser.new do |opts| - opts.banner = "Usage: rails server [mongrel, thin, etc] [options]" - opts.on("-p", "--port=port", Integer, - "Runs Rails on the specified port.", "Default: 3000") { |v| options[:Port] = v } + opt_parser = OptionParser.new do |opts| + opts.banner = "Usage: rails server [mongrel, thin, etc] [options]" + opts.on("-p", "--port=port", Integer, + "Runs Rails on the specified port.", "Default: 3000") { |v| options[:Port] = v } ... </ruby> @@ -512,7 +513,7 @@ h4. +railties/lib/rails/ruby_version_check.rb+ This file simply checks if the Ruby version is less than 1.8.7 or is 1.9.1 and raises an error if that is the case. Rails 3 simply will not run on earlier versions of Ruby than 1.8.7 or 1.9.1. -NOTE: You should always endeavour to run the latest version of Ruby with your Rails applications. The benefits are many, including security fixes and the like, and very often there is a speed increase associated with it. The caveat is that you could have code that potentially breaks on the latest version, which should be fixed to work on the latest version rather than kept around as an excuse not to upgrade. +NOTE: You should always endeavor to run the latest version of Ruby with your Rails applications. The benefits are many, including security fixes and the like, and very often there is a speed increase associated with it. The caveat is that you could have code that potentially breaks on the latest version, which should be fixed to work on the latest version rather than kept around as an excuse not to upgrade. h4. +active_support/core_ext/kernel/reporting.rb+ @@ -760,7 +761,6 @@ def subclasses end </ruby> - The +config+ method used at the top of +I18n::Railtie+ is defined on +Rails::Railtie+ and is defined like this: <ruby> @@ -847,7 +847,7 @@ The +Collection+ class in +railties/lib/rails/initializable.rb+ inherits from +A The +initializers_chain+ method referenced in the +initializers_for+ method is defined like this: -<rub> +<ruby> def initializers_chain initializers = Collection.new ancestors.reverse_each do | klass | diff --git a/railties/guides/source/layouts_and_rendering.textile b/railties/guides/source/layouts_and_rendering.textile index ba45b84242..87ba8ab82d 100644 --- a/railties/guides/source/layouts_and_rendering.textile +++ b/railties/guides/source/layouts_and_rendering.textile @@ -94,7 +94,7 @@ NOTE: The actual rendering is done by subclasses of +ActionView::TemplateHandler h4. Using +render+ -In most cases, the +ActionController::Base#render+ method does the heavy lifting of rendering your application's content for use by a browser. There are a variety of ways to customise the behaviour of +render+. You can render the default view for a Rails template, or a specific template, or a file, or inline code, or nothing at all. You can render text, JSON, or XML. You can specify the content type or HTTP status of the rendered response as well. +In most cases, the +ActionController::Base#render+ method does the heavy lifting of rendering your application's content for use by a browser. There are a variety of ways to customize the behaviour of +render+. You can render the default view for a Rails template, or a specific template, or a file, or inline code, or nothing at all. You can render text, JSON, or XML. You can specify the content type or HTTP status of the rendered response as well. TIP: If you want to see the exact results of a call to +render+ without needing to inspect it in a browser, you can call +render_to_string+. This method takes exactly the same options as +render+, but it returns a string instead of sending a response back to the browser. @@ -1179,14 +1179,14 @@ On pages generated by +NewsController+, you want to hide the top menu and add a <% end %> <% content_for :content do %> <div id="right_menu">Right menu items here</div> - <%= yield(:news_content) or yield %> + <%= content_for?(:news_content) ? yield(:news_content) : yield %> <% end %> <%= render :template => 'layouts/application' %> </erb> That's it. The News views will use the new layout, hiding the top menu and adding a new right menu inside the "content" div. -There are several ways of getting similar results with different sub-templating schemes using this technique. Note that there is no limit in nesting levels. One can use the +ActionView::render+ method via +render :template => 'layouts/news'+ to base a new layout on the News layout. If you are sure you will not subtemplate the +News+ layout, you can replace the +yield(:news_content) or yield+ with simply +yield+. +There are several ways of getting similar results with different sub-templating schemes using this technique. Note that there is no limit in nesting levels. One can use the +ActionView::render+ method via +render :template => 'layouts/news'+ to base a new layout on the News layout. If you are sure you will not subtemplate the +News+ layout, you can replace the +content_for?(:news_content) ? yield(:news_content) : yield+ with simply +yield+. h3. Changelog diff --git a/railties/guides/source/migrations.textile b/railties/guides/source/migrations.textile index dbbf8f3b51..6fcc3cf4a2 100644 --- a/railties/guides/source/migrations.textile +++ b/railties/guides/source/migrations.textile @@ -17,7 +17,7 @@ endprologue. h3. Anatomy of a Migration -Before I dive into the details of a migration, here are a few examples of the sorts of things you can do: +Before we dive into the details of a migration, here are a few examples of the sorts of things you can do: <ruby> class CreateProducts < ActiveRecord::Migration @@ -117,6 +117,33 @@ Occasionally you will make a mistake when writing a migration. If you have alrea In general editing existing migrations is not a good idea: you will be creating extra work for yourself and your co-workers and cause major headaches if the existing version of the migration has already been run on production machines. Instead you should write a new migration that performs the changes you require. Editing a freshly generated migration that has not yet been committed to source control (or more generally which has not been propagated beyond your development machine) is relatively harmless. +h4. Supported Types + +Active Record supports the following types: + +* +:primary_key+ +* +:string+ +* +:text+ +* +:integer+ +* +:float+ +* +:decimal+ +* +:datetime+ +* +:timestamp+ +* +:time+ +* +:date+ +* +:binary+ +* +:boolean+ + +These will be mapped onto an appropriate underlying database type, for example with MySQL +:string+ is mapped to +VARCHAR(255)+. You can create columns of types not supported by Active Record when using the non-sexy syntax, for example + +<ruby> +create_table :products do |t| + t.column :name, 'polygon', :null => false +end +</ruby> + +This may however hinder portability to other databases. + h3. Creating a Migration h4. Creating a Model @@ -261,18 +288,6 @@ end will append +ENGINE=BLACKHOLE+ to the SQL statement used to create the table (when using MySQL the default is +ENGINE=InnoDB+). -The types supported by Active Record are +:primary_key+, +:string+, +:text+, +:integer+, +:float+, +:decimal+, +:datetime+, +:timestamp+, +:time+, +:date+, +:binary+, +:boolean+. - -These will be mapped onto an appropriate underlying database type, for example with MySQL +:string+ is mapped to +VARCHAR(255)+. You can create columns of types not supported by Active Record when using the non-sexy syntax, for example - -<ruby> -create_table :products do |t| - t.column :name, 'polygon', :null => false -end -</ruby> - -This may however hinder portability to other databases. - h4. Changing Tables A close cousin of +create_table+ is +change_table+, used for changing existing tables. It is used in a similar fashion to +create_table+ but the object yielded to the block knows more tricks. For example @@ -285,6 +300,7 @@ change_table :products do |t| t.rename :upccode, :upc_code end </ruby> + removes the +description+ and +name+ columns, creates a +part_number+ column and adds an index on it. Finally it renames the +upccode+ column. This is the same as doing <ruby> @@ -456,8 +472,8 @@ By default migrations tell you exactly what they're doing and how long it took. Several methods are provided that allow you to control all this: -* +suppress_messages+ suppresses any output generated by its block -* +say+ outputs text (the second argument controls whether it is indented or not) +* +suppress_messages+ takes a block as an argument and suppresses any output generated by the block. +* +say+ takes a message argument and outputs it as is. A second boolean argument can be passed to specify whether to indent or not. * +say_with_time+ outputs text along with how long it took to run its block. If the block returns an integer it assumes it is the number of rows affected. For example, this migration @@ -495,41 +511,108 @@ generates the following output 20080906170109 CreateProducts: migrated (10.0097s) </shell> -If you just want Active Record to shut up then running +rake db:migrate VERBOSE=false+ will suppress any output. +If you just want Active Record to shut up then running +rake db:migrate VERBOSE=false+ will suppress all output. h3. Using Models in Your Migrations -When creating or updating data in a migration it is often tempting to use one of your models. After all they exist to provide easy access to the underlying data. This can be done but some caution should be observed. +When creating or updating data in a migration it is often tempting to use one of your models. After all they exist to provide easy access to the underlying data. This can be done, but some caution should be observed. -Consider for example a migration that uses the +Product+ model to update a row in the corresponding table. Alice later updates the +Product+ model, adding a new column and a validation on it. Bob comes back from holiday, updates the source and runs outstanding migrations with +rake db:migrate+, including the one that used the +Product+ model. When the migration runs the source is up to date and so the +Product+ model has the validation added by Alice. The database however is still old and so does not have that column and an error ensues because that validation is on a column that does not yet exist. +For example, problems occur when the model uses database columns which are (1) not currently in the database and (2) will be created by this or a subsequent migration. -Frequently I just want to update rows in the database without writing out the SQL by hand: I'm not using anything specific to the model. One pattern for this is to define a copy of the model inside the migration itself, for example: +Consider this example, where Alice and Bob are working on the same code base which contains a +Product+ model: + +Bob goes on vacation. + +Alice creates a migration for the +products+ table which adds a new column and initializes it. +She also adds a validation to the Product model for the new column. <ruby> -class AddPartNumberToProducts < ActiveRecord::Migration - class Product < ActiveRecord::Base +# db/migrate/20100513121110_add_flag_to_product.rb + +class AddFlagToProduct < ActiveRecord::Migration + def change + add_column :products, :flag, :int + Product.all.each { |f| f.update_attributes!(:flag => 'false') } end +end +</ruby> +<ruby> +# app/model/product.rb + +class Product < ActiveRecord::Base + validates :flag, :presence => true +end +</ruby> + +Alice adds a second migration which adds and initializes another column to the +products+ table and also adds a validation to the Product model for the new column. + +<ruby> +# db/migrate/20100515121110_add_fuzz_to_product.rb + +class AddFuzzToProduct < ActiveRecord::Migration def change - ... + add_column :products, :fuzz, :string + Product.all.each { |f| f.update_attributes! :fuzz => 'fuzzy' } end end </ruby> -The migration has its own minimal copy of the +Product+ model and no longer cares about the +Product+ model defined in the application. -h4. Dealing with Changing Models +<ruby> +# app/model/product.rb + +class Product < ActiveRecord::Base + validates :flag, :fuzz, :presence => true +end +</ruby> + +Both migrations work for Alice. + +Bob comes back from vacation and: + +# updates the source - which contains both migrations and the latests version of the Product model. +# runs outstanding migrations with +rake db:migrate+, which includes the one that updates the +Product+ model. + +The migration crashes because when the model attempts to save, it tries to validate the second added column, which is not in the database when the _first_ migration runs. -For performance reasons information about the columns a model has is cached. For example if you add a column to a table and then try and use the corresponding model to insert a new row it may try to use the old column information. You can force Active Record to re-read the column information with the +reset_column_information+ method, for example +<plain> +rake aborted! +An error has occurred, this and all later migrations canceled: + +undefined method `fuzz' for #<Product:0x000001049b14a0> +</plain> + +A fix for this is to create a local model within the migration. This keeps rails from running the validations, so that the migrations run to completion. + +When using a faux model, it's a good idea to call +Product.reset_column_information+ to refresh the ActiveRecord cache for the Product model prior to updating data in the database. + +If Alice had done this instead, there would have been no problem: <ruby> -class AddPartNumberToProducts < ActiveRecord::Migration +# db/migrate/20100513121110_add_flag_to_product.rb + +class AddFlagToProduct < ActiveRecord::Migration class Product < ActiveRecord::Base end def change - add_column :product, :part_number, :string + add_column :products, :flag, :int + Product.reset_column_information + Product.all.each { |f| f.update_attributes!(:flag => false) } + end +end +</ruby> + +<ruby> +# db/migrate/20100515121110_add_fuzz_to_product.rb + +class AddFuzzToProduct < ActiveRecord::Migration + class Product < ActiveRecord::Base + end + def change + add_column :products, :fuzz, :string Product.reset_column_information - ... + Product.all.each { |f| f.update_attributes! :fuzz => 'fuzzy' } end end </ruby> diff --git a/railties/guides/source/performance_testing.textile b/railties/guides/source/performance_testing.textile index dbe6f97f5c..75f81cf13d 100644 --- a/railties/guides/source/performance_testing.textile +++ b/railties/guides/source/performance_testing.textile @@ -438,9 +438,9 @@ alias gcrails='~/rubygc/bin/rails' Don't forget to use your aliases from now on. -h6. Install Rubygems (1.8 only!) +h6. Install RubyGems (1.8 only!) -Download "Rubygems":http://rubyforge.org/projects/rubygems and install it from source. Rubygem's README file should have necessary installation instructions. Please note that this step isn't necessary if you've installed Ruby 1.9 and above. +Download "RubyGems":http://rubyforge.org/projects/rubygems and install it from source. Rubygem's README file should have necessary installation instructions. Please note that this step isn't necessary if you've installed Ruby 1.9 and above. h4. Using Ruby-Prof on MRI and REE diff --git a/railties/guides/source/plugins.textile b/railties/guides/source/plugins.textile index 79bbe495bd..d3f9783fa6 100644 --- a/railties/guides/source/plugins.textile +++ b/railties/guides/source/plugins.textile @@ -86,7 +86,7 @@ class CoreExtTest < Test::Unit::TestCase end </ruby> -Run +rake+ to run the test. This test should fail because we haven't implemented the +to_squak+ method: +Run +rake+ to run the test. This test should fail because we haven't implemented the +to_squawk+ method: <shell> 1) Error: @@ -218,8 +218,8 @@ test/dummy directory: <shell> $ cd test/dummy -$ rails generate model Hickwall last_squak:string -$ rails generate model Wickwall last_squak:string last_tweet:string +$ rails generate model Hickwall last_squawk:string +$ rails generate model Wickwall last_squawk:string last_tweet:string </shell> Now you can create the necessary database tables in your testing database by navigating to your dummy app @@ -386,6 +386,7 @@ ActiveRecord::Base.send :include, Yaffle::ActsAsYaffle </ruby> Run +rake+ one final time and you should see: + <shell> 7 tests, 7 assertions, 0 failures, 0 errors, 0 skips </shell> @@ -426,6 +427,7 @@ require 'yaffle' You can test this by changing to the Rails application that you added the plugin to and starting a rails console. Once in the console we can check to see if the String has an instance method of to_squawk. + <shell> $ cd my_app $ rails console diff --git a/railties/guides/source/rails_application_templates.textile b/railties/guides/source/rails_application_templates.textile index 3db47a70e8..566f8a0bdd 100644 --- a/railties/guides/source/rails_application_templates.textile +++ b/railties/guides/source/rails_application_templates.textile @@ -11,22 +11,18 @@ endprologue. h3. Usage -To apply a template, you need to provide the Rails generator with the location of the template you wish to apply, using -m option: +To apply a template, you need to provide the Rails generator with the location of the template you wish to apply, using -m option. This can either be path to a file or a URL. <shell> $ rails new blog -m ~/template.rb +$ rails new blog -m http://example.com/template.rb </shell> -It's also possible to apply a template using a URL: - -<shell> -$ rails new blog -m https://gist.github.com/755496.txt -</shell> - -Alternatively, you can use the rake task +rails:template+ to apply a template to an existing Rails application: +You can use the rake task +rails:template+ to apply templates to an existing Rails application. The location of the template needs to be passed in to an environment variable named LOCATION. Again, this can either be path to a file or a URL. <shell> $ rake rails:template LOCATION=~/template.rb +$ rake rails:template LOCATION=http://example.com/template.rb </shell> h3. Template API @@ -152,7 +148,7 @@ The above creates +lib/tasks/bootstrap.rake+ with a +boot:strap+ rake task. h4. generate(what, args) -Runs the supplied rails generator with given arguments. For example, I love to scaffold some whenever I’m playing with Rails: +Runs the supplied rails generator with given arguments. <ruby> generate(:scaffold, "person", "name:string", "address:text", "age:number") @@ -180,12 +176,6 @@ You can also run rake tasks with a different Rails environment: rake "db:migrate", :env => 'production' </ruby> -Or even use sudo: - -<ruby> -rake "gems:install", :sudo => true -</ruby> - h4. route(routing_code) This adds a routing entry to the +config/routes.rb+ file. In above steps, we generated a person scaffold and also removed +public/index.html+. Now to make +PeopleController#index+ as the default page for the application: diff --git a/railties/guides/source/rails_on_rack.textile b/railties/guides/source/rails_on_rack.textile index 8d5985dba8..818df0ffaf 100644 --- a/railties/guides/source/rails_on_rack.textile +++ b/railties/guides/source/rails_on_rack.textile @@ -89,23 +89,32 @@ $ rake middleware For a freshly generated Rails application, this might produce something like: <ruby> +use ActionDispatch::Static use Rack::Lock -use ActionController::Failsafe -use ActionController::Session::CookieStore, , {:secret=>"<secret>", :session_key=>"_<app>_session"} -use Rails::Rack::Metal -use ActionDispatch::RewindableInput -use ActionController::ParamsParser -use Rack::MethodOverride -use Rack::Head +use ActiveSupport::Cache::Strategy::LocalCache +use Rack::Runtime +use Rails::Rack::Logger +use ActionDispatch::ShowExceptions +use ActionDispatch::RemoteIp +use Rack::Sendfile +use ActionDispatch::Callbacks +use ActiveRecord::ConnectionAdapters::ConnectionManagement use ActiveRecord::QueryCache -run ActionController::Dispatcher.new +use ActionDispatch::Cookies +use ActionDispatch::Session::CookieStore +use ActionDispatch::Flash +use ActionDispatch::ParamsParser +use Rack::MethodOverride +use ActionDispatch::Head +use ActionDispatch::BestStandardsSupport +run Blog::Application.routes </ruby> Purpose of each of this middlewares is explained in the "Internal Middlewares":#internal-middleware-stack section. h4. Configuring Middleware Stack -Rails provides a simple configuration interface +config.middleware+ for adding, removing and modifying the middlewares in the middleware stack via +environment.rb+ or the environment specific configuration file <tt>environments/<environment>.rb</tt>. +Rails provides a simple configuration interface +config.middleware+ for adding, removing and modifying the middlewares in the middleware stack via +application.rb+ or the environment specific configuration file <tt>environments/<environment>.rb</tt>. h5. Adding a Middleware @@ -118,7 +127,7 @@ You can add a new middleware to the middleware stack using any of the following * <tt>config.middleware.insert_after(existing_middleware, new_middleware, args)</tt> - Adds the new middleware after the specified existing middleware in the middleware stack. <ruby> -# config/environment.rb +# config/application.rb # Push Rack::BounceFavicon at the bottom config.middleware.use Rack::BounceFavicon @@ -133,7 +142,7 @@ h5. Swapping a Middleware You can swap an existing middleware in the middleware stack using +config.middleware.swap+. <ruby> -# config/environment.rb +# config/application.rb # Replace ActionController::Failsafe with Lifo::Failsafe config.middleware.swap ActionController::Failsafe, Lifo::Failsafe @@ -198,7 +207,7 @@ The following shows how to replace use +Rack::Builder+ instead of the Rails supp <strong>Clear the existing Rails middleware stack</strong> <ruby> -# environment.rb +# config/application.rb config.middleware.clear </ruby> diff --git a/railties/guides/source/routing.textile b/railties/guides/source/routing.textile index 1cbc5c8f6e..99dd9a1cd2 100644 --- a/railties/guides/source/routing.textile +++ b/railties/guides/source/routing.textile @@ -68,7 +68,7 @@ Rails would dispatch that request to the +destroy+ method on the +photos+ contro h4. CRUD, Verbs, and Actions -In Rails, a resourceful route provides a mapping between HTTP verbs and URLs and controller actions. By convention, each action also maps to particular CRUD operations in a database. A single entry in the routing file, such as +In Rails, a resourceful route provides a mapping between HTTP verbs and URLs to controller actions. By convention, each action also maps to particular CRUD operations in a database. A single entry in the routing file, such as <ruby> resources :photos @@ -94,8 +94,8 @@ Creating a resourceful route will also expose a number of helpers to the control * +photos_path+ returns +/photos+ * +new_photo_path+ returns +/photos/new+ -* +edit_photo_path(id)+ returns +/photos/:id/edit+ (for instance, +edit_photo_path(10)+ returns +/photos/10/edit+) -* +photo_path(id)+ returns +/photos/:id+ (for instance, +photo_path(10)+ returns +/photos/10+) +* +edit_photo_path(:id)+ returns +/photos/:id/edit+ (for instance, +edit_photo_path(10)+ returns +/photos/10/edit+) +* +photo_path(:id)+ returns +/photos/:id+ (for instance, +photo_path(10)+ returns +/photos/10+) Each of these helpers has a corresponding +_url+ helper (such as +photos_url+) which returns the same path prefixed with the current host, port and path prefix. @@ -163,14 +163,14 @@ end This will create a number of routes for each of the +posts+ and +comments+ controller. For +Admin::PostsController+, Rails will create: -|_.HTTP Verb |_.Path |_.action |_.named helper | -|GET |/admin/posts |index | admin_posts_path | -|GET |/admin/posts/new |new | new_admin_posts_path | -|POST |/admin/posts |create | admin_posts_path | -|GET |/admin/posts/1 |show | admin_post_path(id) | -|GET |/admin/posts/1/edit |edit | edit_admin_post_path(id) | -|PUT |/admin/posts/1 |update | admin_post_path(id) | -|DELETE |/admin/posts/1 |destroy | admin_post_path(id) | +|_.HTTP Verb |_.Path |_.action |_.named helper | +|GET |/admin/posts |index | admin_posts_path | +|GET |/admin/posts/new |new | new_admin_post_path | +|POST |/admin/posts |create | admin_posts_path | +|GET |/admin/posts/:id |show | admin_post_path(:id) | +|GET |/admin/posts/:id/edit |edit | edit_admin_post_path(:id) | +|PUT |/admin/posts/:id |update | admin_post_path(:id) | +|DELETE |/admin/posts/:id |destroy | admin_post_path(:id) | If you want to route +/posts+ (without the prefix +/admin+) to +Admin::PostsController+, you could use @@ -204,12 +204,12 @@ In each of these cases, the named routes remain the same as if you did not use + |_.HTTP Verb |_.Path |_.action |_.named helper | |GET |/admin/posts |index | posts_path | -|GET |/admin/posts/new |new | posts_path | +|GET |/admin/posts/new |new | new_post_path | |POST |/admin/posts |create | posts_path | -|GET |/admin/posts/1 |show | post_path(id) | -|GET |/admin/posts/1/edit |edit | edit_post_path(id) | -|PUT |/admin/posts/1 |update | post_path(id) | -|DELETE |/admin/posts/1 |destroy | post_path(id) | +|GET |/admin/posts/:id |show | post_path(:id) | +|GET |/admin/posts/:id/edit|edit | edit_post_path(:id)| +|PUT |/admin/posts/:id |update | post_path(:id) | +|DELETE |/admin/posts/:id |destroy | post_path(:id) | h4. Nested Resources @@ -236,13 +236,13 @@ end In addition to the routes for magazines, this declaration will also route ads to an +AdsController+. The ad URLs require a magazine: |_.HTTP Verb |_.Path |_.action |_.used for | -|GET |/magazines/1/ads |index |display a list of all ads for a specific magazine | -|GET |/magazines/1/ads/new |new |return an HTML form for creating a new ad belonging to a specific magazine | -|POST |/magazines/1/ads |create |create a new ad belonging to a specific magazine | -|GET |/magazines/1/ads/1 |show |display a specific ad belonging to a specific magazine | -|GET |/magazines/1/ads/1/edit |edit |return an HTML form for editing an ad belonging to a specific magazine | -|PUT |/magazines/1/ads/1 |update |update a specific ad belonging to a specific magazine | -|DELETE |/magazines/1/ads/1 |destroy |delete a specific ad belonging to a specific magazine | +|GET |/magazines/:id/ads |index |display a list of all ads for a specific magazine | +|GET |/magazines/:id/ads/new |new |return an HTML form for creating a new ad belonging to a specific magazine | +|POST |/magazines/:id/ads |create |create a new ad belonging to a specific magazine | +|GET |/magazines/:id/ads/:id |show |display a specific ad belonging to a specific magazine | +|GET |/magazines/:id/ads/:id/edit |edit |return an HTML form for editing an ad belonging to a specific magazine | +|PUT |/magazines/:id/ads/:id |update |update a specific ad belonging to a specific magazine | +|DELETE |/magazines/:id/ads/:id |destroy |delete a specific ad belonging to a specific magazine | This will also create routing helpers such as +magazine_ads_url+ and +edit_magazine_ad_path+. These helpers take an instance of Magazine as the first parameter (+magazine_ads_url(@magazine)+). @@ -560,13 +560,19 @@ would match +zoo/woo/foo/bar/baz+ with +params[:a]+ equals +"zoo/woo"+, and +par NOTE: Starting from Rails 3.1, wildcard routes will always match the optional format segment by default. For example if you have this route: <ruby> -map '*pages' => 'pages#show' +match '*pages' => 'pages#show' </ruby> NOTE: By requesting +"/foo/bar.json"+, your +params[:pages]+ will be equals to +"foo/bar"+ with the request format of JSON. If you want the old 3.0.x behavior back, you could supply +:format => false+ like this: <ruby> -map '*pages' => 'pages#show', :format => false +match '*pages' => 'pages#show', :format => false +</ruby> + +NOTE: If you want to make the format segment mandatory, so it cannot be omitted, you can supply +:format => true+ like this: + +<ruby> +match '*pages' => 'pages#show', :format => true </ruby> h4. Redirection @@ -628,16 +634,16 @@ resources :photos, :controller => "images" will recognize incoming paths beginning with +/photos+ but route to the +Images+ controller: -|_.HTTP Verb |_.Path |_.action |_.named helper | -|GET |/photos |index | photos_path | -|GET |/photos/new |new | new_photo_path | -|POST |/photos |create | photos_path | -|GET |/photos/1 |show | photo_path(id) | -|GET |/photos/1/edit |edit | edit_photo_path(id) | -|PUT |/photos/1 |update | photo_path(id) | -|DELETE |/photos/1 |destroy | photo_path(id) | +|_.HTTP Verb |_.Path |_.action |_.named helper | +|GET |/photos |index | photos_path | +|GET |/photos/new |new | new_photo_path | +|POST |/photos |create | photos_path | +|GET |/photos/:id |show | photo_path(:id) | +|GET |/photos/:id/edit |edit | edit_photo_path(:id) | +|PUT |/photos/:id |update | photo_path(:id) | +|DELETE |/photos/:id |destroy | photo_path(:id) | -NOTE: Use +photos_path+, +new_photos_path+, etc. to generate paths for this resource. +NOTE: Use +photos_path+, +new_photo_path+, etc. to generate paths for this resource. h4. Specifying Constraints @@ -672,14 +678,14 @@ resources :photos, :as => "images" will recognize incoming paths beginning with +/photos+ and route the requests to +PhotosController+, but use the value of the :as option to name the helpers. -|_.HTTP verb|_.Path |_.action |_.named helper | -|GET |/photos |index | images_path | -|GET |/photos/new |new | new_image_path | -|POST |/photos |create | images_path | -|GET |/photos/1 |show | image_path(id) | -|GET |/photos/1/edit |edit | edit_image_path(id) | -|PUT |/photos/1 |update | image_path(id) | -|DELETE |/photos/1 |destroy | image_path(id) | +|_.HTTP verb|_.Path |_.action |_.named helper | +|GET |/photos |index | images_path | +|GET |/photos/new |new | new_image_path | +|POST |/photos |create | images_path | +|GET |/photos/:id |show | image_path(:id) | +|GET |/photos/:id/edit |edit | edit_image_path(:id) | +|PUT |/photos/:id |update | image_path(:id) | +|DELETE |/photos/:id |destroy | image_path(:id) | h4. Overriding the +new+ and +edit+ Segments @@ -776,14 +782,14 @@ end Rails now creates routes to the +CategoriesController+. -|_.HTTP verb|_.Path |_.action |_.named helper | -|GET |/kategorien |index | categories_path | -|GET |/kategorien/neu |new | new_category_path | -|POST |/kategorien |create | categories_path | -|GET |/kategorien/1 |show | category_path(id) | -|GET |/kategorien/1/bearbeiten |edit | edit_category_path(id) | -|PUT |/kategorien/1 |update | category_path(id) | -|DELETE |/kategorien/1 |destroy | category_path(id) | +|_.HTTP verb|_.Path |_.action |_.named helper | +|GET |/kategorien |index | categories_path | +|GET |/kategorien/neu |new | new_category_path | +|POST |/kategorien |create | categories_path | +|GET |/kategorien/:id |show | category_path(:id) | +|GET |/kategorien/:id/bearbeiten |edit | edit_category_path(:id) | +|PUT |/kategorien/:id |update | category_path(:id) | +|DELETE |/kategorien/:id |destroy | category_path(:id) | h4. Overriding the Singular Form @@ -823,10 +829,10 @@ If you want a complete list of all of the available routes in your application, For example, here's a small section of the +rake routes+ output for a RESTful route: <pre> - users GET /users {:controller=>"users", :action=>"index"} -formatted_users GET /users.:format {:controller=>"users", :action=>"index"} - POST /users {:controller=>"users", :action=>"create"} - POST /users.:format {:controller=>"users", :action=>"create"} + users GET /users(.:format) users#index + POST /users(.:format) users#create + new_user GET /users/new(.:format) users#new +edit_user GET /users/:id/edit(.:format) users#edit </pre> You may restrict the listing to the routes that map to a particular controller setting the +CONTROLLER+ environment variable: diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile index 908f3f125a..04d1d0bda8 100644 --- a/railties/guides/source/security.textile +++ b/railties/guides/source/security.textile @@ -15,7 +15,7 @@ endprologue. h3. Introduction -Web application frameworks are made to help developers building web applications. Some of them also help you with securing the web application. In fact one framework is not more secure than another: If you use it correctly, you will be able to build secure apps with many frameworks. Ruby on Rails has some clever helper methods, for example against SQL injection, so that this is hardly a problem. It‘s nice to see that all of the Rails applications I audited had a good level of security. +Web application frameworks are made to help developers building web applications. Some of them also help you with securing the web application. In fact one framework is not more secure than another: If you use it correctly, you will be able to build secure apps with many frameworks. Ruby on Rails has some clever helper methods, for example against SQL injection, so that this is hardly a problem. It's nice to see that all of the Rails applications I audited had a good level of security. In general there is no such thing as plug-n-play security. Security depends on the people using the framework, and sometimes on the development method. And it depends on all layers of a web application environment: The back-end storage, the web server and the web application itself (and possibly other layers or applications). @@ -23,7 +23,7 @@ The Gartner Group however estimates that 75% of attacks are at the web applicati The threats against web applications include user account hijacking, bypass of access control, reading or modifying sensitive data, or presenting fraudulent content. Or an attacker might be able to install a Trojan horse program or unsolicited e-mail sending software, aim at financial enrichment or cause brand name damage by modifying company resources. In order to prevent attacks, minimize their impact and remove points of attack, first of all, you have to fully understand the attack methods in order to find the correct countermeasures. That is what this guide aims at. -In order to develop secure web applications you have to keep up to date on all layers and know your enemies. To keep up to date subscribe to security mailing lists, read security blogs and make updating and security checks a habit (check the <a href="#additional-resources">Additional Resources</a> chapter). I do it manually because that‘s how you find the nasty logical security problems. +In order to develop secure web applications you have to keep up to date on all layers and know your enemies. To keep up to date subscribe to security mailing lists, read security blogs and make updating and security checks a habit (check the <a href="#additional-resources">Additional Resources</a> chapter). I do it manually because that's how you find the nasty logical security problems. h3. Sessions @@ -80,7 +80,6 @@ This will also be a good idea, if you modify the structure of an object and old * _(highlight)Critical data should not be stored in session_. If the user clears his cookies or closes the browser, they will be lost. And with a client-side session storage, the user can read the data. - h4. Session Storage -- _Rails provides several storage mechanisms for the session hashes. The most important are ActiveRecordStore and CookieStore._ @@ -209,7 +208,7 @@ The HTTP protocol basically provides two main types of requests - GET and POST ( * The interaction _(highlight)changes the state_ of the resource in a way that the user would perceive (e.g., a subscription to a service), or * The user is _(highlight)held accountable for the results_ of the interaction. -If your web application is RESTful, you might be used to additional HTTP verbs, such as PUT or DELETE. Most of today‘s web browsers, however do not support them - only GET and POST. Rails uses a hidden +_method+ field to handle this barrier. +If your web application is RESTful, you might be used to additional HTTP verbs, such as PUT or DELETE. Most of today's web browsers, however do not support them - only GET and POST. Rails uses a hidden +_method+ field to handle this barrier. _(highlight)POST requests can be sent automatically, too_. Here is an example for a link which displays www.harmless.com as destination in the browser's status bar. In fact it dynamically creates a new form that sends a POST request. @@ -617,7 +616,7 @@ This is alright for some web applications, but certainly not if the user is not Depending on your web application, there will be many more parameters the user can tamper with. As a rule of thumb, _(highlight)no user input data is secure, until proven otherwise, and every parameter from the user is potentially manipulated_. -Don‘t be fooled by security by obfuscation and JavaScript security. The Web Developer Toolbar for Mozilla Firefox lets you review and change every form's hidden fields. _(highlight)JavaScript can be used to validate user input data, but certainly not to prevent attackers from sending malicious requests with unexpected values_. The Live Http Headers plugin for Mozilla Firefox logs every request and may repeat and change them. That is an easy way to bypass any JavaScript validations. And there are even client-side proxies that allow you to intercept any request and response from and to the Internet. +Don't be fooled by security by obfuscation and JavaScript security. The Web Developer Toolbar for Mozilla Firefox lets you review and change every form's hidden fields. _(highlight)JavaScript can be used to validate user input data, but certainly not to prevent attackers from sending malicious requests with unexpected values_. The Live Http Headers plugin for Mozilla Firefox logs every request and may repeat and change them. That is an easy way to bypass any JavaScript validations. And there are even client-side proxies that allow you to intercept any request and response from and to the Internet. h3. Injection @@ -825,7 +824,7 @@ Network traffic is mostly based on the limited Western alphabet, so new characte &#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> </html> -This example pops up a message box. It will be recognized by the above sanitize() filter, though. A great tool to obfuscate and encode strings, and thus “get to know your enemy”, is the "Hackvertor":http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php. Rails‘ sanitize() method does a good job to fend off encoding attacks. +This example pops up a message box. It will be recognized by the above sanitize() filter, though. A great tool to obfuscate and encode strings, and thus “get to know your enemy”, is the "Hackvertor":http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php. Rails' sanitize() method does a good job to fend off encoding attacks. h5. Examples from the Underground |