diff options
Diffstat (limited to 'railties/guides')
23 files changed, 1037 insertions, 465 deletions
diff --git a/railties/guides/assets/images/rails_welcome.png b/railties/guides/assets/images/rails_welcome.png Binary files differindex 0e02cf5a8c..f2aa210d19 100644 --- a/railties/guides/assets/images/rails_welcome.png +++ b/railties/guides/assets/images/rails_welcome.png diff --git a/railties/guides/rails_guides/generator.rb b/railties/guides/rails_guides/generator.rb index 14d671c8f3..d304512ff7 100644 --- a/railties/guides/rails_guides/generator.rb +++ b/railties/guides/rails_guides/generator.rb @@ -204,7 +204,7 @@ module RailsGuides t = RedCloth.new(body) t.hard_breaks = false t.lite_mode = lite_mode - t.to_html(:notestuff, :plusplus, :code, :tip) + t.to_html(:notestuff, :plusplus, :code) end end diff --git a/railties/guides/rails_guides/textile_extensions.rb b/railties/guides/rails_guides/textile_extensions.rb index 352c5e91dd..b3e0e32357 100644 --- a/railties/guides/rails_guides/textile_extensions.rb +++ b/railties/guides/rails_guides/textile_extensions.rb @@ -3,23 +3,24 @@ require 'active_support/core_ext/object/inclusion' module RailsGuides module TextileExtensions def notestuff(body) - body.gsub!(/^(IMPORTANT|CAUTION|WARNING|NOTE|INFO)[.:](.*)$/) do |m| - css_class = $1.downcase - css_class = 'warning' if css_class.in?(['caution', 'important']) - - result = "<div class='#{css_class}'><p>" - result << $2.strip - result << '</p></div>' - result - end - end - - def tip(body) - body.gsub!(/^TIP[.:](.*)$/) do |m| - result = "<div class='info'><p>" - result << $1.strip - result << '</p></div>' - result + # The following regexp detects special labels followed by a + # paragraph, perhaps at the end of the document. + # + # It is important that we do not eat more than one newline + # because formatting may be wrong otherwise. For example, + # if a bulleted list follows the first item is not rendered + # as a list item, but as a paragraph starting with a plain + # asterisk. + body.gsub!(/^(TIP|IMPORTANT|CAUTION|WARNING|NOTE|INFO)[.:](.*?)(\n(?=\n)|\Z)/m) do |m| + css_class = case $1 + when 'CAUTION', 'IMPORTANT' + 'warning' + when 'TIP' + 'info' + else + $1.downcase + end + %Q(<div class="#{css_class}"><p>#{$2.strip}</p></div>) end end diff --git a/railties/guides/source/action_mailer_basics.textile b/railties/guides/source/action_mailer_basics.textile index 2eaee158ff..f05d9dcf1c 100644 --- a/railties/guides/source/action_mailer_basics.textile +++ b/railties/guides/source/action_mailer_basics.textile @@ -422,7 +422,7 @@ The above will send a multipart email with an attachment, properly nested with t h3. Receiving Emails -Receiving and parsing emails with Action Mailer can be a rather complex endeavour. Before your email reaches your Rails app, you would have had to configure your system to somehow forward emails to your app, which needs to be listening for that. So, to receive emails in your Rails app you'll need to: +Receiving and parsing emails with Action Mailer can be a rather complex endeavor. Before your email reaches your Rails app, you would have had to configure your system to somehow forward emails to your app, which needs to be listening for that. So, to receive emails in your Rails app you'll need to: * Implement a +receive+ method in your mailer. diff --git a/railties/guides/source/action_view_overview.textile b/railties/guides/source/action_view_overview.textile index 7703d6c720..d40e0840ce 100644 --- a/railties/guides/source/action_view_overview.textile +++ b/railties/guides/source/action_view_overview.textile @@ -870,7 +870,7 @@ h4. FormHelper Form helpers are designed to make working with models much easier compared to using just standard HTML elements by providing a set of methods for creating forms based on your models. This helper generates the HTML for forms, providing a method for each sort of input (e.g., text, password, select, and so on). When the form is submitted (i.e., when the user hits the submit button or form.submit is called via JavaScript), the form inputs will be bundled into the params object and passed back to the controller. -There are two types of form helpers: those that specifically work with model attributes and those that don't. This helper deals with those that work with model attributes; to see an example of form helpers that don‘t work with model attributes, check the ActionView::Helpers::FormTagHelper documentation. +There are two types of form helpers: those that specifically work with model attributes and those that don't. This helper deals with those that work with model attributes; to see an example of form helpers that don't work with model attributes, check the ActionView::Helpers::FormTagHelper documentation. The core method of this helper, form_for, gives you the ability to create a form for a model instance; for example, let's say that you have a model Person and want to create a new instance of it: @@ -914,7 +914,7 @@ check_box("post", "validated") h5. fields_for -Creates a scope around a specific model object like form_for, but doesn‘t create the form tags themselves. This makes fields_for suitable for specifying additional model objects in the same form: +Creates a scope around a specific model object like form_for, but doesn't create the form tags themselves. This makes fields_for suitable for specifying additional model objects in the same form: <ruby> <%= form_for @person, :url => { :action => "update" } do |person_form| %> diff --git a/railties/guides/source/active_record_querying.textile b/railties/guides/source/active_record_querying.textile index 082f9eda7d..8ea06d28aa 100644 --- a/railties/guides/source/active_record_querying.textile +++ b/railties/guides/source/active_record_querying.textile @@ -1016,6 +1016,7 @@ You can specify an exclamation point (<tt>!</tt>) on the end of the dynamic find If you want to find both by name and locked, you can chain these finders together by simply typing +and+ between the fields. For example, +Client.find_by_first_name_and_locked("Ryan", true)+. +WARNING: Up to and including Rails 3.1, when the number of arguments passed to a dynamic finder method is lesser than the number of fields, say <tt>Client.find_by_name_and_locked("Ryan")</tt>, the behavior is to pass +nil+ as the missing argument. This is *unintentional* and this behavior will be changed in Rails 3.2 to throw an +ArgumentError+. There's another set of dynamic finders that let you find or create/initialize objects if they aren't found. These work in a similar fashion to the other finders and can be used like +find_or_create_by_first_name(params[:first_name])+. Using this will first perform a find and then create if the find returns +nil+. The SQL looks like this for +Client.find_or_create_by_first_name("Ryan")+: diff --git a/railties/guides/source/active_record_validations_callbacks.textile b/railties/guides/source/active_record_validations_callbacks.textile index 50ff1c9ff7..ce0b5416de 100644 --- a/railties/guides/source/active_record_validations_callbacks.textile +++ b/railties/guides/source/active_record_validations_callbacks.textile @@ -848,7 +848,7 @@ The way form fields with errors are treated is defined by +ActionView::Base.fiel * A string with the HTML tag * An instance of +ActionView::Helpers::InstanceTag+. -Here is a simple example where we change the Rails behaviour to always display the error messages in front of each of the form fields with errors. The error messages will be enclosed by a +span+ element with a +validation-error+ CSS class. There will be no +div+ element enclosing the +input+ element, so we get rid of that red border around the text field. You can use the +validation-error+ CSS class to style it anyway you want. +Here is a simple example where we change the Rails behavior to always display the error messages in front of each of the form fields with errors. The error messages will be enclosed by a +span+ element with a +validation-error+ CSS class. There will be no +div+ element enclosing the +input+ element, so we get rid of that red border around the text field. You can use the +validation-error+ CSS class to style it anyway you want. <ruby> ActionView::Base.field_error_proc = Proc.new do |html_tag, instance| @@ -941,7 +941,7 @@ The +after_initialize+ callback will be called whenever an Active Record object The +after_find+ callback will be called whenever Active Record loads a record from the database. +after_find+ is called before +after_initialize+ if both are defined. -The +after_initialize+ and +after_find+ callbacks are a bit different from the others. They have no +before_*+ counterparts, and the only way to register them is by defining them as regular methods. If you try to register +after_initialize+ or +after_find+ using macro-style class methods, they will just be ignored. This behaviour is due to performance reasons, since +after_initialize+ and +after_find+ will both be called for each record found in the database, significantly slowing down the queries. +The +after_initialize+ and +after_find+ callbacks are a bit different from the others. They have no +before_*+ counterparts, and the only way to register them is by defining them as regular methods. If you try to register +after_initialize+ or +after_find+ using macro-style class methods, they will just be ignored. This behavior is due to performance reasons, since +after_initialize+ and +after_find+ will both be called for each record found in the database, significantly slowing down the queries. <ruby> class User < ActiveRecord::Base @@ -1172,7 +1172,7 @@ As usual, settings in +config/environments+ take precedence over those in +confi h4. Sharing Observers -By default, Rails will simply strip "Observer" from an observer's name to find the model it should observe. However, observers can also be used to add behaviour to more than one model, and so it's possible to manually specify the models that our observer should observe. +By default, Rails will simply strip "Observer" from an observer's name to find the model it should observe. However, observers can also be used to add behavior to more than one model, and so it's possible to manually specify the models that our observer should observe. <ruby> class MailerObserver < ActiveRecord::Observer diff --git a/railties/guides/source/active_support_core_extensions.textile b/railties/guides/source/active_support_core_extensions.textile index a0ed85cf01..781d3d08cd 100644 --- a/railties/guides/source/active_support_core_extensions.textile +++ b/railties/guides/source/active_support_core_extensions.textile @@ -78,12 +78,14 @@ The following values are considered to be blank in a Rails application: * +nil+ and +false+, -* strings composed only of whitespace, i.e. matching +/\A\s*\z/+, +* strings composed only of whitespace (see note below), * empty arrays and hashes, and * any other object that responds to +empty?+ and it is empty. +INFO: In Ruby 1.9 the predicate for strings uses the Unicode-aware character class <tt>[:space:]</tt>, so for example U+2029 (paragraph separator) is considered to be whitespace. In Ruby 1.8 whitespace is considered to be <tt>\s</tt> together with the ideographic space U+3000. + WARNING: Note that numbers are not mentioned, in particular 0 and 0.0 are *not* blank. For example, this method from +ActionDispatch::Session::AbstractStore+ uses +blank?+ for checking whether a session key is present: @@ -498,7 +500,7 @@ ActionController::TestCase.class_eval do end </ruby> -Rails uses +alias_method_chain+ all over the code base. For example validations are added to +ActiveRecord::Base#save+ by wrapping the method that way in a separate module specialised in validations. +Rails uses +alias_method_chain+ all over the code base. For example validations are added to +ActiveRecord::Base#save+ by wrapping the method that way in a separate module specialized in validations. NOTE: Defined in +active_support/core_ext/module/aliasing.rb+. diff --git a/railties/guides/source/api_documentation_guidelines.textile b/railties/guides/source/api_documentation_guidelines.textile index 50e86e05a8..9c4df2d6b8 100644 --- a/railties/guides/source/api_documentation_guidelines.textile +++ b/railties/guides/source/api_documentation_guidelines.textile @@ -35,7 +35,7 @@ Use the article "an" for "SQL", as in "an SQL statement". Also "an SQLite databa h3. English -Please use American English (_color_, _center_, _modularize_, etc.). See "a list of American and British English spelling differences here":http://en.wikipedia.org/wiki/American_and_British_English_spelling_differences. +Please use American English (<em>color</em>, <em>center</em>, <em>modularize</em>, etc.). See "a list of American and British English spelling differences here":http://en.wikipedia.org/wiki/American_and_British_English_spelling_differences. h3. Example Code @@ -78,14 +78,14 @@ The result of expressions follow them and are introduced by "# => ", vertically If a line is too long, the comment may be placed on the next line: <ruby> - # label(:post, :title) - # # => <label for="post_title">Title</label> - # - # label(:post, :title, "A short title") - # # => <label for="post_title">A short title</label> - # - # label(:post, :title, "A short title", :class => "title_label") - # # => <label for="post_title" class="title_label">A short title</label> +# label(:post, :title) +# # => <label for="post_title">Title</label> +# +# label(:post, :title, "A short title") +# # => <label for="post_title">A short title</label> +# +# label(:post, :title, "A short title", :class => "title_label") +# # => <label for="post_title" class="title_label">A short title</label> </ruby> Avoid using any printing methods like +puts+ or +p+ for that purpose. diff --git a/railties/guides/source/asset_pipeline.textile b/railties/guides/source/asset_pipeline.textile index 563c1c79ae..51cb332e38 100644 --- a/railties/guides/source/asset_pipeline.textile +++ b/railties/guides/source/asset_pipeline.textile @@ -11,9 +11,9 @@ By referring to this guide you will be able to: endprologue. -h3. What Is The Asset Pipeline? +h3. What is the Asset Pipeline? -The asset pipeline provides a framework to concatenate and minify or compress Javascript and CSS assets. It also adds the ability to write these assets in other languages such as CoffeeScript, SCSS and ERB. +The asset pipeline provides a framework to concatenate and minify or compress JavaScript and CSS assets. It also adds the ability to write these assets in other languages such as CoffeeScript, SCSS and ERB. Prior to Rails 3.1 these features were added through third-party Ruby libraries such as Jammit and Sprockets. Rails 3.1 includes the +sprockets-rails+ gem, which depends on the +sprockets+ gem, by default. @@ -22,7 +22,7 @@ By having this as a core feature of Rails, all developers can benefit from the p In new Rails 3.1 application the asset pipeline is enable by default. It can be disabled in +application.rb+ by putting this line inside the +Application+ class definition: <plain> - config.assets.enabled = false +config.assets.enabled = false </plain> It is recommended that you use the defaults for all new apps. @@ -30,21 +30,19 @@ It is recommended that you use the defaults for all new apps. h4. Main Features -The first is to concatenate of assets. This is important in a production environment to reduce the number of requests that a client browser has to make to render a web page. While Rails already has a feature to concatenate these types of asset--by placing +:cache => true+ at the end of tags such as +javascript_include_tag+ and +stylesheet_link_tag+--, many people do not use it. +The first feature of the pipeline is to concatenate assets. This is important in a production environment, as it reduces the number of requests that a browser needs to make to render a web page. While Rails already has a feature to concatenate these types of asset--by placing +:cache => true+ at the end of tags such as +javascript_include_tag+ and +stylesheet_link_tag+--, many people do not use it. -The default behavior in Rails 3.1 and onward is to concatenate all files into one master file each for JS and CSS, however you can separate files or groups of files if required (see below). In production an MD5 fingerprint is inserted into each filename. +The default behavior in Rails 3.1 and onward is to concatenate all files into one master file each for JS and CSS. However, you can separate files or groups of files if required (see below). In production an MD5 fingerprint is inserted into each filename so that the file is cached by the web browser but can be invalidated if the fingerprint is altered. -The second feature of the pipeline is to minify or compress. For CSS this usually involves removing whitespace and comments. For Javascript more complex processes can be applied. +The second feature is to minify or compress. For CSS, this usually involves removing whitespace and comments. For JavaScript, more complex processes can be applied. You can choose from a set of built in options or specify your own. -You can choose from a set of built in options or specify your own. +The third feature is the ability to code these assets using another language, or language extension. These include SCSS or Sass for CSS, CoffeeScript for JavaScript, and ERB for both. -The third feature is the ability to code these assets using another language, or language extension. These include SCSS or Sass for CSS, CoffeeScript for Javascript, and ERB for both. - -h4. What is fingerprinting and why should I care? +h4. What is Fingerprinting and Why Should I Care? Fingerprinting is a technique where the filenames of content that is static or infrequently updated is altered to be unique to the content contained in the file. -When a filename is unique and based on its content, http headers can be set to encourage caches everywhere (at ISPs, in browsers) to keep there own copy of the content. When the content is updated, the fingerprint will change and the remote clients will request the new file. This is generally known as _cachebusting_. +When a filename is unique and based on its content, HTTP headers can be set to encourage caches everywhere (at ISPs, in browsers) to keep their own copy of the content. When the content is updated, the fingerprint will change and the remote clients will request the new file. This is generally known as _cachebusting_. The most effective technique is to insert a hash of the content into the name, usually at the end. For example a CSS file +global.css+ is hashed and the filename is updated to incorporate the hash. @@ -62,17 +60,20 @@ Rails old strategy was to append a query string to every asset linked with a bui This has several disadvantages: -1. Not all caches will cache content with a query string - -"Steve Souders recommends":http://www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/, "...avoiding a querystring for cacheable resources". He found that in these case 5-20% of requests will not be cached. - -2. The filename can change between nodes in multi-server environments. - -The query string in Rails is based on the files mtime (mtime is the file modification time). When assets are deployed to a cluster, there is no guarantee that the timestamps will be the same, resulting in different values being used depending on which server handles the request. +<ol> + <li> + <strong>Not all caches will cache content with a query string</strong><br> + "Steve Souders recommends":http://www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/, "...avoiding a querystring for cacheable resources". He found that in these case 5-20% of requests will not be cached. + </li> + <li> + <strong>The file name can change between nodes in multi-server environments.</strong><br> + The query string in Rails is based on the modification time of the files. When assets are deployed to a cluster, there is no guarantee that the timestamps will be the same, resulting in different values being used depending on which server handles the request. + </li> +</ol> -The other problems is that when static assets are deployed with each new release of code, the mtime of *all* these files changes, forcing all remote clients to fetch them again, even when the content of those assets has not changed. +The other problem is that when static assets are deployed with each new release of code, the mtime of *all* these files changes, forcing all remote clients to fetch them again, even when the content of those assets has not changed. -Fingerprinting avoids all these problems be ensuring filenames are consistent based on the content. +Fingerprinting avoids all these problems by ensuring filenames are consistent based on the content. More reading: @@ -84,7 +85,7 @@ h3. How to Use the Asset Pipeline In previous versions of Rails, all assets were located in subdirectories of +public+ such as +images+, +javascripts+ and +stylesheets+. With the asset pipeline, the preferred location for these assets is now the +app/assets+ directory. Files in this directory will be served by the Sprockets middleware included in the sprockets gem. -This is not to say that assets can (or should) no longer be placed in +public+. They still can be and will be served as static files by the application or web server. You would only use +app/assets+ if you wish your files to undergo some pre-processing before they are served. +This is not to say that assets can (or should) no longer be placed in +public+; they still can be and will be served as static files by the application or web server. You would only use +app/assets+ if you wish your files to undergo some pre-processing before they are served. When a scaffold or controller is generated for the application, Rails will also generate a JavaScript file (or CoffeeScript if the +coffee-script+ gem is in the +Gemfile+) and a Cascading Style Sheet file (or SCSS if +sass-rails+ is in the +Gemfile+) file for that controller. @@ -100,32 +101,72 @@ Assets can be placed inside an application in one of three locations: +app/asset +vendor/assets+ is for assets that are owned by outside entities, such as code for JavaScript plugins. -All subdirectories that exists within these three locations will be added to the search path for Sprockets (visible by calling +Rails.application.config.assets.paths+ in a console). When an asset is requested, these paths will be looked through to see if they contain an asset matching the name specified. Once an asset has been found, it's processed by Sprockets and served. +All subdirectories that exist within these three locations will be added to the search path for Sprockets (visible by calling +Rails.application.config.assets.paths+ in a console). When an asset is requested, these paths will be looked through to see if they contain an asset matching the name specified. Once an asset has been found, it's processed by Sprockets and served. -h4. Coding links to Assets +h4. Coding Links to Assets To access assets, we can use the same tags that we are generally familiar with: +Sprockets does not add any new methods to require your assets, we still use the familiar +javascript_include_tag+ and +stylesheet_link_tag+. + <erb> - <%= image_tag "rails.png" %> +<%= stylesheet_link_tag "application" %> +<%= javascript_include_tag "application" %> </erb> -Providing that assets are enabled within our application (+config.assets.enabled+ in the current environment's file is not set to +false+), this file will be served by Sprockets unless a file at +public/assets/rails.png+ exists, in which case that file will be served. Alternatively, a file with an MD5 hash after its name such as +public/assets/rails-af27b6a414e6da00003503148be9b409.png+ will also be picked up by Sprockets. How these hashes are generated is covered in the "Production Assets":#production_assets section later on in this guide. +In regular views you can access images in the +assets/images+ directory like this: -Otherwise, Sprockets will look through the available paths until it finds a file that matches the name and then will serve it, first looking in the application's assets directories and then falling back to the various engines of the application. +<erb> +<%= image_tag "rails.png" %> +</erb> -Sprockets does not add any new methods to require your assets, we still use the familiar +javascript_include_tag+ and +stylesheet_link_tag+. +Images can be organized into directories if required, and they can be accessed by specifying the directory's name in the tag: <erb> - <%= stylesheet_link_tag "application" %> - <%= javascript_include_tag "application" %> +<%= image_tag "icons/rails.png" %> </erb> -These helpers (when the pipeline is on) are providing links to the compiled manifest with the specified name (or names). +Providing that assets are enabled within our application (+config.assets.enabled+ in the current environment's file is not set to +false+), this file will be served by Sprockets unless a file at +public/assets/rails.png+ exists, in which case that file will be served. + +Alternatively, a file with an MD5 hash after its name such as +public/assets/rails-af27b6a414e6da00003503148be9b409.png+ will also be picked up by Sprockets. How these hashes are generated is covered in the "Production Assets":#production_assets section later on in this guide. + +Otherwise, Sprockets will look through the available paths until it finds a file that matches the name and then will serve it, first looking in the application's assets directories and then falling back to the various engines of the application. + +If you want to use a "css data URI":http://en.wikipedia.org/wiki/Data_URI_scheme - a method of embedding the image data directly into the CSS file - you can use the +asset_data_uri+ helper. + +<plain> +#logo { background: url(<%= asset_data_uri 'logo.png' %>) +</plain> + +This will insert a correctly formatted data URI into the CSS source. + +h5. CSS and ERB + +If you add an +erb+ extension to a CSS asset, making it something such as +application.css.erb+ then you can use the +asset_path+ helper in your CSS rules: + +<plain> +.class{background-image:<%= asset_path 'image.png' %>} +</plain> + +This will write the path to the particular asset being referenced. In this example, it would make sense to have an image in one of the asset load paths, such as +app/assets/images/image.png+, which would be referenced here. If this image is already available in +public/assets+ as a fingerprinted file then that path will be referenced. + +Note that the closing tag cannot be of the style +-%>+. + +h5. CSS and SCSS + +When using the asset pipeline, paths to assets must be re-written and +sass-rails+ provides +_url+ and +_path+ helpers for the following asset classes: image, font, video, audio, javascript, stylesheet. + +* +image_url("rails.png")+ becomes +url(/assets/rails.png)+ +* +image_path("rails.png")+ becomes +"/assets/rails.png"+. + +The more generic form can also be used but the asset path and class must both be specified: + +* +asset_url("rails.png", "image")+ becomes +url(/assets/rails.png)+ +* +asset_path("rails.png", "image")+ becomes +"/assets/rails.png"+ h4. Manifest Files and Directives -Sprockets uses manifest files to determine which assets to include and serve. These manifest files contain _directives_ - instructions that tell Sprockets which files to require in order to build a single CSS or JavaScript file. With these directives, Sprockets will load the files specified, process them if necessary, concatenate them into one single file and then compress them (if +Rails.application.config.assets.compress+ is set to +true+). By serving one file rather than many, a page's load time is greatly reduced. +Sprockets uses manifest files to determine which assets to include and serve. These manifest files contain _directives_ - instructions that tell Sprockets which files to require in order to build a single CSS or JavaScript file. With these directives, Sprockets will load the files specified, process them if necessary, concatenate them into one single file and then compress them (if +Rails.application.config.assets.compress+ is set to +true+). By serving one file rather than many, a page's load time is greatly reduced as there is not as many requests to make for each file. For example, in the default Rails application there's a +app/assets/javascripts/application.js+ file which contains the following lines: @@ -167,19 +208,17 @@ For some assets (like CSS) the compiled order is important. You can specify indi h4. Preprocessing -The file extensions used on an asset will determine what preprocssing will be applied. When a controller or a scaffold is generated with the default Rails gemset, a CoffeeScript file and a SCSS file will be generated in place of a regular JavaScript and CSS file. The example used before was a controller called "projects", which generated an +app/assets/javascripts/projects.js.coffee+ and a +app/assets/stylesheets/projects.css.scss+ file. +The file extensions used on an asset will determine what preprocessing will be applied. When a controller or a scaffold is generated with the default Rails gemset, a CoffeeScript file and a SCSS file will be generated in place of a regular JavaScript and CSS file. The example used before was a controller called "projects", which generated an +app/assets/javascripts/projects.js.coffee+ and a +app/assets/stylesheets/projects.css.scss+ file. When these files are requested, they will be processed by the processors provided by the +coffee-script+ and +sass-rails+ gems and then sent back to the browser as JavaScript and CSS respectively. -Additional layers of pre-processing can be requested by adding other extensions. These should be used in the order the processing should be applied. For example, a stylesheet called +app/assets/stylesheets/projects.css.scss.erb+ would first be processed as ERB, then SCSS and finally served as CSS. The same applies to a JavaScript file - +app/assets/javascripts/projects.js.coffee.erb+ would be process as ERB, CoffeeScript and served as JavaScript. +Additional layers of pre-processing can be requested by adding other extensions, where each extension will be processed in a right-to-left manner. These should be used in the order the processing should be applied. For example, a stylesheet called +app/assets/stylesheets/projects.css.scss.erb+ would first be processed as ERB, then SCSS and finally served as CSS. The same applies to a JavaScript file - +app/assets/javascripts/projects.js.coffee.erb+ would be process as ERB, CoffeeScript and served as JavaScript. Keep in mind that the order of these pre-processors is important. For example, if we called our JavaScript file +app/assets/javascripts/projects.js.erb.coffee+ then it would be processed with the CoffeeScript interpreter first, which wouldn't understand ERB and therefore we would run into problems. h3. In Development -TODO: Talk about: Rack::Cache's caching (used in dev and production. The only difference is hashing and headers). - -In the development environment assets are compiled and cached on the first request after the server is started. Sprockets sets a +must-validate+ cache-control http header to reduce request overhead on subsequent requests - on these the browser gets a 304 (not-modified) response. +In the development environment assets are compiled and cached on the first request after the server is started. Sprockets sets a +must-validate+ Cache-Control HTTP header to reduce request overhead on subsequent requests - on these the browser gets a 304 (not-modified) response. If any of the files in the manifest have changed between requests, the server will respond with a new compiled file. @@ -195,15 +234,15 @@ You can put +?debug_assets=true+ or +?debug_assets=1+ at the end of a URL and Sp By default, this would only render this line when used with +<%= javascript_include_tag "application" %>+ in a view or layout: <html> - <script src='/assets/application.js'></script> +<script src='/assets/application.js'></script> </html> When the +debug_assets+ parameter is set, this line will be expanded out into three separate lines, separating out the combined file into their parts. <html> - <script src='/assets/application.js'></script> - <script src='/assets/projects.js'></script> - <script src='/assets/tickets.js'></script> +<script src='/assets/application.js'></script> +<script src='/assets/projects.js'></script> +<script src='/assets/tickets.js'></script> </html> This allows the individual parts of an asset to be rendered and debugged separately. @@ -219,80 +258,105 @@ On the first request the assets are compiled and cached as described above, howe /assets/application-4dd5b109ee3439da54f5bdfd78a80473.css </plain> -The MD5 is generated from the contents of the compiled files, and is included in the http +Content-MD5+ header. +The MD5 is generated from the contents of the compiled files, and is included in the HTTP +Content-MD5+ header. -Sprockets also sets the +Cache-Control+ http header to +max-age=31536000+. This signals all caches between your server and the client browser that this content (the file served) can be cached for 1 year. The effect of this is to reduce the number of requests for this asset from your server; the asset has a good chance of being in the local browser cache or some intermediate cache. +Sprockets also sets the +Cache-Control+ HTTP header to +max-age=31536000+. This signals all caches between your server and the client browser that this content (the file served) can be cached for 1 year. The effect of this is to reduce the number of requests for this asset from your server; the asset has a good chance of being in the local browser cache or some intermediate cache. This behavior is controlled by the setting of +config.action_controller.perform_caching+ setting in Rails (which is +true+ for production, +false+ for everything else). This value is propagated to Sprockets during initialization for use when action_controller is not available. -TODO: -describe each and the differences between: - * Sass-rails's handy +image_url+ helpers - * ERB pre-processing and +asset_path+ - -h4. Precompiling assets +h4. Precompiling Assets Even though assets are served by Rack::Cache with far-future headers, in high traffic sites this may not be fast enough. Rails comes bundled with a rake task to compile the manifests to files on disc. These are located in the +public/assets+ directory where they will be served by your web server instead of the Rails application. -TODO: Add section about image assets - The rake task is: -<erb> +<plain> rake assets:precompile +</plain> + +You can run this as part of a Capistrano deployment: + +<erb> +before 'deploy:symlink' do + run "cd #{release_path}; RAILS_ENV=#{rails_env} rake assets:precompile" +end </erb> -TODO: explain where to use this with Capistrano +If you are not precompiling your assets, and you are using the default cache file store (which is the file system), you will need to symlink +rails_root/tmp/cache/assets+ from the shared folder that is part of the Capistrano deployment structure in order to persist the cached file between deployments. -TODO: talk about the +config.assets.precompile+ option and the default matcher for files: +TODO: Extend above task to allow for this and add task to set it up (See commits 8f0e0b6 and 704ee0df). Note: Capistrano folks are working on a recipe - update this when it available (see https://github.com/capistrano/capistrano/pull/35). + +The default matcher for compiling files will include +application.js+, +application.css+ and all files that do not end in +js+ or +css+: + +<ruby> +[ /\w+\.(?!js|css).+/, /application.(css|js)$/ ] +</ruby> + +If you have other manifests or individual stylesheets and JavaScript files to include, you can append them to the +precompile+ array: <erb> -[ /\w+\.(?!js|css).+/, "application.js", "application.css" ] +config.assets.precompile << ['admin.js', 'admin.css', 'swfObject.js'] </erb> +Precompiled assets exist on the filesystem and are served directly by your webserver. They do not have far-future headers by default, so to get the benefit of fingerprinting you'll have to update your server configuration to add them. + +For Apache: + +<plain> +<LocationMatch "^/assets/.*$"> + # Some browsers still send conditional-GET requests if there's a + # Last-Modified header or an ETag header even if they haven't + # reached the expiry date sent in the Expires header. + Header unset Last-Modified + Header unset ETag + FileETag None + # RFC says only cache for 1 year + ExpiresActive On + ExpiresDefault "access plus 1 year" +</LocationMatch> +</plain> + +TODO: NGINX instructions -Sprockets also creates a "gzip":http://en.wikipedia.org/wiki/Gzip (.gz) of your assets. This prevents your server from contently compressing your assets for each request. You must configure your server to use gzip compression and serve the compressed assets that will be stored in the public/assets folder. The following are some configuration blocks that you can use for common servers. -NGINX & Apache examples? +When files are precompiled Sprockets also creates "Gzip":http://en.wikipedia.org/wiki/Gzip (.gz) version of your assets. This avoids the server having to do this for any requests; it can simply read the compressed files from disc. You must configure your server to use gzip compression and serve the compressed assets that will be stored in the public/assets folder. The following configuration options can be used: +TODO: Apache instructions -h3. Customizing The Pipeline +h3. Customizing the Pipeline -h4. CSS -There is currently one option for processing CSS - SCSS. This Gem extends the CSS syntax and offers minification. +h4. CSS Compression -The following line will enable SCSS in you project. +There is currently one option for compressing CSS - YUI. This Gem extends the CSS syntax and offers minification. + +The following line will enable YUI compression, and requires the +yui-compressor+ gem. <erb> -config.assets.css_compressor = :scss +config.assets.css_compressor = :yui </erb> -This option is for compression only and does not relate to the SCSS language extensions that apply when using the +.scss+ file extension on CSS assets. - -h4. Javascript +The +config.assets.compress+ must be set to +true+ to enable CSS compression -There are three options available to process javascript - uglifier, closure and yui. +h4. JavaScript -The default Gemfile includes "uglifier":https://github.com/lautis/uglifier. This gem wraps "UglifierJS":https://github.com/mishoo/UglifyJS (written for NodeJS) in Ruby. It compress your code by removing white spaces and other magical things like changing your if and else statements to ternary operators when possible. +Possible options for JavaScript compression are +:closure+, +:uglifier+ and +:yui+. These require the use of the +closure-compiler+, +uglifier+ or +yui-compressor+ gems respectively. -TODO: Add detail about the other two +The default Gemfile includes "uglifier":https://github.com/lautis/uglifier. This gem wraps "UglifierJS":https://github.com/mishoo/UglifyJS (written for NodeJS) in Ruby. It compress your code by removing white spaces and other magical things like changing your +if+ and +else+ statements to ternary operators where possible. -The following line will invoke uglifier for Javascript compression. +The following line will invoke uglifier for JavaScript compression. <erb> config.assets.js_compressor = :uglifier </erb> +The +config.assets.compress+ must be set to +true+ to enable JavaScript compression +h4. Using Your Own Compressor -h4. Using your own compressor - -The compressor config settings for CSS and Javascript will also take an Object. - -This object must have a +compress+ method that takes a string as the sole argument and it must return a string. +The compressor config settings for CSS and JavaScript will also take any Object. This object must have a +compress+ method that takes a string as the sole argument and it must return a string. <erb> class Transformer @@ -309,7 +373,7 @@ config.assets.css_compressor = Transformer.new </erb> -h4. Changing the _assets_ path +h4. Changing the _assets_ Path The public path that Sprockets uses by default is +/assets+. @@ -319,8 +383,27 @@ This can be changed to something else: config.assets.prefix = "/some_other_path" </erb> -This is a handy option if you have any existing project (pre Rails 3.1) that already uses this path. +This is a handy option if you have any existing project (pre Rails 3.1) that already uses this path or you wish to use this path for a new resource. +h4. X-Sendfile Headers + +The X-Sendfile header is a directive to the server to ignore the response from the application, and instead serve the file specified in the headers. In production Rails (via Sprockets) does not send the asset - just the location and a zero-length response - relying on the web server to do the file serving, which is usually faster. Both Apache and nginx support this option. + +The configuration is available in <tt>config/environments/production.rb</tt>. + +<erb> +config.action_dispatch.x_sendfile_header = "X-Sendfile" # Use 'X-Accel-Redirect' for nginx +</erb> + +You should check that your server or hosting service actually supports this, otherwise comment it out. + +WARNING: If you are upgrading an existing application and intend to use this option, take care to paste this configuration option only into +production.rb+ (and not +application.rb+) and any other environment you define with production behavior. + +h3. How Caching Works + +Sprockets uses the default rails cache store to cache assets in dev and production. The only difference is file names are fingerprinted and get far-future headers in production. + +TODO: Add more about changing the default store. h3. Adding Assets to Your Gems @@ -330,6 +413,4 @@ A good example of this is the +jquery-rails+ gem which comes with Rails as the s h3. Making Your Library or Gem a Pre-Processor -"You should be able to register [your gems] on Tilt and Sprockets will find them." - Josh -Tilt: https://github.com/rtomayko/tilt - +TODO: Registering gems on "Tilt":https://github.com/rtomayko/tilt enabling Sprockets to find them. diff --git a/railties/guides/source/association_basics.textile b/railties/guides/source/association_basics.textile index 3c2497e83a..ce4ff0389d 100644 --- a/railties/guides/source/association_basics.textile +++ b/railties/guides/source/association_basics.textile @@ -443,7 +443,7 @@ class CreateAssemblyPartJoinTable < ActiveRecord::Migration end </ruby> -We pass +:id => false+ to +create_table+ because that table does not represent a model. That's required for the association to work properly. If you observe any strange behaviour in a +has_and_belongs_to_many+ association like mangled models IDs, or exceptions about conflicting IDs chances are you forgot that bit. +We pass +:id => false+ to +create_table+ because that table does not represent a model. That's required for the association to work properly. If you observe any strange behavior in a +has_and_belongs_to_many+ association like mangled models IDs, or exceptions about conflicting IDs chances are you forgot that bit. h4. Controlling Association Scope diff --git a/railties/guides/source/caching_with_rails.textile b/railties/guides/source/caching_with_rails.textile index 252003edd0..ae56911441 100644 --- a/railties/guides/source/caching_with_rails.textile +++ b/railties/guides/source/caching_with_rails.textile @@ -15,7 +15,7 @@ h3. Basic Caching This is an introduction to the three types of caching techniques that Rails provides by default without the use of any third party plugins. -To start playing with testing you'll want to ensure that +config.action_controller.perform_caching+ is set to +true+ if you're running in development mode. This flag is normally set in the corresponding +config/environments/*.rb+ and caching is disabled by default for development and test, and enabled for production. +To start playing with caching you'll want to ensure that +config.action_controller.perform_caching+ is set to +true+, if you're running in development mode. This flag is normally set in the corresponding +config/environments/*.rb+ and caching is disabled by default for development and test, and enabled for production. <ruby> config.action_controller.perform_caching = true @@ -23,9 +23,9 @@ config.action_controller.perform_caching = true h4. Page Caching -Page caching is a Rails mechanism which allows the request for a generated page to be fulfilled by the webserver (i.e. apache or nginx), without ever having to go through the Rails stack at all. Obviously, this is super-fast. Unfortunately, it can't be applied to every situation (such as pages that need authentication) and since the webserver is literally just serving a file from the filesystem, cache expiration is an issue that needs to be dealt with. +Page caching is a Rails mechanism which allows the request for a generated page to be fulfilled by the webserver (i.e. Apache or nginx), without ever having to go through the Rails stack at all. Obviously, this is super-fast. Unfortunately, it can't be applied to every situation (such as pages that need authentication) and since the webserver is literally just serving a file from the filesystem, cache expiration is an issue that needs to be dealt with. -So, how do you enable this super-fast cache behavior? Simple, let's say you have a controller called +ProductsController+ and an +index+ action that lists all the products +To enable page caching, you need to use the +caches_page+ method. <ruby> class ProductsController < ActionController @@ -35,11 +35,10 @@ class ProductsController < ActionController def index @products = Products.all end - end </ruby> -The first time anyone requests +/products+, Rails will generate a file called +products.html+ and the webserver will then look for that file before it passes the next request for +/products+ to your Rails application. +Let's say you have a controller called +ProductsController+ and an +index+ action that lists all the products. The first time anyone requests +/products+, Rails will generate a file called +products.html+ and the webserver will then look for that file before it passes the next request for +/products+ to your Rails application. By default, the page cache directory is set to +Rails.public_path+ (which is usually set to the +public+ folder) and this can be configured by changing the configuration setting +config.action_controller.page_cache_directory+. Changing the default from +public+ helps avoid naming conflicts, since you may want to put other static html in +public+, but changing this will require web server reconfiguration to let the web server know where to serve the cached files from. @@ -104,7 +103,7 @@ INFO: Action caching runs in an after filter. Thus, invalid requests won't gener h4. Fragment Caching -Life would be perfect if we could get away with caching the entire contents of a page or action and serving it out to the world. Unfortunately, dynamic web applications usually build pages with a variety of components not all of which have the same caching characteristics. In order to address such a dynamically created page where different parts of the page need to be cached and expired differently Rails provides a mechanism called Fragment Caching. +Life would be perfect if we could get away with caching the entire contents of a page or action and serving it out to the world. Unfortunately, dynamic web applications usually build pages with a variety of components not all of which have the same caching characteristics. In order to address such a dynamically created page where different parts of the page need to be cached and expired differently, Rails provides a mechanism called Fragment Caching. Fragment Caching allows a fragment of view logic to be wrapped in a cache block and served out of the cache store when the next request comes in. @@ -416,3 +415,4 @@ h3. Changelog * December 27, 2008: Typo fixes * November 23, 2008: Incremental updates with various suggested changes and formatting cleanup * September 15, 2008: Initial version by Aditya Chadha + diff --git a/railties/guides/source/command_line.textile b/railties/guides/source/command_line.textile index 9e3b25d794..b34506d4d8 100644 --- a/railties/guides/source/command_line.textile +++ b/railties/guides/source/command_line.textile @@ -85,6 +85,8 @@ h4. +rails generate+ The +rails generate+ command uses templates to create a whole lot of things. Running +rails generate+ by itself gives a list of available generators: +You can also use the alias "g" to invoke the generator command: <tt>rails g</tt>. + <shell> $ rails generate Usage: rails generate GENERATOR [args] [options] @@ -311,6 +313,8 @@ h4. +rails runner+ $ rails runner "Model.long_running_method" </shell> +You can also use the alias "r" to invoke the runner: <tt>rails r</tt>. + You can specify the environment in which the +runner+ command should operate using the +-e+ switch. <shell> diff --git a/railties/guides/source/configuring.textile b/railties/guides/source/configuring.textile index 8e6010ff79..2ff5de2334 100644 --- a/railties/guides/source/configuring.textile +++ b/railties/guides/source/configuring.textile @@ -120,10 +120,12 @@ h4. Configuring Assets Rails 3.1, by default, is set up to use the +sprockets+ gem to manage assets within an application. This gem concatenates and compresses assets in order to make serving them much less painful. -* +config.assets.css_compressor+ defines the CSS compressor to use. Only supported value at the moment is +:yui+, which uses the +yui-compressor+ gem. - * +config.assets.enabled+ a flag that controls whether the asset pipeline is enabled. It is explicitly initialized in +config/application.rb+. +* +config.assets.compress+ a flag that enables the compression of compiled assets. It is explicitly set to true in +config/production.rb+. + +* +config.assets.css_compressor+ defines the CSS compressor to use. Only supported value at the moment is +:yui+, which uses the +yui-compressor+ gem. + * +config.assets.js_compressor+ defines the JavaScript compressor to use. Possible values are +:closure+, +:uglifier+ and +:yui+ which require the use of the +closure-compiler+, +uglifier+ or +yui-compressor+ gems respectively. * +config.assets.paths+ contains the paths which are used to look for assets. Appending paths to this configuration option will cause those paths to be used in the search for assets. @@ -521,7 +523,7 @@ The error occurred while evaluating nil.each *+action_view.cache_asset_ids+* Sets +ActionView::Helpers::AssetTagHelper::AssetPaths.cache_asset_ids+ to +false+ when Active Support loads, but only if +config.cache_classes+ is too. -*+action_view.javascript_expansions+* Registers the expansions set up by +config.action_view.javascript_expansions+ and +config.action_view.stylesheet_expansions+ to be recognised by Action View and therefore usable in the views. +*+action_view.javascript_expansions+* Registers the expansions set up by +config.action_view.javascript_expansions+ and +config.action_view.stylesheet_expansions+ to be recognized by Action View and therefore usable in the views. *+action_view.set_configs+* Sets up Action View by using the settings in +config.action_view+ by +send+'ing the method names as setters to +ActionView::Base+ and passing the values through. diff --git a/railties/guides/source/form_helpers.textile b/railties/guides/source/form_helpers.textile index 9051ede9dd..bf2a7369a7 100644 --- a/railties/guides/source/form_helpers.textile +++ b/railties/guides/source/form_helpers.textile @@ -27,9 +27,7 @@ The most basic form helper is +form_tag+. <% end %> </erb> -When called without arguments like this, it creates a form element that has the current page as its action and "post" as its method (some line breaks added for readability): - -Sample output from +form_tag+: +When called without arguments like this, it creates a +<form>+ tag which, when submitted, will POST to the current page. For instance, assuming the current page is +/home/index+, the generated HTML will look like this (some line breaks added for readability): <html> <form accept-charset="UTF-8" action="/home/index" method="post"> @@ -41,36 +39,30 @@ Sample output from +form_tag+: </form> </html> -If you carefully observe this output, you can see that the helper generated something you didn't specify: a +div+ element with two hidden input elements inside. The first input element with name +utf8+ enforces browsers to properly respect your form's character encoding and is generated for all forms whether action is "get" or "post". Second input element with name +authenticity_token+ is a security feature of Rails called *cross-site request forgery protection* and form helpers generate it for every form whose action is not "get" (provided that this security feature is enabled). You can read more about this in the "Ruby On Rails Security Guide":./security.html#_cross_site_reference_forgery_csrf. +Now, you'll notice that the HTML contains something extra: a +div+ element with two hidden input elements inside. This div is important, because the form cannot be successfully submitted without it. The first input element with name +utf8+ enforces browsers to properly respect your form's character encoding and is generated for all forms whether their actions are "GET" or "POST". The second input element with name +authenticity_token+ is a security feature of Rails called *cross-site request forgery protection*, and form helpers generate it for every non-GET form (provided that this security feature is enabled). You can read more about this in the "Security Guide":./security.html#_cross_site_reference_forgery_csrf. -NOTE: Throughout this guide, this +div+ with the hidden input elements will be stripped away to have clearer code samples. +NOTE: Throughout this guide, the +div+ with the hidden input elements will be excluded from code samples for brevity. h4. A Generic Search Form -Probably the most minimal form often seen on the web is a search form with a single text input for search terms. This form consists of: +One of the most basic forms you see on the web is a search form. This form contains: # a form element with "GET" method, # a label for the input, # a text input element, and # a submit element. -IMPORTANT: Always use "GET" as the method for search forms. This allows users to bookmark a specific search and get back to it. More generally Rails encourages you to use the right HTTP verb for an action. - -To create this form you will use +form_tag+, +label_tag+, +text_field_tag+, and +submit_tag+, respectively. - -A basic search form +To create this form you will use +form_tag+, +label_tag+, +text_field_tag+, and +submit_tag+, respectively. Like this: <erb> -<%= form_tag(search_path, :method => "get") do %> +<%= form_tag("/search", :method => "get") do %> <%= label_tag(:q, "Search for:") %> <%= text_field_tag(:q) %> <%= submit_tag("Search") %> <% end %> </erb> -TIP: +search_path+ can be a named route specified in "routes.rb" as: <br /><code>match "search" => "search"</code> This declares that path "/search" will be handled by action "search" belonging to controller "search". - -The above view code will result in the following markup: +This will generate the following HTML: <html> <form accept-charset="UTF-8" action="/search" method="get"> @@ -80,47 +72,35 @@ The above view code will result in the following markup: </form> </html> +TIP: For every form input, an ID attribute is generated from its name ("q" in the example). These IDs can be very useful for CSS styling or manipulation of form controls with JavaScript. + Besides +text_field_tag+ and +submit_tag+, there is a similar helper for _every_ form control in HTML. -TIP: For every form input, an ID attribute is generated from its name ("q" in the example). These IDs can be very useful for CSS styling or manipulation of form controls with JavaScript. +IMPORTANT: Always use "GET" as the method for search forms. This allows users to bookmark a specific search and get back to it. More generally Rails encourages you to use the right HTTP verb for an action. h4. Multiple Hashes in Form Helper Calls -By now you've seen that the +form_tag+ helper accepts 2 arguments: the path for the action and an options hash. This hash specifies the method of form submission and HTML options such as the form element's class. +The +form_tag+ helper accepts 2 arguments: the path for the action and an options hash. This hash specifies the method of form submission and HTML options such as the form element's class. -As with the +link_to+ helper, the path argument doesn't have to be given a string. It can be a hash of URL parameters that Rails' routing mechanism will turn into a valid URL. However, this is a bad way to pass multiple hashes as method arguments: +As with the +link_to+ helper, the path argument doesn't have to be given a string; it can be a hash of URL parameters recognizable by Rails' routing mechanism, which will turn the hash into a valid URL. However, since both arguments to +form_tag+ are hashes, you can easily run into a problem if you would like to specify both. For instance, let's say you write this: <ruby> form_tag(:controller => "people", :action => "search", :method => "get", :class => "nifty_form") -# => <form accept-charset="UTF-8" action="/people/search?method=get&class=nifty_form" method="post"> +# => '<form accept-charset="UTF-8" action="/people/search?method=get&class=nifty_form" method="post">' </ruby> -Here you wanted to pass two hashes, but the Ruby interpreter sees only one hash, so Rails will construct a URL with extraneous parameters. The correct way of passing multiple hashes as arguments is to delimit the first hash (or both hashes) with curly brackets: +Here, +method+ and +class+ are appended to the query string of the generated URL because you even though you mean to write two hashes, you really only specified one. So you need to tell Ruby which is which by delimiting the first hash (or both) with curly brackets. This will generate the HTML you expect: <ruby> form_tag({:controller => "people", :action => "search"}, :method => "get", :class => "nifty_form") -# => <form accept-charset="UTF-8" action="/people/search" method="get" class="nifty_form"> +# => '<form accept-charset="UTF-8" action="/people/search" method="get" class="nifty_form">' </ruby> -This is a common pitfall when using form helpers, since many of them accept multiple hashes. So in future, if a helper produces unexpected output, make sure that you have delimited the hash parameters properly. - -WARNING: Do not delimit the second hash without doing so with the first hash, otherwise your method invocation will result in an +expecting tASSOC+ syntax error. - h4. Helpers for Generating Form Elements -Rails provides a series of helpers for generating form elements such as checkboxes, text fields and radio buttons. These basic helpers, with names ending in <notextile>_tag</notextile> such as +text_field_tag+ and +check_box_tag+ generate just a single +<input>+ element. The first parameter to these is always the name of the input. In the controller this name will be the key in the +params+ hash used to get the value entered by the user. For example, if the form contains +Rails provides a series of helpers for generating form elements such as checkboxes, text fields, and radio buttons. These basic helpers, with names ending in "_tag" (such as +text_field_tag+ and +check_box_tag+), generate just a single +<input>+ element. The first parameter to these is always the name of the input. When the form is submitted, the name will be passed along with the form data, and will make its way to the +params+ hash in the controller with the value entered by the user for that field. For example, if the form contains +<%= text_field_tag(:query) %>+, then you would be able to get the value of this field in the controller with +params[:query]+. -<erb> -<%= text_field_tag(:query) %> -</erb> - -then the controller code should use - -<ruby> -params[:query] -</ruby> - -to retrieve the value entered by the user. When naming inputs, be aware that Rails uses certain conventions that control whether values are at the top level of the +params+ hash, inside an array or a nested hash and so on. You can read more about them in the parameter_names section. For details on the precise usage of these helpers, please refer to the "API documentation":http://api.rubyonrails.org/classes/ActionView/Helpers/FormTagHelper.html. +When naming inputs, Rails uses certain conventions that make it possible to submit parameters with non-scalar values such as arrays or hashes, which will also be accessible in +params+. You can read more about them in "chapter 7 of this guide":#understanding-parameter-naming-conventions. For details on the precise usage of these helpers, please refer to the "API documentation":http://api.rubyonrails.org/classes/ActionView/Helpers/FormTagHelper.html. h5. Checkboxes @@ -133,7 +113,7 @@ Checkboxes are form controls that give the user a set of options they can enable <%= label_tag(:pet_cat, "I own a cat") %> </erb> -output: +This generates the following: <html> <input id="pet_dog" name="pet_dog" type="checkbox" value="1" /> @@ -142,11 +122,11 @@ output: <label for="pet_cat">I own a cat</label> </html> -The second parameter to +check_box_tag+ is the value of the input. This is the value that will be submitted by the browser if the checkbox is ticked (i.e. the value that will be present in the +params+ hash). With the above form you would check the value of +params[:pet_dog]+ and +params[:pet_cat]+ to see which pets the user owns. +The first parameter to +check_box_tag+, of course, is the name of the input. The second parameter, naturally, is the value of the input. This value will be included in the form data (and be present in +params+) when the checkbox is checked. h5. Radio Buttons -Radio buttons, while similar to checkboxes, are controls that specify a set of options in which they are mutually exclusive (i.e. the user can only pick one): +Radio buttons, while similar to checkboxes, are controls that specify a set of options in which they are mutually exclusive (i.e., the user can only pick one): <erb> <%= radio_button_tag(:age, "child") %> @@ -155,7 +135,7 @@ Radio buttons, while similar to checkboxes, are controls that specify a set of o <%= label_tag(:age_adult, "I'm over 21") %> </erb> -output: +Output: <html> <input id="age_child" name="age" type="radio" value="child" /> @@ -164,32 +144,41 @@ output: <label for="age_adult">I'm over 21</label> </html> -As with +check_box_tag+ the second parameter to +radio_button_tag+ is the value of the input. Because these two radio buttons share the same name (age) the user will only be able to select one and +params[:age]+ will contain either "child" or "adult". +As with +check_box_tag+, the second parameter to +radio_button_tag+ is the value of the input. Because these two radio buttons share the same name (age) the user will only be able to select one, and +params[:age]+ will contain either "child" or "adult". -IMPORTANT: Always use labels for each checkbox and radio button. They associate text with a specific option and provide a larger clickable region. +NOTE: Always use labels for checkbox and radio buttons. They associate text with a specific option and make it easier for users to click the inputs by expanding the clickable region. h4. Other Helpers of Interest -Other form controls worth mentioning are the text area, password input and hidden input: +Other form controls worth mentioning are textareas, password fields, hidden fields, search fields, telephone fields, URL fields and email fields: <erb> <%= text_area_tag(:message, "Hi, nice site", :size => "24x6") %> <%= password_field_tag(:password) %> <%= hidden_field_tag(:parent_id, "5") %> +<%= search_field(:user, :name) %> +<%= telephone_field(:user, :phone) %> +<%= url_field(:user, :homepage) %> +<%= email_field(:user, :address) %> </erb> -output: +Output: <html> <textarea id="message" name="message" cols="24" rows="6">Hi, nice site</textarea> <input id="password" name="password" type="password" /> <input id="parent_id" name="parent_id" type="hidden" value="5" /> +<input id="user_name" name="user[name]" size="30" type="search" /> +<input id="user_phone" name="user[phone]" size="30" type="tel" /> +<input id="user_homepage" size="30" name="user[homepage]" type="url" /> +<input id="user_address" size="30" name="user[address]" type="email" /> </html> -Hidden inputs are not shown to the user, but they hold data like any textual input. Values inside them can be changed with JavaScript. +Hidden inputs are not shown to the user but instead hold data like any textual input. Values inside them can be changed with JavaScript. -TIP: If you're using password input fields (for any purpose), you might want to configure your application to prevent those parameters from being logged. +IMPORTANT: The search, telephone, URL, and email inputs are HTML5 controls. If you require your app to have a consistent experience in older browsers, you will need an HTML5 polyfill (provided by CSS and/or JavaScript). There is definitely "no shortage of solutions for this":https://github.com/Modernizr/Modernizr/wiki/HTML5-Cross-Browser-Polyfills, although a couple of popular tools at the moment are "Modernizr":http://www.modernizr.com/ and "yepnope":http://yepnopejs.com/, which provide a simple way to add functionality based on the presence of detected HTML5 features. +TIP: If you're using password input fields (for any purpose), you might want to configure your application to prevent those parameters from being logged. You can learn about this in the "Security Guide":security.html#logging. h3. Dealing with Model Objects diff --git a/railties/guides/source/getting_started.textile b/railties/guides/source/getting_started.textile index 6aca5d3420..0b89021392 100644 --- a/railties/guides/source/getting_started.textile +++ b/railties/guides/source/getting_started.textile @@ -1,6 +1,7 @@ h2. Getting Started with Rails -This guide covers getting up and running with Ruby on Rails. After reading it, you should be familiar with: +This guide covers getting up and running with Ruby on Rails. After reading it, +you should be familiar with: * Installing Rails, creating a new Rails application, and connecting your application to a database * The general layout of a Rails application @@ -9,20 +10,32 @@ This guide covers getting up and running with Ruby on Rails. After reading it, y endprologue. -WARNING. This Guide is based on Rails 3.0. Some of the code shown here will not work in earlier versions of Rails. +WARNING. This Guide is based on Rails 3.1. Some of the code shown here will not +work in earlier versions of Rails. h3. Guide Assumptions -This guide is designed for beginners who want to get started with a Rails application from scratch. It does not assume that you have any prior experience with Rails. However, to get the most out of it, you need to have some prerequisites installed: +This guide is designed for beginners who want to get started with a Rails +application from scratch. It does not assume that you have any prior experience +with Rails. However, to get the most out of it, you need to have some +prerequisites installed: * The "Ruby":http://www.ruby-lang.org/en/downloads language version 1.8.7 or higher -TIP: Note that Ruby 1.8.7 p248 and p249 have marshaling bugs that crash Rails 3.0. Ruby Enterprise Edition have these fixed since release 1.8.7-2010.02 though. On the 1.9 front, Ruby 1.9.1 is not usable because it outright segfaults on Rails 3.0, so if you want to use Rails 3 with 1.9.x jump on 1.9.2 for smooth sailing. +TIP: Note that Ruby 1.8.7 p248 and p249 have marshaling bugs that crash Rails +3.0. Ruby Enterprise Edition have these fixed since release 1.8.7-2010.02 +though. On the 1.9 front, Ruby 1.9.1 is not usable because it outright segfaults +on Rails 3.0, so if you want to use Rails 3 with 1.9.x jump on 1.9.2 for smooth +sailing. * The "RubyGems":http://rubyforge.org/frs/?group_id=126 packaging system + ** If you want to learn more about RubyGems, please read the "RubyGems User Guide":http://docs.rubygems.org/read/book/1 * A working installation of the "SQLite3 Database":http://www.sqlite.org -Rails is a web application framework running on the Ruby programming language. If you have no prior experience with Ruby, you will find a very steep learning curve diving straight into Rails. There are some good free resources on the internet for learning Ruby, including: +Rails is a web application framework running on the Ruby programming language. +If you have no prior experience with Ruby, you will find a very steep learning +curve diving straight into Rails. There are some good free resources on the +internet for learning Ruby, including: * "Mr. Neighborly's Humble Little Ruby Book":http://www.humblelittlerubybook.com * "Programming Ruby":http://www.ruby-doc.org/docs/ProgrammingRuby/ @@ -30,19 +43,32 @@ Rails is a web application framework running on the Ruby programming language. I h3. What is Rails? -Rails is a web application development framework written in the Ruby language. It is designed to make programming web applications easier by making assumptions about what every developer needs to get started. It allows you to write less code while accomplishing more than many other languages and frameworks. Experienced Rails developers also report that it makes web application development more fun. +Rails is a web application development framework written in the Ruby language. +It is designed to make programming web applications easier by making assumptions +about what every developer needs to get started. It allows you to write less +code while accomplishing more than many other languages and frameworks. +Experienced Rails developers also report that it makes web application +development more fun. -Rails is opinionated software. It makes the assumption that there is a "best" way to do things, and it's designed to encourage that way - and in some cases to discourage alternatives. If you learn "The Rails Way" you'll probably discover a tremendous increase in productivity. If you persist in bringing old habits from other languages to your Rails development, and trying to use patterns you learned elsewhere, you may have a less happy experience. +Rails is opinionated software. It makes the assumption that there is a "best" +way to do things, and it's designed to encourage that way - and in some cases to +discourage alternatives. If you learn "The Rails Way" you'll probably discover a +tremendous increase in productivity. If you persist in bringing old habits from +other languages to your Rails development, and trying to use patterns you +learned elsewhere, you may have a less happy experience. The Rails philosophy includes several guiding principles: * DRY - "Don't Repeat Yourself" - suggests that writing the same code over and over again is a bad thing. -* Convention Over Configuration - means that Rails makes assumptions about what you want to do and how you're going to do it, rather than requiring you to specify every little thing through endless configuration files. -* REST is the best pattern for web applications - organizing your application around resources and standard HTTP verbs is the fastest way to go. +* Convention Over Configuration - means that Rails makes assumptions about what you want to do and how you're going to +d o it, rather than requiring you to specify every little thing through endless configuration files. +* REST is the best pattern for web applications - organizing your application around resources and standard HTTP verbs +i s the fastest way to go. h4. The MVC Architecture -At the core of Rails is the Model, View, Controller architecture, usually just called MVC. MVC benefits include: +At the core of Rails is the Model, View, Controller architecture, usually just +called MVC. MVC benefits include: * Isolation of business logic from the user interface * Ease of keeping code DRY @@ -50,19 +76,34 @@ At the core of Rails is the Model, View, Controller architecture, usually just c h5. Models -A model represents the information (data) of the application and the rules to manipulate that data. In the case of Rails, models are primarily used for managing the rules of interaction with a corresponding database table. In most cases, one table in your database will correspond to one model in your application. The bulk of your application's business logic will be concentrated in the models. +A model represents the information (data) of the application and the rules to +manipulate that data. In the case of Rails, models are primarily used for +managing the rules of interaction with a corresponding database table. In most +cases, each table in your database will correspond to one model in your +application. The bulk of your application's business logic will be concentrated +in the models. h5. Views -Views represent the user interface of your application. In Rails, views are often HTML files with embedded Ruby code that perform tasks related solely to the presentation of the data. Views handle the job of providing data to the web browser or other tool that is used to make requests from your application. +Views represent the user interface of your application. In Rails, views are +often HTML files with embedded Ruby code that perform tasks related solely to +the presentation of the data. Views handle the job of providing data to the web +browser or other tool that is used to make requests from your application. h5. Controllers -Controllers provide the "glue" between models and views. In Rails, controllers are responsible for processing the incoming requests from the web browser, interrogating the models for data, and passing that data on to the views for presentation. +Controllers provide the "glue" between models and views. In Rails, controllers +are responsible for processing the incoming requests from the web browser, +interrogating the models for data, and passing that data on to the views for +presentation. h4. The Components of Rails -Rails ships as many individual components. +Rails ships as many individual components. Each of these components are briefly +explained below. If you are new to Rails, as you read this section, don't get +hung up on the details of each component, as they will be explained in further +detail later. For instance, we will bring up Rack applications, but you don't +need to know anything about them to continue with this guide. * Action Pack ** Action Controller @@ -78,67 +119,104 @@ Rails ships as many individual components. h5. Action Pack -Action Pack is a single gem that contains Action Controller, Action View and Action Dispatch. The "VC" part of "MVC". +Action Pack is a single gem that contains Action Controller, Action View and +Action Dispatch. The "VC" part of "MVC". -h5. Action Controller +h6. Action Controller -Action Controller is the component that manages the controllers in a Rails application. The Action Controller framework processes incoming requests to a Rails application, extracts parameters, and dispatches them to the intended action. Services provided by Action Controller include session management, template rendering, and redirect management. +Action Controller is the component that manages the controllers in a Rails +application. The Action Controller framework processes incoming requests to a +Rails application, extracts parameters, and dispatches them to the intended +action. Services provided by Action Controller include session management, +template rendering, and redirect management. -h5. Action View +h6. Action View -Action View manages the views of your Rails application. It can create both HTML and XML output by default. Action View manages rendering templates, including nested and partial templates, and includes built-in AJAX support. +Action View manages the views of your Rails application. It can create both HTML +and XML output by default. Action View manages rendering templates, including +nested and partial templates, and includes built-in AJAX support. View +templates are covered in more detail in another guide called "Layouts and +Rendering":layouts_and_rendering.html. -h5. Action Dispatch +h6. Action Dispatch -Action Dispatch handles routing of web requests and dispatches them as you want, either to your application or any other Rack application. +Action Dispatch handles routing of web requests and dispatches them as you want, +either to your application or any other Rack application. Rack applications are +a more advanced topic and are covered in a separate guide called "Rails on +Rack":rails_on_rack.html. h5. Action Mailer -Action Mailer is a framework for building e-mail services. You can use Action Mailer to receive and process incoming email and send simple plain text or complex multipart emails based on flexible templates. +Action Mailer is a framework for building e-mail services. You can use Action +Mailer to receive and process incoming email and send simple plain text or +complex multipart emails based on flexible templates. h5. Active Model -Active Model provides a defined interface between the Action Pack gem services and Object Relationship Mapping gems such as Active Record. Active Model allows Rails to utilize other ORM frameworks in place of Active Record if your application needs this. +Active Model provides a defined interface between the Action Pack gem services +and Object Relationship Mapping gems such as Active Record. Active Model allows +Rails to utilize other ORM frameworks in place of Active Record if your +application needs this. h5. Active Record -Active Record is the base for the models in a Rails application. It provides database independence, basic CRUD functionality, advanced finding capabilities, and the ability to relate models to one another, among other services. +Active Record is the base for the models in a Rails application. It provides +database independence, basic CRUD functionality, advanced finding capabilities, +and the ability to relate models to one another, among other services. h5. Active Resource -Active Resource provides a framework for managing the connection between business objects and RESTful web services. It implements a way to map web-based resources to local objects with CRUD semantics. +Active Resource provides a framework for managing the connection between +business objects and RESTful web services. It implements a way to map web-based +resources to local objects with CRUD semantics. h5. Active Support -Active Support is an extensive collection of utility classes and standard Ruby library extensions that are used in Rails, both by the core code and by your applications. +Active Support is an extensive collection of utility classes and standard Ruby +library extensions that are used in Rails, both by the core code and by your +applications. h5. Railties -Railties is the core Rails code that builds new Rails applications and glues the various frameworks and plugins together in any Rails application. +Railties is the core Rails code that builds new Rails applications and glues the +various frameworks and plugins together in any Rails application. h4. REST -Rest stands for Representational State Transfer and is the foundation of the RESTful architecture. This is generally considered to be Roy Fielding's doctoral thesis, "Architectural Styles and the Design of Network-based Software Architectures":http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm. While you can read through the thesis, REST in terms of Rails boils down to two main principles: +Rest stands for Representational State Transfer and is the foundation of the +RESTful architecture. This is generally considered to be Roy Fielding's doctoral +thesis, "Architectural Styles and the Design of Network-based Software +Architectures":http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm. While +you can read through the thesis, REST in terms of Rails boils down to two main +principles: * Using resource identifiers such as URLs to represent resources. * Transferring representations of the state of that resource between system components. -For example, to a Rails application a request such as this: +For example, the following HTTP request: <tt>DELETE /photos/17</tt> -would be understood to refer to a photo resource with the ID of 17, and to indicate a desired action - deleting that resource. REST is a natural style for the architecture of web applications, and Rails hooks into this shielding you from many of the RESTful complexities and browser quirks. +refers to a photo resource with an ID of 17 and indicates an action to be taken +upon it: deletion. REST is a natural web application architecture which Rails +abstracts, shielding you from RESTful complexities and browser quirks. -If you'd like more details on REST as an architectural style, these resources are more approachable than Fielding's thesis: +If you'd like more details on REST as an architectural style, these resources +are more approachable than Fielding's thesis: * "A Brief Introduction to REST":http://www.infoq.com/articles/rest-introduction by Stefan Tilkov * "An Introduction to REST":http://bitworking.org/news/373/An-Introduction-to-REST (video tutorial) by Joe Gregorio * "Representational State Transfer":http://en.wikipedia.org/wiki/Representational_State_Transfer article in Wikipedia -* "How to GET a Cup of Coffee":http://www.infoq.com/articles/webber-rest-workflow by Jim Webber, Savas Parastatidis & Ian Robinson +* "How to GET a Cup of Coffee":http://www.infoq.com/articles/webber-rest-workflow by Jim Webber, Savas Parastatidis & +Ian Robinson h3. Creating a New Rails Project -If you follow this guide, you'll create a Rails project called <tt>blog</tt>, a (very) simple weblog. Before you can start building the application, you need to make sure that you have Rails itself installed. +If you follow this guide, you'll create a Rails project called <tt>blog</tt>, a +(very) simple weblog. Before you can start building the application, you need to +make sure that you have Rails itself installed. + +TIP: The examples below use # and $ to denote terminal prompts. If you are using Windows, your prompt will look something like c:\source_code> h4. Installing Rails @@ -149,13 +227,19 @@ Usually run this as the root user: # gem install rails </shell> -TIP. If you're working on Windows, you can quickly install Ruby and Rails with "Rails Installer":http://railsinstaller.org. +TIP. If you're working on Windows, you can quickly install Ruby and Rails with +"Rails Installer":http://railsinstaller.org. h4. Creating the Blog Application -The best way to use this guide is to follow each step as it happens, no code or step needed to make this example application has been left out, so you can literally follow along step by step. If you need to see the completed code, you can download it from "Getting Started Code":https://github.com/mikel/getting-started-code. +The best way to use this guide is to follow each step as it happens, no code or +step needed to make this example application has been left out, so you can +literally follow along step by step. If you need to see the completed code, you +can download it from "Getting Started +Code":https://github.com/mikel/getting-started-code. -To begin, open a terminal, navigate to a folder where you have rights to create files, and type: +To begin, open a terminal, navigate to a folder where you have rights to create +files, and type: <shell> $ rails new blog @@ -163,20 +247,27 @@ $ rails new blog This will create a Rails application called Blog in a directory called blog. -TIP: You can see all of the switches that the Rails application builder accepts by running <tt>rails new -h</tt>. +TIP: You can see all of the switches that the Rails application builder accepts +by running +<tt>rails new -h</tt>. -After you create the blog application, switch to its folder to continue work directly in that application: +After you create the blog application, switch to its folder to continue work +directly in that application: <shell> $ cd blog </shell> -In any case, Rails will create a folder in your working directory called <tt>blog</tt>. Open up that folder and explore its contents. Most of the work in this tutorial will happen in the <tt>app/</tt> folder, but here's a basic rundown on the function of each folder that Rails creates in a new application by default: +In any case, Rails will create a folder in your working directory called +<tt>blog</tt>. Open up that folder and explore its contents. Most of the work in +this tutorial will happen in the <tt>app/</tt> folder, but here's a basic +rundown on the function of each folder that Rails creates in a new application +by default: |_.File/Folder|_.Purpose| -|Gemfile|This file allows you to specify what gem dependencies are needed for your Rails application.| -|README|This is a brief instruction manual for your application. Use it to tell others what your application does, how to set it up, and so on.| -|Rakefile|This file contains batch jobs that can be run from the terminal.| +|Gemfile|This file allows you to specify what gem dependencies are needed for your Rails application. See section on Bundler, below.| +|README|This is a brief instruction manual for your application. You should edit this file to tell others what your application does, how to set it up, and so on.| +|Rakefile|This file locates and loads tasks that can be run from the command line. The task definitions are defined throughout the components of Rails. Rather than changing Rakefile, you should add your own tasks by adding files to the lib/tasks directory of your application.| |app/|Contains the controllers, models, views and assets for your application. You'll focus on this folder for the remainder of this guide.| |config/|Configure your application's runtime rules, routes, database, and more.| |config.ru|Rack configuration for Rack based servers used to start the application.| @@ -190,20 +281,13 @@ In any case, Rails will create a folder in your working directory called <tt>blo |tmp/|Temporary files| |vendor/|A place for all third-party code. In a typical Rails application, this includes Ruby Gems, the Rails source code (if you install it into your project) and plugins containing additional prepackaged functionality.| -h4. Installing the Required Gems - -Rails applications manage gem dependencies with "Bundler":http://gembundler.com/v1.0/index.html by default. As we don't need any other gems beyond the ones in the generated +Gemfile+ we can directly run - -<shell> -$ bundle install -</shell> - -to have them ready. - h4. Configuring a Database -Just about every Rails application will interact with a database. The database to use is specified in a configuration file, +config/database.yml+. -If you open this file in a new Rails application, you'll see a default database configuration using SQLite3. The file contains sections for three different environments in which Rails can run by default: +Just about every Rails application will interact with a database. The database +to use is specified in a configuration file, +config/database.yml+. If you open +this file in a new Rails application, you'll see a default database +configuration using SQLite3. The file contains sections for three different +environments in which Rails can run by default: * The +development+ environment is used on your development computer as you interact manually with the application. * The +test+ environment is used to run automated tests. @@ -211,9 +295,15 @@ If you open this file in a new Rails application, you'll see a default database h5. Configuring an SQLite3 Database -Rails comes with built-in support for "SQLite3":http://www.sqlite.org, which is a lightweight serverless database application. While a busy production environment may overload SQLite, it works well for development and testing. Rails defaults to using an SQLite database when creating a new project, but you can always change it later. +Rails comes with built-in support for "SQLite3":http://www.sqlite.org, which is +a lightweight serverless database application. While a busy production +environment may overload SQLite, it works well for development and testing. +Rails defaults to using an SQLite database when creating a new project, but you +can always change it later. -Here's the section of the default configuration file (<tt>config/database.yml</tt>) with connection information for the development environment: +Here's the section of the default configuration file +(<tt>config/database.yml</tt>) with connection information for the development +environment: <yaml> development: @@ -223,11 +313,17 @@ development: timeout: 5000 </yaml> -NOTE: In this guide we are using an SQLite3 database for data storage, because it is a zero configuration database that just works. Rails also supports MySQL and PostgreSQL "out of the box", and has plugins for many database systems. If you are using a database in a production environment Rails most likely has an adapter for it. +NOTE: In this guide we are using an SQLite3 database for data storage, because +it is a zero configuration database that just works. Rails also supports MySQL +and PostgreSQL "out of the box", and has plugins for many database systems. If +you are using a database in a production environment Rails most likely has an +adapter for it. h5. Configuring a MySQL Database -If you choose to use MySQL instead of the shipped SQLite3 database, your +config/database.yml+ will look a little different. Here's the development section: +If you choose to use MySQL instead of the shipped SQLite3 database, your ++config/database.yml+ will look a little different. Here's the development +section: <yaml> development: @@ -240,11 +336,14 @@ development: socket: /tmp/mysql.sock </yaml> -If your development computer's MySQL installation includes a root user with an empty password, this configuration should work for you. Otherwise, change the username and password in the +development+ section as appropriate. +If your development computer's MySQL installation includes a root user with an +empty password, this configuration should work for you. Otherwise, change the +username and password in the +development+ section as appropriate. h5. Configuring a PostgreSQL Database -If you choose to use PostgreSQL, your +config/database.yml+ will be customized to use PostgreSQL databases: +If you choose to use PostgreSQL, your +config/database.yml+ will be customized +to use PostgreSQL databases: <yaml> development: @@ -258,7 +357,8 @@ development: h5. Configuring an SQLite3 Database for JRuby Platform -If you choose to use SQLite3 and using JRuby, your +config/database.yml+ will look a little different. Here's the development section: +If you choose to use SQLite3 and using JRuby, your +config/database.yml+ will +look a little different. Here's the development section: <yaml> development: @@ -268,7 +368,8 @@ development: h5. Configuring a MySQL Database for JRuby Platform -If you choose to use MySQL and using JRuby, your +config/database.yml+ will look a little different. Here's the development section: +If you choose to use MySQL and using JRuby, your +config/database.yml+ will look +a little different. Here's the development section: <yaml> development: @@ -280,7 +381,9 @@ development: h5. Configuring a PostgreSQL Database for JRuby Platform -Finally if you choose to use PostgreSQL and using JRuby, your +config/database.yml+ will look a little different. Here's the development section: +Finally if you choose to use PostgreSQL and using JRuby, your ++config/database.yml+ will look a little different. Here's the development +section: <yaml> development: @@ -293,51 +396,79 @@ development: Change the username and password in the +development+ section as appropriate. -TIP: You don't have to update the database configurations manually. If you had a look at the options of application generator, you have seen that one of them is named <tt>--database</tt>. It lets you choose an adapter for couple of most used relational databases. You can even run the generator repeatedly: <tt>cd .. && rails new blog --database=mysql</tt>. When you confirm the overwriting of the +config/database.yml+ file, your application will be configured for MySQL instead of SQLite. +TIP: You don't have to update the database configurations manually. If you look at the +options of the application generator, you will see that one of the options +is named <tt>--database</tt>. This option allows you to choose an adapter from a +list of the most used relational databases. You can even run the generator +repeatedly: <tt>cd .. && rails new blog --database=mysql</tt>. When you confirm the overwriting + of the +config/database.yml+ file, your application will be configured for MySQL +instead of SQLite. h4. Creating the Database -Now that you have your database configured, it's time to have Rails create an empty database for you. You can do this by running a rake command: +Now that you have your database configured, it's time to have Rails create an +empty database for you. You can do this by running a rake command: <shell> $ rake db:create </shell> -This will create your development and test SQLite3 databases inside the <tt>db/</tt> folder. +This will create your development and test SQLite3 databases inside the +<tt>db/</tt> folder. -TIP: Rake is a general-purpose command-runner that Rails uses for many things. You can see the list of available rake commands in your application by running +rake -T+. +TIP: Rake is a general-purpose command-runner that Rails uses for many things. +You can see the list of available rake commands in your application by running ++rake -T+. h3. Hello, Rails! -One of the traditional places to start with a new language is by getting some text up on screen quickly. To do this, you need to get your Rails application server running. +One of the traditional places to start with a new language is by getting some +text up on screen quickly. To do this, you need to get your Rails application +server running. h4. Starting up the Web Server -You actually have a functional Rails application already. To see it, you need to start a web server on your development machine. You can do this by running: +You actually have a functional Rails application already. To see it, you need to +start a web server on your development machine. You can do this by running: <shell> $ rails server </shell> -This will fire up an instance of the WEBrick web server by default (Rails can also use several other web servers). To see your application in action, open a browser window and navigate to "http://localhost:3000":http://localhost:3000. You should see Rails' default information page: +This will fire up an instance of the WEBrick web server by default (Rails can +also use several other web servers). To see your application in action, open a +browser window and navigate to "http://localhost:3000":http://localhost:3000. +You should see Rails' default information page: !images/rails_welcome.png(Welcome Aboard screenshot)! -TIP: To stop the web server, hit Ctrl+C in the terminal window where it's running. In development mode, Rails does not generally require you to stop the server; changes you make in files will be automatically picked up by the server. +TIP: To stop the web server, hit Ctrl+C in the terminal window where it's +running. In development mode, Rails does not generally require you to stop the +server; changes you make in files will be automatically picked up by the server. -The "Welcome Aboard" page is the _smoke test_ for a new Rails application: it makes sure that you have your software configured correctly enough to serve a page. You can also click on the _About your application’s environment_ link to see a summary of your application's environment. +The "Welcome Aboard" page is the _smoke test_ for a new Rails application: it +makes sure that you have your software configured correctly enough to serve a +page. You can also click on the _About your application’s environment_ link to +see a summary of your application's environment. h4. Say "Hello", Rails -To get Rails saying "Hello", you need to create at minimum a controller and a view. Fortunately, you can do that in a single command. Enter this command in your terminal: +To get Rails saying "Hello", you need to create at minimum a controller and a +view. Fortunately, you can do that in a single command. Enter this command in +your terminal: <shell> $ rails generate controller home index </shell> -TIP: If you're on Windows, or your Ruby is set up in some non-standard fashion, you may need to explicitly pass Rails +rails+ commands to Ruby: <tt>ruby \path\to\your\application\script\rails generate controller home index</tt>. +TIP: If you get a command not found error when running this command, you +need to explicitly pass Rails +rails+ commands to Ruby: <tt>ruby +\path\to\your\application\script\rails generate controller home index</tt>. -Rails will create several files for you, including +app/views/home/index.html.erb+. This is the template that will be used to display the results of the +index+ action (method) in the +home+ controller. Open this file in your text editor and edit it to contain a single line of code: +Rails will create several files for you, including ++app/views/home/index.html.erb+. This is the template that will be used to +display the results of the +index+ action (method) in the +home+ controller. +Open this file in your text editor and edit it to contain a single line of code: <code class="html"> <h1>Hello, Rails!</h1> @@ -345,17 +476,30 @@ Rails will create several files for you, including +app/views/home/index.html.er h4. Setting the Application Home Page -Now that we have made the controller and view, we need to tell Rails when we want "Hello Rails" to show up. In our case, we want it to show up when we navigate to the root URL of our site, "http://localhost:3000":http://localhost:3000, instead of the "Welcome Aboard" smoke test. +Now that we have made the controller and view, we need to tell Rails when we +want "Hello Rails" to show up. In our case, we want it to show up when we +navigate to the root URL of our site, +"http://localhost:3000":http://localhost:3000, instead of the "Welcome Aboard" +smoke test. -The first step to doing this is to delete the default page from your application: +The first step to doing this is to delete the default page from your +application: <shell> $ rm public/index.html </shell> -We need to do this as Rails will deliver any static file in the +public+ directory in preference to any dynamic content we generate from the controllers. +We need to do this as Rails will deliver any static file in the +public+ +directory in preference to any dynamic content we generate from the controllers. -Now, you have to tell Rails where your actual home page is located. Open the file +config/routes.rb+ in your editor. This is your application's _routing file_ which holds entries in a special DSL (domain-specific language) that tells Rails how to connect incoming requests to controllers and actions. This file contains many sample routes on commented lines, and one of them actually shows you how to connect the root of your site to a specific controller and action. Find the line beginning with +root :to+, uncomment it and change it like the following: +Now, you have to tell Rails where your actual home page is located. Open the +file +config/routes.rb+ in your editor. This is your application's _routing +file_ which holds entries in a special DSL (domain-specific language) that tells +Rails how to connect incoming requests to controllers and actions. This file +contains many sample routes on commented lines, and one of them actually shows +you how to connect the root of your site to a specific controller and action. +Find the line beginning with +root :to+, uncomment it and change it like the +following: <ruby> Blog::Application.routes.draw do @@ -366,27 +510,46 @@ Blog::Application.routes.draw do root :to => "home#index" </ruby> -The +root :to => "home#index"+ tells Rails to map the root action to the home controller's index action. +The +root :to => "home#index"+ tells Rails to map the root action to the home +controller's index action. -Now if you navigate to "http://localhost:3000":http://localhost:3000 in your browser, you'll see +Hello, Rails!+. +Now if you navigate to "http://localhost:3000":http://localhost:3000 in your +browser, you'll see +Hello, Rails!+. -NOTE. For more information about routing, refer to "Rails Routing from the Outside In":routing.html. +NOTE. For more information about routing, refer to "Rails Routing from the +Outside In":routing.html. h3. Getting Up and Running Quickly with Scaffolding -Rails _scaffolding_ is a quick way to generate some of the major pieces of an application. If you want to create the models, views, and controllers for a new resource in a single operation, scaffolding is the tool for the job. +Rails _scaffolding_ is a quick way to generate some of the major pieces of an +application. If you want to create the models, views, and controllers for a new +resource in a single operation, scaffolding is the tool for the job. h3. Creating a Resource -In the case of the blog application, you can start by generating a scaffolded Post resource: this will represent a single blog posting. To do this, enter this command in your terminal: +In the case of the blog application, you can start by generating a scaffolded +Post resource: this will represent a single blog posting. To do this, enter this +command in your terminal: <shell> $ rails generate scaffold Post name:string title:string content:text </shell> -NOTE. While scaffolding will get you up and running quickly, the code it generates is unlikely to be a perfect fit for your application. You'll most probably want to customize the generated code. Many experienced Rails developers avoid scaffolding entirely, preferring to write all or most of their source code from scratch. Rails, however, makes it really simple to customize templates for generated models, controllers, views and other source files. You'll find more information in the "Creating and Customizing Rails Generators & Templates":generators.html guide. +This will create a new database table called posts (plural of Post). The table +will have three columns, name (type string), title (type string) and content +(type text). It will also hook this new database up to Rails (details below). + +NOTE. While scaffolding will get you up and running quickly, the code it +generates is unlikely to be a perfect fit for your application. You'll most +probably want to customize the generated code. Many experienced Rails developers +avoid scaffolding entirely, preferring to write all or most of their source code +from scratch. Rails, however, makes it really simple to customize templates for +generated models, controllers, views and other source files. You'll find more +information in the "Creating and Customizing Rails Generators & +Templates":generators.html guide. -The scaffold generator will build 15 files in your application, along with some folders, and edit one more. Here's a quick overview of what it creates: +The scaffold generator will build 17 files in your application, along with some +folders, and edit one more. Here's a quick overview of what it creates: |_.File |_.Purpose| |db/migrate/20100207214725_create_posts.rb |Migration to create the posts table in your database (your name will include a different timestamp)| @@ -400,6 +563,8 @@ The scaffold generator will build 15 files in your application, along with some |app/views/posts/_form.html.erb |A partial to control the overall look and feel of the form used in edit and new views| |app/helpers/posts_helper.rb |Helper functions to be used from the post views| |app/assets/stylesheets/scaffold.css.scss |Cascading style sheet to make the scaffolded views look better| +|app/assets/stylesheets/post.css.scss |Cascading style sheet for the posts controller| +|app/assets/javascripts/post.js.coffee |CoffeeScript for the posts controller| |test/unit/post_test.rb |Unit testing harness for the posts model| |test/functional/posts_controller_test.rb |Functional testing harness for the posts controller| |test/unit/helpers/posts_helper_test.rb |Unit testing harness for the posts helper| @@ -407,9 +572,15 @@ The scaffold generator will build 15 files in your application, along with some h4. Running a Migration -One of the products of the +rails generate scaffold+ command is a _database migration_. Migrations are Ruby classes that are designed to make it simple to create and modify database tables. Rails uses rake commands to run migrations, and it's possible to undo a migration after it's been applied to your database. Migration filenames include a timestamp to ensure that they're processed in the order that they were created. +One of the products of the +rails generate scaffold+ command is a _database +migration_. Migrations are Ruby classes that are designed to make it simple to +create and modify database tables. Rails uses rake commands to run migrations, +and it's possible to undo a migration after it's been applied to your database. +Migration filenames include a timestamp to ensure that they're processed in the +order that they were created. -If you look in the +db/migrate/20100207214725_create_posts.rb+ file (remember, yours will have a slightly different name), here's what you'll find: +If you look in the +db/migrate/20100207214725_create_posts.rb+ file (remember, +yours will have a slightly different name), here's what you'll find: <ruby> class CreatePosts < ActiveRecord::Migration @@ -425,7 +596,14 @@ class CreatePosts < ActiveRecord::Migration end </ruby> -The above migration creates a method name +change+ which will be called when you run this migration. The action defined in that method is also reversible, which means Rails knows how to reverse the change made by this migration, in case you want to reverse it at later date. By default, when you run this migration it will creates a +posts+ table with two string columns and a text column. It also creates two timestamp fields to track record creation and updating. More information about Rails migrations can be found in the "Rails Database Migrations":migrations.html guide. +The above migration creates a method name +change+ which will be called when you +run this migration. The action defined in that method is also reversible, which +means Rails knows how to reverse the change made by this migration, in case you +want to reverse it at later date. By default, when you run this migration it +will creates a +posts+ table with two string columns and a text column. It also +creates two timestamp fields to track record creation and updating. More +information about Rails migrations can be found in the "Rails Database +Migrations":migrations.html guide. At this point, you can use a rake command to run the migration: @@ -433,7 +611,8 @@ At this point, you can use a rake command to run the migration: $ rake db:migrate </shell> -Rails will execute this migration command and tell you it created the Posts table. +Rails will execute this migration command and tell you it created the Posts +table. <shell> == CreatePosts: migrating ==================================================== @@ -442,28 +621,43 @@ Rails will execute this migration command and tell you it created the Posts tabl == CreatePosts: migrated (0.0020s) =========================================== </shell> -NOTE. Because you're working in the development environment by default, this command will apply to the database defined in the +development+ section of your +config/database.yml+ file. If you would like to execute migrations in other environment, for instance in production, you must explicitly pass it when invoking the command: <tt>rake db:migrate RAILS_ENV=production</tt>. +NOTE. Because you're working in the development environment by default, this +command will apply to the database defined in the +development+ section of your ++config/database.yml+ file. If you would like to execute migrations in other +environment, for instance in production, you must explicitly pass it when +invoking the command: <tt>rake db:migrate RAILS_ENV=production</tt>. h4. Adding a Link -To hook the posts up to the home page you've already created, you can add a link to the home page. Open +app/views/home/index.html.erb+ and modify it as follows: +To hook the posts up to the home page you've already created, you can add a link +to the home page. Open +app/views/home/index.html.erb+ and modify it as follows: <ruby> <h1>Hello, Rails!</h1> <%= link_to "My Blog", posts_path %> </ruby> -The +link_to+ method is one of Rails' built-in view helpers. It creates a hyperlink based on text to display and where to go - in this case, to the path for posts. +The +link_to+ method is one of Rails' built-in view helpers. It creates a +hyperlink based on text to display and where to go - in this case, to the path +for posts. h4. Working with Posts in the Browser -Now you're ready to start working with posts. To do that, navigate to "http://localhost:3000":http://localhost:3000/ and then click the "My Blog" link: +Now you're ready to start working with posts. To do that, navigate to +"http://localhost:3000":http://localhost:3000/ and then click the "My Blog" +link: !images/posts_index.png(Posts Index screenshot)! -This is the result of Rails rendering the +index+ view of your posts. There aren't currently any posts in the database, but if you click the +New Post+ link you can create one. After that, you'll find that you can edit posts, look at their details, or destroy them. All of the logic and HTML to handle this was built by the single +rails generate scaffold+ command. +This is the result of Rails rendering the +index+ view of your posts. There +aren't currently any posts in the database, but if you click the +New Post+ link +you can create one. After that, you'll find that you can edit posts, look at +their details, or destroy them. All of the logic and HTML to handle this was +built by the single +rails generate scaffold+ command. -TIP: In development mode (which is what you're working in by default), Rails reloads your application with every browser request, so there's no need to stop and restart the web server. +TIP: In development mode (which is what you're working in by default), Rails +reloads your application with every browser request, so there's no need to stop +and restart the web server. Congratulations, you're riding the rails! Now it's time to see how it all works. @@ -476,11 +670,16 @@ class Post < ActiveRecord::Base end </ruby> -There isn't much to this file - but note that the +Post+ class inherits from +ActiveRecord::Base+. Active Record supplies a great deal of functionality to your Rails models for free, including basic database CRUD (Create, Read, Update, Destroy) operations, data validation, as well as sophisticated search support and the ability to relate multiple models to one another. +There isn't much to this file - but note that the +Post+ class inherits from ++ActiveRecord::Base+. Active Record supplies a great deal of functionality to +your Rails models for free, including basic database CRUD (Create, Read, Update, +Destroy) operations, data validation, as well as sophisticated search support +and the ability to relate multiple models to one another. h4. Adding Some Validation -Rails includes methods to help you validate the data that you send to models. Open the +app/models/post.rb+ file and edit it: +Rails includes methods to help you validate the data that you send to models. +Open the +app/models/post.rb+ file and edit it: <ruby> class Post < ActiveRecord::Base @@ -490,17 +689,24 @@ class Post < ActiveRecord::Base end </ruby> -These changes will ensure that all posts have a name and a title, and that the title is at least five characters long. Rails can validate a variety of conditions in a model, including the presence or uniqueness of columns, their format, and the existence of associated objects. +These changes will ensure that all posts have a name and a title, and that the +title is at least five characters long. Rails can validate a variety of +conditions in a model, including the presence or uniqueness of columns, their +format, and the existence of associated objects. h4. Using the Console -To see your validations in action, you can use the console. The console is a command-line tool that lets you execute Ruby code in the context of your application: +To see your validations in action, you can use the console. The console is a +command-line tool that lets you execute Ruby code in the context of your +application: <shell> $ rails console </shell> -TIP: The default console will make changes to your database. You can instead open a console that will roll back any changes you make by using +rails console --sandbox+. +TIP: The default console will make changes to your database. You can instead +open a console that will roll back any changes you make by using +rails console +--sandbox+. After the console loads, you can use it to work with your application's models: @@ -517,15 +723,21 @@ After the console loads, you can use it to work with your application's models: :name=>["can't be blank"] }> </shell> -This code shows creating a new +Post+ instance, attempting to save it and getting +false+ for a return value (indicating that the save failed), and inspecting the +errors+ of the post. +This code shows creating a new +Post+ instance, attempting to save it and +getting +false+ for a return value (indicating that the save failed), and +inspecting the +errors+ of the post. When you're finished, type +exit+ and hit +return+ to exit the console. -TIP: Unlike the development web server, the console does not automatically load your code afresh for each line. If you make changes to your models while the console is open, type +reload!+ at the console prompt to load them. +TIP: Unlike the development web server, the console does not automatically load +your code afresh for each line. If you make changes to your models while the +console is open, type +reload!+ at the console prompt to load them. h4. Listing All Posts -The easiest place to start looking at functionality is with the code that lists all posts. Open the file +app/controllers/posts_controller.rb+ and look at the +index+ action: +The easiest place to start looking at functionality is with the code that lists +all posts. Open the file +app/controllers/posts_controller.rb+ and look at the ++index+ action: <ruby> def index @@ -538,11 +750,19 @@ def index end </ruby> -+Post.all+ calls the +Post+ model to return all of the posts currently in the database. The result of this call is an array of posts that we store in an instance variable called +@posts+. ++Post.all+ calls the +Post+ model to return all of the posts currently in the +database. The result of this call is an array of posts that we store in an +instance variable called +@posts+. -TIP: For more information on finding records with Active Record, see "Active Record Query Interface":active_record_querying.html. +TIP: For more information on finding records with Active Record, see "Active +Record Query Interface":active_record_querying.html. -The +respond_to+ block handles both HTML and JSON calls to this action. If you browse to "http://localhost:3000/posts.json":http://localhost:3000/posts.json, you'll see a JSON containing all of the posts. The HTML format looks for a view in +app/views/posts/+ with a name that corresponds to the action name. Rails makes all of the instance variables from the action available to the view. Here's +app/views/posts/index.html.erb+: +The +respond_to+ block handles both HTML and JSON calls to this action. If you +browse to "http://localhost:3000/posts.json":http://localhost:3000/posts.json, +you'll see a JSON containing all of the posts. The HTML format looks for a view +in +app/views/posts/+ with a name that corresponds to the action name. Rails +makes all of the instance variables from the action available to the view. +Here's +app/views/posts/index.html.erb+: <erb> <h1>Listing posts</h1> @@ -574,18 +794,31 @@ The +respond_to+ block handles both HTML and JSON calls to this action. If you b <%= link_to 'New post', new_post_path %> </erb> -This view iterates over the contents of the +@posts+ array to display content and links. A few things to note in the view: +This view iterates over the contents of the +@posts+ array to display content +and links. A few things to note in the view: * +link_to+ builds a hyperlink to a particular destination * +edit_post_path+ and +new_post_path+ are helpers that Rails provides as part of RESTful routing. You'll see a variety of these helpers for the different actions that the controller includes. -NOTE. In previous versions of Rails, you had to use +<%=h post.name %>+ so that any HTML would be escaped before being inserted into the page. In Rails 3.0, this is now the default. To get unescaped HTML, you now use +<%= raw post.name %>+. +NOTE. In previous versions of Rails, you had to use +<%=h post.name %>+ so +that any HTML would be escaped before being inserted into the page. In Rails +3.0, this is now the default. To get unescaped HTML, you now use +<%= raw +post.name %>+. -TIP: For more details on the rendering process, see "Layouts and Rendering in Rails":layouts_and_rendering.html. +TIP: For more details on the rendering process, see "Layouts and Rendering in +Rails":layouts_and_rendering.html. h4. Customizing the Layout -The view is only part of the story of how HTML is displayed in your web browser. Rails also has the concept of +layouts+, which are containers for views. When Rails renders a view to the browser, it does so by putting the view's HTML into a layout's HTML. In previous versions of Rails, the +rails generate scaffold+ command would automatically create a controller specific layout, like +app/views/layouts/posts.html.erb+, for the posts controller. However this has been changed in Rails 3.0. An application specific +layout+ is used for all the controllers and can be found in +app/views/layouts/application.html.erb+. Open this layout in your editor and modify the +body+ tag: +The view is only part of the story of how HTML is displayed in your web browser. +Rails also has the concept of +layouts+, which are containers for views. When +Rails renders a view to the browser, it does so by putting the view's HTML into +a layout's HTML. In previous versions of Rails, the +rails generate scaffold+ +command would automatically create a controller specific layout, like ++app/views/layouts/posts.html.erb+, for the posts controller. However this has +been changed in Rails 3.0. An application specific +layout+ is used for all the +controllers and can be found in +app/views/layouts/application.html.erb+. Open +this layout in your editor and modify the +body+ tag: <erb> <!DOCTYPE html> @@ -604,11 +837,13 @@ The view is only part of the story of how HTML is displayed in your web browser. </html> </erb> -Now when you refresh the +/posts+ page, you'll see a gray background to the page. This same gray background will be used throughout all the views for posts. +Now when you refresh the +/posts+ page, you'll see a gray background to the +page. This same gray background will be used throughout all the views for posts. h4. Creating New Posts -Creating a new post involves two actions. The first is the +new+ action, which instantiates an empty +Post+ object: +Creating a new post involves two actions. The first is the +new+ action, which +instantiates an empty +Post+ object: <ruby> def new @@ -631,9 +866,15 @@ The +new.html.erb+ view displays this empty Post to the user: <%= link_to 'Back', posts_path %> </erb> -The +<%= render 'form' %>+ line is our first introduction to _partials_ in Rails. A partial is a snippet of HTML and Ruby code that can be reused in multiple locations. In this case, the form used to make a new post, is basically identical to a form used to edit a post, both have text fields for the name and title and a text area for the content with a button to make a new post or update the existing post. +The +<%= render 'form' %>+ line is our first introduction to _partials_ in +Rails. A partial is a snippet of HTML and Ruby code that can be reused in +multiple locations. In this case, the form used to make a new post, is basically +identical to a form used to edit a post, both have text fields for the name and +title and a text area for the content with a button to make a new post or update +the existing post. -If you take a look at +views/posts/_form.html.erb+ file, you will see the following: +If you take a look at +views/posts/_form.html.erb+ file, you will see the +following: <erb> <%= form_for(@post) do |f| %> @@ -666,17 +907,34 @@ If you take a look at +views/posts/_form.html.erb+ file, you will see the follow <% end %> </erb> -This partial receives all the instance variables defined in the calling view file, so in this case, the controller assigned the new Post object to +@post+ and so, this is available in both the view and partial as +@post+. +This partial receives all the instance variables defined in the calling view +file, so in this case, the controller assigned the new Post object to +@post+ +and so, this is available in both the view and partial as +@post+. -For more information on partials, refer to the "Layouts and Rendering in Rails":layouts_and_rendering.html#using-partials guide. +For more information on partials, refer to the "Layouts and Rendering in +Rails":layouts_and_rendering.html#using-partials guide. -The +form_for+ block is used to create an HTML form. Within this block, you have access to methods to build various controls on the form. For example, +f.text_field :name+ tells Rails to create a text input on the form, and to hook it up to the +name+ attribute of the instance being displayed. You can only use these methods with attributes of the model that the form is based on (in this case +name+, +title+, and +content+). Rails uses +form_for+ in preference to having you write raw HTML because the code is more succinct, and because it explicitly ties the form to a particular model instance. +The +form_for+ block is used to create an HTML form. Within this block, you have +access to methods to build various controls on the form. For example, ++f.text_field :name+ tells Rails to create a text input on the form, and to hook +it up to the +name+ attribute of the instance being displayed. You can only use +these methods with attributes of the model that the form is based on (in this +case +name+, +title+, and +content+). Rails uses +form_for+ in preference to +having you write raw HTML because the code is more succinct, and because it +explicitly ties the form to a particular model instance. -The +form_for+ block is also smart enough to work out if you are doing a _New Post_ or an _Edit Post_ action, and will set the form +action+ tags and submit button names appropriately in the HTML output. +The +form_for+ block is also smart enough to work out if you are doing a _New +Post_ or an _Edit Post_ action, and will set the form +action+ tags and submit +button names appropriately in the HTML output. -TIP: If you need to create an HTML form that displays arbitrary fields, not tied to a model, you should use the +form_tag+ method, which provides shortcuts for building forms that are not necessarily tied to a model instance. +TIP: If you need to create an HTML form that displays arbitrary fields, not tied +to a model, you should use the +form_tag+ method, which provides shortcuts for +building forms that are not necessarily tied to a model instance. -When the user clicks the +Create Post+ button on this form, the browser will send information back to the +create+ method of the controller (Rails knows to call the +create+ method because the form is sent with an HTTP POST request; that's one of the conventions that I mentioned earlier): +When the user clicks the +Create Post+ button on this form, the browser will +send information back to the +create+ method of the controller (Rails knows to +call the +create+ method because the form is sent with an HTTP POST request; +that's one of the conventions that I mentioned earlier): <ruby> def create @@ -697,15 +955,32 @@ def create end </ruby> -The +create+ action instantiates a new Post object from the data supplied by the user on the form, which Rails makes available in the +params+ hash. After successfully saving the new post, +create+ returns the appropriate format that the user has requested (HTML in our case). It then redirects the user to the resulting post +show+ action and sets a notice to the user that the Post was successfully created. - -If the post was not successfully saved, due to a validation error, then the controller returns the user back to the +new+ action with any error messages so that the user has the chance to fix the error and try again. - -The "Post was successfully created." message is stored inside of the Rails +flash+ hash, (usually just called _the flash_) so that messages can be carried over to another action, providing the user with useful information on the status of their request. In the case of +create+, the user never actually sees any page rendered during the Post creation process, because it immediately redirects to the new Post as soon Rails saves the record. The Flash carries over a message to the next action, so that when the user is redirected back to the +show+ action, they are presented with a message saying "Post was successfully created." +The +create+ action instantiates a new Post object from the data supplied by the +user on the form, which Rails makes available in the +params+ hash. After +successfully saving the new post, +create+ returns the appropriate format that +the user has requested (HTML in our case). It then redirects the user to the +resulting post +show+ action and sets a notice to the user that the Post was +successfully created. + +If the post was not successfully saved, due to a validation error, then the +controller returns the user back to the +new+ action with any error messages so +that the user has the chance to fix the error and try again. + +The "Post was successfully created." message is stored inside of the Rails ++flash+ hash, (usually just called _the flash_) so that messages can be carried +over to another action, providing the user with useful information on the status +of their request. In the case of +create+, the user never actually sees any page +rendered during the Post creation process, because it immediately redirects to +the new Post as soon Rails saves the record. The Flash carries over a message to +the next action, so that when the user is redirected back to the +show+ action, +they are presented with a message saying "Post was successfully created." h4. Showing an Individual Post -When you click the +show+ link for a post on the index page, it will bring you to a URL like +http://localhost:3000/posts/1+. Rails interprets this as a call to the +show+ action for the resource, and passes in +1+ as the +:id+ parameter. Here's the +show+ action: +When you click the +show+ link for a post on the index page, it will bring you +to a URL like +http://localhost:3000/posts/1+. Rails interprets this as a call +to the +show+ action for the resource, and passes in +1+ as the +:id+ parameter. +Here's the +show+ action: <ruby> def show @@ -718,7 +993,9 @@ def show end </ruby> -The +show+ action uses +Post.find+ to search for a single record in the database by its id value. After finding the record, Rails displays it by using +show.html.erb+: +The +show+ action uses +Post.find+ to search for a single record in the database +by its id value. After finding the record, Rails displays it by using ++show.html.erb+: <erb> <p class="notice"><%= notice %></p> @@ -745,7 +1022,9 @@ The +show+ action uses +Post.find+ to search for a single record in the database h4. Editing Posts -Like creating a new post, editing a post is a two-part process. The first step is a request to +edit_post_path(@post)+ with a particular post. This calls the +edit+ action in the controller: +Like creating a new post, editing a post is a two-part process. The first step +is a request to +edit_post_path(@post)+ with a particular post. This calls the ++edit+ action in the controller: <ruby> def edit @@ -753,7 +1032,8 @@ def edit end </ruby> -After finding the requested post, Rails uses the +edit.html.erb+ view to display it: +After finding the requested post, Rails uses the +edit.html.erb+ view to display +it: <erb> <h1>Editing post</h1> @@ -764,9 +1044,12 @@ After finding the requested post, Rails uses the +edit.html.erb+ view to display <%= link_to 'Back', posts_path %> </erb> -Again, as with the +new+ action, the +edit+ action is using the +form+ partial, this time however, the form will do a PUT action to the PostsController and the submit button will display "Update Post" +Again, as with the +new+ action, the +edit+ action is using the +form+ partial, +this time however, the form will do a PUT action to the PostsController and the +submit button will display "Update Post" -Submitting the form created by this view will invoke the +update+ action within the controller: +Submitting the form created by this view will invoke the +update+ action within +the controller: <ruby> def update @@ -786,11 +1069,17 @@ def update end </ruby> -In the +update+ action, Rails first uses the +:id+ parameter passed back from the edit view to locate the database record that's being edited. The +update_attributes+ call then takes the rest of the parameters from the request and applies them to this record. If all goes well, the user is redirected to the post's +show+ view. If there are any problems, it's back to the +edit+ view to correct them. +In the +update+ action, Rails first uses the +:id+ parameter passed back from +the edit view to locate the database record that's being edited. The ++update_attributes+ call then takes the rest of the parameters from the request +and applies them to this record. If all goes well, the user is redirected to the +post's +show+ view. If there are any problems, it's back to the +edit+ view to +correct them. h4. Destroying a Post -Finally, clicking one of the +destroy+ links sends the associated id to the +destroy+ action: +Finally, clicking one of the +destroy+ links sends the associated id to the ++destroy+ action: <ruby> def destroy @@ -804,15 +1093,25 @@ def destroy end </ruby> -The +destroy+ method of an Active Record model instance removes the corresponding record from the database. After that's done, there isn't any record to display, so Rails redirects the user's browser to the index view for the model. +The +destroy+ method of an Active Record model instance removes the +corresponding record from the database. After that's done, there isn't any +record to display, so Rails redirects the user's browser to the index view for +the model. h3. Adding a Second Model -Now that you've seen how a model built with scaffolding looks like, it's time to add a second model to the application. The second model will handle comments on blog posts. +Now that you've seen how a model built with scaffolding looks like, it's time to +add a second model to the application. The second model will handle comments on +blog posts. h4. Generating a Model -Models in Rails use a singular name, and their corresponding database tables use a plural name. For the model to hold comments, the convention is to use the name Comment. Even if you don't want to use the entire apparatus set up by scaffolding, most Rails developers still use generators to make things like models and controllers. To create the new model, run this command in your terminal: +Models in Rails use a singular name, and their corresponding database tables use +a plural name. For the model to hold comments, the convention is to use the name +Comment. Even if you don't want to use the entire apparatus set up by +scaffolding, most Rails developers still use generators to make things like +models and controllers. To create the new model, run this command in your +terminal: <shell> $ rails generate model Comment commenter:string body:text post:references @@ -832,9 +1131,12 @@ class Comment < ActiveRecord::Base end </ruby> -This is very similar to the +post.rb+ model that you saw earlier. The difference is the line +belongs_to :post+, which sets up an Active Record _association_. You'll learn a little about associations in the next section of this guide. +This is very similar to the +post.rb+ model that you saw earlier. The difference +is the line +belongs_to :post+, which sets up an Active Record _association_. +You'll learn a little about associations in the next section of this guide. -In addition to the model, Rails has also made a migration to create the corresponding database table: +In addition to the model, Rails has also made a migration to create the +corresponding database table: <ruby> class CreateComments < ActiveRecord::Migration @@ -852,13 +1154,16 @@ class CreateComments < ActiveRecord::Migration end </ruby> -The +t.references+ line sets up a foreign key column for the association between the two models. And the +add_index+ line sets up an index for this association column. Go ahead and run the migration: +The +t.references+ line sets up a foreign key column for the association between +the two models. And the +add_index+ line sets up an index for this association +column. Go ahead and run the migration: <shell> $ rake db:migrate </shell> -Rails is smart enough to only execute the migrations that have not already been run against the current database, so in this case you will just see: +Rails is smart enough to only execute the migrations that have not already been +run against the current database, so in this case you will just see: <shell> == CreateComments: migrating ================================================= @@ -869,12 +1174,16 @@ Rails is smart enough to only execute the migrations that have not already been h4. Associating Models -Active Record associations let you easily declare the relationship between two models. In the case of comments and posts, you could write out the relationships this way: +Active Record associations let you easily declare the relationship between two +models. In the case of comments and posts, you could write out the relationships +this way: * Each comment belongs to one post * One post can have many comments -In fact, this is very close to the syntax that Rails uses to declare this association. You've already seen the line of code inside the Comment model that makes each comment belong to a Post: +In fact, this is very close to the syntax that Rails uses to declare this +association. You've already seen the line of code inside the Comment model that +makes each comment belong to a Post: <ruby> class Comment < ActiveRecord::Base @@ -894,13 +1203,20 @@ class Post < ActiveRecord::Base end </ruby> -These two declarations enable a good bit of automatic behavior. For example, if you have an instance variable +@post+ containing a post, you can retrieve all the comments belonging to that post as the array +@post.comments+. +These two declarations enable a good bit of automatic behavior. For example, if +you have an instance variable +@post+ containing a post, you can retrieve all +the comments belonging to that post as the array +@post.comments+. -TIP: For more information on Active Record associations, see the "Active Record Associations":association_basics.html guide. +TIP: For more information on Active Record associations, see the "Active Record +Associations":association_basics.html guide. h4. Adding a Route for Comments -As with the +home+ controller, we will need to add a route so that Rails knows where we would like to navigate to see +comments+. Open up the +config/routes.rb+ file again, you will see an entry that was added automatically for +posts+ near the top by the scaffold generator, +resources :posts+, edit it as follows: +As with the +home+ controller, we will need to add a route so that Rails knows +where we would like to navigate to see +comments+. Open up the ++config/routes.rb+ file again, you will see an entry that was added +automatically for +posts+ near the top by the scaffold generator, +resources +:posts+, edit it as follows: <ruby> resources :posts do @@ -908,29 +1224,40 @@ resources :posts do end </ruby> -This creates +comments+ as a _nested resource_ within +posts+. This is another part of capturing the hierarchical relationship that exists between posts and comments. +This creates +comments+ as a _nested resource_ within +posts+. This is another +part of capturing the hierarchical relationship that exists between posts and +comments. -TIP: For more information on routing, see the "Rails Routing from the Outside In":routing.html guide. +TIP: For more information on routing, see the "Rails Routing from the Outside +In":routing.html guide. h4. Generating a Controller -With the model in hand, you can turn your attention to creating a matching controller. Again, there's a generator for this: +With the model in hand, you can turn your attention to creating a matching +controller. Again, there's a generator for this: <shell> $ rails generate controller Comments </shell> -This creates four files and one empty directory: +This creates six files and one empty directory: * +app/controllers/comments_controller.rb+ - The controller * +app/helpers/comments_helper.rb+ - A view helper file * +test/functional/comments_controller_test.rb+ - The functional tests for the controller * +test/unit/helpers/comments_helper_test.rb+ - The unit tests for the helper * +app/views/comments/+ - Views of the controller are stored here +* +app/assets/stylesheets/comment.css.scss+ - Cascading style sheet for the controller +* +app/assets/javascripts/comment.js.coffee+ - CoffeeScript for the controller -Like with any blog, our readers will create their comments directly after reading the post, and once they have added their comment, will be sent back to the post show page to see their comment now listed. Due to this, our +CommentsController+ is there to provide a method to create comments and delete SPAM comments when they arrive. +Like with any blog, our readers will create their comments directly after +reading the post, and once they have added their comment, will be sent back to +the post show page to see their comment now listed. Due to this, our ++CommentsController+ is there to provide a method to create comments and delete +SPAM comments when they arrive. -So first, we'll wire up the Post show template (+/app/views/posts/show.html.erb+) to let us make a new comment: +So first, we'll wire up the Post show template +(+/app/views/posts/show.html.erb+) to let us make a new comment: <erb> <p class="notice"><%= notice %></p> @@ -969,7 +1296,8 @@ So first, we'll wire up the Post show template (+/app/views/posts/show.html.erb+ <%= link_to 'Back to Posts', posts_path %> | </erb> -This adds a form on the Post show page that creates a new comment, which will call the +CommentsController+ +create+ action, so let's wire that up: +This adds a form on the Post show page that creates a new comment, which will +call the +CommentsController+ +create+ action, so let's wire that up: <ruby> class CommentsController < ApplicationController @@ -981,11 +1309,21 @@ class CommentsController < ApplicationController end </ruby> -You'll see a bit more complexity here than you did in the controller for posts. That's a side-effect of the nesting that you've set up; each request for a comment has to keep track of the post to which the comment is attached, thus the initial find action to the Post model to get the post in question. +You'll see a bit more complexity here than you did in the controller for posts. +That's a side-effect of the nesting that you've set up; each request for a +comment has to keep track of the post to which the comment is attached, thus the +initial find action to the Post model to get the post in question. -In addition, the code takes advantage of some of the methods available for an association. We use the +create+ method on +@post.comments+ to create and save the comment. This will automatically link the comment so that it belongs to that particular post. +In addition, the code takes advantage of some of the methods available for an +association. We use the +create+ method on +@post.comments+ to create and save +the comment. This will automatically link the comment so that it belongs to that +particular post. -Once we have made the new comment, we send the user back to the original post using the +post_path(@post)+ helper. As we have already seen, this calls the +show+ action of the +PostsController+ which in turn renders the +show.html.erb+ template. This is where we want the comment to show, so let's add that to the +app/views/posts/show.html.erb+. +Once we have made the new comment, we send the user back to the original post +using the +post_path(@post)+ helper. As we have already seen, this calls the ++show+ action of the +PostsController+ which in turn renders the +show.html.erb+ +template. This is where we want the comment to show, so let's add that to the ++app/views/posts/show.html.erb+. <erb> <p class="notice"><%= notice %></p> @@ -1039,15 +1377,20 @@ Once we have made the new comment, we send the user back to the original post us <%= link_to 'Back to Posts', posts_path %> | </erb> -Now you can add posts and comments to your blog and have them show up in the right places. +Now you can add posts and comments to your blog and have them show up in the +right places. h3. Refactoring -Now that we have Posts and Comments working, if we take a look at the +app/views/posts/show.html.erb+ template, it's getting long and awkward. We can use partials to clean this up. +Now that we have Posts and Comments working, if we take a look at the ++app/views/posts/show.html.erb+ template, it's getting long and awkward. We can +use partials to clean this up. h4. Rendering Partial Collections -First we will make a comment partial to extract showing all the comments for the post. Create the file +app/views/comments/_comment.html.erb+ and put the following into it: +First we will make a comment partial to extract showing all the comments for the +post. Create the file +app/views/comments/_comment.html.erb+ and put the +following into it: <erb> <p> @@ -1061,7 +1404,8 @@ First we will make a comment partial to extract showing all the comments for the </p> </erb> -Then in the +app/views/posts/show.html.erb+ you can change it to look like the following: +Then in the +app/views/posts/show.html.erb+ you can change it to look like the +following: <erb> <p class="notice"><%= notice %></p> @@ -1105,11 +1449,16 @@ Then in the +app/views/posts/show.html.erb+ you can change it to look like the f <%= link_to 'Back to Posts', posts_path %> | </erb> -This will now render the partial in +app/views/comments/_comment.html.erb+ once for each comment that is in the +@post.comments+ collection. As the +render+ method iterates over the <tt>@post.comments</tt> collection, it assigns each comment to a local variable named the same as the partial, in this case +comment+ which is then available in the partial for us to show. +This will now render the partial in +app/views/comments/_comment.html.erb+ once +for each comment that is in the +@post.comments+ collection. As the +render+ +method iterates over the <tt>@post.comments</tt> collection, it assigns each +comment to a local variable named the same as the partial, in this case ++comment+ which is then available in the partial for us to show. h4. Rendering a Partial Form -Lets also move that new comment section out to it's own partial, again, you create a file +app/views/comments/_form.html.erb+ and in it you put: +Lets also move that new comment section out to it's own partial, again, you +create a file +app/views/comments/_form.html.erb+ and in it you put: <erb> <%= form_for([@post, @post.comments.build]) do |f| %> @@ -1159,15 +1508,22 @@ Then you make the +app/views/posts/show.html.erb+ look like the following: <%= link_to 'Back to Posts', posts_path %> | </erb> -The second render just defines the partial template we want to render, <tt>comments/form</tt>, Rails is smart enough to spot the forward slash in that string and realize that you want to render the <tt>_form.html.erb</tt> file in the <tt>app/views/comments</tt> directory. +The second render just defines the partial template we want to render, +<tt>comments/form</tt>, Rails is smart enough to spot the forward slash in that +string and realize that you want to render the <tt>_form.html.erb</tt> file in +the <tt>app/views/comments</tt> directory. -The +@post+ object is available to any partials rendered in the view because we defined it as an instance variable. +The +@post+ object is available to any partials rendered in the view because we +defined it as an instance variable. h3. Deleting Comments -Another important feature on a blog is being able to delete SPAM comments. To do this, we need to implement a link of some sort in the view and a +DELETE+ action in the +CommentsController+. +Another important feature on a blog is being able to delete SPAM comments. To do +this, we need to implement a link of some sort in the view and a +DELETE+ action +in the +CommentsController+. -So first, let's add the delete link in the +app/views/comments/_comment.html.erb+ partial: +So first, let's add the delete link in the ++app/views/comments/_comment.html.erb+ partial: <erb> <p> @@ -1187,7 +1543,10 @@ So first, let's add the delete link in the +app/views/comments/_comment.html.erb </p> </erb> -Clicking this new "Destroy Comment" link will fire off a <tt>DELETE /posts/:id/comments/:id</tt> to our +CommentsController+, which can then use this to find the comment we want to delete, so let's add a destroy action to our controller: +Clicking this new "Destroy Comment" link will fire off a <tt>DELETE +/posts/:id/comments/:id</tt> to our +CommentsController+, which can then use +this to find the comment we want to delete, so let's add a destroy action to our +controller: <ruby> class CommentsController < ApplicationController @@ -1208,12 +1567,17 @@ class CommentsController < ApplicationController end </ruby> -The +destroy+ action will find the post we are looking at, locate the comment within the <tt>@post.comments</tt> collection, and then remove it from the database and send us back to the show action for the post. +The +destroy+ action will find the post we are looking at, locate the comment +within the <tt>@post.comments</tt> collection, and then remove it from the +database and send us back to the show action for the post. h4. Deleting Associated Objects -If you delete a post then its associated comments will also need to be deleted. Otherwise they would simply occupy space in the database. Rails allows you to use the +dependent+ option of an association to achieve this. Modify the Post model, +app/models/post.rb+, as follows: +If you delete a post then its associated comments will also need to be deleted. +Otherwise they would simply occupy space in the database. Rails allows you to +use the +dependent+ option of an association to achieve this. Modify the Post +model, +app/models/post.rb+, as follows: <ruby> class Post < ActiveRecord::Base @@ -1226,13 +1590,20 @@ end h3. Security -If you were to publish your blog online, anybody would be able to add, edit and delete posts or delete comments. +If you were to publish your blog online, anybody would be able to add, edit and +delete posts or delete comments. -Rails provides a very simple HTTP authentication system that will work nicely in this situation. +Rails provides a very simple HTTP authentication system that will work nicely in +this situation. -In the +PostsController+ we need to have a way to block access to the various actions if the person is not authenticated, here we can use the Rails <tt>http_basic_authenticate_with</tt> method, allowing access to the requested action if that method allows it. +In the +PostsController+ we need to have a way to block access to the various +actions if the person is not authenticated, here we can use the Rails +<tt>http_basic_authenticate_with</tt> method, allowing access to the requested +action if that method allows it. -To use the authentication system, we specify it at the top of our +PostsController+, in this case, we want the user to be authenticated on every action, except for +index+ and +show+, so we write that: +To use the authentication system, we specify it at the top of our ++PostsController+, in this case, we want the user to be authenticated on every +action, except for +index+ and +show+, so we write that: <ruby> class PostsController < ApplicationController @@ -1247,7 +1618,8 @@ class PostsController < ApplicationController # snipped for brevity </ruby> -We also only want to allow authenticated users to delete comments, so in the +CommentsController+ we write: +We also only want to allow authenticated users to delete comments, so in the ++CommentsController+ we write: <ruby> class CommentsController < ApplicationController @@ -1259,16 +1631,21 @@ class CommentsController < ApplicationController # snipped for brevity </ruby> -Now if you try to create a new post, you will be greeted with a basic HTTP Authentication challenge +Now if you try to create a new post, you will be greeted with a basic HTTP +Authentication challenge !images/challenge.png(Basic HTTP Authentication Challenge)! h3. Building a Multi-Model Form -Another feature of your average blog is the ability to tag posts. To implement this feature your application needs to interact with more than one model on a single form. Rails offers support for nested forms. +Another feature of your average blog is the ability to tag posts. To implement +this feature your application needs to interact with more than one model on a +single form. Rails offers support for nested forms. -To demonstrate this, we will add support for giving each post multiple tags, right in the form where you create the post. First, create a new model to hold the tags: +To demonstrate this, we will add support for giving each post multiple tags, +right in the form where you create the post. First, create a new model to hold +the tags: <shell> $ rails generate model tag name:string post:references @@ -1280,7 +1657,9 @@ Again, run the migration to create the database table: $ rake db:migrate </shell> -Next, edit the +post.rb+ file to create the other side of the association, and to tell Rails (via the +accepts_nested_attributes_for+ macro) that you intend to edit tags via posts: +Next, edit the +post.rb+ file to create the other side of the association, and +to tell Rails (via the +accepts_nested_attributes_for+ macro) that you intend to +edit tags via posts: <ruby> class Post < ActiveRecord::Base @@ -1296,7 +1675,10 @@ class Post < ActiveRecord::Base end </ruby> -The +:allow_destroy+ option on the nested attribute declaration tells Rails to display a "remove" checkbox on the view that you'll build shortly. The +:reject_if+ option prevents saving new tags that do not have any attributes filled in. +The +:allow_destroy+ option on the nested attribute declaration tells Rails to +display a "remove" checkbox on the view that you'll build shortly. The ++:reject_if+ option prevents saving new tags that do not have any attributes +filled in. We will modify +views/posts/_form.html.erb+ to render a partial to make a tag: @@ -1335,13 +1717,20 @@ We will modify +views/posts/_form.html.erb+ to render a partial to make a tag: <% end %> </erb> -Note that we have changed the +f+ in +form_for(@post) do |f|+ to +post_form+ to make it easier to understand what is going on. +Note that we have changed the +f+ in +form_for(@post) do |f|+ to +post_form+ to +make it easier to understand what is going on. -This example shows another option of the render helper, being able to pass in local variables, in this case, we want the local variable +form+ in the partial to refer to the +post_form+ object. +This example shows another option of the render helper, being able to pass in +local variables, in this case, we want the local variable +form+ in the partial +to refer to the +post_form+ object. -We also add a <tt>@post.tags.build</tt> at the top of this form, this is to make sure there is a new tag ready to have it's name filled in by the user. If you do not build the new tag, then the form will not appear as there is no new Tag object ready to create. +We also add a <tt>@post.tags.build</tt> at the top of this form, this is to make +sure there is a new tag ready to have it's name filled in by the user. If you do +not build the new tag, then the form will not appear as there is no new Tag +object ready to create. -Now create the folder <tt>app/views/tags</tt> and make a file in there called <tt>_form.html.erb</tt> which contains the form for the tag: +Now create the folder <tt>app/views/tags</tt> and make a file in there called +<tt>_form.html.erb</tt> which contains the form for the tag: <erb> <%= form.fields_for :tags do |tag_form| %> @@ -1358,7 +1747,8 @@ Now create the folder <tt>app/views/tags</tt> and make a file in there called <t <% end %> </erb> -Finally, we will edit the <tt>app/views/posts/show.html.erb</tt> template to show our tags. +Finally, we will edit the <tt>app/views/posts/show.html.erb</tt> template to +show our tags. <erb> <p class="notice"><%= notice %></p> @@ -1394,13 +1784,18 @@ Finally, we will edit the <tt>app/views/posts/show.html.erb</tt> template to sho <%= link_to 'Back to Posts', posts_path %> | </erb> -With these changes in place, you'll find that you can edit a post and its tags directly on the same view. +With these changes in place, you'll find that you can edit a post and its tags +directly on the same view. -However, that method call <tt>@post.tags.map { |t| t.name }.join(", ")</tt> is awkward, we could handle this by making a helper method. +However, that method call <tt>@post.tags.map { |t| t.name }.join(", ")</tt> is +awkward, we could handle this by making a helper method. h3. View Helpers -View Helpers live in <tt>app/helpers</tt> and provide small snippets of reusable code for views. In our case, we want a method that strings a bunch of objects together using their name attribute and joining them with a comma. As this is for the Post show template, we put it in the PostsHelper. +View Helpers live in <tt>app/helpers</tt> and provide small snippets of reusable +code for views. In our case, we want a method that strings a bunch of objects +together using their name attribute and joining them with a comma. As this is +for the Post show template, we put it in the PostsHelper. Open up <tt>app/helpers/posts_helper.rb</tt> and add the following: @@ -1412,7 +1807,8 @@ module PostsHelper end </erb> -Now you can edit the view in <tt>app/views/posts/show.html.erb</tt> to look like this: +Now you can edit the view in <tt>app/views/posts/show.html.erb</tt> to look like +this: <erb> <p class="notice"><%= notice %></p> @@ -1450,7 +1846,10 @@ Now you can edit the view in <tt>app/views/posts/show.html.erb</tt> to look like h3. What's Next? -Now that you've seen your first Rails application, you should feel free to update it and experiment on your own. But you don't have to do everything without help. As you need assistance getting up and running with Rails, feel free to consult these support resources: +Now that you've seen your first Rails application, you should feel free to +update it and experiment on your own. But you don't have to do everything +without help. As you need assistance getting up and running with Rails, feel +free to consult these support resources: * The "Ruby on Rails guides":index.html * The "Ruby on Rails Tutorial":http://railstutorial.org/book @@ -1465,9 +1864,18 @@ Rails also comes with built-in help that you can generate using the rake command h3. Configuration Gotchas -The easiest way to work with Rails is to store all external data as UTF-8. If you don't, Ruby libraries and Rails will often be able to convert your native data into UTF-8, but this doesn't always work reliably, so you're better off ensuring that all external data is UTF-8. - -If you have made a mistake in this area, the most common symptom is a black diamond with a question mark inside appearing in the browser. Another common symptom is characters like "ü" appearing instead of "ü". Rails takes a number of internal steps to mitigate common causes of these problems that can be automatically detected and corrected. However, if you have external data that is not stored as UTF-8, it can occasionally result in these kinds of issues that cannot be automatically detected by Rails and corrected. +The easiest way to work with Rails is to store all external data as UTF-8. If +you don't, Ruby libraries and Rails will often be able to convert your native +data into UTF-8, but this doesn't always work reliably, so you're better off +ensuring that all external data is UTF-8. + +If you have made a mistake in this area, the most common symptom is a black +diamond with a question mark inside appearing in the browser. Another common +symptom is characters like "ü" appearing instead of "ü". Rails takes a number +of internal steps to mitigate common causes of these problems that can be +automatically detected and corrected. However, if you have external data that is +not stored as UTF-8, it can occasionally result in these kinds of issues that +cannot be automatically detected by Rails and corrected. Two very common sources of data that are not UTF-8: * Your text editor: Most text editors (such as Textmate), default to saving files as diff --git a/railties/guides/source/initialization.textile b/railties/guides/source/initialization.textile index 340699419b..477ee5a3a2 100644 --- a/railties/guides/source/initialization.textile +++ b/railties/guides/source/initialization.textile @@ -512,7 +512,7 @@ h4. +railties/lib/rails/ruby_version_check.rb+ This file simply checks if the Ruby version is less than 1.8.7 or is 1.9.1 and raises an error if that is the case. Rails 3 simply will not run on earlier versions of Ruby than 1.8.7 or 1.9.1. -NOTE: You should always endeavour to run the latest version of Ruby with your Rails applications. The benefits are many, including security fixes and the like, and very often there is a speed increase associated with it. The caveat is that you could have code that potentially breaks on the latest version, which should be fixed to work on the latest version rather than kept around as an excuse not to upgrade. +NOTE: You should always endeavor to run the latest version of Ruby with your Rails applications. The benefits are many, including security fixes and the like, and very often there is a speed increase associated with it. The caveat is that you could have code that potentially breaks on the latest version, which should be fixed to work on the latest version rather than kept around as an excuse not to upgrade. h4. +active_support/core_ext/kernel/reporting.rb+ diff --git a/railties/guides/source/layouts_and_rendering.textile b/railties/guides/source/layouts_and_rendering.textile index ba45b84242..57485e8986 100644 --- a/railties/guides/source/layouts_and_rendering.textile +++ b/railties/guides/source/layouts_and_rendering.textile @@ -94,7 +94,7 @@ NOTE: The actual rendering is done by subclasses of +ActionView::TemplateHandler h4. Using +render+ -In most cases, the +ActionController::Base#render+ method does the heavy lifting of rendering your application's content for use by a browser. There are a variety of ways to customise the behaviour of +render+. You can render the default view for a Rails template, or a specific template, or a file, or inline code, or nothing at all. You can render text, JSON, or XML. You can specify the content type or HTTP status of the rendered response as well. +In most cases, the +ActionController::Base#render+ method does the heavy lifting of rendering your application's content for use by a browser. There are a variety of ways to customize the behaviour of +render+. You can render the default view for a Rails template, or a specific template, or a file, or inline code, or nothing at all. You can render text, JSON, or XML. You can specify the content type or HTTP status of the rendered response as well. TIP: If you want to see the exact results of a call to +render+ without needing to inspect it in a browser, you can call +render_to_string+. This method takes exactly the same options as +render+, but it returns a string instead of sending a response back to the browser. diff --git a/railties/guides/source/migrations.textile b/railties/guides/source/migrations.textile index dbbf8f3b51..e51ee0f535 100644 --- a/railties/guides/source/migrations.textile +++ b/railties/guides/source/migrations.textile @@ -17,7 +17,7 @@ endprologue. h3. Anatomy of a Migration -Before I dive into the details of a migration, here are a few examples of the sorts of things you can do: +Before we dive into the details of a migration, here are a few examples of the sorts of things you can do: <ruby> class CreateProducts < ActiveRecord::Migration @@ -117,6 +117,33 @@ Occasionally you will make a mistake when writing a migration. If you have alrea In general editing existing migrations is not a good idea: you will be creating extra work for yourself and your co-workers and cause major headaches if the existing version of the migration has already been run on production machines. Instead you should write a new migration that performs the changes you require. Editing a freshly generated migration that has not yet been committed to source control (or more generally which has not been propagated beyond your development machine) is relatively harmless. +h4. Supported Types + +Active Record supports the following types: + +* +:primary_key+ +* +:string+ +* +:text+ +* +:integer+ +* +:float+ +* +:decimal+ +* +:datetime+ +* +:timestamp+ +* +:time+ +* +:date+ +* +:binary+ +* +:boolean+ + +These will be mapped onto an appropriate underlying database type, for example with MySQL +:string+ is mapped to +VARCHAR(255)+. You can create columns of types not supported by Active Record when using the non-sexy syntax, for example + +<ruby> +create_table :products do |t| + t.column :name, 'polygon', :null => false +end +</ruby> + +This may however hinder portability to other databases. + h3. Creating a Migration h4. Creating a Model @@ -261,18 +288,6 @@ end will append +ENGINE=BLACKHOLE+ to the SQL statement used to create the table (when using MySQL the default is +ENGINE=InnoDB+). -The types supported by Active Record are +:primary_key+, +:string+, +:text+, +:integer+, +:float+, +:decimal+, +:datetime+, +:timestamp+, +:time+, +:date+, +:binary+, +:boolean+. - -These will be mapped onto an appropriate underlying database type, for example with MySQL +:string+ is mapped to +VARCHAR(255)+. You can create columns of types not supported by Active Record when using the non-sexy syntax, for example - -<ruby> -create_table :products do |t| - t.column :name, 'polygon', :null => false -end -</ruby> - -This may however hinder portability to other databases. - h4. Changing Tables A close cousin of +create_table+ is +change_table+, used for changing existing tables. It is used in a similar fashion to +create_table+ but the object yielded to the block knows more tricks. For example @@ -462,7 +477,7 @@ Several methods are provided that allow you to control all this: For example, this migration -<ruby> +<pre> class CreateProducts < ActiveRecord::Migration def change suppress_messages do @@ -481,7 +496,7 @@ class CreateProducts < ActiveRecord::Migration end end end -</ruby> +</pre> generates the following output @@ -499,40 +514,107 @@ If you just want Active Record to shut up then running +rake db:migrate VERBOSE= h3. Using Models in Your Migrations -When creating or updating data in a migration it is often tempting to use one of your models. After all they exist to provide easy access to the underlying data. This can be done but some caution should be observed. +When creating or updating data in a migration it is often tempting to use one of your models. After all they exist to provide easy access to the underlying data. This can be done, but some caution should be observed. -Consider for example a migration that uses the +Product+ model to update a row in the corresponding table. Alice later updates the +Product+ model, adding a new column and a validation on it. Bob comes back from holiday, updates the source and runs outstanding migrations with +rake db:migrate+, including the one that used the +Product+ model. When the migration runs the source is up to date and so the +Product+ model has the validation added by Alice. The database however is still old and so does not have that column and an error ensues because that validation is on a column that does not yet exist. +For example, problems occur when the model uses database columns which are (1) not currently in the database and (2) will be created by this or a subsequent migration. -Frequently I just want to update rows in the database without writing out the SQL by hand: I'm not using anything specific to the model. One pattern for this is to define a copy of the model inside the migration itself, for example: +Consider this example, where Alice and Bob are working on the same code base which contains a +Product+ model: -<ruby> -class AddPartNumberToProducts < ActiveRecord::Migration - class Product < ActiveRecord::Base +Bob goes on vacation. + +Alice creates a migration for the +products+ table which adds a new column and initializes it. +She also adds a validation to the Product model for the new column. + +<pre> +# db/migrate/20100513121110_add_flag_to_product.rb + +class AddFlagToProduct < ActiveRecord::Migration + def change + add_column :products, :flag, :int + Product.all.each { |f| f.update_attributes!(:flag => 'false') } end +end +</pre> + +<pre> +# app/model/product.rb + +class Product < ActiveRecord::Base + validates_presence_of :flag +end +</pre> + +Alice adds a second migration which adds and initializes another column to the +products+ table and also adds a validation to the Product model for the new column. +<pre> +# db/migrate/20100515121110_add_fuzz_to_product.rb + +class AddFuzzToProduct < ActiveRecord::Migration def change - ... + add_column :products, :fuzz, :string + Product.all.each { |f| f.update_attributes! :fuzz => 'fuzzy' } end end -</ruby> -The migration has its own minimal copy of the +Product+ model and no longer cares about the +Product+ model defined in the application. +</pre> -h4. Dealing with Changing Models +<pre> +# app/model/product.rb -For performance reasons information about the columns a model has is cached. For example if you add a column to a table and then try and use the corresponding model to insert a new row it may try to use the old column information. You can force Active Record to re-read the column information with the +reset_column_information+ method, for example +class Product < ActiveRecord::Base + validates_presence_of :flag + validates_presence_of :fuzz +end +</pre> -<ruby> -class AddPartNumberToProducts < ActiveRecord::Migration +Both migrations work for Alice. + +Bob comes back from vacation and: + +# updates the source - which contains both migrations and the latests version of the Product model. +# runs outstanding migrations with +rake db:migrate+, which includes the one that updates the +Product+ model. + +The migration crashes because when the model attempts to save, it tries to validate the second added column, which is not in the database when the _first_ migration runs. + +<pre> +rake aborted! +An error has occurred, this and all later migrations canceled: + +undefined method `fuzz' for #<Product:0x000001049b14a0> +</pre> + +A fix for this is to create a local model within the migration. This keeps rails from running the validations, so that the migrations run to completion. + +When using a faux model, it's a good idea to call +Product.reset_column_information+ to refresh the ActiveRecord cache for the Product model prior to updating data in the database. + +If Alice had done this instead, there would have been no problem: + +<pre> +# db/migrate/20100513121110_add_flag_to_product.rb + +class AddFlagToProduct < ActiveRecord::Migration class Product < ActiveRecord::Base end + def change + add_column :products, :flag, :int + Product.reset_column_information + Product.all.each { |f| f.update_attributes!(:flag => false) } + end +end +</pre> + +<pre> +# db/migrate/20100515121110_add_fuzz_to_product.rb +class AddFuzzToProduct < ActiveRecord::Migration + class Product < ActiveRecord::Base + end def change - add_column :product, :part_number, :string + add_column :products, :fuzz, :string Product.reset_column_information - ... + Product.all.each { |f| f.update_attributes! :fuzz => 'fuzzy' } end end -</ruby> +</pre> h3. Schema Dumping and You diff --git a/railties/guides/source/plugins.textile b/railties/guides/source/plugins.textile index 79bbe495bd..188423861d 100644 --- a/railties/guides/source/plugins.textile +++ b/railties/guides/source/plugins.textile @@ -86,7 +86,7 @@ class CoreExtTest < Test::Unit::TestCase end </ruby> -Run +rake+ to run the test. This test should fail because we haven't implemented the +to_squak+ method: +Run +rake+ to run the test. This test should fail because we haven't implemented the +to_squawk+ method: <shell> 1) Error: @@ -218,8 +218,8 @@ test/dummy directory: <shell> $ cd test/dummy -$ rails generate model Hickwall last_squak:string -$ rails generate model Wickwall last_squak:string last_tweet:string +$ rails generate model Hickwall last_squawk:string +$ rails generate model Wickwall last_squawk:string last_tweet:string </shell> Now you can create the necessary database tables in your testing database by navigating to your dummy app diff --git a/railties/guides/source/rails_application_templates.textile b/railties/guides/source/rails_application_templates.textile index 3db47a70e8..90fc763349 100644 --- a/railties/guides/source/rails_application_templates.textile +++ b/railties/guides/source/rails_application_templates.textile @@ -11,22 +11,18 @@ endprologue. h3. Usage -To apply a template, you need to provide the Rails generator with the location of the template you wish to apply, using -m option: +To apply a template, you need to provide the Rails generator with the location of the template you wish to apply, using -m option. This can either be path to a file or a URL. <shell> $ rails new blog -m ~/template.rb +$ rails new blog -m http://example.com/template.rb </shell> -It's also possible to apply a template using a URL: - -<shell> -$ rails new blog -m https://gist.github.com/755496.txt -</shell> - -Alternatively, you can use the rake task +rails:template+ to apply a template to an existing Rails application: +You can use the rake task +rails:template+ to apply templates to an existing Rails application. The location of the template needs to be passed in to an environment variable named LOCATION. Again, this can either be path to a file or a URL. <shell> $ rake rails:template LOCATION=~/template.rb +$ rake rails:template LOCATION=http://example.com/template.rb </shell> h3. Template API diff --git a/railties/guides/source/routing.textile b/railties/guides/source/routing.textile index 1cbc5c8f6e..99dd9a1cd2 100644 --- a/railties/guides/source/routing.textile +++ b/railties/guides/source/routing.textile @@ -68,7 +68,7 @@ Rails would dispatch that request to the +destroy+ method on the +photos+ contro h4. CRUD, Verbs, and Actions -In Rails, a resourceful route provides a mapping between HTTP verbs and URLs and controller actions. By convention, each action also maps to particular CRUD operations in a database. A single entry in the routing file, such as +In Rails, a resourceful route provides a mapping between HTTP verbs and URLs to controller actions. By convention, each action also maps to particular CRUD operations in a database. A single entry in the routing file, such as <ruby> resources :photos @@ -94,8 +94,8 @@ Creating a resourceful route will also expose a number of helpers to the control * +photos_path+ returns +/photos+ * +new_photo_path+ returns +/photos/new+ -* +edit_photo_path(id)+ returns +/photos/:id/edit+ (for instance, +edit_photo_path(10)+ returns +/photos/10/edit+) -* +photo_path(id)+ returns +/photos/:id+ (for instance, +photo_path(10)+ returns +/photos/10+) +* +edit_photo_path(:id)+ returns +/photos/:id/edit+ (for instance, +edit_photo_path(10)+ returns +/photos/10/edit+) +* +photo_path(:id)+ returns +/photos/:id+ (for instance, +photo_path(10)+ returns +/photos/10+) Each of these helpers has a corresponding +_url+ helper (such as +photos_url+) which returns the same path prefixed with the current host, port and path prefix. @@ -163,14 +163,14 @@ end This will create a number of routes for each of the +posts+ and +comments+ controller. For +Admin::PostsController+, Rails will create: -|_.HTTP Verb |_.Path |_.action |_.named helper | -|GET |/admin/posts |index | admin_posts_path | -|GET |/admin/posts/new |new | new_admin_posts_path | -|POST |/admin/posts |create | admin_posts_path | -|GET |/admin/posts/1 |show | admin_post_path(id) | -|GET |/admin/posts/1/edit |edit | edit_admin_post_path(id) | -|PUT |/admin/posts/1 |update | admin_post_path(id) | -|DELETE |/admin/posts/1 |destroy | admin_post_path(id) | +|_.HTTP Verb |_.Path |_.action |_.named helper | +|GET |/admin/posts |index | admin_posts_path | +|GET |/admin/posts/new |new | new_admin_post_path | +|POST |/admin/posts |create | admin_posts_path | +|GET |/admin/posts/:id |show | admin_post_path(:id) | +|GET |/admin/posts/:id/edit |edit | edit_admin_post_path(:id) | +|PUT |/admin/posts/:id |update | admin_post_path(:id) | +|DELETE |/admin/posts/:id |destroy | admin_post_path(:id) | If you want to route +/posts+ (without the prefix +/admin+) to +Admin::PostsController+, you could use @@ -204,12 +204,12 @@ In each of these cases, the named routes remain the same as if you did not use + |_.HTTP Verb |_.Path |_.action |_.named helper | |GET |/admin/posts |index | posts_path | -|GET |/admin/posts/new |new | posts_path | +|GET |/admin/posts/new |new | new_post_path | |POST |/admin/posts |create | posts_path | -|GET |/admin/posts/1 |show | post_path(id) | -|GET |/admin/posts/1/edit |edit | edit_post_path(id) | -|PUT |/admin/posts/1 |update | post_path(id) | -|DELETE |/admin/posts/1 |destroy | post_path(id) | +|GET |/admin/posts/:id |show | post_path(:id) | +|GET |/admin/posts/:id/edit|edit | edit_post_path(:id)| +|PUT |/admin/posts/:id |update | post_path(:id) | +|DELETE |/admin/posts/:id |destroy | post_path(:id) | h4. Nested Resources @@ -236,13 +236,13 @@ end In addition to the routes for magazines, this declaration will also route ads to an +AdsController+. The ad URLs require a magazine: |_.HTTP Verb |_.Path |_.action |_.used for | -|GET |/magazines/1/ads |index |display a list of all ads for a specific magazine | -|GET |/magazines/1/ads/new |new |return an HTML form for creating a new ad belonging to a specific magazine | -|POST |/magazines/1/ads |create |create a new ad belonging to a specific magazine | -|GET |/magazines/1/ads/1 |show |display a specific ad belonging to a specific magazine | -|GET |/magazines/1/ads/1/edit |edit |return an HTML form for editing an ad belonging to a specific magazine | -|PUT |/magazines/1/ads/1 |update |update a specific ad belonging to a specific magazine | -|DELETE |/magazines/1/ads/1 |destroy |delete a specific ad belonging to a specific magazine | +|GET |/magazines/:id/ads |index |display a list of all ads for a specific magazine | +|GET |/magazines/:id/ads/new |new |return an HTML form for creating a new ad belonging to a specific magazine | +|POST |/magazines/:id/ads |create |create a new ad belonging to a specific magazine | +|GET |/magazines/:id/ads/:id |show |display a specific ad belonging to a specific magazine | +|GET |/magazines/:id/ads/:id/edit |edit |return an HTML form for editing an ad belonging to a specific magazine | +|PUT |/magazines/:id/ads/:id |update |update a specific ad belonging to a specific magazine | +|DELETE |/magazines/:id/ads/:id |destroy |delete a specific ad belonging to a specific magazine | This will also create routing helpers such as +magazine_ads_url+ and +edit_magazine_ad_path+. These helpers take an instance of Magazine as the first parameter (+magazine_ads_url(@magazine)+). @@ -560,13 +560,19 @@ would match +zoo/woo/foo/bar/baz+ with +params[:a]+ equals +"zoo/woo"+, and +par NOTE: Starting from Rails 3.1, wildcard routes will always match the optional format segment by default. For example if you have this route: <ruby> -map '*pages' => 'pages#show' +match '*pages' => 'pages#show' </ruby> NOTE: By requesting +"/foo/bar.json"+, your +params[:pages]+ will be equals to +"foo/bar"+ with the request format of JSON. If you want the old 3.0.x behavior back, you could supply +:format => false+ like this: <ruby> -map '*pages' => 'pages#show', :format => false +match '*pages' => 'pages#show', :format => false +</ruby> + +NOTE: If you want to make the format segment mandatory, so it cannot be omitted, you can supply +:format => true+ like this: + +<ruby> +match '*pages' => 'pages#show', :format => true </ruby> h4. Redirection @@ -628,16 +634,16 @@ resources :photos, :controller => "images" will recognize incoming paths beginning with +/photos+ but route to the +Images+ controller: -|_.HTTP Verb |_.Path |_.action |_.named helper | -|GET |/photos |index | photos_path | -|GET |/photos/new |new | new_photo_path | -|POST |/photos |create | photos_path | -|GET |/photos/1 |show | photo_path(id) | -|GET |/photos/1/edit |edit | edit_photo_path(id) | -|PUT |/photos/1 |update | photo_path(id) | -|DELETE |/photos/1 |destroy | photo_path(id) | +|_.HTTP Verb |_.Path |_.action |_.named helper | +|GET |/photos |index | photos_path | +|GET |/photos/new |new | new_photo_path | +|POST |/photos |create | photos_path | +|GET |/photos/:id |show | photo_path(:id) | +|GET |/photos/:id/edit |edit | edit_photo_path(:id) | +|PUT |/photos/:id |update | photo_path(:id) | +|DELETE |/photos/:id |destroy | photo_path(:id) | -NOTE: Use +photos_path+, +new_photos_path+, etc. to generate paths for this resource. +NOTE: Use +photos_path+, +new_photo_path+, etc. to generate paths for this resource. h4. Specifying Constraints @@ -672,14 +678,14 @@ resources :photos, :as => "images" will recognize incoming paths beginning with +/photos+ and route the requests to +PhotosController+, but use the value of the :as option to name the helpers. -|_.HTTP verb|_.Path |_.action |_.named helper | -|GET |/photos |index | images_path | -|GET |/photos/new |new | new_image_path | -|POST |/photos |create | images_path | -|GET |/photos/1 |show | image_path(id) | -|GET |/photos/1/edit |edit | edit_image_path(id) | -|PUT |/photos/1 |update | image_path(id) | -|DELETE |/photos/1 |destroy | image_path(id) | +|_.HTTP verb|_.Path |_.action |_.named helper | +|GET |/photos |index | images_path | +|GET |/photos/new |new | new_image_path | +|POST |/photos |create | images_path | +|GET |/photos/:id |show | image_path(:id) | +|GET |/photos/:id/edit |edit | edit_image_path(:id) | +|PUT |/photos/:id |update | image_path(:id) | +|DELETE |/photos/:id |destroy | image_path(:id) | h4. Overriding the +new+ and +edit+ Segments @@ -776,14 +782,14 @@ end Rails now creates routes to the +CategoriesController+. -|_.HTTP verb|_.Path |_.action |_.named helper | -|GET |/kategorien |index | categories_path | -|GET |/kategorien/neu |new | new_category_path | -|POST |/kategorien |create | categories_path | -|GET |/kategorien/1 |show | category_path(id) | -|GET |/kategorien/1/bearbeiten |edit | edit_category_path(id) | -|PUT |/kategorien/1 |update | category_path(id) | -|DELETE |/kategorien/1 |destroy | category_path(id) | +|_.HTTP verb|_.Path |_.action |_.named helper | +|GET |/kategorien |index | categories_path | +|GET |/kategorien/neu |new | new_category_path | +|POST |/kategorien |create | categories_path | +|GET |/kategorien/:id |show | category_path(:id) | +|GET |/kategorien/:id/bearbeiten |edit | edit_category_path(:id) | +|PUT |/kategorien/:id |update | category_path(:id) | +|DELETE |/kategorien/:id |destroy | category_path(:id) | h4. Overriding the Singular Form @@ -823,10 +829,10 @@ If you want a complete list of all of the available routes in your application, For example, here's a small section of the +rake routes+ output for a RESTful route: <pre> - users GET /users {:controller=>"users", :action=>"index"} -formatted_users GET /users.:format {:controller=>"users", :action=>"index"} - POST /users {:controller=>"users", :action=>"create"} - POST /users.:format {:controller=>"users", :action=>"create"} + users GET /users(.:format) users#index + POST /users(.:format) users#create + new_user GET /users/new(.:format) users#new +edit_user GET /users/:id/edit(.:format) users#edit </pre> You may restrict the listing to the routes that map to a particular controller setting the +CONTROLLER+ environment variable: diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile index 908f3f125a..1f6ff88c1f 100644 --- a/railties/guides/source/security.textile +++ b/railties/guides/source/security.textile @@ -15,7 +15,7 @@ endprologue. h3. Introduction -Web application frameworks are made to help developers building web applications. Some of them also help you with securing the web application. In fact one framework is not more secure than another: If you use it correctly, you will be able to build secure apps with many frameworks. Ruby on Rails has some clever helper methods, for example against SQL injection, so that this is hardly a problem. It‘s nice to see that all of the Rails applications I audited had a good level of security. +Web application frameworks are made to help developers building web applications. Some of them also help you with securing the web application. In fact one framework is not more secure than another: If you use it correctly, you will be able to build secure apps with many frameworks. Ruby on Rails has some clever helper methods, for example against SQL injection, so that this is hardly a problem. It's nice to see that all of the Rails applications I audited had a good level of security. In general there is no such thing as plug-n-play security. Security depends on the people using the framework, and sometimes on the development method. And it depends on all layers of a web application environment: The back-end storage, the web server and the web application itself (and possibly other layers or applications). @@ -23,7 +23,7 @@ The Gartner Group however estimates that 75% of attacks are at the web applicati The threats against web applications include user account hijacking, bypass of access control, reading or modifying sensitive data, or presenting fraudulent content. Or an attacker might be able to install a Trojan horse program or unsolicited e-mail sending software, aim at financial enrichment or cause brand name damage by modifying company resources. In order to prevent attacks, minimize their impact and remove points of attack, first of all, you have to fully understand the attack methods in order to find the correct countermeasures. That is what this guide aims at. -In order to develop secure web applications you have to keep up to date on all layers and know your enemies. To keep up to date subscribe to security mailing lists, read security blogs and make updating and security checks a habit (check the <a href="#additional-resources">Additional Resources</a> chapter). I do it manually because that‘s how you find the nasty logical security problems. +In order to develop secure web applications you have to keep up to date on all layers and know your enemies. To keep up to date subscribe to security mailing lists, read security blogs and make updating and security checks a habit (check the <a href="#additional-resources">Additional Resources</a> chapter). I do it manually because that's how you find the nasty logical security problems. h3. Sessions @@ -209,7 +209,7 @@ The HTTP protocol basically provides two main types of requests - GET and POST ( * The interaction _(highlight)changes the state_ of the resource in a way that the user would perceive (e.g., a subscription to a service), or * The user is _(highlight)held accountable for the results_ of the interaction. -If your web application is RESTful, you might be used to additional HTTP verbs, such as PUT or DELETE. Most of today‘s web browsers, however do not support them - only GET and POST. Rails uses a hidden +_method+ field to handle this barrier. +If your web application is RESTful, you might be used to additional HTTP verbs, such as PUT or DELETE. Most of today's web browsers, however do not support them - only GET and POST. Rails uses a hidden +_method+ field to handle this barrier. _(highlight)POST requests can be sent automatically, too_. Here is an example for a link which displays www.harmless.com as destination in the browser's status bar. In fact it dynamically creates a new form that sends a POST request. @@ -617,7 +617,7 @@ This is alright for some web applications, but certainly not if the user is not Depending on your web application, there will be many more parameters the user can tamper with. As a rule of thumb, _(highlight)no user input data is secure, until proven otherwise, and every parameter from the user is potentially manipulated_. -Don‘t be fooled by security by obfuscation and JavaScript security. The Web Developer Toolbar for Mozilla Firefox lets you review and change every form's hidden fields. _(highlight)JavaScript can be used to validate user input data, but certainly not to prevent attackers from sending malicious requests with unexpected values_. The Live Http Headers plugin for Mozilla Firefox logs every request and may repeat and change them. That is an easy way to bypass any JavaScript validations. And there are even client-side proxies that allow you to intercept any request and response from and to the Internet. +Don't be fooled by security by obfuscation and JavaScript security. The Web Developer Toolbar for Mozilla Firefox lets you review and change every form's hidden fields. _(highlight)JavaScript can be used to validate user input data, but certainly not to prevent attackers from sending malicious requests with unexpected values_. The Live Http Headers plugin for Mozilla Firefox logs every request and may repeat and change them. That is an easy way to bypass any JavaScript validations. And there are even client-side proxies that allow you to intercept any request and response from and to the Internet. h3. Injection @@ -825,7 +825,7 @@ Network traffic is mostly based on the limited Western alphabet, so new characte &#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;> </html> -This example pops up a message box. It will be recognized by the above sanitize() filter, though. A great tool to obfuscate and encode strings, and thus “get to know your enemy”, is the "Hackvertor":http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php. Rails‘ sanitize() method does a good job to fend off encoding attacks. +This example pops up a message box. It will be recognized by the above sanitize() filter, though. A great tool to obfuscate and encode strings, and thus “get to know your enemy”, is the "Hackvertor":http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php. Rails' sanitize() method does a good job to fend off encoding attacks. h5. Examples from the Underground |
