From a0946692c13b7d1724cbc86731f3611a7f8177d2 Mon Sep 17 00:00:00 2001 From: Sebastian Martinez Date: Fri, 25 Mar 2011 19:34:45 -0300 Subject: Update AR querying guide with #first! and #last! new methods --- .../guides/source/active_record_querying.textile | 34 ++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'railties/guides') diff --git a/railties/guides/source/active_record_querying.textile b/railties/guides/source/active_record_querying.textile index 009d541106..484ba796bd 100644 --- a/railties/guides/source/active_record_querying.textile +++ b/railties/guides/source/active_record_querying.textile @@ -130,6 +130,40 @@ SELECT * FROM clients ORDER BY clients.id DESC LIMIT 1 Model.last returns +nil+ if no matching record is found. No exception will be raised. +h5. +first!+ + +Model.first! finds the first record matched by the supplied options. For example: + + +client = Client.first! +=> # + + +SQL equivalent of the above is: + + +SELECT * FROM clients LIMIT 1 + + +Model.first! raises +RecordNotFound+ if no matching record is found. + +h5. +last!+ + +Model.last! finds the last record matched by the supplied options. For example: + + +client = Client.last! +=> # + + +SQL equivalent of the above is: + + +SELECT * FROM clients ORDER BY clients.id DESC LIMIT 1 + + +Model.last! raises +RecordNotFound+ if no matching record is found. + h4. Retrieving Multiple Objects h5. Using Multiple Primary Keys -- cgit v1.2.3 From 6ee5d9244c418ab51d48bcda444ce50b1ad2a4e7 Mon Sep 17 00:00:00 2001 From: Sebastian Martinez Date: Fri, 25 Mar 2011 20:07:13 -0300 Subject: impact recent updates to #first! and #last! methods --- railties/guides/source/active_record_querying.textile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'railties/guides') diff --git a/railties/guides/source/active_record_querying.textile b/railties/guides/source/active_record_querying.textile index 484ba796bd..2c5d9e67e3 100644 --- a/railties/guides/source/active_record_querying.textile +++ b/railties/guides/source/active_record_querying.textile @@ -76,7 +76,7 @@ Primary operation of Model.find(options) can be summarized as: h4. Retrieving a Single Object -Active Record lets you retrieve a single object using three different ways. +Active Record lets you retrieve a single object using five different ways. h5. Using a Primary Key @@ -132,7 +132,7 @@ SELECT * FROM clients ORDER BY clients.id DESC LIMIT 1 h5. +first!+ -Model.first! finds the first record matched by the supplied options. For example: +Model.first! finds the first record. For example: client = Client.first! @@ -149,7 +149,7 @@ SELECT * FROM clients LIMIT 1 h5. +last!+ -Model.last! finds the last record matched by the supplied options. For example: +Model.last! finds the last record. For example: client = Client.last! -- cgit v1.2.3 From 7c6807296b114f0688e6e74494f1d43d3a0548ba Mon Sep 17 00:00:00 2001 From: Sebastian Martinez Date: Sat, 26 Mar 2011 12:13:39 -0300 Subject: Updated guides for new #update_column. --- railties/guides/source/active_record_validations_callbacks.textile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'railties/guides') diff --git a/railties/guides/source/active_record_validations_callbacks.textile b/railties/guides/source/active_record_validations_callbacks.textile index e5349d546c..6c80ec39f2 100644 --- a/railties/guides/source/active_record_validations_callbacks.textile +++ b/railties/guides/source/active_record_validations_callbacks.textile @@ -83,7 +83,7 @@ The following methods skip validations, and will save the object to the database * +increment_counter+ * +toggle!+ * +update_all+ -* +update_attribute+ +* +update_column+ * +update_counters+ Note that +save+ also has the ability to skip validations if passed +:validate => false+ as argument. This technique should be used with caution. @@ -964,7 +964,6 @@ The following methods trigger callbacks: * +save(false)+ * +toggle!+ * +update+ -* +update_attribute+ * +update_attributes+ * +update_attributes!+ * +valid?+ @@ -993,6 +992,7 @@ Just as with validations, it's also possible to skip callbacks. These methods sh * +increment+ * +increment_counter+ * +toggle+ +* +update_column+ * +update_all+ * +update_counters+ -- cgit v1.2.3 From 35129f5b9921428d3c200224841476ba69fa4dc3 Mon Sep 17 00:00:00 2001 From: mhutchin Date: Sun, 27 Mar 2011 01:40:49 -0700 Subject: Minor typo fix. --- railties/guides/source/testing.textile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'railties/guides') diff --git a/railties/guides/source/testing.textile b/railties/guides/source/testing.textile index 4ebdb3edf6..3b3cde3e9b 100644 --- a/railties/guides/source/testing.textile +++ b/railties/guides/source/testing.textile @@ -81,7 +81,7 @@ Each fixture is given a name followed by an indented list of colon-separated key h5. ERb'in It Up -ERb allows you embed ruby code within templates. Both the YAML and CSV fixture formats are pre-processed with ERb when you load fixtures. This allows you to use Ruby to help you generate some sample data. +ERb allows you to embed ruby code within templates. Both the YAML and CSV fixture formats are pre-processed with ERb when you load fixtures. This allows you to use Ruby to help you generate some sample data. <% earth_size = 20 %> -- cgit v1.2.3 From 738e906a021885a0cc864cf781b4cb54a973ef21 Mon Sep 17 00:00:00 2001 From: mhutchin Date: Sun, 27 Mar 2011 02:34:02 -0700 Subject: A little minor rephrasing for improved readability. --- railties/guides/source/testing.textile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'railties/guides') diff --git a/railties/guides/source/testing.textile b/railties/guides/source/testing.textile index 3b3cde3e9b..d3f72509c6 100644 --- a/railties/guides/source/testing.textile +++ b/railties/guides/source/testing.textile @@ -227,7 +227,7 @@ $ rake db:migrate $ rake db:test:load -Above +rake db:migrate+ runs any pending migrations on the _development_ environment and updates +db/schema.rb+. +rake db:test:load+ recreates the test database from the current +db/schema.rb+. On subsequent attempts, it is a good idea to first run +db:test:prepare+, as it first checks for pending migrations and warns you appropriately. +The +rake db:migrate+ above runs any pending migrations on the _development_ environment and updates +db/schema.rb+. The +rake db:test:load+ recreates the test database from the current +db/schema.rb+. On subsequent attempts, it is a good idea to first run +db:test:prepare+, as it first checks for pending migrations and warns you appropriately. NOTE: +db:test:prepare+ will fail with an error if +db/schema.rb+ doesn't exist. -- cgit v1.2.3 From 2c0c4d754e34b13379dfc53121a970c25fab5dae Mon Sep 17 00:00:00 2001 From: Prem Sichanugrist Date: Sun, 27 Mar 2011 23:55:46 +0700 Subject: Add `config.force_ssl` configuration which will load `Rack::SSL` middleware if set to true This will allow user to be able to force all requests to be under HTTPS protocol. This commit was a request from DHH. Special thanks to Josh Peek as well for making `Rack::SSL`. --- railties/guides/source/configuring.textile | 3 +++ railties/guides/source/security.textile | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'railties/guides') diff --git a/railties/guides/source/configuring.textile b/railties/guides/source/configuring.textile index 62b846e871..04e2d6daed 100644 --- a/railties/guides/source/configuring.textile +++ b/railties/guides/source/configuring.textile @@ -81,6 +81,8 @@ end * +config.filter_parameters+ used for filtering out the parameters that you don't want shown in the logs, such as passwords or credit card numbers. +* +config.force_ssl+ forcing all requests to be under HTTPS protocol by using +Rack::SSL+ middleware. This will secure your application from a session hijack attempt. + * +config.helper_paths+ configures where Rails can find helpers for this application. * +config.log_level+ defines the verbosity of the Rails logger. In production mode, this defaults to +:info+. In development mode, it defaults to +:debug+. @@ -147,6 +149,7 @@ h4. Configuring Middleware Every Rails application comes with a standard set of middleware which it uses in this order in the development environment: +* +Rack::SSL+ Will force every requests to be under HTTPS protocal. Will be available if +config.force_ssl+ is set to _true_. * +ActionDispatch::Static+ is used to serve static assets. Disabled if +config.serve_static_assets+ is _true_. * +Rack::Lock+ Will wrap the app in mutex so it can only be called by a single thread at a time. Only enabled if +config.action_controller.allow_concurrency+ is set to _false_, which it is by default. * +ActiveSupport::Cache::Strategy::LocalCache+ Serves as a basic memory backed cache. This cache is not thread safe and is intended only for serving as a temporary memory cache for a single thread. diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile index 182f3631ef..893f65856c 100644 --- a/railties/guides/source/security.textile +++ b/railties/guides/source/security.textile @@ -57,7 +57,11 @@ Many web applications have an authentication system: a user provides a user name Hence, the cookie serves as temporary authentication for the web application. Everyone who seizes a cookie from someone else, may use the web application as this user – with possibly severe consequences. Here are some ways to hijack a session, and their countermeasures: -* Sniff the cookie in an insecure network. A wireless LAN can be an example of such a network. In an unencrypted wireless LAN it is especially easy to listen to the traffic of all connected clients. This is one more reason not to work from a coffee shop. For the web application builder this means to _(highlight)provide a secure connection over SSL_. +* Sniff the cookie in an insecure network. A wireless LAN can be an example of such a network. In an unencrypted wireless LAN it is especially easy to listen to the traffic of all connected clients. This is one more reason not to work from a coffee shop. For the web application builder this means to _(highlight)provide a secure connection over SSL_. In Rails 3.1 and later, this could be accomplished by always forcing SSL connection in your application config file: + + +config.force_ssl = true + * Most people don't clear out the cookies after working at a public terminal. So if the last user didn't log out of a web application, you would be able to use it as this user. Provide the user with a _(highlight)log-out button_ in the web application, and _(highlight)make it prominent_. -- cgit v1.2.3 From 7cbdfa83035aacb0d4dbfa84525b54e9122efb75 Mon Sep 17 00:00:00 2001 From: Prem Sichanugrist Date: Mon, 28 Mar 2011 03:05:14 +0800 Subject: Add controller-specific `force_ssl` method to force web browser to use HTTPS protocol This would become useful for site which sometime transferring sensitive information such as account information on particular controller or action. This featured was requested by DHH. --- .../source/action_controller_overview.textile | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'railties/guides') diff --git a/railties/guides/source/action_controller_overview.textile b/railties/guides/source/action_controller_overview.textile index ecb03a48e4..178d98c2d6 100644 --- a/railties/guides/source/action_controller_overview.textile +++ b/railties/guides/source/action_controller_overview.textile @@ -816,6 +816,28 @@ end NOTE: Certain exceptions are only rescuable from the +ApplicationController+ class, as they are raised before the controller gets initialized and the action gets executed. See Pratik Naik's "article":http://m.onkey.org/2008/7/20/rescue-from-dispatching on the subject for more information. +h3. Force HTTPS protocol + +Sometime you might want to force a particular controller to only be accessible via an HTTPS protocol for security reason. Since Rails 3.1 you can now use +force_ssl+ method in your controller to enforce that: + + +class DinnerController + force_ssl +end + + +Just like the filter, you could also passing +:only+ and +:except+ to enforce the secure connection only to specific actions + + +class DinnerController + force_ssl :only => :cheeseburger + # or + force_ssl :except => :cheeseburger +end + + +Please note that if you found yourself adding +force_ssl+ to many controllers, you may found yourself wanting to force the whole application to use HTTPS instead. In that case, you can set the +config.force_ssl+ in your environment file. + h3. Changelog * February 17, 2009: Yet another proofread by Xavier Noria. -- cgit v1.2.3 From 884e39f69eb8012b7ce455747d1b8aa7b34d83d3 Mon Sep 17 00:00:00 2001 From: Prem Sichanugrist Date: Mon, 28 Mar 2011 04:31:19 +0800 Subject: Fix documentation typo --- railties/guides/source/configuring.textile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'railties/guides') diff --git a/railties/guides/source/configuring.textile b/railties/guides/source/configuring.textile index 04e2d6daed..298335d484 100644 --- a/railties/guides/source/configuring.textile +++ b/railties/guides/source/configuring.textile @@ -149,7 +149,7 @@ h4. Configuring Middleware Every Rails application comes with a standard set of middleware which it uses in this order in the development environment: -* +Rack::SSL+ Will force every requests to be under HTTPS protocal. Will be available if +config.force_ssl+ is set to _true_. +* +Rack::SSL+ Will force every requests to be under HTTPS protocol. Will be available if +config.force_ssl+ is set to _true_. * +ActionDispatch::Static+ is used to serve static assets. Disabled if +config.serve_static_assets+ is _true_. * +Rack::Lock+ Will wrap the app in mutex so it can only be called by a single thread at a time. Only enabled if +config.action_controller.allow_concurrency+ is set to _false_, which it is by default. * +ActiveSupport::Cache::Strategy::LocalCache+ Serves as a basic memory backed cache. This cache is not thread safe and is intended only for serving as a temporary memory cache for a single thread. -- cgit v1.2.3 From 6194c6d13b1349228baa85bf19b4f502011365a4 Mon Sep 17 00:00:00 2001 From: Xavier Noria Date: Sun, 27 Mar 2011 23:49:11 +0200 Subject: AR validations and callbacks guide: put update_attribute back --- railties/guides/source/active_record_validations_callbacks.textile | 2 ++ 1 file changed, 2 insertions(+) (limited to 'railties/guides') diff --git a/railties/guides/source/active_record_validations_callbacks.textile b/railties/guides/source/active_record_validations_callbacks.textile index 6c80ec39f2..514d0322b9 100644 --- a/railties/guides/source/active_record_validations_callbacks.textile +++ b/railties/guides/source/active_record_validations_callbacks.textile @@ -83,6 +83,7 @@ The following methods skip validations, and will save the object to the database * +increment_counter+ * +toggle!+ * +update_all+ +* +update_attribute+ * +update_column+ * +update_counters+ @@ -964,6 +965,7 @@ The following methods trigger callbacks: * +save(false)+ * +toggle!+ * +update+ +* +update_attribute+ * +update_attributes+ * +update_attributes!+ * +valid?+ -- cgit v1.2.3 From 51551a0a5bd6f7e4116bc3759a4d7c15634643dc Mon Sep 17 00:00:00 2001 From: Prem Sichanugrist Date: Tue, 29 Mar 2011 02:59:24 +0700 Subject: Update the wildcard route to be non-greedy by default, therefore be able to match the (.:format) segment [#6605 state:resolved] After some discussion with Andrew White, it seems like this is a better approach for handling a wildcard route. However, user can still bring back the old behavior by supplying `:format => false` to the route. Signed-off-by: Andrew White --- railties/guides/source/routing.textile | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'railties/guides') diff --git a/railties/guides/source/routing.textile b/railties/guides/source/routing.textile index c447fd911a..58b75b9a1d 100644 --- a/railties/guides/source/routing.textile +++ b/railties/guides/source/routing.textile @@ -557,6 +557,18 @@ match '*a/foo/*b' => 'test#index' would match +zoo/woo/foo/bar/baz+ with +params[:a]+ equals +"zoo/woo"+, and +params[:b]+ equals +"bar/baz"+. +NOTE: Starting from Rails 3.1, wildcard route will always matching the optional format segment by default. For example if you have this route: + + +map '*pages' => 'pages#show' + + +NOTE: By requesting +"/foo/bar.json"+, your +params[:pages]+ will be equals to +"foo/bar"+ with the request format of JSON. If you want the old 3.0.x behavior back, you could supply +:format => false+ like this: + + +map '*pages' => 'pages#show', :format => false + + h4. Redirection You can redirect any path to another path using the +redirect+ helper in your router: -- cgit v1.2.3 From a9dafbb28de3e34c31ebf184fbc4e2042c7ff207 Mon Sep 17 00:00:00 2001 From: Andrew White Date: Tue, 29 Mar 2011 15:08:40 +0100 Subject: Delegate first!, last!, any? and many? to scoped --- .../guides/source/active_record_querying.textile | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'railties/guides') diff --git a/railties/guides/source/active_record_querying.textile b/railties/guides/source/active_record_querying.textile index 2c5d9e67e3..f3a10b8b92 100644 --- a/railties/guides/source/active_record_querying.textile +++ b/railties/guides/source/active_record_querying.textile @@ -962,6 +962,26 @@ Client.exists? The above returns +false+ if the +clients+ table is empty and +true+ otherwise. +You can also use +any?+ and +many?+ to check for existence on a model or relation. + + +# via a model +Post.any? +Post.many? + +# via a named scope +Post.recent.any? +Post.recent.many? + +# via a relation +Post.where(:published => true).any? +Post.where(:published => true).many? + +# via an association +Post.first.categories.any? +Post.first.categories.many? + + h3. Calculations This section uses count as an example method in this preamble, but the options described apply to all sub-sections. -- cgit v1.2.3