rails 4.2.2 → 4.2.11.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/guides/CHANGELOG.md +72 -2
- data/guides/Rakefile +16 -3
- data/guides/bug_report_templates/generic_gem.rb +15 -0
- data/guides/bug_report_templates/generic_master.rb +26 -0
- data/guides/rails_guides/levenshtein.rb +0 -2
- data/guides/source/4_2_release_notes.md +24 -0
- data/guides/source/_welcome.html.erb +5 -1
- data/guides/source/action_mailer_basics.md +4 -1
- data/guides/source/action_view_overview.md +2 -61
- data/guides/source/active_job_basics.md +27 -6
- data/guides/source/active_record_basics.md +6 -6
- data/guides/source/active_record_querying.md +1 -3
- data/guides/source/active_record_validations.md +3 -2
- data/guides/source/active_support_core_extensions.md +2 -50
- data/guides/source/active_support_instrumentation.md +0 -11
- data/guides/source/api_documentation_guidelines.md +1 -1
- data/guides/source/asset_pipeline.md +5 -40
- data/guides/source/association_basics.md +14 -4
- data/guides/source/autoloading_and_reloading_constants.md +2 -1
- data/guides/source/configuring.md +29 -4
- data/guides/source/contributing_to_ruby_on_rails.md +3 -3
- data/guides/source/engines.md +10 -10
- data/guides/source/getting_started.md +19 -24
- data/guides/source/i18n.md +1 -1
- data/guides/source/initialization.md +1 -1
- data/guides/source/layout.html.erb +4 -7
- data/guides/source/layouts_and_rendering.md +8 -9
- data/guides/source/rails_on_rack.md +0 -1
- data/guides/source/routing.md +15 -1
- data/guides/source/security.md +1 -1
- data/guides/source/testing.md +1 -1
- data/guides/source/upgrading_ruby_on_rails.md +17 -1
- data/guides/source/working_with_javascript_in_rails.md +1 -1
- metadata +21 -20
@@ -169,7 +169,7 @@ class CreateCustomers < ActiveRecord::Migration
|
|
169
169
|
end
|
170
170
|
|
171
171
|
create_table :orders do |t|
|
172
|
-
t.belongs_to :customer, index:true
|
172
|
+
t.belongs_to :customer, index: true
|
173
173
|
t.datetime :order_date
|
174
174
|
t.timestamps null: false
|
175
175
|
end
|
@@ -1417,7 +1417,13 @@ The `collection_singular_ids=` method makes the collection contain only the obje
|
|
1417
1417
|
|
1418
1418
|
##### `collection.clear`
|
1419
1419
|
|
1420
|
-
The `collection.clear` method removes
|
1420
|
+
The `collection.clear` method removes all objects from the collection according to the strategy specified by the `dependent` option. If no option is given, it follows the default strategy. The default strategy for `has_many :through` associations is `delete_all`, and for `has_many` associations is to set the foreign keys to `NULL`.
|
1421
|
+
|
1422
|
+
```ruby
|
1423
|
+
@customer.orders.clear
|
1424
|
+
```
|
1425
|
+
|
1426
|
+
WARNING: Objects will be delete if they're associated with `dependent: :destroy`, just like `dependent: :delete_all`.
|
1421
1427
|
|
1422
1428
|
##### `collection.empty?`
|
1423
1429
|
|
@@ -1456,7 +1462,9 @@ The `collection.where` method finds objects within the collection based on the c
|
|
1456
1462
|
|
1457
1463
|
##### `collection.exists?(...)`
|
1458
1464
|
|
1459
|
-
The `collection.exists?` method checks whether an object meeting the supplied
|
1465
|
+
The `collection.exists?` method checks whether an object meeting the supplied
|
1466
|
+
conditions exists in the collection. It uses the same syntax and options as
|
1467
|
+
[`ActiveRecord::Base.exists?`](http://api.rubyonrails.org/classes/ActiveRecord/FinderMethods.html#method-i-exists-3F).
|
1460
1468
|
|
1461
1469
|
##### `collection.build(attributes = {}, ...)`
|
1462
1470
|
|
@@ -1949,7 +1957,9 @@ The `collection.where` method finds objects within the collection based on the c
|
|
1949
1957
|
|
1950
1958
|
##### `collection.exists?(...)`
|
1951
1959
|
|
1952
|
-
The `collection.exists?` method checks whether an object meeting the supplied
|
1960
|
+
The `collection.exists?` method checks whether an object meeting the supplied
|
1961
|
+
conditions exists in the collection. It uses the same syntax and options as
|
1962
|
+
[`ActiveRecord::Base.exists?`](http://api.rubyonrails.org/classes/ActiveRecord/FinderMethods.html#method-i-exists-3F).
|
1953
1963
|
|
1954
1964
|
##### `collection.build(attributes = {})`
|
1955
1965
|
|
@@ -461,8 +461,9 @@ Also, this collection is configurable via `config.autoload_paths`. For example,
|
|
461
461
|
by adding this to `config/application.rb`:
|
462
462
|
|
463
463
|
```ruby
|
464
|
-
config.autoload_paths
|
464
|
+
config.autoload_paths << "#{Rails.root}/lib"
|
465
465
|
```
|
466
|
+
`config.autoload_paths` is accessible from environment-specific configuration files, but any changes made to it outside `config/application.rb` don't have an effect.
|
466
467
|
|
467
468
|
The value of `autoload_paths` can be inspected. In a just generated application
|
468
469
|
it is (edited):
|
@@ -33,7 +33,7 @@ In general, the work of configuring Rails means configuring the components of Ra
|
|
33
33
|
For example, the `config/application.rb` file includes this setting:
|
34
34
|
|
35
35
|
```ruby
|
36
|
-
config.
|
36
|
+
config.time_zone = 'Central Time (US & Canada)'
|
37
37
|
```
|
38
38
|
|
39
39
|
This is a setting for Rails itself. If you want to pass settings to individual Rails components, you can do so via the same `config` object in `config/application.rb`:
|
@@ -139,8 +139,6 @@ pipeline is enabled. It is set to true by default.
|
|
139
139
|
|
140
140
|
* `config.assets.raise_runtime_errors` Set this flag to `true` to enable additional runtime error checking. Recommended in `config/environments/development.rb` to minimize unexpected behavior when deploying to `production`.
|
141
141
|
|
142
|
-
* `config.assets.compress` a flag that enables the compression of compiled assets. It is explicitly set to true in `config/environments/production.rb`.
|
143
|
-
|
144
142
|
* `config.assets.css_compressor` defines the CSS compressor to use. It is set by default by `sass-rails`. The unique alternative value at the moment is `:yui`, which uses the `yui-compressor` gem.
|
145
143
|
|
146
144
|
* `config.assets.js_compressor` defines the JavaScript compressor to use. Possible values are `:closure`, `:uglifier` and `:yui` which require the use of the `closure-compiler`, `uglifier` or `yui-compressor` gems respectively.
|
@@ -1027,7 +1025,7 @@ NOTE. If you are running in a multi-threaded environment, there could be a chanc
|
|
1027
1025
|
Custom configuration
|
1028
1026
|
--------------------
|
1029
1027
|
|
1030
|
-
You can configure your own code through the Rails configuration object with custom configuration. It works like this:
|
1028
|
+
You can configure your own code through the Rails configuration object with custom configuration under the `config.x` property. It works like this:
|
1031
1029
|
|
1032
1030
|
```ruby
|
1033
1031
|
config.x.payment_processing.schedule = :daily
|
@@ -1043,3 +1041,30 @@ These configuration points are then available through the configuration object:
|
|
1043
1041
|
Rails.configuration.x.super_debugger # => true
|
1044
1042
|
Rails.configuration.x.super_debugger.not_set # => nil
|
1045
1043
|
```
|
1044
|
+
|
1045
|
+
You can also use Rails::Application.config_for to load whole configuration files:
|
1046
|
+
|
1047
|
+
```ruby
|
1048
|
+
# config/payment.yml:
|
1049
|
+
production:
|
1050
|
+
environment: production
|
1051
|
+
merchant_id: production_merchant_id
|
1052
|
+
public_key: production_public_key
|
1053
|
+
private_key: production_private_key
|
1054
|
+
development:
|
1055
|
+
environment: sandbox
|
1056
|
+
merchant_id: development_merchant_id
|
1057
|
+
public_key: development_public_key
|
1058
|
+
private_key: development_private_key
|
1059
|
+
|
1060
|
+
# config/application.rb
|
1061
|
+
module MyApp
|
1062
|
+
class Application < Rails::Application
|
1063
|
+
config.x.payment = config_for(:payment)
|
1064
|
+
end
|
1065
|
+
end
|
1066
|
+
```
|
1067
|
+
|
1068
|
+
```ruby
|
1069
|
+
Rails.configuration.x.payment['merchant_id'] # => production_merchant_id or development_merchant_id
|
1070
|
+
```
|
@@ -119,11 +119,11 @@ Contributing to the Rails Documentation
|
|
119
119
|
Ruby on Rails has two main sets of documentation: the guides, which help you
|
120
120
|
learn about Ruby on Rails, and the API, which serves as a reference.
|
121
121
|
|
122
|
-
You can help improve the Rails guides by making them more coherent, consistent or readable, adding missing information, correcting factual errors, fixing typos, or bringing it up to date with the latest edge Rails.
|
122
|
+
You can help improve the Rails guides by making them more coherent, consistent or readable, adding missing information, correcting factual errors, fixing typos, or bringing it up to date with the latest edge Rails.
|
123
123
|
|
124
124
|
You can either open a pull request to [Rails](http://github.com/rails/rails) or
|
125
125
|
ask the [Rails core team](http://rubyonrails.org/core) for commit access on
|
126
|
-
|
126
|
+
docrails if you contribute regularly.
|
127
127
|
Please do not open pull requests in docrails, if you'd like to get feedback on your
|
128
128
|
change, ask for it in [Rails](http://github.com/rails/rails) instead.
|
129
129
|
|
@@ -281,7 +281,7 @@ You can run a single test through ruby. For instance:
|
|
281
281
|
|
282
282
|
```bash
|
283
283
|
$ cd actionmailer
|
284
|
-
$ ruby -w -Itest test/mail_layout_test.rb -n test_explicit_class_layout
|
284
|
+
$ bundle exec ruby -w -Itest test/mail_layout_test.rb -n test_explicit_class_layout
|
285
285
|
```
|
286
286
|
|
287
287
|
The `-n` option allows you to run a single method instead of the whole
|
data/guides/source/engines.md
CHANGED
@@ -589,7 +589,7 @@ the comments, however, is not quite right yet. If you were to create a comment
|
|
589
589
|
right now, you would see this error:
|
590
590
|
|
591
591
|
```
|
592
|
-
Missing partial blorgh/comments/
|
592
|
+
Missing partial blorgh/comments/_comment with {:handlers=>[:erb, :builder],
|
593
593
|
:formats=>[:html], :locale=>[:en, :en]}. Searched in: *
|
594
594
|
"/Users/ryan/Sites/side_projects/blorgh/test/dummy/app/views" *
|
595
595
|
"/Users/ryan/Sites/side_projects/blorgh/app/views"
|
@@ -598,7 +598,7 @@ Missing partial blorgh/comments/comment with {:handlers=>[:erb, :builder],
|
|
598
598
|
The engine is unable to find the partial required for rendering the comments.
|
599
599
|
Rails looks first in the application's (`test/dummy`) `app/views` directory and
|
600
600
|
then in the engine's `app/views` directory. When it can't find it, it will throw
|
601
|
-
this error. The engine knows to look for `blorgh/comments/
|
601
|
+
this error. The engine knows to look for `blorgh/comments/_comment` because the
|
602
602
|
model object it is receiving is from the `Blorgh::Comment` class.
|
603
603
|
|
604
604
|
This partial will be responsible for rendering just the comment text, for now.
|
@@ -696,8 +696,8 @@ haven't been copied over already. The first run for this command will output
|
|
696
696
|
something such as this:
|
697
697
|
|
698
698
|
```bash
|
699
|
-
Copied migration [timestamp_1]_create_blorgh_articles.rb from blorgh
|
700
|
-
Copied migration [timestamp_2]_create_blorgh_comments.rb from blorgh
|
699
|
+
Copied migration [timestamp_1]_create_blorgh_articles.blorgh.rb from blorgh
|
700
|
+
Copied migration [timestamp_2]_create_blorgh_comments.blorgh.rb from blorgh
|
701
701
|
```
|
702
702
|
|
703
703
|
The first timestamp (`[timestamp_1]`) will be the current time, and the second
|
@@ -829,11 +829,9 @@ Notice that only _one_ migration was copied over here. This is because the first
|
|
829
829
|
two migrations were copied over the first time this command was run.
|
830
830
|
|
831
831
|
```
|
832
|
-
NOTE Migration [timestamp]_create_blorgh_articles.rb from blorgh has been
|
833
|
-
skipped. Migration with the same name already exists.
|
834
|
-
[timestamp]
|
835
|
-
with the same name already exists. Copied migration
|
836
|
-
[timestamp]_add_author_id_to_blorgh_articles.rb from blorgh
|
832
|
+
NOTE Migration [timestamp]_create_blorgh_articles.blorgh.rb from blorgh has been skipped. Migration with the same name already exists.
|
833
|
+
NOTE Migration [timestamp]_create_blorgh_comments.blorgh.rb from blorgh has been skipped. Migration with the same name already exists.
|
834
|
+
Copied migration [timestamp]_add_author_id_to_blorgh_articles.blorgh.rb from blorgh
|
837
835
|
```
|
838
836
|
|
839
837
|
Run the migration using:
|
@@ -888,7 +886,9 @@ engine this would be done by changing
|
|
888
886
|
`app/controllers/blorgh/application_controller.rb` to look like:
|
889
887
|
|
890
888
|
```ruby
|
891
|
-
|
889
|
+
module Blorgh
|
890
|
+
class ApplicationController < ::ApplicationController
|
891
|
+
end
|
892
892
|
end
|
893
893
|
```
|
894
894
|
|
@@ -123,7 +123,7 @@ run the following:
|
|
123
123
|
$ rails --version
|
124
124
|
```
|
125
125
|
|
126
|
-
If it says something like "Rails 4.2.
|
126
|
+
If it says something like "Rails 4.2.1", you are ready to continue.
|
127
127
|
|
128
128
|
### Creating the Blog Application
|
129
129
|
|
@@ -318,9 +318,9 @@ root 'welcome#index'
|
|
318
318
|
application to the welcome controller's index action and `get 'welcome/index'`
|
319
319
|
tells Rails to map requests to <http://localhost:3000/welcome/index> to the
|
320
320
|
welcome controller's index action. This was created earlier when you ran the
|
321
|
-
controller generator (`rails generate controller welcome index`).
|
321
|
+
controller generator (`bin/rails generate controller welcome index`).
|
322
322
|
|
323
|
-
Launch the web server again if you stopped it to generate the controller (`rails
|
323
|
+
Launch the web server again if you stopped it to generate the controller (`bin/rails
|
324
324
|
server`) and navigate to <http://localhost:3000> in your browser. You'll see the
|
325
325
|
"Hello, Rails!" message you put into `app/views/welcome/index.html.erb`,
|
326
326
|
indicating that this new route is indeed going to `WelcomeController`'s `index`
|
@@ -353,7 +353,7 @@ Rails.application.routes.draw do
|
|
353
353
|
end
|
354
354
|
```
|
355
355
|
|
356
|
-
If you run `rake routes`, you'll see that it has defined routes for all the
|
356
|
+
If you run `bin/rake routes`, you'll see that it has defined routes for all the
|
357
357
|
standard RESTful actions. The meaning of the prefix column (and other columns)
|
358
358
|
will be seen later, but for now notice that Rails has inferred the
|
359
359
|
singular form `article` and makes meaningful use of the distinction.
|
@@ -397,7 +397,7 @@ a controller called `ArticlesController`. You can do this by running this
|
|
397
397
|
command:
|
398
398
|
|
399
399
|
```bash
|
400
|
-
$ bin/rails
|
400
|
+
$ bin/rails generate controller articles
|
401
401
|
```
|
402
402
|
|
403
403
|
If you open up the newly generated `app/controllers/articles_controller.rb`
|
@@ -551,7 +551,7 @@ this:
|
|
551
551
|
|
552
552
|
In this example, the `articles_path` helper is passed to the `:url` option.
|
553
553
|
To see what Rails will do with this, we look back at the output of
|
554
|
-
`rake routes`:
|
554
|
+
`bin/rake routes`:
|
555
555
|
|
556
556
|
```bash
|
557
557
|
$ bin/rake routes
|
@@ -661,7 +661,7 @@ models, as that will be done automatically by Active Record.
|
|
661
661
|
|
662
662
|
### Running a Migration
|
663
663
|
|
664
|
-
As we've just seen, `rails generate model` created a _database migration_ file
|
664
|
+
As we've just seen, `bin/rails generate model` created a _database migration_ file
|
665
665
|
inside the `db/migrate` directory. Migrations are Ruby classes that are
|
666
666
|
designed to make it simple to create and modify database tables. Rails uses
|
667
667
|
rake commands to run migrations, and it's possible to undo a migration after
|
@@ -714,7 +714,7 @@ NOTE. Because you're working in the development environment by default, this
|
|
714
714
|
command will apply to the database defined in the `development` section of your
|
715
715
|
`config/database.yml` file. If you would like to execute migrations in another
|
716
716
|
environment, for instance in production, you must explicitly pass it when
|
717
|
-
invoking the command: `rake db:migrate RAILS_ENV=production`.
|
717
|
+
invoking the command: `bin/rake db:migrate RAILS_ENV=production`.
|
718
718
|
|
719
719
|
### Saving data in the controller
|
720
720
|
|
@@ -801,7 +801,7 @@ If you submit the form again now, Rails will complain about not finding the
|
|
801
801
|
`show` action. That's not very useful though, so let's add the `show` action
|
802
802
|
before proceeding.
|
803
803
|
|
804
|
-
As we have seen in the output of `rake routes`, the route for `show` action is
|
804
|
+
As we have seen in the output of `bin/rake routes`, the route for `show` action is
|
805
805
|
as follows:
|
806
806
|
|
807
807
|
```
|
@@ -831,7 +831,7 @@ class ArticlesController < ApplicationController
|
|
831
831
|
def new
|
832
832
|
end
|
833
833
|
|
834
|
-
#
|
834
|
+
# snippet for brevity
|
835
835
|
```
|
836
836
|
|
837
837
|
A couple of things to note. We use `Article.find` to find the article we're
|
@@ -863,7 +863,7 @@ Visit <http://localhost:3000/articles/new> and give it a try!
|
|
863
863
|
### Listing all articles
|
864
864
|
|
865
865
|
We still need a way to list all our articles, so let's do that.
|
866
|
-
The route for this as per output of `rake routes` is:
|
866
|
+
The route for this as per output of `bin/rake routes` is:
|
867
867
|
|
868
868
|
```
|
869
869
|
articles GET /articles(.:format) articles#index
|
@@ -887,7 +887,7 @@ class ArticlesController < ApplicationController
|
|
887
887
|
def new
|
888
888
|
end
|
889
889
|
|
890
|
-
#
|
890
|
+
# snippet for brevity
|
891
891
|
```
|
892
892
|
|
893
893
|
And then finally, add the view for this action, located at
|
@@ -1357,7 +1357,7 @@ Then do the same for the `app/views/articles/edit.html.erb` view:
|
|
1357
1357
|
|
1358
1358
|
We're now ready to cover the "D" part of CRUD, deleting articles from the
|
1359
1359
|
database. Following the REST convention, the route for
|
1360
|
-
deleting articles as per output of `rake routes` is:
|
1360
|
+
deleting articles as per output of `bin/rake routes` is:
|
1361
1361
|
|
1362
1362
|
```ruby
|
1363
1363
|
DELETE /articles/:id(.:format) articles#destroy
|
@@ -1536,20 +1536,17 @@ class CreateComments < ActiveRecord::Migration
|
|
1536
1536
|
create_table :comments do |t|
|
1537
1537
|
t.string :commenter
|
1538
1538
|
t.text :body
|
1539
|
-
|
1540
|
-
# this line adds an integer column called `article_id`.
|
1541
|
-
t.references :article, index: true
|
1539
|
+
t.references :article, index: true, foreign_key: true
|
1542
1540
|
|
1543
1541
|
t.timestamps null: false
|
1544
1542
|
end
|
1545
|
-
add_foreign_key :comments, :articles
|
1546
1543
|
end
|
1547
1544
|
end
|
1548
1545
|
```
|
1549
1546
|
|
1550
|
-
The `t.references` line
|
1551
|
-
|
1552
|
-
|
1547
|
+
The `t.references` line creates an integer column called `article_id`, an index
|
1548
|
+
for it, and a foreign key constraint that points to the `articles` table. Go
|
1549
|
+
ahead and run the migration:
|
1553
1550
|
|
1554
1551
|
```bash
|
1555
1552
|
$ bin/rake db:migrate
|
@@ -1562,8 +1559,6 @@ run against the current database, so in this case you will just see:
|
|
1562
1559
|
== CreateComments: migrating =================================================
|
1563
1560
|
-- create_table(:comments)
|
1564
1561
|
-> 0.0115s
|
1565
|
-
-- add_foreign_key(:comments, :articles)
|
1566
|
-
-> 0.0000s
|
1567
1562
|
== CreateComments: migrated (0.0119s) ========================================
|
1568
1563
|
```
|
1569
1564
|
|
@@ -1993,7 +1988,7 @@ class ArticlesController < ApplicationController
|
|
1993
1988
|
@articles = Article.all
|
1994
1989
|
end
|
1995
1990
|
|
1996
|
-
#
|
1991
|
+
# snippet for brevity
|
1997
1992
|
```
|
1998
1993
|
|
1999
1994
|
We also want to allow only authenticated users to delete comments, so in the
|
@@ -2009,7 +2004,7 @@ class CommentsController < ApplicationController
|
|
2009
2004
|
# ...
|
2010
2005
|
end
|
2011
2006
|
|
2012
|
-
#
|
2007
|
+
# snippet for brevity
|
2013
2008
|
```
|
2014
2009
|
|
2015
2010
|
Now if you try to create a new article, you will be greeted with a basic HTTP
|
data/guides/source/i18n.md
CHANGED
@@ -685,7 +685,7 @@ you can safely pass the username as set by the user:
|
|
685
685
|
|
686
686
|
```erb
|
687
687
|
<%# This is safe, it is going to be escaped if needed. %>
|
688
|
-
<%= t('welcome_html', username: @current_user.username %>
|
688
|
+
<%= t('welcome_html', username: @current_user.username) %>
|
689
689
|
```
|
690
690
|
|
691
691
|
Safe strings on the other hand are interpolated verbatim.
|
@@ -161,7 +161,7 @@ throwing an error message. If the command is valid, a method of the same name
|
|
161
161
|
is called.
|
162
162
|
|
163
163
|
```ruby
|
164
|
-
COMMAND_WHITELIST = %(plugin generate destroy console server dbconsole application runner new version help)
|
164
|
+
COMMAND_WHITELIST = %w(plugin generate destroy console server dbconsole application runner new version help)
|
165
165
|
|
166
166
|
def run_command!(command)
|
167
167
|
command = parse_command(command)
|
@@ -29,14 +29,11 @@
|
|
29
29
|
More Ruby on Rails
|
30
30
|
</span>
|
31
31
|
<ul class="more-info-links s-hidden">
|
32
|
-
<li class="more-info"><a href="http://rubyonrails.org/">Overview</a></li>
|
33
|
-
<li class="more-info"><a href="http://rubyonrails.org/download">Download</a></li>
|
34
|
-
<li class="more-info"><a href="http://rubyonrails.org/deploy">Deploy</a></li>
|
35
|
-
<li class="more-info"><a href="https://github.com/rails/rails">Code</a></li>
|
36
|
-
<li class="more-info"><a href="http://rubyonrails.org/screencasts">Screencasts</a></li>
|
37
|
-
<li class="more-info"><a href="http://rubyonrails.org/documentation">Documentation</a></li>
|
38
|
-
<li class="more-info"><a href="http://rubyonrails.org/community">Community</a></li>
|
39
32
|
<li class="more-info"><a href="http://weblog.rubyonrails.org/">Blog</a></li>
|
33
|
+
<li class="more-info"><a href="http://guides.rubyonrails.org/">Guides</a></li>
|
34
|
+
<li class="more-info"><a href="http://api.rubyonrails.org/">API</a></li>
|
35
|
+
<li class="more-info"><a href="http://stackoverflow.com/questions/tagged/ruby-on-rails">Ask for help</a></li>
|
36
|
+
<li class="more-info"><a href="https://github.com/rails/rails">Contribute on GitHub</a></li>
|
40
37
|
</ul>
|
41
38
|
</div>
|
42
39
|
</div>
|
@@ -175,23 +175,22 @@ render template: "products/show"
|
|
175
175
|
|
176
176
|
#### Rendering an Arbitrary File
|
177
177
|
|
178
|
-
The `render` method can also use a view that's entirely outside of your application
|
179
|
-
|
180
|
-
```ruby
|
181
|
-
render "/u/apps/warehouse_app/current/app/views/products/show"
|
182
|
-
```
|
183
|
-
|
184
|
-
Rails determines that this is a file render because of the leading slash character. To be explicit, you can use the `:file` option (which was required on Rails 2.2 and earlier):
|
178
|
+
The `render` method can also use a view that's entirely outside of your application:
|
185
179
|
|
186
180
|
```ruby
|
187
181
|
render file: "/u/apps/warehouse_app/current/app/views/products/show"
|
188
182
|
```
|
189
183
|
|
190
|
-
The `:file` option takes an absolute file-system path. Of course, you need to have rights
|
184
|
+
The `:file` option takes an absolute file-system path. Of course, you need to have rights
|
185
|
+
to the view that you're using to render the content.
|
186
|
+
|
187
|
+
NOTE: Using the `:file` option in combination with users input can lead to security problems
|
188
|
+
since an attacker could use this action to access security sensitive files in your file system.
|
191
189
|
|
192
190
|
NOTE: By default, the file is rendered using the current layout.
|
193
191
|
|
194
|
-
TIP: If you're running Rails on Microsoft Windows, you should use the `:file` option to
|
192
|
+
TIP: If you're running Rails on Microsoft Windows, you should use the `:file` option to
|
193
|
+
render a file, because Windows filenames do not have the same format as Unix filenames.
|
195
194
|
|
196
195
|
#### Wrapping it up
|
197
196
|
|
@@ -82,7 +82,6 @@ To use `rackup` instead of Rails' `rails server`, you can put the following insi
|
|
82
82
|
# Rails.root/config.ru
|
83
83
|
require ::File.expand_path('../config/environment', __FILE__)
|
84
84
|
|
85
|
-
use Rails::Rack::Debugger
|
86
85
|
use Rack::ContentLength
|
87
86
|
run Rails.application
|
88
87
|
```
|
data/guides/source/routing.md
CHANGED
@@ -227,7 +227,7 @@ or, for a single case:
|
|
227
227
|
resources :articles, path: '/admin/articles'
|
228
228
|
```
|
229
229
|
|
230
|
-
In each of these cases, the named routes remain the same as if you did not use `scope`. In the last case, the following paths map to `
|
230
|
+
In each of these cases, the named routes remain the same as if you did not use `scope`. In the last case, the following paths map to `ArticlesController`:
|
231
231
|
|
232
232
|
| HTTP Verb | Path | Controller#Action | Named Helper |
|
233
233
|
| --------- | ------------------------ | -------------------- | ---------------------- |
|
@@ -611,6 +611,8 @@ get 'photos/:id', to: 'photos#show', defaults: { format: 'jpg' }
|
|
611
611
|
|
612
612
|
Rails would match `photos/12` to the `show` action of `PhotosController`, and set `params[:format]` to `"jpg"`.
|
613
613
|
|
614
|
+
NOTE: You cannot override defaults via query parameters - this is for security reasons. The only defaults that can be overridden are dynamic segments via substitution in the URL path.
|
615
|
+
|
614
616
|
### Naming Routes
|
615
617
|
|
616
618
|
You can specify a name for any route using the `:as` option:
|
@@ -805,6 +807,18 @@ As long as `Sprockets` responds to `call` and returns a `[status, headers, body]
|
|
805
807
|
|
806
808
|
NOTE: For the curious, `'articles#index'` actually expands out to `ArticlesController.action(:index)`, which returns a valid Rack application.
|
807
809
|
|
810
|
+
If you specify a rack application as the endpoint for a matcher remember that the route will be unchanged in the receiving application. With the following route your rack application should expect the route to be '/admin':
|
811
|
+
|
812
|
+
```ruby
|
813
|
+
match '/admin', to: AdminApp, via: :all
|
814
|
+
```
|
815
|
+
|
816
|
+
If you would prefer to have your rack application receive requests at the root path instead use mount:
|
817
|
+
|
818
|
+
```ruby
|
819
|
+
mount AdminApp, at: '/admin'
|
820
|
+
```
|
821
|
+
|
808
822
|
### Using `root`
|
809
823
|
|
810
824
|
You can specify what Rails should route `'/'` to with the `root` method:
|
data/guides/source/security.md
CHANGED
@@ -699,7 +699,7 @@ The log files on www.attacker.com will read like this:
|
|
699
699
|
GET http://www.attacker.com/_app_session=836c1c25278e5b321d6bea4f19cb57e2
|
700
700
|
```
|
701
701
|
|
702
|
-
You can mitigate these attacks (in the obvious way) by adding the
|
702
|
+
You can mitigate these attacks (in the obvious way) by adding the **httpOnly** flag to cookies, so that document.cookie may not be read by JavaScript. Http only cookies can be used from IE v6.SP1, Firefox v2.0.0.5 and Opera 9.5. Safari is still considering, it ignores the option. But other, older browsers (such as WebTV and IE 5.5 on Mac) can actually cause the page to fail to load. Be warned that cookies [will still be visible using Ajax](https://www.owasp.org/index.php/HTTPOnly#Browsers_Supporting_HttpOnly), though.
|
703
703
|
|
704
704
|
##### Defacement
|
705
705
|
|
data/guides/source/testing.md
CHANGED
@@ -950,7 +950,7 @@ In order to test that your mailer is working as expected, you can use unit tests
|
|
950
950
|
|
951
951
|
For the purposes of unit testing a mailer, fixtures are used to provide an example of how the output _should_ look. Because these are example emails, and not Active Record data like the other fixtures, they are kept in their own subdirectory apart from the other fixtures. The name of the directory within `test/fixtures` directly corresponds to the name of the mailer. So, for a mailer named `UserMailer`, the fixtures should reside in `test/fixtures/user_mailer` directory.
|
952
952
|
|
953
|
-
|
953
|
+
If you generated your mailer, the generator does not create stub fixtures for the mailers actions. You'll have to create those files yourself as described above.
|
954
954
|
|
955
955
|
#### The Basic Test Case
|
956
956
|
|
@@ -793,7 +793,7 @@ Rails 4.0 no longer supports loading plugins from `vendor/plugins`. You must rep
|
|
793
793
|
|
794
794
|
* Rails 4.0 has removed the identity map from Active Record, due to [some inconsistencies with associations](https://github.com/rails/rails/commit/302c912bf6bcd0fa200d964ec2dc4a44abe328a6). If you have manually enabled it in your application, you will have to remove the following config that has no effect anymore: `config.active_record.identity_map`.
|
795
795
|
|
796
|
-
* The `delete` method in collection associations can now receive `
|
796
|
+
* The `delete` method in collection associations can now receive `Integer` or `String` arguments as record ids, besides records, pretty much like the `destroy` method does. Previously it raised `ActiveRecord::AssociationTypeMismatch` for such arguments. From Rails 4.0 on `delete` automatically tries to find the records matching the given ids before deleting them.
|
797
797
|
|
798
798
|
* In Rails 4.0 when a column or a table is renamed the related indexes are also renamed. If you have migrations which rename the indexes, they are no longer needed.
|
799
799
|
|
@@ -838,6 +838,20 @@ this gem such as `whitelist_attributes` or `mass_assignment_sanitizer` options.
|
|
838
838
|
|
839
839
|
* To re-enable the old finders, you can use the [activerecord-deprecated_finders gem](https://github.com/rails/activerecord-deprecated_finders).
|
840
840
|
|
841
|
+
* Rails 4.0 has changed to default join table for `has_and_belongs_to_many` relations to strip the common prefix off the second table name. Any existing `has_and_belongs_to_many` relationship between models with a common prefix must be specified with the `join_table` option. For example:
|
842
|
+
|
843
|
+
```ruby
|
844
|
+
CatalogCategory < ActiveRecord::Base
|
845
|
+
has_and_belongs_to_many :catalog_products, join_table: 'catalog_categories_catalog_products'
|
846
|
+
end
|
847
|
+
|
848
|
+
CatalogProduct < ActiveRecord::Base
|
849
|
+
has_and_belongs_to_many :catalog_categories, join_table: 'catalog_categories_catalog_products'
|
850
|
+
end
|
851
|
+
```
|
852
|
+
|
853
|
+
* Note that the the prefix takes scopes into account as well, so relations between `Catalog::Category` and `Catalog::Product` or `Catalog::Category` and `CatalogProduct` need to be updated similarly.
|
854
|
+
|
841
855
|
### Active Resource
|
842
856
|
|
843
857
|
Rails 4.0 extracted Active Resource to its own gem. If you still need the feature you can add the [Active Resource gem](https://github.com/rails/activeresource) in your Gemfile.
|
@@ -881,6 +895,8 @@ Please read [Pull Request #9978](https://github.com/rails/rails/pull/9978) for d
|
|
881
895
|
|
882
896
|
* Rails 4.0 has removed the XML parameters parser. You will need to add the `actionpack-xml_parser` gem if you require this feature.
|
883
897
|
|
898
|
+
* Rails 4.0 changes the default `layout` lookup set using symbols or procs that return nil. To get the "no layout" behavior, return false instead of nil.
|
899
|
+
|
884
900
|
* Rails 4.0 changes the default memcached client from `memcache-client` to `dalli`. To upgrade, simply add `gem 'dalli'` to your `Gemfile`.
|
885
901
|
|
886
902
|
* Rails 4.0 deprecates the `dom_id` and `dom_class` methods in controllers (they are fine in views). You will need to include the `ActionView::RecordIdentifier` module in controllers requiring this feature.
|
@@ -355,7 +355,7 @@ This gem uses Ajax to speed up page rendering in most applications.
|
|
355
355
|
|
356
356
|
Turbolinks attaches a click handler to all `<a>` on the page. If your browser
|
357
357
|
supports
|
358
|
-
[PushState](https://developer.mozilla.org/en-US/docs/DOM/Manipulating_the_browser_history#The_pushState
|
358
|
+
[PushState](https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Manipulating_the_browser_history#The_pushState%28%29_method),
|
359
359
|
Turbolinks will make an Ajax request for the page, parse the response, and
|
360
360
|
replace the entire `<body>` of the page with the `<body>` of the response. It
|
361
361
|
will then use PushState to change the URL to the correct one, preserving
|