Where there was once a consistent API to manipulate and hook into the lifecycle of a persistent object, plugins must now perform very careful checks whether an object supports more advanced traits like transactions, observers or dirty attribute tracking.

Sometimes you're getting an ActiveSupport deprecation warning that you cannot or don't want to fix. In these cases, it might be okay to silence some specific warnings. Add this to your initializers, or require it in your tests:

silenced = [
  /Not considered a useful test/,
  /use: should(_not)? have_sent_email/,
] # list of warnings you want to silence

silenced_expr = Regexp.new(silenced.join('|'))

ActiveSupport::Deprecation.behavior = lambda do |msg, stack|
  unless msg =~ silenced_expr
    ActiveSupport::Deprecation::DEFAULT_BEHAVI...

Starting from 4.1, Rails automatically detects the inverse of an association, based on heuristics. Unfortunately, it does not seem to notify you when it fails to infer the :inverse_of, so you are better off to always manually set :inverse_of anyway.

Note that automatic inverse detection only works on has_many, has_one, belongs_to associations. Extra options on the associations will prevent the association's...

Rails' params hash contains any request parameters (URL parameters or request payload) as well as routing parameters like :controller, :action, or :id.

To access only URL parameters, use request.query_parameters. Routing params are available through request.path_parameters.

# On /users?query=Bob&page=2

>> request.params
=> {"page"=>"2", "query"=>"Bob", "controller"=>"users", "action"=>"index"}

>> request.query_parameters
=> {"page"=>"2", "query"=>"Bob"}

>> request.path_parameters
=> {:controller=>"users", :action=>"i...

Rails 5 will introduce ActiveRecord::Relation#or. On Rails 4 and 3.2 you can use the activerecord_any_of gem which seems to be free of ugly hacks and nicely does what you need.

Use it like this:

User.where.any_of(name: 'Alice', gender: 'female')

^
SELECT "users".* FROM "users" WHERE (("users"."name" = 'Alice' OR "users"."gender" = 'female'))

To group conditions, wrap them in hashes:

User.where.any_of({ name: 'Alice', gender: 'female' }, { name: 'Bob' }, { name: 'Charl...

After starting the Rails server in a freshly generated Rails 3.1 project you could see an error message such as

/usr/lib/ruby/gems/1.8/gems/execjs-1.3.0/lib/execjs/runtimes.rb:50:in `autodetect': Could not find a JavaScript runtime. See https://github.com/sstephenson/execjs for a list of available runtimes. (ExecJS::RuntimeUnavailable)

Just add a JavaScript runtime to your Gemfile and the error vanishes.

Examples:

gem 'therubyracer'
gem 'extjs'

tl;dr

• Don't write resources :people, :concerns => :trashable

• Write

  resources :people do
    concerns :trashable
  end
  

Why

Writing a controller spec I encountered this error:

Failure/Error: get :index
ActionController::RoutingError:
  No route matches {:controller=>"people"}

caused by this route definition

resources :people, :concerns => :trashable

which renders strange routes:

      trash_person PUT    /people/:id/trash(.:format)             people#check {:concerns=>:trashable}
          ...

In specs, the session never persists but is always a new object for each request. Data put into the session in a previous request is lost. Here is how to circumvent that.

What's going on?

You are making ActionController::TestRequests in your specs, and their #initialize method does this:

self.session = TestSession.new

This means that each time you say something like "get :index", the session in your controller will just be a new one, and you won't see ...

When using form_for you can give the form's target URL either as a string or an array:

form_for(admin_user_path(@user)) do ... end
# same as:
form_for([:admin, @user]) do ... end

Same for link_to:

link_to("Label", edit_admin_user_path(@user))
# same as
link_to("Label", [:edit, :admin, @user])

polymorphic_path and polymorphic_url

If you would like to generate a path or URL string from an array of route components just as form_for does, you can use polymorphic_path or polymorphic_url:

polymorphic...

You might find that your Passenger ignores all RailsSomething directives in the vhost for your new Rails 3 application. The culprit is a file config.ru which makes Passenger consider your application a Rack (non-Rails) application.

To fix this you can either use RackEnv in lieu of RailsEnv (it works fine) or delete the config.ru. Unless you have a good reason to do so, go with RackEnv.

Rails 2.3.16+ on Ruby 1.9 causes warnings like this:

.../gems/activesupport-2.3.17/lib/active_support/core_ext/string/output_safety.rb:22: warning: regexp match /.../n against to UTF-8 string

Many thanks to grosser for supplying a monkey-patch for Rails 2.3 (Commit f93e3f0ec3 fixed it for Rails 3). Just put it into config/initializers/ to make those warnings go away.

Since we're using RSpec on mos...

Today I learned that Ruby on Rails has shipped with a built-in slug generator since Rails 2.2:

> "What Up Dog".parameterize
=> "what-up-dog" 

> "foo/bar".parameterize
=> "foo-bar" 

> "äöüß".parameterize
=> "aouss" 

Also see: Normalize characters in Ruby.

Rails’ reputation as a relatively secure Web framework is well deserved. Out-of-the-box, there is protection against many common attacks: cross site scripting (XSS), cross site request forgery (CSRF) and SQL injection. Core members are knowledgeable and genuinely concerned with security.

However, there are places where the default behavior could be more secure. This post explores potential security issues in Rails 3 that are fixed in Rails 4, as well as some that are still risky. I hope this post will help you secure your own apps, as w...

The Ruby on Rails security list archive can be found here: http://groups.google.com/group/rubyonrails-security

You can subscribe to this mailing list without a Google account by pasting this URL into your browser (after replacing the email address obviously).

http://groups.google.com/group/rubyonrails-security/boxsubscribe?email=your.name@example.com
                                                                       ^^^^^^^^^^^^^^^^^^^^^ <- Change this

Rails 4 introduced raising an error on pending migrations. This is most annoying when you are crafting a migration but need to play with your application to figure out how to do it.

To disable this behavior, just set the corresponding config option to false:

# in config/environments/development.rb

# Raise an error on page load if there are pending migrations.
config.active_record.migration_error = false # was :page_load

After switching to Rails 3 you may get a LoadError with the following message when trying to use your application via passenger:
no such file to load -- dispatcher

Your Passenger version is most likely out of date.

Update the gem, then install the apache module again:
sudo gem install passenger
sudo passenger-install-apache2-module

Follow any instructions. Update your /etc/apache2/httpd.conf with the lines given at the end of the installation process to use the version you just installed.

If you are using RVM on a Mac and cannot enter 8+ bit characters on an IRB or Rails console, you are missing the readline package. You will need to re-install your Ruby to fix this:

rvm remove ree
rvm package install readline
rvm install ree --with-readline-dir=$rvm_path/usr
rvm default ree

Substitute ree with the name if your Ruby distribution.

This note was contributed by Matthias Marschall from the Agile Web Development & Operations blog.

January has been a very bad month for Ruby on Rails developers, with two high-severity security bugs permitting remote code execution found in the framework and a separate-but-related compromise on rubygems.org, a community resource which virtually all Ruby on Rails developers sit downstream of. Many startups use Ruby on Rails. Other startups don’t but, like the Rails community, may one day find themselves asking What Do We Do When Apocalyptically Bad Things Happen On Our Framework of Choice? I thought I’d explain that for the general c...

You can say this in helpers like link_to and content_tag:

= link_to 'Label', root_url, :data => { :foo => 'bar', :bam => 'baz' }

This will produce:

<a href="/" data-foo="bar" data-bam="baz">Label</a>

Only works in Rails 3. In Rails 2 you do

= link_to 'Label', root_url, 'data-foo' => 'bar', 'data-bam' => 'baz' }

We're adding a script console-for to open a remote Rails console with one command. Also have a look at shell-for, which this script is relying on.

Run it from any project directory like this, passing a Capistrano multistage deployment target:

console-for staging

This script is part of our geordi gem on github.

This card needs to be updated for Rails 3+.

Since there is no --debugger flag you need to run:

rdebug script/runner lib/scripts/something.rb

That will open an debugging IRB right away, like this:

require File.dirname(__FILE__) + '/../config/boot'
(rdb:1) _

Enter c to continue and reach your actual debugger call. Then, debug away.

If nothing happens for you: Make sure ruby-debug is available in the Gemfile and you require it.

Let's say you need to revert a migration that happened a while back. You'd create a new migration that removes what was added back then in the up path, while its down path restores the old functionality.

While you could just copy&paste the down and up parts of it to the inverse part of the new migration, you may not want to do that. Especially when the up/down paths already contained some logic (that executed update statements on the created column, for example), copying does not feel right.

Someone already added the logic how to...

Yesterday, there was a blog post entitled “What the Hell is Happening to Rails” that stayed at the number one spot on Hacker News for quite a while. The post and many (but not most) the comments on the post reflect deep-seated concern about the recent direction of Rails. Others have addressed the core question about change in the framework, but I’d like to address questions about specific changes that came up in the post and comments.

If you want to load an SQL dump from an ActiveRecord migration, you might find this to be harder than you thought. While you can call ActiveRecord::Base.connection.execute(sql) to execute arbitrary SQL commands, the MySQL connection is configured to only accept a single statement per query. If you try to feed it multiple statements, it will die with You have an error in your SQL syntax.

You can work around this by opening a second MySQL connection that does accept multiple statements per call.

Below is an example for a migration that l...