MANNING Ryan Bigg Yehuda Katz IN ACTION www.it-ebooks.info Rails 3 in Action www.it-ebooks.info www.it-ebooks.info Rails 3 in Action RYAN BIGG YEHUDA KATZ MANNING SHELTER ISLAND www.it-ebooks.info iv For online information and ordering of this and other Manning books, please visit www.manning.com. The publisher offers discounts on this book when ordered in quantity. For more information, please contact Special Sales Department Manning Publications Co. 20 Baldwin Road PO Box 261 Shelter Island, NY 11964 Email: orders@manning.com ©2012 by Manning Publications Co. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by means electronic, mechanical, photocopying, or otherwise, without prior written permission of the publisher. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in the book, and Manning Publications was aware of a trademark claim, the designations have been printed in initial caps or all caps. Recognizing the importance of preserving what has been written, it is Manning’s policy to have the books we publish printed on acid-free paper, and we exert our best efforts to that end. Recognizing also our responsibility to conserve the resources of our planet, Manning books are printed on paper that is at least 15 percent recycled and processed without the use of elemental chlorine. Manning Publications Co. Development editor: Cynthia Kane 20 Baldwin Road Copyeditors: Kevin Hobson, Linda Kern PO Box 261 Proofreader: Tiffany Taylor Shelter Island, NY 11964 Typesetter: Dottie Marsico Cover designer: Marija Tudor ISBN 978-1-935182-27-6 Printed in the United States of America 1 2 3 4 5 6 7 8 9 10 – MAL – 16 15 14 13 12 11 www.it-ebooks.info v brief contents 1 ■ Ruby on Rails, the framework 1 2 ■ Testing saves your bacon 23 3 ■ Developing a real Rails application 44 4 ■ Oh CRUD! 83 5 ■ Nested resources 99 6 ■ Authentication and basic authorization 117 7 ■ Basic access control 136 8 ■ More authorization 164 9 ■ File uploading 213 10 ■ Tracking state 243 11 ■ Tagging 286 12 ■ Sending email 312 13 ■ Designing an API 347 14 ■ Deployment 385 15 ■ Alternative authentication 412 16 ■ Basic performance enhancements 434 17 ■ Engines 468 18 ■ Rack-based applications 516 www.it-ebooks.info www.it-ebooks.info vii contents preface xv acknowledgments xvii about this book xx about the authors xxiii about the cover illustration xxiv 1 Ruby on Rails, the framework 1 1.1 What is Ruby on Rails? 2 Benefits 2 ■ Common terms 3 ■ Rails in the wild 4 1.2 Developing your first application 5 Installing Rails 5 ■ Generating an application 6 ■ Starting the application 6 ■ Scaffolding 7 ■ Migrations 8 ■ Viewing and creating purchases 9 ■ Validations 13 ■ Showing off 14 Routing 15 ■ Updating 16 ■ Deleting 20 1.3 Summary 21 2 Testing saves your bacon 23 2.1 Test- and behavior-driven development 24 2.2 Test-driven development 24 Why test? 25 ■ Writing your first test 25 ■ Saving bacon 27 2.3 Behavior-driven development 28 RSpec 29 ■ Cucumber 35 2.4 Summary 42 www.it-ebooks.info CONTENTSviii 3 Developing a real Rails application 44 3.1 Application setup 45 The application story 45 ■ Version control 47 ■ The Gemfile and generators 50 ■ Database configuration 53 ■ Applying a stylesheet 54 3.2 First steps 55 Creating projects 55 ■ RESTful routing 60 ■ Committing changes 72 ■ Setting a page title 72 ■ Validations 76 3.3 Summary 81 4 Oh CRUD! 83 4.1 Viewing projects 83 Writing a feature 84 ■ The Factory Girl 85 ■ Adding a link to a project 86 4.2 Editing projects 88 The edit action 88 ■ The update action 90 4.3 Deleting projects 91 Writing a feature 92 ■ Adding a destroy action 92 ■ Looking for what isn’t there 93 4.4 Summary 97 5 Nested resources 99 5.1 Creating tickets 99 Nested routing helpers 100 ■ Creating a tickets controller 101 Defining a has_many association 103 ■ Creating tickets within a project 104 ■ Finding tickets scoped by project 105 ■ Ticket validations 106 5.2 Viewing tickets 108 Listing tickets 110 ■ Culling tickets 111 5.3 Editing tickets 112 Adding the edit action 113 ■ Adding the update action 114 5.4 Deleting tickets 115 5.5 Summary 116 6 Authentication and basic authorization 117 6.1 What Devise does 118 Installing Devise 118 www.it-ebooks.info CONTENTS ix 6.2 User signup 121 6.3 Confirmation link sign-in 122 Testing email 122 ■ Confirming confirmation 123 6.4 Form sign-in 126 6.5 Linking tickets to users 128 Attributing tickets to users 129 ■ We broke something! 131 Fixing the Viewing Tickets feature 132 ■ Fixing the Editing Tickets feature 133 ■ Fixing the Deleting Tickets feature 134 6.6 Summary 135 7 Basic access control 136 7.1 Projects can be created only by admins 137 7.2 Adding the admin field to the users table 138 7.3 Restricting actions to admins only 138 Fixing three more broken scenarios 143 ■ Hiding the New Project link 144 ■ Hiding the edit and delete links 146 7.4 Namespace routing 148 7.5 Namespace-based CRUD 151 Adding a namespace root 151 ■ The index action 152 The new action 153 ■ The create action 154 7.6 Creating admin users 155 7.7 Editing users 157 The show action 158 ■ The edit and update actions 159 7.8 Deleting users 161 Ensuring you can’t delete yourself 162 7.9 Summary 163 8 More authorization 164 8.1 Restricting read access 165 8.2 Restricting by scope 168 8.3 Fixing what you broke 172 Fixing Editing Projects 173 ■ Fixing the four failing features 173 ■ One more thing 176 ■ Fixing Signing Up 178 8.4 Blocking access to tickets 183 Locking out the bad guys 183 www.it-ebooks.info [...]... email 33 3 Testing real-world email 33 4 Connecting to Gmail 33 7 12.4 Receiving emails 34 0 Setting a reply-to address 12.5 13 Summary 34 0 ■ Receiving a reply 34 2 34 5 Designing an API 13. 1 Configuring Action Mailer 33 6 ■ 34 7 The projects API 34 9 Your first API 35 1 Serving an API 35 4 API authentication 35 5 Error reporting 35 6 Serving XML 35 8 Creating projects 36 0 Restricting access to only admins 36 2 A single... project 36 5 No project for you! 36 8 Updating a project 37 0 Exterminate! 37 2 ■ ■ ■ ■ ■ ■ ■ ■ ■ 13. 2 13. 3 Beginning the tickets API Rate limiting 37 7 37 4 One request, two request, three request, four 37 7 thanks! 37 9 Back to zero 38 0 ■ No more, ■ 13. 4 Versioning an API 38 1 Creating a new version 13. 5 14 Summary 38 1 38 4 Deployment 38 5 14.1 Server setup 38 6 Setting up a server using VirtualBox base 38 8 14.2 38 9... notifications 31 3 Automatically watching a ticket 31 4 Using observers 31 5 Defining the watchers association 31 6 Introducing Action Mailer 31 8 An Action Mailer template 32 0 Delivering HTML emails 32 2 ■ ■ ■ www.it-ebooks.info ■ xii CONTENTS 12.2 Subscribing to updates 32 5 Testing comment subscription 32 5 Automatically adding a user to a watchlist 32 7 Unsubscribing from ticket notifications 32 8 ■ ■ 12 .3 Real-world... sign -in 419 ■ ■ ■ 15 .3 GitHub authentication 425 Registering and testing GitHub auth 15.4 16 Summary 433 Basic performance enhancements 16.1 Pagination ■ Paginating an interface 437 Database query enhancements 444 Eager loading 16 .3 434 435 Introducing Kaminari 436 Paginating an API 4 43 16.2 425 445 ■ Database indexes Page and action caching 446 448 Caching a page 448 Caching an action 451 Cache sweepers... 38 8 14.2 38 9 ■ Installing Ruby Creating a user for the app Key-based authentication authentication 39 3 14.4 ■ Installing the 38 9 Installing RVM 14 .3 RVM and Ruby 38 6 The database server 39 1 39 0 39 1 ■ Disabling password 39 4 Creating a database and user 39 4 www.it-ebooks.info ■ Ident authentication 39 5 xiii CONTENTS 14.5 Deploy away! 39 5 Deploy keys 39 6 Configuring Capistrano 39 7 Setting up the deploy... restriction 292 Fixing the ■ 295 Testing tag restriction 295 Tags are allowed, for some 296 11.4 Deleting a tag 297 Testing tag deletion 298 Adding a link to delete the tag 299 Actually removing a tag 30 2 ■ ■ 11.5 Finding tags 30 3 Testing search 30 3 Searching by state with Searcher 30 5 Searching by state 30 7 Search, but without the search 30 9 ■ ■ 11.6 12 Summary Sending email 12.1 ■ 31 0 31 2 Sending ticket... Sinatra 528 18.4 517 Middleware ■ ■ 525 Introducing Sinatra 527 Basic error checking 532 533 Middleware in Rails 534 Investigating ActionDispatch::Static 536 Crafting middleware 538 ■ ■ 18.5 appendix A appendix B Summary 540 Why Rails? 541 Tidbits 546 index 551 www.it-ebooks.info 505 preface This book has been through quite the development process! It began in 2008 with Michael Ivey, Yehuda Katz, and... applications are made and can be tied into Rails The chapter also explains, and contains examples of, middleware being used in Rails Code conventions and downloads Code conventions in the book follow the style of other Manning books in the In Action series All code in listings and in text appears in a monospaced font like this to separate it from ordinary text In some cases, the original source code has been reformatted... caching 457 Caching page fragments 460 ■ ■ ■ 16.4 16.5 17 Background workers Summary 466 Engines 17.1 17.2 17 .3 ■ 462 468 A brief history of engines 469 Why engines are useful 470 Brand-new engine 471 Creating an engine 471 Engine routing 476 ■ The layout of an engine www.it-ebooks.info 472 xiv CONTENTS 17.4 Setting up a testing environment Removing Test::Unit Capybara 481 17.5 479 ■ 478 Installing... 214 Using Paperclip 217 9.2 ■ Seed data 209 Summary 212 File uploading 9.1 192 1 93 Enforcing destroy protection permission 194 8.8 Authorizing editing ■ Enter stage right, Paperclip ■ 216 220 Using nested attributes ■ Serving files through a controller 224 226 Protecting files 227 Showing your assets assets 230 Privatizing assets 230 ■ 228 ■ Public ■ 9.4 Using JavaScript 231 JavaScript testing 232 Introducing . 32 7 ■ Unsubscribing from ticket notifications 32 8 12 .3 Real-world email 33 3 Testing real-world email 33 4 ■ Configuring Action Mailer 33 6 Connecting to Gmail 33 7 12.4 Receiving emails 34 0 Setting a reply-to. 38 5 14.1 Server setup 38 6 Setting up a server using VirtualBox 38 6 ■ Installing the base 38 8 14.2 RVM and Ruby 38 9 Installing RVM 38 9 ■ Installing Ruby 39 0 14 .3 Creating a user for the app 39 1 Key-based. enhancements 434 16.1 Pagination 435 Introducing Kaminari 436 ■ Paginating an interface 437 Paginating an API 4 43 16.2 Database query enhancements 444 Eager loading 445 ■ Database indexes 446 16 .3 Page