Notes posted to Ruby on Rails

RSS feed
June 4, 2009 - (v2.3.2)
1 thank

Security hole in 2.3.2

This method has a security hole in Rails 2.3.2. See http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest for explanation.

Rails 2.3.3 should fix the problem.

June 3, 2009
8 thanks

ActiveRecord::RecordNotSaved can be triggered by accidental false return values in callbacks

You may have this exception raised if any of the defined callbacks such as ActiveRecord::Base#before_save or ActiveRecord::Base#before_create return false.

This can happen accidentally. For example:

class MyModel < ActiveRecord::Base
  before_save :assign_default_foo

  def assign_default_foo
    self.foo = false

Since assign_default_foo leaves a false value on the stack, the model will not be saved. A way around this is to simply leave nil or an empty return instead:

class MyModel < ActiveRecord::Base
  before_save :assign_default_foo

  def assign_default_foo
    self.foo = false
June 3, 2009 - (<= v2.3.2)
0 thanks

multi scope to sql

validates_uniqueness_of :name, :scope => [:big_category_id, :small_category_id]

SELECT * FROM schedules WHERE (products.name = 'xxxx' AND products.big_category_id= 1 AND products.small_category_id = 1) LIMIT 1
June 2, 2009 - (v2.2.1 - v2.3.2)
1 thank

Do not create an [ ] method

I created a helper method to access some meta data using

def [](name)
  # do stuff

This breaks ActiveRecord behaviors. all belongs_to relations were broken


class Image
  belongs_to :album

i = Image.find :first
i.album_id # 1
i.album # nil

Album.find 1 # works

If you experience this behavior, you probably created a method that breaks the default systematics (like I did with the [ ] method)

June 1, 2009 - (v2.2.1 - v2.3.2)
2 thanks

Further To: Memoize will not cache singleton methods

er…it will:

Code example

class PersonType < ActiveRecord::Base
  class << self
    # Add the mixin here:
    extend ActiveSupport::Memoizable
    def mister
    memoize :mister
June 1, 2009
2 thanks

Make sure your action names don't step on any toes.

In my experience, if you ever have a controller action named “process”, your controller will cease to function, as there is both a class and instance method called process in ActionController::Base.

There are undoubtedly other action names that will cause conflicts, but this one is particular I’ve run into a number of times.

May 31, 2009
2 thanks

You can call several times

You can call it several times, like:

class Comment < ActiveRecord::Base
  validate :must_be_friends
  validate :must_be_awesome

or with several arguments:

class Comment < ActiveRecord::Base
  validate :must_be_friends, :must_be_awesome
May 22, 2009
0 thanks

Alternative Way to Handle

This plugin may also help solve the problem from the model side.

May 22, 2009 - (v2.0.0 - v2.1.0)
1 thank


In 2.2 and greater this has moved to ActiveSupport::Dependencies::Loadable#unloadable

May 19, 2009 - (v2.2.1 - v2.3.2)
2 thanks

How to set request parameters

On previous versions of TestRequest it was possible to set the request_parameters on the new action. This option is now gone, but it’s still possible to set the parameters after initialization.

Code example

request = ActionController::TestRequest.new
request.env["action_controller.request.request_parameters"] = { :foo => '42', :bar => '24' } 
May 15, 2009
0 thanks

script/generate can take table name

As far as I can tell script/generate will happily take the plural table name, at least in Rails 2.3.

May 12, 2009
2 thanks


Instead of disabling the CSRF check you can pass the authenticity_token field in your forms, eg:

<%= hidden_field_tag :authenticity_token, form_authenticity_token -%>
May 8, 2009
2 thanks

Using gmail SMTP server to send mail

If you’re running Rails >= 2.2.1 [RC2] and Ruby 1.8.7, you don’t need plugin below. Ruby 1.8.7 supports SMTP TLS and Rails 2.2.1 ships with an option to enable it if you’re running Ruby 1.8.7.

All You need to do is:

ActionMailer::Base.smtp_settings = {
  :enable_starttls_auto => true
May 7, 2009
0 thanks

RESTful actions

REST adds many constraints. It restricts your controllers to seven actions. Normally this is okay, but sometimes you need to add your own custom actions.


May 7, 2009 - (v2.2.1 - v2.3.2)
1 thank


Can someone add some more information to this?

May 6, 2009 - (>= v2.3.2)
1 thank

Formatted route helpers are gone

In Rails >= 2.3 you can’t use formatted_xxx url helpers anymore.

However, you can still pass a :format option to url helpers, eg:

articles_path(:format => :csv) # => /articles.csv
May 2, 2009 - (v2.0.0 - v2.3.2)
0 thanks

Setting name and id for select_tag

Sometimes you need to use select_tag instead of select (because you’re after more control or need to use optgroups, for example), but still want the id/name conventions that select would give.

In this case, all you need to do is set the first parameter to whatever would be produced by select, and it’ll take care of the id and name attribute automatically, and thus ensure the form data is parsed correctly after submission.

For example, if you want to do something like:

form_for :comment do |f|
 f.select :article_id ...

which would give a select tag with id of “comment_article_id” and a name attribute of “comment[article_id]”, which be parsed into the params hash of:

'comment' => {'article_id' => ...

you can instead do

form_for :comment do |f|
 select_tag 'comment[article_id]' ...

which will give the same id and name attributes for the select tag and hence the same params hash in the controller

May 2, 2009
0 thanks

Re: Find random record

How about if you wanted to find a random set of records instead of a singular record, what would be the best way?

Thank you

May 2, 2009
2 thanks

Re: Find random record

Ordering by RAND() is not a wise idea when you have a large table with lots of rows. Your database will have to calculate a different random value for every row in your database – O(N) – then sort the entire table by those values – O(N log N).

There are a number of better ways to get a random record from your table. Some examples:

  • If your table is not sparse, choose a random ID and get that row (or the nearest row):

rand_id = rand(Model.count)
rand_record = Model.first(:conditions => [ "id >= ?", rand_id]) # don't use OFFSET on MySQL; it's very slow
  • If your table is sparse, or does not have a primary key, consider adding an indexed column of random numbers between 0 and N. You can then order by this column quickly and choose a value using a method similar to the above example.

April 30, 2009
1 thank

Find random record

It’s as simple as:

Things.first(:order => 'RAND()')

Of course depending on your database it could be ‘RANDOM()’ or something similar.

April 30, 2009
2 thanks

Caveat and design hints regarding :counter_cache

(From Obie Fernandez/ The Rails Way, ISBN 978-0321445612. Thanks Obie!)

This caveat:

The value of the counter cache column must be set to zero by default in the database! Otherwise the counter caching won’t work at all. It’s because the way that Rails implements the counter caching behavior is by adding a simple callback that goes directly to the database with an UPDATE command and increments the value of the counter.

And these tips:

If a significant percentage of your association collections will be empty at any given moment, you can optimize performance at the cost of some extra database storage by using counter caches liberally. The reason is that when the counter cache attribute is at zero, Rails won’t even try to query the database for the associated records!

If you’re not careful, and neglect to set a default value of 0 for the counter cache column on the database, or misspell the column name, the counter cache will still seem to work! There is a magic method on all classes with has_many associations called collection_count, just like the counter cache. It will return a correct count value if you don’t have a counter cache option set or the counter cache column value is null!

April 30, 2009
0 thanks

attachments and implicit multipart

There is a small gotcha - this caught me up for a while.

If you are using implicit multipart mime types by naming your template xxx.text.html.erb and xxx.text.plain.erb, you will need to change your template name back to the original xxx.erb.

If you use the implicit template name, your attachment will be the only thing in the body of the message - it will ignore your template.

See the “Multipart email” section of the ActionMailer.base documentation.

April 30, 2009
0 thanks

Video tutorial

If you want to get up to speed with Rails’ caching and haven’t seen it already, definitely check out this video series on Scaling Rails:


April 29, 2009 - (<= v2.3.2)
1 thank

Including instance methods to JSON output

Use :methods parameter to include ActiveRecord instance methods to JSON output. :only and :except uses DB columns only.

@events.to_json(:include => { 
                  :images => { 
                    :only => [], :methods => [:public_url] }})

In the previous example events have multiple images and only public_url instance method is included in the JSON output.

April 28, 2009
1 thank

Moved to ActiveSupport::Inflector

This isn’t gone, it’s just been moved to the ActiveSupport module namespace.

See: ActiveSupport::Inflector#pluralize

April 28, 2009
3 thanks

Tip: Define from_param(...) as Opposite

Often when defining a to_param method, it’s handy to introduce an opposite method for decoding them. For example:

class User < ActiveRecord::Base
  def self.from_param(param)

  def to_param

While you can just as easily redefine the find() method, this may be confusing since the expectation is that find() works with numerical IDs, or whatever the key column is defined as.

April 28, 2009 - (>= v2.3.2)
6 thanks

A very thorough explanation of use

Ryan Daigle has a great article about 2.3’s new nest forms which does a really good job of explaining how to use this and some of the potential gotchas. Highly recommended:


April 27, 2009 - (>= v2.0.0)
0 thanks

has_one through belongs_to not working

code example:

class Company < ActiveRecord::Base
  has_many :route_lists

class RouteList < ActiveRecord::Base
  belongs_to :company
  has_many :routes

class Route < ActiveRecord::Base
  belongs_to :route_list
  has_one :company :through => :route_list

This creates an invalid SQL query, where the keys in the join between route and routelist are switched, when used as an include:

Routes.find :all, :conditions => ["companies.type = ?", "Account"], :include => :company

route_lists.route_list_id = route.id

instead of: route_lists.id = route.route_list_id

April 25, 2009
4 thanks

Set :use_route to nil to let Rails pick the best route

Imagine the following case. You have two landing pages, one generic one, and an account specific one. The urls are as follows:

map.landing 'landing', :controller => 'landing', :action => 'index'
map.account_landing 'accounts/:account_id/landing', :controller => 'landing', :action => 'index'

Now imagine you want a path to the landing page, using the most specific route possible. If you have an account_id, use it, if not, skip it.

You could do

url_for(:controller => 'landing', :action => 'index', :account_id => current_account)

If current_account is set you’ll get “/accounts/:account_id/landing” if not, you’ll get “/landing”. However, that just looks ugly.

Enter :use_route => nil.

landing_path(:account_id => nil)                    # => '/landing'
landing_path(:account_id => 1)                      # => '/landing?account_id=1'
landing_path(:account_id => nil, :use_route => nil) # => '/landing'
landing_path(:account_id => 1, :use_route => nil)   # => '/accounts/1/landing'

Setting :use_route to nil, is equivalent to the earlier #url_for example.