rails 3 and the real secret to high productivity presentation
TRANSCRIPT
Rails 3 ..and the real secret to high productivity
52004 - 2009
"You may have noticed that pretty much everyone in
the Ruby camp are insultants with many of them being
book authors attempting to capitalize on hype." James McGovern
We’re still here
The philosophy of Rails 3
The progress of Rails 3
New routerFaster
Route by subdomains, user agents, more
Route to other Rack machinery
map.with_options(:controller => "sessions") do |sessions| sessions.login "login", :action => "new", :conditions => { :method => :get } sessions.connect "login", :action => "create", :conditions => { :method => :post } sessions.logout "logout", :action => "destroy", :conditions => { :method => :post }end
controller :sessions do match 'logout', :via => :delete, :to => :destroy, :as => :logout match 'login' do get :new, :as => :login post :create endend
map.resources :projects, :controller => 'project' do |projects| projects.resources :attachments projects.resources :participants, :collection => { :update_all => :put } projects.resources :companies, :has_many => :people, :has_one => :avatarend
resources :projects, :controller => :project do resources :attachments resources :participants do put :update_all, :on => :collection end resources :companies do resources :people resource :avatar endend
XSS protection
<%= comment.body %>
<%=h comment.body %>
<%# => "I've hacked you good! <script>" %>
<%# => "I've hacked you bad! <script>" %>
<%= comment.body %>
<%=raw comment.body %>
<%# => "I've hacked you good! <script>" %>
<%# => "I've hacked you bad! <script>" %>
def safe_helper(text) content_tag(:div, text) + tag(:br)end
def needs_to_be_marked_safe_helper(text) (content_tag(:div, text) + "<br/>").html_safe!end
JavaScript goes
unobtrusive & agnostic
<%= link_to_remote "Delete", :url => @comment, :method => :delete %>
<a href="#" onclick="new Ajax.Request('/comments/1', {asynchronous:true, evalScripts:true, method:'delete'}); return false;">Destroy</a>
<%= link_to "Delete", @comment, :remote => true, :method => :delete %>
<a href="/comments/1" data-remote="true" data-method="delete">Destroy</a>
<% remote_form_for(@comment) do %>
<form action="/comments" class="new_comment" id="new_comment" method="post" onsubmit="new Ajax.Request('/comments', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;">
<% form_for(@comment, :remote => true) do %>
<form action="/comments" class="new_comment" id="new_comment" method="post" data-remote="true">
<%= link_to "Delete", @comment, :method => :delete %>
<a href="/comments/1" onclick="var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;var m = document.createElement('input'); m.setAttribute('type', 'hidden'); m.setAttribute('name', '_method'); m.setAttribute('value', 'delete'); f.appendChild(m);f.submit();return false;">Destroy</a>
<a href="/comments/1" data-method="delete">Destroy</a>
<%= link_to "Delete", @comment, :method => :delete, :confirm => "Are you sure?" %>
<a href="/comments/1" onclick="if (confirm('Are you sure?')) { var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;var m = document.createElement('input'); m.setAttribute('type', 'hidden'); m.setAttribute('name', '_method'); m.setAttribute('value', 'delete'); f.appendChild(m);f.submit(); };return false;">Destroy</a>
<a href="/comments/1" data-method="delete" data-confirm="Are you sure?">Destroy</a>
$(document.body).observe("click", function(event) { var element = event.findElement("a['data-remote']"); if (element) { var method = element.readAttribute("data-method") || "get"; new Ajax.Request(element.readAttribute("href"), { method: method }); event.stop(); }});
More agnosticismAction ORM
Generators
The great refactoringAbstract Controller + Action Dispatch
Action Relation underpins Active Record
Cherry picking from Active Support
Speedy callbacks
The real secret to high productivity
Renegotiate requirements
“Sure, whatever”
Stakeholders every where
“I don’t know how”“It’s just too hard”“I’d be bored senseless”“That would kill the abstraction”
Programmer
Partner
Questions?