Rails 3

..and the real secret to high productivity

5
2004 - 2009
"You may have noticed that pretty much everyone in
the Ruby camp are insultants with many of them being
book authors attempting to capitalize on hype."
James McGovern
We’re still here
The philosophy
of Rails 3
The progress
of Rails 3
 New router
Faster
Route by subdomains, user agents, more
Route to other Rack machinery
 map.with_options(:controller => "sessions") do |sessions|
sessions.login "login", :action => "new", :conditions => { :method => :get }
sessions.connect "login", :action => "create", :conditions => { :method => :post }
sessions.logout "logout", :action => "destroy", :conditions => { :method => :post }
end

controller :sessions do
match 'logout', :via => :delete, :to => :destroy, :as => :logout

match 'login' do
get :new, :as => :login
post :create
end
end
map.resources :projects, :controller => 'project' do |projects|
projects.resources :attachments
projects.resources :participants, :collection => { :update_all => :put }
projects.resources :companies, :has_many => :people, :has_one => :avatar
end

resources :projects, :controller => :project do

resources :attachments

resources :participants do
put :update_all, :on => :collection
end

resources :companies do
resources :people
resource :avatar
end
end
XSS protection
<%# => "I've hacked you good! <script>" %>
<%= comment.body %>

<%# => "I've hacked you bad! &lt;script&gt;" %>

<%=h comment.body %>

<%# => "I've hacked you good! &lt;script&gt;" %>

<%= comment.body %>

<%# => "I've hacked you bad! <script>" %>

<%=raw comment.body %>
def safe_helper(text)
content_tag(:div, text) + tag(:br)
end

def needs_to_be_marked_safe_helper(text)
(content_tag(:div, text) + "<br/>").html_safe!
end
 JavaScript goes
unobtrusive & agnostic
<%= link_to_remote "Delete", :url => @comment, :method => :delete %>

<a href="#" onclick="new Ajax.Request('/comments/1', {asynchronous:true,

evalScripts:true, method:'delete'}); return false;">Destroy</a>

<%= link_to "Delete", @comment, :remote => true, :method => :delete %>

<a href="/comments/1" data-remote="true" data-method="delete">Destroy</a>

<% remote_form_for(@comment) do %>

<form action="/comments" class="new_comment" id="new_comment"

method="post" onsubmit="new Ajax.Request('/comments',
{asynchronous:true, evalScripts:true,
parameters:Form.serialize(this)}); return false;">

<% form_for(@comment, :remote => true) do %>

<form action="/comments" class="new_comment"

id="new_comment" method="post" data-remote="true">
<%= link_to "Delete", @comment, :method => :delete %>

<a href="/comments/1" onclick="var f =

document.createElement('form'); f.style.display = 'none';
this.parentNode.appendChild(f); f.method = 'POST'; f.action =
this.href;var m = document.createElement('input');
m.setAttribute('type', 'hidden'); m.setAttribute('name',
'_method'); m.setAttribute('value', 'delete');
f.appendChild(m);f.submit();return false;">Destroy</a>

<a href="/comments/1" data-method="delete">Destroy</a>

<%= link_to "Delete", @comment, :method => :delete, :confirm
=> "Are you sure?" %>

<a href="/comments/1" onclick="if (confirm('Are you sure?'))

{ var f = document.createElement('form'); f.style.display =
'none'; this.parentNode.appendChild(f); f.method = 'POST';
f.action = this.href;var m = document.createElement('input');
m.setAttribute('type', 'hidden'); m.setAttribute('name',
'_method'); m.setAttribute('value', 'delete');
f.appendChild(m);f.submit(); };return false;">Destroy</a>

<a href="/comments/1" data-method="delete" data-

confirm="Are you sure?">Destroy</a>
$(document.body).observe("click", function(event) {
var element = event.findElement("a['data-remote']");
if (element) {
var method = element.readAttribute("data-method") || "get";
new Ajax.Request(element.readAttribute("href"), { method:
method });
event.stop();
}
});
More agnosticism
Action ORM
Generators
The great refactoring
Abstract Controller + Action Dispatch
Action Relation underpins Active Record
Cherry picking from Active Support
Speedy callbacks
 The real secret
to high productivity
 Renegotiate
requirements
“Sure, whatever”
Stakeholders every where
“I don’t know how”
“It’s just too hard”
“I’d be bored senseless”
“That would kill the abstraction”
Programmer
Partner
Questions?