Check if ActiveRecord object is valid with params before updating to Database

To update the attributes without saving them, you can use

@obj.assign_attributes( params[:obj] )

Then to check if the object is valid, you can call

@obj.valid?

If the object is not valid, you can see the errors (only after calling .valid?) by calling

@obj.errors

If the object is valid, you can save it by calling

@obj.save

However, all of this usually isn't necessary. If the object isn't valid, then ActiveRecord won't save the object to the database, so all of the attribute changes are forgotten when you leave the controller action.

Also, since an invalid record won't be saved to the database, you can always just call Object.find() again to get the original object back.

Simple, user-friendly cancel links for your Rails forms

The default Rails view generator includes back links on form-related view templates, so if users change their mind they can easily get out of the form and on to something else. However, these links are static. What do you do if you allow users to access the form from multiple views (say, an index and a show).

Here’s a simple but effective solution I came up with: Instead of passing a static URL, I pass the HTTP referrer environment variable as the location. That way users are taken back to the page from which they opened the form to begin with.

Here’s how it works. Most of the code resides in the application_helper.rb file:

  module ApplicationHelper
    include Rails.application.routes.url_helpers

    def cancel_link
      return link_to 'Cancel', request.env["HTTP_REFERER"], 
        :class => 'cancel', 
        :confirm => 'Are you sure? Any changes will be lost.'
    end
  end

You’ll need to include Rails.application.routes.url_helpers in order to access link_to from a helper method. Then you add the helper method itself, which does nothing more than return a cancel link. Mine uses an old-style :confirm message; you can spruce it up with some less obtrusive if you’d like.

If I need a cancel link in a view, I just add

  <%= cancel_link %>

The result: a flexible, reusable cancel option that’s much more user-friendly.

Irreversible Migrations in Ruby on Rails

In Rails 2 in migrations there were only 2 methods: up and down. They are called on running migrations up and down respectively with rake tasks rake db:migrate and rake db:rollback.

In Rails 2

def up
add_column :users, :active, :boolean User.update_all(active: true) end

def down remove_column :users, :active end

Rails 3 produced us great method change which allowed us to write there code which creates a table and drops the table automatically on rolling migration back. But unfortunately there was a problem – you didn’t have opportunity to say “don’t run this peace of code on down but run this only on up”. So the solution was just to use old syntax. 

Migration to rename an ActiveRecord model and its table in Rails

In Rails 3.1+ ActiveRecord::Migration::CommandRecorder knows how to reverse rename_table migrations, so you can do this:

class RenameOldTableToNewTable< ActiveRecord:Migration
    def change
        rename_table :old_table_name, :new_table_name
    end 
 end

You need to rename the model declaration files manually.

Rename a Database column using Rails migration

You need to create a separate migration to do this.

rails g migration FixColumnName

class FixColumnName < ActiveRecord::Migration
  def change
    rename_column :table_name, :old_column, :new_column
  end
end

---

If you happen to have a whole bunch of columns to rename, or something that would have required repeating the table name over and over again.

rename_column :table_name, :old_column1, :new_column1
rename_column :table_name, :old_column2, :new_column2
...

You could use change_table to keep things a little neater.

class FixColumnNames < ActiveRecord::Migration
  def change
    change_table :table_name do |t|
      t.rename :old_column1, :new_column1
      t.rename :old_column2, :new_column2
      ...
    end
  end
end

Understanding attr_accessible – Secure Your Rails Application

What is the attr_accessible directive ?

So, when you open up your devise User model, and you notice a line similar to that :

attr_accessible :username, :email, :password

The first thing that is important to know about, if you don’t really, is that attr_accessible is simply an instance method, a function as most non-ruby programmers would name. This is actually a part of ActiveModel::MassAssignmentSecurity::ClassMethods, which already some something about its usage. It’s there to prevent mass assignment security attacks.
But what exactly is that ?

 In Ruby on Rails, a mass assignment is when you save more than one attributes of a model to your database. For instance :

current_user.save current_user.update_attributes(...) current_user.update_attribute(...)   <- THIS IS NOT A MASS ASSIGNMENT

Counter Cache in Rails - Performance Tuning

If you need to display the record count for a has_many association, you can improve performance by caching that number in a column.

Below we have an application that shows a list of projects along with the number of tasks that each project has.

Use Belongs_to With Presence Validator

Assume we have two models: User and Image. User has one image and image belongs to user. The code below:

class User < ActiveRecord::Base
  has_one :image
end

class Image < ActiveRecord::Base
  belongs_to :user
end

Now we want to add validation for image to check if user is there or not.

class Image < ActiveRecord::Base
  belongs_to :user
  validates :user, :presence => true
end

So by adding just one line whenever you are trying to save image object, it will fire a query with respect to the user_id to check weather that user exists or not. In case user doesn’t exits “image.save” with return an error.

How to Optimize Image Uploaded via Paperclip

Here is an another gem to reduce the size of the paperclip uploaded image.

    gem "paperclip-compression","~> 0.1.1"

Usage

    class User < ActiveRecord::Base
             has_attached_file :avatar,
              :styles     => { :medium => "300x300>", :thumb => "100x100>" },
              :processors => [:thumbnail, :compression]
    end

we can optimize this code as:

Boot your Rails development server and console faster than ever.... Use Zeus

How Zeus works?

Zeus preloads your Rails app so that your normal development tasks such as console, server,generate, and specs/tests take less than one second.

Install

Install the gem.

gem install zeus

Difference b/w Rails 2 and Rails 3

Now a days Rails 3.2 version is going on. I am going to write some difference between in Rails 2.x and 3.x.

1. Some command line syntax has been changed in Rails 3.x like as

•  rails generate instead of rails script/generate
•  rails server instead of ruby server

 2. Introduction of bundler (New way to manage your gem dependencies)

       - Rails 3.x has bundle concept (Gem File) while Rails 2.x does not have

Observers in Rails 3

Rails observers are sweet, You can observe multiple models within a single observer

First, you need to generate your observer:

rails g observer Auditor

Then, in your fresh auditor_observer.rb file define the models you wish to observe and then add theafter_create callback.

class AuditorObserver < ActiveRecord::Observer

   observe :model_foo, :model_bar, :model_baz

   def after_create(record)
    #do something with `record`
   end
end

How can you safeguard a rails application from SQL injection attack?

Rails already has the logic built into it to prevent SQL injection attacks if you follow the right syntax. 

Say you are trying to authenticate a user based on their login and password you might be tempted to use a syntax as below:

User.first("login = '#{params[:name]}' AND password = '#{params[:password]}'")

If an attacker enters ’ OR ‘1’=‘1 as the name, and ’ OR ’2’>’1 as the password, the resulting SQL query will be:

 SELECT * FROM users WHERE login = '' OR '1'='1' AND password = '' OR '2'>'1' LIMIT 1 

This will simply find the first record in the database, and grants access to this user.

To prevent this type of SQL injection simply use the following format.

  User.where("login = ? AND password = ?", entered_user_name, entered_password).first

OR

User.where(:login => entered_user_name, :password => entered_password).first