1. Filter
Filters enable controllers to run shared pre- and post-processing code for its actions. These filters can be used to do authentication, caching, or auditing before the intended action is performed. Or to do localization or output compression after the action has been performed. Filters have access to the request, response, and all the instance variables set by other filters in the chain or by the action (in the case of after filters).
Filter的功能很强大,包括before filter,after filter和aroud filter;filter的类型可以是一个方法,一个proc,也可以是一个类或者对象;filter还可以定制顺序,成为filter chain。
具体详情还是请见:http://api.rubyonrails.org/classes/ActionController/Filters/ClassMethods.html
Filter的顺序
有时候我们会关心filter之间的顺序。比如我们定义了一个transaction filter(around filter),这个filter的作用是在非get的请求上包一个transaction,以保证数据的一致性。
如果我们还定义了一个after filter,它会插入一些新数据或者对数据做一些变更。我们同样希望它能在transaction内,这时候filter之间的顺序就很重要。
对同一类filter,Rails可以定制它们的顺序(请见http://api.rubyonrails.org/classes/ActionController/Filters/ClassMethods.html )。但对不同类filter之间的顺序,rails并没有提供api来定制它们的顺序。就比如上面所提到的一个around filter和一个after filter之间的顺序。
根据观察,它们之间的顺序应该跟声明顺序有关:声明越在前的filter越在filter chain的内部。以上面那个为例,如果transaction filter先于OneAfterFilter定义:
OneBeforeFilter#before TransactionFilter#before # run the action TransactionFilter#after OneAfterFilter#after
Transaction并没有把OneAfterFilter包括在内。但这没有保证。所以在使用需要明确顺序的filter时要注意。
2. Ajax redirect?
不要奢望用normal http response的那种方式来redirect(通过response header),ajax的机制是不一样的,看看下面这段:
XMLHttpRequest (XHR ) is a DOM API that can be used inside a web browser scripting language , such as JavaScript , to send an HTTP or an HTTPS request directly to a web server and load the server response data directly back into the scripting language [ 1] . Once the data is within the scripting language, it is available as both an XML document, if the response was valid XML markup [ 2] , and as plain text [ 3] . The XML data can be used to manipulate the currently active document in the browser window without the need of the client loading a new web page document. Plain text data can be evaluated within the scripting language to manipulate the document, too; in the example of JavaScript, the plain text may be formatted as JSON by the web server and evaluated within JavaScript to create an object of data for use on the current DOM.
那如何在ajax response中实现redirect?rails的代码很简单:
render :update do |page| page.redirect_to some_path end
背后的实现:
def redirect_to(location) # some other code record "window.location.href = #{url.inspect}" end
3. ActionController::Streaming
Methods for sending files and streams to the browser instead of rendering.
http://guides.rubyonrails.org/action_controller_overview.html#streaming-and-file-downloads
特别注意到上面这个页面中提及的RESTful url的例子,对于下载一个client的pdf的行为,并不需要定义一个新的action:
class ClientsController < ApplicationController # The user can request to receive this resource as HTML or PDF. def show @client = Client.find(params[:id]) respond_to do |format| format.html format.pdf { render :pdf => generate_pdf(@client) } end end end
在config/initializers/mime_types.rb :注册一种mime type:
Mime::Type.register "application/pdf", :pdf
url请求:
GET /clients/1.pdf
4 . render :partial => 'shared/search', locals => {:objects => ... }
Why do we need locals ? Partial is designed for reuse , so, you donot have to have the same name instance variable in your action, and locals make the reuse possible.
5. respond_to
respond_to do |format| format.html # do nothing, allow Rails to render index.rhtml format.js # do nothing, allow Rails to render index.rjs format.xml { render :xml => @some_thing.to_xml } end
根据HTTP头部的Accept-Type值进行相应操作。
6. Security
在ApplicationController里面有一句
# See ActionController::RequestForgeryProtection for details # Uncomment the :secret if you're not using the cookie session store protect_from_forgery # :secret => 'aacb6ea3f7484b1a5b56c2d8f45121c3'
这是对Cross-site request forgery 的一种防御。
对于由rails的一些html helper方法生成的html里面(比如form_for等post相关的html),会自动加上一个hidden的参数authenticity_token:
<% form_for @user do |f| -%> <%= f.text_field :username %> <%= f.text_field :password -%> <% end -%>
<form action="/users/1" method="post"> <input type="hidden" value="67250ab105eb5ad10851c00a5621854a23af5489" name="authenticity_token"/> <!-- fields --> </form>
对于不能自动生成的地方,可以用form_authenticity_token方法生成 authenticity_token。
7. Access controller information in views.
controller.controller_path => Converts the class name from something like "OneModule::TwoModule::NeatController" to "one_module/two_module/neat".
controller.controller_name => Converts the class name from something like "OneModule::TwoModule::NeatController" to "neat".
controller.controller_class_name => Converts the class name from something like "OneModule::TwoModule::NeatController" to "NeatController".
Of course, you can access this in the controller directly.
8. Parameters
Rails对get和post请求的参数并不做区分。
Rails对Array和Hash类的参数有很方便的支持:
GET /clients?ids[]=1&ids[]=2&ids[]=3
<form action="/clients" method="post"> <input type="text" name="client[name]" value="Acme" /> <input type="text" name="client[phone]" value="12345" /> <input type="text" name="client[address][postcode]" value="12345" /> <input type="text" name="client[address][city]" value="Carrot City" /> </form>
Prameter还有另外一种形式,routes中的parameter。这种参数出现在url中,但不跟上面query string的参数一样:
map.connect "/clients/:status"
另外,我们有时候需要给每个url都加上一个默认参数:
class ApplicationController < ActionController::Base # The options parameter is the hash passed in to 'url_for' def default_url_options(options) {:locale => I18n.locale} end end
9. Session
http://guides.rubyonrails.org/action_controller_overview.html#session
介绍了几种session存储方式,以及如何配置session存储方式:
# Use the database for sessions instead of the cookie-based default, # which shouldn't be used to store highly confidential information # (create the session table with "rake db:sessions:create") # ActionController::Base.session_store = :active_record_store
最重要的,介绍了CookieStore这种方式:
# Your secret key for verifying cookie session data integrity. # If you change this key, all old sessions will become invalid! # Make sure the secret is at least 30 characters and all random, # no regular words or you'll be exposed to dictionary attacks. ActionController::Base.session = { :key => '_yourappname_session', :secret => '4f50711b8f0f49572...' }
同时,提到session的获取是一种lazy load的方式,所以不需要因为性能问题在任何时候关闭。
10. Cookie
http://guides.rubyonrails.org/action_controller_overview.html#cookies
介绍了cookie的add和remove,跟session一样,它也可以像一个hash一样处理。
11. Verification
http://guides.rubyonrails.org/action_controller_overview.html#verification
class LoginsController < ApplicationController verify :params => [:username, :password], :render => {:action => "new"}, :add_flash => { :error => "Username and password required to log in" }, :only => :create # Run only for the "create" action end
12. Rescue
匹配exception和错误页面。
http://guides.rubyonrails.org/action_controller_overview.html#rescue
13. head
returns a response that has no content (merely headers): http://api.rubyonrails.org/classes/ActionController/Base.html#M000660