2) Strong parameters takes a while to get used to from the old attr_accessesible way of doing things. That being said, I think it's worth it to learn it. It prevents a lot of conditional attr_accessible :blah, :as => :admin that goes on. The one thing I'd say is if you are going to use strong parameters, you might want to install a gem like Annotate so you can keep track of your attributes in the models. Sure you can just look in Schema.rb, but tabbing back and forth gets to be kind of a pain.
3) Secrets.yml is great, no more worrying about adding your config.secret_token to the .env file when generating every single project.
4) Mail Preview is nice, but for some reason I still seem to use Mailcatcher mostly to view / see how emails render out. Think this is mostly me sticking to my own ways.
5) ActionController::Live still feels pretty half baked. The fact that most examples / tutorials on the web still use the default example of:
response.stream.write "hello world\n"
The biggest problem I've had is that some gems that we used frequently would break because they weren't Rails 4 ready. We use ActiveAdmin pretty frequently in our client apps, and it's worked for a while, but it's always been on a custom branch and still had some issues that were just recently fixed. YMMV for gems that your app relies on in terms of what will break and what will work.
Yes, but I still prefer Figaro, which makes it super easy to configure an app on Heroku, especially when the app has multiple environments on Heroku:
$ rake figaro:heroku[my-app-staging]
$ rake figaro:heroku[my-app-production]
- Foreman is great because you'll get parity with how Heroku runs things (they use the same Procfile and read a .env file). Plus, if you have separate workers, then you can easily boot up your app.
- Dotenv is drop-in for Rails and supports .env usage outside of foreman.
- The heroku-config plugin is great because it works throughout your system and can also pull down the current config from Heroku.
Settings are configured in Ruby, split into separate files/groups, are easily overwritten per-Rails-env and per-particular-installation, in development environment they are reloaded automatically after a setting is added etc.
Theoretically I suppose YAML is supposed to be a human-editable data format, but after trying to get translators to translate app strings in YAML format I decided that YAML is worthless as anything except an interchange format, and even there, primarily for Ruby because of its rich semantics.
Does Heroku even support the secrets.yml file at the moment?
How is adding config.secret_token to secrets.yml, which you're going to keep out of version control, so much better than adding config.secret_token to .env, which you're also going to keep out of version control? Both files need to be lugged around.
Secrets.yml is a one-toe-in-the-water solution. I hope next minor release we will just have dotenv in Rails for real.
As is, you need to remember to dig through all your initializers and copy out all the tokens (Devise, Omniauth, etc) and put them in a .env file
The environment variable pattern comes to most rails setups from Heroku (whether directly or inspired by it), not from the rails core team.
On a side note: we avoid ActiveAdmin like the plague for the very reason that you specify here; our experience upgrading it between Rails versions has been terrible. We use our own simpler admin 'scaffolding' instead - https://github.com/SquareMill/generic_admin_controller/tree/...
I'm currently happy not to be on AA, it seems it would have held a lot of development back. AA ties you down to a lot of stuff that might break in the future.
I think it's a great gem if you're starting with rails or need a quick admin backend of your models (when your site is mostly frontend). If you're looking for a true backend that needs some degree of custimization I woudn't risk it.
It is very half-baked. I put it into a production system and had tons of headaches.
Sometimes the streaming reply worked, sometimes it hung, sometimes it crashed. After a few days of pain I rewrote it in Node (which is a shame since the rest of the code is in Ruby). Worked 100% first try, no handholding.
I don't care whose fault it is. ActionController::Live should be turned off until it's more stable.
slaps head I was doing that by hand - lol.
1. It saves values as integers in the database, meaning that removing properties involves explicit setting, and reordering them requires custom migration code.
2. "Avoid using the same names inside different enums in the same class! Doing so will leave Active Record very confused!"
That's right, we can't use the same enum name to two different fields because ActiveRecord might get confused. That's kind of poor, isn't it?
3. Having to pass a macro that'll return the right integer instead of the symbol itself? Really?
This all seems really unwieldy, especially in the face of Enumerize(https://github.com/brainspec/enumerize). It's got none of these caveats. Is there some strength to the Rails enums that Enumerize doesn't capitalize on, other than size constraints by using Int instead of String?
Anyone have major issues going from 3.2 -> 4? I've heard horror stories about 2 -> 3, but I didn't pick up Rails myself until 3.x so I don't have firsthand experience.
The biggest change I see is attr_accessible to strong_parameters. Does that mean I need to go through and rewrite all our models and controllers before we can update?
* Strong parameters means you're going to have to figure out what everything needs for params or break down and call permit! where acceptable. If anyone got crazy with attribute metaprogramming bullshittery, you're in for fun.
* The deep_munge part of strong parameters has some strong opinions about how it should do its job. The code is there to prevent attacks where unusual user input is handed directly to ActiveRecord and interpreted by it. One special case to look out for is that it will rewrite a (JSON-supplied) empty array into nil, which makes life fun if your API happens to put some semantic meaning on nil vs. empty arrays.
* The new restrictions on routing verbs are good stuff, but I can almost guarantee that something was getting away with using the wrong verb before.
* XML parameter parsing has been extracted to a plugin. For some reason XML generation wasn't, but if people are sending you XML data you'll need this: https://github.com/rails/actionpack-xml_parser
That's all I can think of off the top of my head.
In response to this:
> Does that mean I need to go through and rewrite all our models and controllers before we can update?
Not really, no. As a first step we rewrote all of our attr_accessible usage into model class-level constants we could run through strong_parameters. Eventually those moved out of the model, but it was good enough to get going. Example:
# Rails 3.2
class Foo < ActiveRecord::Base
attr_accessible :name, :bar, :whatever
attr_accessible :name, :bar, :whatever, :approved, :as => :admin
# Rails 4.0
UPDATEABLE_ATTRIBUTES = [:name, :bar, :whatever]
ADMIN_UPDATEABLE_ATTRIBUTES = UPDATEABLE_ATTRIBUTES + [:approved]
The upgrade guide is pretty solid, and I imagine it mostly applies for Rails 4.1 as well: http://guides.rubyonrails.org/upgrading_ruby_on_rails.html#u...
I spent most of my time updating app config. For several of my 3.2 apps, I started using strong_parameters, so it wasn't a leap for me. Another app I have on 4.0 is using the https://github.com/rails/protected_attributes to retain the existing attr_accessible behavior until I get time to update.
Hope that helps!
I have not personally migrated any of my code to Rails 4 from 3.2 yet but the transition will be far smoother than 2.3->3 was.
 - https://github.com/rails/protected_attributes
So yea, the biggest problem was upgrading to Rails4 and getting the Gems to work- many of which had large structural changes in the Rails4 versions. For instance, Devise changed how they handle tokens in the Mailers, etc.
We have a very large App and it took us about 2 months part-time work to migrate fully to Rails4 - of that I'd say about 70-75% of the work was a combination of rewriting strong_parameters/attr_accessible stuff and updating/monkey patching Gems to get them working. But we did go really far, we removed all the stuff that generated deprecated warnings and removed all the "migration helper gems" like "protected_attributes". So if your project doesnt depend on many gems it could be really easy especially if you dont care about using the helper gems like protected_attributes until you get around to rewriting things.
Google fu yields http://stackoverflow.com/questions/17371334/how-is-attr-acce...
Depending on how your test suite is set up (if you have one) there may need to be some sweeping changes there. When we migrated we had to switch from our should syntax to the expect s syntax.
I can't remember anything else that was super crazy.
But, you can in theory use the Protected Attributes gem to aid migration with less rewrite.
It reminds me of when Wordpress gave one of their milestone releases the code-name Django. They actually changed it to "Rheinhardt" after the initial release because of the confusion it was causing.
In this case it's even worse. Giving a component of a web framework the same name as a different, in a sense competing, framework is just plain silly.
The variants thing is interesting ... I'm assuming its an alternative to rendering a responsive/mobile-first view (on a view-by-view basis). I'm sure there are plenty of use-cases but I don't like the prospect of having to update yet-another-set-of-layouts-and-views.
That's why, when you design a responsive website, you're supposed to think / work out mobile first.
Hoping to detect all mobile devices out there based on their http request is no wiser.
After working on responsive websites for about 2 years now, I feel that variants is the way to go with Mobile designs.
You flesh out something lightweight for mobile and then another for tablet + desktop + whatever.
Otherwise your mobile display is needlessly large.
1013 runs, 351 assertions, 6 failures, 832 errors, 0 skips
Edit: Actually easier than I thought; about 10 minutes to figure out the cause and remove a surplus gem, and we're all green. Cool.
Larger apps end up being more SOA than monolithic, I suppose. Rails can usually play a part in these, but in my experience it's usually a win to start fragmenting an app into services once it gets beyond a certain size and complexity.
Here's a Rails 4.1.0 starter kit that's production ready and full featured: https://github.com/starterkits/rails4-starterkit
Most starter kit apps help get developers up and running in a development environment but leave a big gap between dev and production. Sometimes this is good, but a lot of web apps are very similar.
I got tired of rewriting authentication systems, configuring gems, and repeating the same tasks for each project. Even if you use Devise and similar gems, you still have to do a lot of work to create a good UX and integrate OAuth. And then you have to dig through each gem's documentation to make sure it's configured properly for a production environment.
The rails4-starterkit is basically my dumping ground for tips, tricks, and production tuning settings for Rails 4.1. You'll still need to make adjustments for your own app, but it's a much better starting point for cranking out weekend or freelance projects.
I'm also open sourcing my node starter kits, but they're much earlier on in development and better node projects already exist.
I thought the Rails 'starter kit' was `rails new my_app_name`
If you know of other solid starter app projects, I'm happy to fork them and make them discoverable in https://github.com/starterkits. It's meant to be a community project. I just haven't had any time to promote it.
Open an issue or pull request when you get your generators working, and I'll happily link to your project. Always good to give people options.
If you run into any issues, just open an issue on the project and I'll do what I can to help.
Also, there are 5 starter apps for Rails 4.1 from Rails Composer:
A massive thank you to the Rails team for their time and commitment towards making the best web framework on the web even better!
Concerns never did anything for reducing real complexity in the first place, except improve code geography, and now we don't even have to bother with that. Yay.
Colors, fontsizes, margins, etc. on preview to get it right - then email clients to perfect it.