1 Remove old values from config files

  1. DELETE config.active_record.whitelist_attributes
  2. DELETE config.active_record.mass_assignment_sanitizer
  3. DELETE config.active_record.auto_explain_threshold_in_seconds
  4. CHANGE config.serve_static_assets TO config.serve_static_files
  5. SET config.eager_load TO false (dev and test), true (production)

2 Add secrets.yml

See the ruby upgrade guide for exact details

3 In your models and controllers

  1. Remove attr_accessible statements in your models. Control of which model attributes can be updated has moved from the model to the controller. This feature is known as Strong Parameters.
  1. Add the attributes as strong parameters in your controllers

3.1 Example Before

attr_accessible :name, :title



def new
  @person = Person.new(new_person_params)

def update
  if @person.update(person_params)

def new_person_params

def person_params
  params.require(:person).permit(:name, :title)

Note: different actions can permit different sets of attributes, or all actions can share a single set of permitted attributes. In the example above the create action can only set the person’s name, while the update action can set the name and title.

4 In Engines and Extensions

4.1 In admin controllers

If your app or extension uses Refinery’s crudify you must define a strong parameters method, as crudify will call it (whether you need it nor not). It can be a no-op, thus:

def mymodel_params

4.2 No more dashboard

The Refinery dashboard has gone.

From engine.db remove the code which linked to the dashboard and avoid the deprecation notice.

plugin.activity = {...}

4.3 FriendlyId Changes

In order to continue allowing .find(id) to work:

friendly_id :title, use: :slugged

needs to become:

friendly_id :title, use: [:slugged, :finders]

There are also some other major changes in friendly_id

5 Refinery Upgrade

run rails generate refinery:cms --update

(this will run rake db:migrate and rake db:seed)

6 If you are using Refinerycms-blog

run rake acts_as_taggable_on_engine:install:migrations

7 If you are using Devise

See refinerycms-authentication-devise

8 Check files that you have over-ridden Check your app for any Refinery files that you may have over-ridden. Compare them to the new Refinery files

  1. Do you still need to override them?
  2. Are there changes you need to include in your copy of the file?
  3. Is there another way of making your change without overriding?

Making changes to Refinery’s default behavour using presenters and decorators will make future upgrades easier as your changes are separate from Refinery itself.

9 Refinery::Search changes

In application.rb DELETE

config.to_prepare do
  Refinery.searchable_models = Refinery::Page

CREATE config/initializers/refinery/search.rb with an entry similar to the following

Refinery::Search.configure do |config|
  config.enable_for = ['Refinery::Page']

9.1 Search Route

  1. The url helper method has been renamed from refinery.search_path to refinery.search_root_path
  2. The search method has changed from POST to GET

More information in refinerycms-search documentation