DEV Community: Brian Waddell

08-08-2023

Brian Waddell — Wed, 08 Nov 2023 16:56:49 +0000

Hello Everyone, I am still learning all about Ruby. I am getting a hang of the if else statements which are very helpful conditions to use. It seems as though a lot of the problems I encounter can be solve with using an if statement block.I am learning that these conditionals are used by developers most of the time. I am starting to understand why.

What I Learned Today

Brian Waddell — Wed, 08 Nov 2023 16:56:09 +0000

What I learned today
With ruby you can combine more than one method together. This idea helped me pass a test to encode. I used the substitute method .gsub I was able to call the gsub method more than once on a variable secret. I was also able to use .to_s method to turn my number codes into strings. For example I used secret.gsub("a", 1.to_s).gsub(ect.) this form was legal for me to do. I was surprised it worked but I have found that ruby is a user friendly lang. that is thought with programmers in mind. I am really happy to have learned lots of things with Ruby and I am sure I will continue to learn more about this amazing programming lang.

Learning all About Ruby

Brian Waddell — Wed, 01 Nov 2023 15:11:41 +0000

Today I learned about a Ruby Gem called pundit. Pundit revolves around the idea of policies. The idea is that we want to encapsulate all knowledge about who can do what with a particular object, in my case, I wanted to control who can interact with a photo inside instance method. So I created a photo policy class that would allow me to setup rules for how a user interacts with a photo. Who can delete a photo or edit a photo.
Here’s just some of the security issues that were addressed:

A user could edit any other user’s photos, captions, and comments, including deleting them
A user could see, accept, and reject other user’s follow requests
A user could guess at URL endpoints and find them, even if they aren’t linked, for example they could go to routes like:

/comments
/photos
/likes
/follow_requests

The Private profiles were not private at all.
I was able to address many of these security problems with:

Filters, before_action and skip_before_action.

Redirecting sending the user to a different page using redirect_to and redirect_back.

Ruby’s if/else statements to check if a user had permission to perform certain operations.

I was able to protect routes by deleting or limiting access with only: and except: after resources.

Security is an important concept to learn. I am excited by how much I was able to learn, but I know this is just the tip of the iceberg.

Learning Loads

Brian Waddell — Tue, 24 Oct 2023 20:30:08 +0000

Today I was able to learn about validations and creating sample data on the back end of my application. Validations are important useful tool to help ensure that a user includes important information within a required field. For example if you need a certain input from the user to be unique like a username, you can use validations. If we want to validate the presence of something we use validates :body (the_name_of_form_weWantChecked) presence: true Some associations perform validation checks for us. For example having an association belongs_to and the foreign keys associated with this accessor association will preform a automatic check. In short, Foreign keys will automatically be validated. Validations will overall help with security by making sure certain fields must be attended to. Be careful when validating certain fields. I added a validation to my photo models that a fan could only like the comment once but when I added sample data. The sample data would randomly like a photo and sometimes the follower would like the photo twice which violates my validation and caused an error to occur I had to make sure that the follower would only like the photo once with unless photo.fans.include?(follower) which basically says that if the follower has already like the photo they can not do this again which respects my first validation. Learning about validations has been an exciting journey. But I know this is just the tip of the iceberg.