gistfile1.rb

# QUESTION 1
# What’s the problem with the following controller code? What would be the consequence of leaving this code in a production app? How would you fix it?
class MyController < ApplicationController
  def options
    options = {}
    available_option_keys = [:first_option, :second_option, :third_option]
    all_keys = params.keys.map(&:to_sym)
    set_option_keys = all_keys & available_option_keys
    set_option_keys.each do |key|
      options[key] = params[key]
    end
    options
  end
end
# This seems far less efficient than simply whitelisting and since the params are getting iterated over could make DDOS attacks a lot easier. I would fix it by adding a private method to whitelist params.

# QUESTION 2
# What’s the issue with the controller code below? How would you fix it?
class CommentsController < ApplicationController
  def users_comments
    posts = Post.all
    comments = posts.map(&:comments).flatten
    @user_comments = comments.select do |comment|
      comment.author.username == params[:username]
    end
  end
end
# It's getting all the posts from the database when it doesn't need them. Instead you could do Post.comments.where("author_id = #{User.find_by(name: params[:username]).id}")

# QUESTION 3
# What is CSRF? How does Rails protect against it?
# CSRF is cross-site request forgery, which allows an attacker to execute unauthorized commands on a site by using the credentials of an already-authenticated user (for example by getting the user to click on a link that sends a DELETE request to a particular path). Rails protects against this by adding security tokens to form submissions and AJAX requests generated by a Rails page.

# QUESTION 4
# How would you define a Person model so that any Person can be assigned as the parent of another Person (as demonstrated in the Rails console below)? What columns would you need to define in the migration creating the table for Person?
irb(main):001:0> john = Person.create(name: "John")
irb(main):002:0> jim = Person.create(name: "Jim", parent: john)
irb(main):003:0> bob = Person.create(name: "Bob", parent: john)
irb(main):004:0> john.children.map(&:name)
=> ["Jim", "Bob"]
# has_many :children, class_name: "Person", foreign_key: "parent_id"
# belongs_to :parent, class_name: "Person"
# A parent ID key would be needed in the migration.
# QUESTION 4 (BONUS!)
# Update the Person model so that you can also get a list of all of a person’s grandchildren, as illustrated below. Would you need to make any changes to the corresponding table in the database?
irb(main):001:0> sally = Person.create(name: "Sally")
irb(main):002:0> sue = Person.create(name: "Sue", parent: sally)
irb(main):003:0> kate = Person.create(name: "Kate", parent: sally)
irb(main):004:0> lisa = Person.create(name: "Lisa", parent: sue)
irb(main):005:0> robin = Person.create(name: "Robin", parent: kate)
irb(main):006:0> donna = Person.create(name: "Donna", parent: kate)
irb(main):007:0> sally.grandchildren.map(&:name)
=> ["Lisa", "Robin", "Donna"]
# has_many :grandchildren, class_name: "Person", source: :children
# QUESTION 5
# What paths (HTTP verb and URL) will be defined by the following snippet in config/routes.rb?
resources :posts do
  member do
    get 'comments'
  end
  collection do
    post 'bulk_upload'
  end
end
# GET /posts
# GET /posts/
# GET /posts/new
# POST /posts
# POST /posts/bulk_upload
# GET /posts/:id
# GET /posts/:id/comments
# GET /posts/:id/edit
# PUT/PATCH /posts/:id
# DELETE /posts/:id

# QUESTION 6
# Create a route to be able to display pages with different information about different types of beer. The route should recognize URL paths like /beer/<beer_type> and should use the same controller action for each type of beer with the actually beer type passed into the controller action as a parameter. The valid beer types are:
# IPA
# brown_ale
# pilsner
# lager
# lambic
# hefeweizen
# Any other type of beer specified should generate a 404 status code.
get '/beer/:name', to: 'beer#show', constraints: ["IPA","brown_ale","pilsner","lager","lambic","hefeweizen"]
# QUESTION 7
# Suppose we have a Student with id=”4”. If we delete the Student with id=”4”, what will be the result of each of the following queries:
Student.find(4)
Student.find_by_id(4)
# The first one will throw an ActiveRecord::RecordNotFound exception, the second returns nil.
# QUESTION 8
# What is a Class?
# In object-oriented programming, classes are essentially templates for creating new objects. They allow you to describe the basic attributes that members of a class should have, and enable you to establish modes of interaction for the class.

# QUESTION 9
# Can you tell me the three levels of method access control for classes and modules? What do they imply about the method?
# Public is the default and implies that the method can be accessed anywhere in the program. Private restricts access to within the instance of the class/module - it is not accessible otherwise. Protected is similar to private but makes the method accessible to other instances of the class/module.

# QUESTION 10
# Explain this ruby idiom: a ||= b
# a is set to b if a is nil or false
# QUESTION 11
# What is a Proc?
# A proc is a code block that retains the variables it received on creation - it's a way of implementing closures in Ruby.