16. class User < ActiveRecord::Base
def visible_posts
case role
when 'Country Manager'
Post.where(country: country)
when 'Reviewer'
Post.published
when 'Bad User'
[]
end
end
end
18. #none
class User < ActiveRecord::Base
def visible_posts
case role
when 'Country Manager'
Post.where(country: country)
when 'Reviewer'
Post.published
when 'Bad User'
Post.none
end
end
end
25. class User < ActiveRecord::Base
attr_accessible :name
end
# Controller
def update
if @user.update_attributes(params[:user])
redirect_to @user, notice: 'Updated'
end
end
26. Strong Parameters
class User < ActiveRecord::Base
end
# Controller
def update
user_params = params.require(:user).permit(:name)
if @user.update(params[:user])
redirect_to @user, notice: 'Updated'
end
end
28. match '/items/:id/purchase', to: 'items#purchase'
XSS Attack (Cross-site Scripting)
post '/items/:id/purchase', to: 'items#purchase'
match '/items/:id/purchase', to: 'items#purchase', via: :post
match '/items/:id/purchase', to: 'items#purchase', via: :all
29. PATCH Method for HTTP
Abstract
Several applications extending the Hypertext Transfer
Protocol (HTTP) require a feature to do partial resource
modification. The existing HTTP PUT method only allows
a complete replacement of a document. This proposal
adds a new HTTP method, PATCH, to modify an existing
HTTP resource.
http://tools.ietf.org/html/rfc5789
30. $ rake routes
items GET /items(.:format) items#index
POST /items(.:format) items#create
new_item GET /items/new(.:format) items#new
edit_item GET /items/:id/edit(.:format) items#edit
item GET /items/:id(.:format) items#show
PUT /items/:id(.:format) items#update
PATCH /items/:id(.:format) items#update
DELETE /items/:id(.:format) items#destroy
PATCH HTTP verb