Ruby on Rails Kickstart 103 & 104. Presentation file for NCCU Trend Tech Club.

1. Ruby on Rails
#103 Scaffold and modify scaffold

2. Scaffold
Ruby on Rails magic

3. Getting started
1. Ruby on Rails command
2. Generate an article scaffold
• MVC pattern
3. Synchornize database schema
• ORM
4. Modify scaffold

4. Ruby on Rails Command
rails generate scaffold scaffold_name field1_name:field1_type
field2_name:field2_type ... fieldN_name:fieldN_type
• Replace scaffold_name with actual scaffold names
• Replace field1_name to fieldN_name with actual field
names

5. Ruby on Rails command (Cont.)
field1_type to fieldN_type needs to be a valid data type
source: https://ihower.tw/rails4/migrations.html#section

6. Generate an article scaffold
rails generate scaffold article title:string body:text
The command generates...
• a controller handles requests from clients and transfer data
between models and views
• a model with one string field called title and one text field
body called article
• a form for create and update articles and several views to
list articles and to display single article

7. Controller? Model? View?
What the hell are they?

8. MVC pattern

9. Models and views DO NOT
directly exchange data
Remember this till the Apocalypse

10. Synchronize database schema
rake db:migrate
• rake runs scripts called Rakefile. Rakefile holds a bundle
of commands related to Ruby on Rails but not part of Ruby
on Rails
• db:migrate: synchronize database schema, as known as
database migration
• tmp:clear: clean temporary files

11. Why bothered?
In PHP
$title = mysql_real_escape_string($_POST['title']);
$body = mysql_real_escape_string($_POST['body']);
$sql = "INSERT INTO `articles` (`title`, `body`)" .
" VALUES ('{$title}', '{$body}')";
mysql_query($sql);

12. Sucks
Just one SQL injection can
make your system upside down
ONE SQL INJECTION!

13. Don't bother
In Ruby on Rails
# params[:article] = {
# title: 'Article title',
# body: 'Article body'
# }
article = Article.new(params[:article])
article.save
ORM saves the day

14. ORM
Object Relational Mapping

15. ORM (Cont.)
• Object Relational Mapping
• Object stands for objects in Ruby on Rails
• Relational stands for relational database system, such as
MySQL, PostgreSQL, Microsoft SQL Server...etc.
• Mapping stands for the procedure transfer data structure
into table row

16. Start web server
If you forget how to do so,
feel free to take a look on #101

17. Open browser
https://[your-cloud9-preview-url]/articles
If you see this, you got it

18. Just one command
...fulfills fundamental needs

19. Modify scaffold
Add / Remove a field
Nobody is perfect

20. Add a field
1. Modify model
1. Create a database migration
2. Synchronize database schema
2. Modify the controller
3. Modify views

21. Create a database migration
rails generate migration
add_author_to_articles author:string
• Replace author with field name you want to add
• Replace articles with plural form of model
• Replace string with valid data type from the table
mentioned before

22. Synchronize database schema
rake db:migrate

23. Modify the controller
# Only allow a trusted parameter "white list" through.
def article_params
params.require(:article).permit(:title, :body, :author)
end
• Append :author to the list of white list

24. Mass-assignment
Vulnerability
Github hack Rails

25. Strong parameter
Only allow values of known keys
to be assigned to the ORM object

26. Modify views
1. index view
2. show view
3. _form partial

27. index view
...
<td><%= article.body %></td>
<td><%= article.author %></td>
<td><%= link_to 'Show', article %></td>
...

28. show view
...
</p>
<p>
<strong>Author:</strong>
<%= @article.author %>
</p>
<%= link_to 'Edit', edit_article_path(@article) %> |
...

29. _form partial
...
<%= f.input :body %>
<%= f.input :author %>
</div>
...

30. Five
Count of files you edited for adding a field

31. Ruby on Rails magic

32. Remove a field from scaffold
1. Create a database migration
2. Synchronize database schema
3. Modify the controller
4. Modify views

33. Database migration
Any changes related to database,
including adding or removing fields

34. Create a database migration
rails generate migration remove_body_from_articles
• Replace author with field name in the model

35. Synchronize database schema
That's all I can say

36. Modify the controller
Reverse procedure against adding fields

37. Modify views
Reverse procedure against adding fields

38. End of Ruby on Rails #103

39. Ruby on Rails
#104 Dig into MVC

40. Review

41. Controller
1. Receive requests
2. Fetch raw or processed data from models
3. Inject data into views

42. Controller (Cont.)
class SomeController < ApplicationController
...
def action_name
...
end
...
end

43. Controller (Cont.)
1. One controller has many actions
2. Each action has its own purpose
3. Actions are isolated to each other
4. One action takes care of one request

44. Model
1. Query rows from database
2. Process data
3. Write data into database

45. Model (Cont.)
class Person
def full_name
first_name + last_name
end
end

46. Model (Cont.)
1. Model DOES NOT hold fields, schema DOES
2. Model is a class
3. In ORM, fields would be mapped as properties in object,
thus we can manipulate them via methods

47. Model (Cont.)
• HumanBeing : Model
• Person : Object
• People : Iterable object (a.k.a. array) of objects

48. Model (Cont.)
@all_people = HumanBeing.all
@adults = HumanBeing.where('age >= ?', 20)
@person = HumanBeing.find_by(identity: 'A123456789')

49. Views
1. Build HTML documents
2. Respond to clients

50. Views (Cont.)
Full name: <%= @person.full_name %>
Where does @ point to?

51. Views (Cont.)
1. Symbol @ points to corresponding controller in views
2. DO NOT conduct complicated calculations or property
access in views
3. Views should have only if and each statements

52. Homework
1. Create a scaffold from scratch
2. Add a field to the scaffold
3. Remove a existing field from the scaffold