Chapter 7 Flashcards
Explain the following erb code:
Adds debug information to the view if it is in a development environment.
What is a mixin in Sass?
It allows a group of css rules to be packaged up and used for multiple elements.
What is so powerful about the following route example?
resources :users
It creates a large number of RESTful actions and routes for the given resource.
What is the params variable?
A hash containing a variety of information about a model
What is the byebug gem and how is it used.
When the ‘debugger’ keyword is inserted into a controller action and that controller action is called, the rails server will bring up a debugging prompt which accepts queries about the current state of the application.
What is a Gravatar?
A globally recognized avatar. Gravatar is a free service that allows users to upload images and associate them with email addresses they control. As a result, Gravatars are a convenient way to include user profile images without going through the trouble of managing image upload, cropping, and storage; all we need to do is construct the proper Gravatar image URL using the user’s email address and the corresponding Gravatar image will automatically appear.
In the Rails console, how can the attributes of a database object be updated?
object.update_attributes(options hash)
Say we want to reset our database, how do we do it?
$ bundle exec rake db:migrate:reset
What is the function to create a form in erb?
form_for(controllerVariable){block}
Rails generated the following form HTML tag; explain it:
Here the class and id attributes are largely irrelevant; what’s important is action=”/users” and method=”post”. Together, these constitute instructions to issue an HTTP POST request to the /users URL.
What is an authenticity token, commonly seen in generated Rails HTML forms?
A value Rails sends along with user submitted data to prevent cross-site request forgery (CSRF) attacks.
Why is #save useful for if/else loops?
It returns a boolean of its success.
What is mass assignment, and why is it insecure?
Mass assignment is the initialization of a Ruby variable with a hash of values. This is insecure because, in the case of a POST HTTP request, an attacker could simply append something like ‘admin: true’ to a request to create a new user in order to gain control of a site!
Explain the following code:
params.require(:user).permit(:name, :email, :password, :password_confirmation)
This code returns a version of the params hash with only the permitted attributes (while raising an error if the :user attribute is missing).
What is best practice when using strong parameters (i.e. permitted and required attributes)?
Create a private method names user_params which returns the strong parameters, as a means of abstraction.
