© 2019 Martin J. Dürst 青山学院大学

ミニテスト

• デスクトップPC (強く推薦) 又はノートPCで https://moo.sw.it.aoyama.ac.jp/ にログイン済み
• ナビゲーションは左に畳み、ブラウザは全画面に拡大
• もう片方のマシーンで電源を切る (ノートPCの場合、鞄に)
• 授業開始まで教科書、資料、筆箱、財布などを鞄に入れ、鞄は床に
• テスト終了後はマウス・キーボードに一切触らないこと

Today's Schedule

• Minitest
• Last week's exercises and homework
• Controller/View variables
• Links and forms
• Authentication
• Today's exercises

Last Lecture's Exercises

• Exercise 10a: Two Tables
  Create a Movie model and a Review model, and link them so that one movie can have more than one review
  (review belongs_to :movie; movie has_many :reviews)
• Exercise 10b: Showing Movie Titles for Reviews
  Access movie titles with review.movie.title or @review.movie.title
• Exercise 10c: Showing Reviews for Movies
  Access reviews from movies, and display them using a loop
• class="slidesonly"Exercise 10d: Add Points to Reviews
  Use a migration to add an additional column to a model 

Caution: Migrations

Wrong Steps:

1. Create migration (rails generate migration ...)
2. Execute migration (rails db:migrate)
3. Edit migration

Correct Steps:

1. Create migration (rails generate migration ...)
2. Edit migration
3. Execute migration (rails db:migrate)

Important: NEVER edit a migration that is already executed!

Solutions after accidental Wrong Steps

Two alternatives

1. Move ahead:
   1. Check current state of database (e.g. with SQLiteStudio) and migrations (with rails db:migrate:status)
   2. (If possible, revert edits in migration)
   3. Use new migration (with correct steps) to add/change missing parts
2. Revert:
   1. (Check current state of database (e.g. with SQLiteStudio) and migrations (with rails db:migrate:status))
   2. Revert edits in migration
   3. Revert migration itself (rails db:rollback STEP=1 for a single migration)
   4. Edit migration
   5. Execute migration again (rails db:migrate)

Frequently Used Controller/View Variables

• params: URI parameters
  e.g.: params[:password]
• session: Session object that stays between requests.
  e.g.: session[:user_id]: Keeps the user_id of the user who is logged in.
• flash: Used for errors and alerts
  e.g.: flash[:alert]

Ruby Operators: Conditional Message Send

• Sometimes, we want to call a chain of methods (e.g. review.user.name)
• However, some results may be nil, which leads to a NoMethod error
• Ruby has a new operator that returns nil without calling a method if the receiver is nil
• The operator is &.
• Example: review&.user&.name
• Caution: Do not use just to get rid or errors. Only use when nil is allowed and sometimes expected.

Link_To

• link_to is a command to create links.
• Example: link_to "Logout", logout_url, method: :delete
• There are many other helper methods to create links

Forms: form_with vs. form_tag

Authentication, Authorization, Accounting (AAA)

• Authentication: Is it the right user (login, passwords,...); this week
• Authorization: What is the user allowed to do (roles, permissions); next week
• Accounting: How much does the user have to pay; not this lecture

Rails Password Field

If a field is declared as type digest, then Rails helps as follows:

• Adds a column password_digest to the database. This is a cryptographic hash of the actual password.
• Adds the has_secure_password command to the model.
• Adds fields for password and password_confirmation to new/edit forms (in _forms partial).
• Provides the authenticate method to check the password.

However, Rails does not automatically provide the following:

• Pages for login/logout
• Authorization logic (only you can know who can access what)

Exercises: General Remarks

• This is a continuation of last week's exercises on the cinema application
• Students who have not completed exercise 10a/10b/10c must complete these first. Please ask questions early and often!
• Exercise 10d (review points) isn't necessary; your application will work without points, or you can add them later
• If somebody forgot their notebook computer or otherwise lost the cinema application (and you have already done last week's exercises 10a/10b/10c), start with exercise 10a, then proceed to this week's exercises
• We will continue working on the cinema application next week
• If you do not complete all of today's exercises, make sure you come to my lab on Wednesday and/or Thursday afternoon to catch up.

Exercise Overview

• After each step, use the browser to check that there are no errors in the application.
• If code details are unclear, feel free to ask on Moodle.
• Create a User model for users, with passwords.
• Associate reviews with users (which user wrote which review).
• Create a login controller to log in.

Exercise 11a: A User Model

• Install the bcrypt gem: Delete the file Gemfile.lock. In the file Gemfile, uncomment the line for the bcrypt gem. Run bundle install.
• In the cinema application, create a scaffold for users. Each user has a userid (string), a name (string), an email (string), and a password (digest).
• Look at the migration, the controller, the model, and the view files. Find the differences related to passwords.
• Execute the migration to update the database.
• Start the server.
• Add a user. Use a password that is very easy to remember (e.g. changeme). Do NOT use a password that you use in any real Web application.
• Submit the migration as 11a_users_controller.rb to Moodle (deadline 17:00).

Exercise 11b: Connecting Reviews and Users

• Create a migration that references a user from each review (each review has a user, but each user can have more than one review).
  • Use the name AddUserRefToReview .
  • After the name, you can write the name of the model to reference (user) and the type (references), separated by a colon (:).
  • This is very similar to indicating column:type with the scaffold command.
  • Check the migration. It should call add_reference in the change method.
• Update (migrate) the database.
• Add the necessary has_many and belongs_to commands to the respective models.
• Add a field for entering a user to the new and edit action views of reviews by editing the file _form.html.erb.
• Update the reviews controller to permit a user_id parameter.
• Edit all your reviews to add the user (number).
• Show the user name for the reviews (actions index and show). This is very similar to exercise 10b.
• Submit the view files as o 11bShow.html.erb and 11bIndex.html.erb (deadline: 17:30).

Exercise 11c: Create a Sessions Controller

• The Sessions controller is not a full REST controller, so we use rails generate controller to create it.
• As arguments for the generate command, use the controller name (Sessions) and the actions new, create, and destroy.
• In the create action:
  • Use params[:parameter_name] to access URI parameters.
  • Find the user from the userid with User.find_by.
  • If a user is found, use its authenticate method to check the password.
  • If authentication is successful, set session[:user_id] to user.id. Redirect to movies_url using the redirect_to command.
  • If authentication is not successful, redirect to login_url, with an alert: indicating that the password (or the userid) is wrong.
• In the new view:
  • Write out an appropriate heading (h1).
  • Check if there are alerts in the flash, and if yes, write them out.
  • Create a form for entering userid and password:
    • Copy the form from user/_form.html.erb
    • Change form_with... to form_tag
    • Remove the form block parameter
    • Remove processing for errors and for all fields except userid and password.
    • Change label to label_tag, xxxx_field to xxxx_field_tag.
    • Change submit to submit_tag and add the text "Login" as a parameter.
• In routes.rb, replace the sessions-related routes with:

  controller :sessions do
    get 'login' => :new
    post 'login' => :create
    delete 'logout' => :destroy
  end

• In the application layout file (app/layouts/application.html.erb), before the yield command, add an if statement that shows the login status (logged in as user name, or not logged in).
• In the same if statement, add a link (with link_to) to login (if logged out) or logout (if logged in).
• Submit the sessions controller as 11cSessionsController.rb, the view file for the new action as 11cNew.html.erb, and the application layout file as 11cApplication.html.erb (Deadline: 18:30).

Homework

(no need to submit)

• Write up ideas about how to make the cinema application more convenient, and how to make it safer (avoid wrong data).
• Check out the associations between tables that Rails provides. Write up examples of where to use them.
• Write up ideas about an application you would want to create yourself.