DRYing Out MVC(ESaaS §5.1)

© 2013 Armando Fox & David Patterson, all rights reserved

Don’t Repeat Yourself – But How?

• Goal: enforce that movie names must be less than 40 characters– Call a “check” function from every place in app

where a Movie might get created or edited? That’s not DRY!

• How do we DRY out cross-cutting concerns: Logically centralized, but may appear multiple places in implementation?

Background & History: GO TO & COME FROM

• CACM, 1968 Letter to Editor

Aspect-Oriented Programming

• Advice is a specific piece of code that implements a cross-cutting concern

• Pointcuts are the places you want to “inject” advice at runtime

• Advice+Pointcut = Aspect• Goal: DRY out your code

Rails Example: Validations

• Specify declaratively in model class

• Validation is advice in AOP sense – Many places in app where a model could be

modified/updated– Including indirectly via associations!– Don’t want model validation code in all these

places• So where are the pointcuts?

http://pastebin.com/2GtWshSb

Model Lifecycle Callbacks

Allows Pre and Post Operations

Validation automatically happens here

• or when you call valid?• if fail, save will failmodel.errors is an ActiveRecord::Errors object with cool behaviors of its own• See Screencast 7.1.1

Example: Controller Filters

• Filters declared in a controller also apply to its subclasses– Corollary: filters in ApplicationController

apply to all controllers• A filter can change the flow of execution

– by calling redirect_to or render – You should add something to the flash to

explain to the user what happened, otherwise it will manifest as a “silent failure”

http://pastebin.com/ybP6Ece1

Validations vs. Filters

Validation Filter

Advice (DRYness) Check invariants on model

Check conditions for allowing controller action to run

Pointcut AR model lifecycle hooks Before and/or after any public controller method

Can change execution flow?

No Yes

Can define advice in arbitrary function?

Yes; shortcuts provided for common cases

Yes, must provide function

Info about errors? Each model object has associated errors object

Capture in flash[], session[], or instance variable

Con: Can make code harder to debug

Summary So Far

• Aspect-oriented programming (AOP) is a way of DRYing out cross-cutting concerns

• Ruby doesn’t have fully-general AOP, but Rails provides some “predefined” pointcuts– Validations check or assert pre/post conditions

at key points during model lifecycle– Controller filters check or assert pre/post

conditions related to controller actions– And can change control flow (redirect, render)

• Partials DRY out views (though not AOP)

10

END

Only (a) & (b)

Only (a) & (c)

(a), (b) and (c)

Only (a)☐

☐

☐

☐

11

Which Ruby language features support the DRYness enabled by validations & filters:(a) higher-order functions, (b) closures,(c) metaprogramming

12

END

Single Sign-On and Third-Party Authentication

(ESaaS §5.2)

© 2013 Armando Fox & David Patterson, all rights reserved

Third-Party Authentication

• Goal: What are my Facebook friends reading on the NY Times site?

• NY Times needs to be able to access your Facebook info

• …but you don’t want to reveal your Facebook password to NY Times!

• How can we do this?=> Third-party authentication

Logos shown for educational purposes only and are the intellectual property of their owners.

How Does It Work? (Concepts)

• Building block: tamper-evident secure token• Using cryptography, I create a string that:

– Only I can decrypt (decode)– I can detect if it’s been tampered with– No one else could have created it without

knowing my secret key• Usually, string just contains a “handle” to

valuable info that I store myself– Receive string => I know I can “trust” the handle

Third-Party Authentication with Twitter & RottenPotatoes

1. “Login with Twitter”

2. Redirect to Twitter login

page

3. “OK to authorize this app?”

Logos shown for educational purposes only and are the intellectual property of their owners.

Third-Party Authentication with Twitter & RottenPotatoes

5. Redirect to RP callback page with

access token

4. Yes, please give away my personal info

6. Here’s a token that proves I’m allowed to know this user’s name

7. “Welcome, Armando”

Logos shown for educational purposes only and are the intellectual property of their owners.

How Does It Work? (MVC)

• Model session as its own entity– session controller creates and deletes session,

handles interaction with authentication provider• Once user is authenticated, we need a local

users model to represent him/her– session[] remembers primary key (ID) of

“currently authenticated user”• OmniAuth gem helps a lot by providing

uniform API to different “strategies”

21

END

If your credentials on the requester are compromised, your credentials on the provider are also compromised

If the provider revokes access, the requester no longer has any of your info

Access can be time-limited to expire on a pre-set date

Once completed, the requester can do anything you can do on the provider☐

☐

☐

☐

22

Which is true about third-party authentication between a requester and a provider?

23

END

Associations & Foreign Keys(ESaaS §5.3)

© 2013 Armando Fox & David Patterson, all rights reserved

Reviews for RottenPotatoes

• Simple model: “I give it 4 potatoes out of 5” • Goal: easily represent the concept that

movie has many reviews• The code we’d like to write…but how?

http://pastebin.com/gU1hqm77

Cartesian Producttable 'artists' table 'reviews'

id name id desc artist_id

10 Justin 30 "Terrible" 12

11 Shakira 31 "Passable" 11

12 Britney 32 "Please" 10

Cartesian product: artists JOIN reviews

artists.id artists.name reviews.id reviews.desc reviews.artist_id

10 Justin 30 "Terrible" 12

10 Justin 31 "Passable" 11

10 Justin 32 "Please" 10

11 Shakira 30 "Terrible" 12

11 Shakira 31 "Passable" 11

11 Shakira 32 "Please" 10

12 Britney 30 "Terrible" 12

12 Britney 31 "Passable" 11

12 Britney 32 "Please" 10

Filtered Cartesian product: artists JOIN reviews ON artists.id = reviews.artist_id

artists.id artists.name reviews.id reviews.desc reviews.artist_id

10 Justin 32 "Please" 10

11 Shakira 31 "Passable" 11

12 Britney 30 "Terrible" 12

Expressing “Has Many” in Terms of Relational DB Model

• foreign key (FK) in one table refers to the primary key (PK) of another table

movies

id

title

rating

release_date

reviews

id*

movie_id

potatoes

Databases 101

• joins are queries that combine records from 2 or more tables using PKs and FKs

SELECT *FROM movies, reviewsWHERE movies.id = reviews.movie_id

Cartesian product

movies

id

...

reviews

id

movie_id

...

29

END

You can represent many-to-many relationships

The size of the full Cartesian product is independent of the join criteria

You can only filter based on primary or foreign key (id) columns

You can represent one-to-one relationships as well as one-to-many relationships

☐

☐

☐

☐

30

Which statement is false regarding Cartesian products as a way of representing relationships?

31

END

ActiveRecord Association Support

(ESaaS §5.3)

© 2013 Armando Fox & David Patterson, all rights reserved

ActiveRecord Associations

• Allows manipulating DB-managed associations more Rubyistically

• After setting things up correctly, you don't have to worry (much) about keys and joins

class Movie < ActiveRecord::Base has_many :reviewsendclass Review < ActiveRecord::Base belongs_to :movieend 33

“The foreign key belongs to me”

Basic Idea…

• reviews table gets a foreign key (FK) field that has PK of Movie the review is about

• Dereference movie.reviews == perform database join (lazily) to find reviews where movie_id == movie.id

• Dereference review.movie == look up one movie whose PK id == review.movie_id

• Note! Must add FK fields using a migration!

http://pastebin.com/hfvramxQ

Association Proxy Methods

• Now you can say:@movie.reviews # Enumerable of reviews

• And also go the other way:@review.movie # what movie is reviewed?

• You can add new reviews for a movie:@movie = Movie.where("title='Fargo'")@movie.reviews.build(:potatoes => 5)@movie.reviews.create(:newspaper=>'Chronicle', ...)

# how are these different from just new() & create()?

@movie.reviews << @new_review # instantly updates @new_review's FK in database!

@movie.reviews.find(:first,:conditions => '...')

36

END

(a) or (b), but not (c)

(a) or (c), but not (b)

Any of (a), (b), or (c) would be equally suitable

Only (a)☐

☐

☐

☐

37

Which Ruby language mechanisms would be appropriate for implementing associations that can be used by ActiveRecord models?(a) build behaviors into ActiveRecord::Base(b) put behaviors in their own Module(c) put behaviors in their own Class

38

END