Ruby Metaprogramming Tutorial - Part 1 - Send Method

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everybody its Matt stopa again today we're gonna start the first of a series of videos on Ruby meta programming and we're gonna deal with the scent method today it's not aiming some people may argue that this is not technically part of the Ruby meta programming area but it's very important to really understand how the whole thing fits together sin comes from the idea of message passing which you know Ruby inherits a lot of things from different languages some of it from Perl some of this from small talk and other languages as well but one of the ideas that you got from small talk was the idea of passing messages between objects so if we look at this class here this is kind of like your standard little class you know you've got an account and you have these attribute accessor methods so name address email and notes and basically you know there's nothing really too exciting about that but we have this user info object right and it's it's a hash of values name address email and notes so it's got some data and in this case what we want to do is we want to be able to assign this data to this object this happens a lot like in rails with params because params excuse me params comes back as a hash right so it looks something like this so you what what we want to do here let's go back to user info alright so how do we do this you know the the obvious way and really the Java way of doing it or you know one of those other languages that are not so easy to use is to you know we create our object then we access each element in the unique hash and we assign it to the value so we're like hey user info name ok assign that to account name and address email notes on the on down so then you see how it says puts account inspect so we're just gonna see what the actual output of this is so let's see what this object looks like after all this code is run okay you can see here assign the name to Matt address to this street email address etc etc so that did the job and everything's fine but this gets back to message passing and how metaprogramming can be helpful what we can do here is eliminate all these lines of code all four of them and imagine if you had more elements you could eliminate that as well so here's how you would do that so deaf sign whoopsie yeah assign values and what we'll do here is say okay well we need to pass in whoopsie obviously me and them don't get along today but what we're gonna do is say values and that's that'll be our hash in this case right so we'll say values dot each so we'll iterate over each element in will do a for element and actually this should be since this is a hash this is gonna be key in value pairs but actually what we'll do is just each key over each key and this is a little bit forced because there's easier ways of doing it but this should suffice so then we'll say value or excuse me we'll say self dot send so we're gonna send the message to ourself and it's going to be the key the key from or yeah we're gonna call it k but it's going to be this key so we're gonna send a name into this object and what that does is you know and in the case of in in the case of you know name for example it takes that symbol and it says okay who has this exactly like what is this assigned to and it looks for any method with the name name or the name address or email our notes and it looks to assign that basically so what we do is we're gonna stick this in an interpolated string oops and we're gonna add the equal sign after it so we're gonna say this key equals and then we'll have the value so then we'll say values okay so let's see what happens when we go through delete all that and say account that assign values and then pass in this user info all right let's try it again there it is and just like the first time it works it does the same exact thing but with a lot less code now if you had twelve or thirteen values or something like that you could see that it would be quite a bit more code right so that's sort of the first step in understanding Ruby metaprogramming the send method is sends a message to the object and the object has to decide what it's going to do with it now you may say well wait what's going on here what is this actually sending that it might be a little confusing to you so this is actually what it looks like for the first key which is named it's it's basically calling this name equals and then the value well D values K that's what that's actually sending so it really changes the way you sort of think about objects if you're used to the Java world or one of these other languages that don't support things like this where to to Ruby all these things are really just messages you know it's a facade in a sense and whatever message it gets back that's what it tries to process and this kind of this kind of thing is used heavily in rails and even in like code that you know that I use on a daily basis I'll end up writing I'll end up writing methods that utilize these things rather than have to do it myself you know manually say ok we'll only set this value or only set that value now interestingly enough github was hacked the other day and it's it's actually fascinating because this is exactly how it was hacked because there is something called in the active record attributes whoopsie there's something on active record called attributes equals so if we wanted to do equals we do that all right and with attribute equals you do exactly this you pass it any hash with keys and values and it assigns them based on that but that leaves things wide open right so I'll give you a perfect example if you said Bank whoopsie bank balance but you aren't intending to let them set bank balance that shouldn't be set by you know the user they shouldn't be able to pass that in I guess the notes annoying customer would not be a good example but you know you wouldn't want them to assign that right so we put bank balance in here and now the customer I mean because these are just per these essentially would just be params at least they are in rails most of the time the customer can now you know passing this extra parameter you know one whoopsie 1 million dollars which would be fantastic to do right but so what basically the exploit that happened is since this method is completely wide open and you can set any value people were had access to send in what their normal stuff but they just changed things from like their name or some unique identifier that you use them to somebody else and then they had that person's privileges that's sort of a simplistic way of explaining it but that's what happened so this is a good example like metaprogramming very powerful but can have unintended side effects this is actually a known thing of rails it's not really unintentional it was intentional but it's something that if you aren't paying attention to can cause a lot of problems so but long story short what you need to know is that send is really cool and it's the first part of understanding Ruby metaprogramming so with this you can do a lot of fun things play around with it on your own and see what you can come up with okay that's it take care

Info

Channel: MattStopaDev

Views: 10,638

Rating: undefined out of 5

Keywords: Tutorial, Ruby On Rails, Metaprogramming, Ruby, Development

Id: kNpcaaL_dZA

Channel Id: undefined

Length: 9min 38sec (578 seconds)

Published: Sat Mar 10 2012