Your latest client is a bank, and they’ve tasked you with requiring customers to enter their password in order to make withdrawals.

Currently, this is what they’ve got:

class Customer

  attr_reader :funds

  def initialize(funds, password)

    @funds = funds

    @password = password

  end

  def remove_funds(amount)

    @funds -= amount

  end

end

Let’s break that apart. You can paste that whole class into irb to follow along.

When a customer is initialized, it receives a specified amount of funds and a password is set.

diego = Customer.new(500, "udacious")

# => #<Customer:0x007fcdb48ca5a8 @funds=500 @password="udacious">

Thanks to the attr_reader, you can see the value of his current funds.

diego.funds

# => 500

And the remove_funds method allows funds to be removed from the customer’s account.

Checking on the funds again confirms this.

diego.remove_funds(50)

# => 450

diego.funds

# => 450

These methods, funds and remove_funds, are part of the Customer class’ API, or application programming interface.

An API is, according to Wikipedia, “a set of routines, protocols, and tools for building software applications”.

Well, that’s vague.

“API” is a popular term in recent years, but many people use it without quite understanding what it means. Think of methods like remove_funds as your way of interfacing with the Customer class. These methods are the keys to accessing information about a particular customer.

There isn’t currently a way to access the @password instance variable.

It could be said that the customer’s password can’t be accessed by the customer’s public API.

In this situation, that’s a good thing! You don’t want information like a password to be publicly available to other objects.

Let’s implement a method called withdraw_securely, which takes two arguments, amount andpassword.

If the password entered matches the customer’s password, go ahead and remove the funds. Otherwise, nothing happens.

class Customer

  attr_reader :funds

  def initialize(funds, password)

    @password = password

    @funds = funds

  end

  def remove_funds(amount)

    @funds -= amount

  end

  def withdraw_securely(amount, password)

    if password == @password

      remove_funds(amount)

    end

  end

end

Play around with this in irb to see it in action.

diego.withdraw_securely(50, "udacious")

# => 400

diego.withdraw_securely(100, "wrong password")

# => nil

diego.funds

# => 400

✨Hooray. Calling withdraw_securely using the correct password decreases the total funds by calling remove_funds,

while using the incorrect password does nothing.

There’s one issue here, can you spot it?

diego.remove_funds(75)

# => 325

diego.funds

# => 325

Malicious users can still withdraw funds directly using the remove_funds method!

Public and Private Interfaces in ruby的更多相关文章

  1. Ruby中访问控制符public,private,protected区别总结

    重点关注private与protected public 默认即为public,全局都可以访问,这个不解释 private C++, “private” 意为 “private to this cla ...

  2. swift 中关于open ,public ,fileprivate,private ,internal,修饰的说明

    关于 swift 中的open ,public ,fileprivate,private, internal的区别 以下按照修饰关键字的访问约束范围 从约束的限定范围大到小的排序进行说明 open,p ...

  3. public protect private. 草稿。

    public protect private. 草稿. #include <iostream> #include <thread> #include <memory> ...

  4. Java修饰符public,private,protected及默认的区别

    Java中访问修饰符public.private.protecte.default的意义讲解:public(接口访问权限): Java语言中访问限制最宽的修饰符,一般称之为“公共的”.被其修饰的类.属 ...

  5. C++中public,protected,private派生类继承问题和访问权限问题

    C++中public,protected,private派生类继承问题和访问权限问题 当一个子类从父类继承时,父类的所有成员成为子类的成员,此时对父类成员的访问状态由继承时使用的继承限定符决定. 1. ...

  6. 【转载】C++中public,protected,private访问

    第一:private, public, protected 访问标号的访问范围. 假如我们约定: 类内部-----指的是当前类类型的定义中,以及其成员函数的声明和定义中: 类外部-----指的是不在当 ...

  7. JAVA修饰符类型(public,protected,private,friendly)

    转自:http://www.cnblogs.com/webapplee/p/3771708.html JAVA修饰符类型(public,protected,private,friendly) publ ...

  8. php public protected private属性实例详解

    php 类中函数和类变量都有三个属性:public protected private,具体什么时候使用什么属性好纠结,特意找了个实例,这样看起来更清晰. public 表示全局,类内部外部子类都可以 ...

  9. C# 访问控制:public、private、protected和internal

    平日工作时最常用的访问控制符是public和private,当看到prism里面大量使用protected的时候,觉得还是不太理解为啥. 所以就静下心来查找并理解了一下,这里记录下,以便回顾和交流. ...

随机推荐

  1. 传说中的WeixinJSBridge和微信rest接口

    直接上图,金山的APP“微信导航”,从界面上看有粉丝数等关键数据,实现了直接关注功能,莫不是rest接口?这江湖是大佬们的江湖,小喽啰只有眼馋的份咯. 很早就听说过WeixinJSBridge,不过官 ...

  2. OC基础--ARC的基本使用

    一.ARC的判断准则:只要没有强指针指向对象,就会释放对象 二.ARC特点: 1>不允许使用release.retain.retainCount 2>允许重写dealloc,但是不允许调用 ...

  3. Vijos p1518 河流 转二叉树左儿子又兄弟

    左儿子又兄弟的转发一定要掌握啊,竞赛必用,主要是降低编程复杂度,省时间.个人觉得状压DP也是为了降低编程复杂度. 方程就不说了,程序应该能看得懂,用的记忆化搜索,方便理解. #include<c ...

  4. org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER

    org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER Eclipse中出现无法找到Maven包 症状:出现org.maven.ide.eclipse.MAVEN2_CL ...

  5. JSP九个内置对象

    JSP内置对象有: 1.request对象      客户端的请求信息被封装在request对象中,通过它才能了解到客户的需求,然后做出响应.它是HttpServletRequest类的实例. 2.r ...

  6. 使用X-UA-Compatible来设置IE浏览器兼容模式

    文件兼容性用于定义让IE如何编译你的网页.此文件解释文件兼容性,如何指定你网站的文件兼容性模式以及如何判断一个网页该使用的文件模式. 前言 为了帮助确保你的网页在所有未来的IE版本都有一致的外观,IE ...

  7. POJ1737 Connected Graph

    Connected Graph Time Limit: 1000MS   Memory Limit: 30000K Total Submissions: 3156   Accepted: 1533 D ...

  8. easyui datagrid 编辑器绑定事件

    依照网上的和自己想的,在获取编辑器后直接绑定事件,思路没有问题,但是总是不响应 细细浏览网上的资料,无意中看到editor 的type 类型和自己写的不一致,自己写的是textbox,而网上的是val ...

  9. CodeForces 701A Cards

    直接看示例输入输出+提示 1. 统计所有数的和 sum,然后求 sum/(n/2) 的到一半数的平均值 6 1 5 7 4 4 3 ->1+5+7+4+4+3=24  分成3组 每组值为8 in ...

  10. 在xib里,拖一个UIView到UITableView中作为tableHeaderView

    原贴地址:http://blog.csdn.net/haoxinqingb/article/details/41683881 内容 在xib里,拖一个UIView到UITableView中作为tabl ...