Your latest client is a bank, and they’ve tasked you with requiring customers to enter their password in order to make withdrawals.

Currently, this is what they’ve got:

class Customer

  attr_reader :funds

  def initialize(funds, password)

    @funds = funds

    @password = password

  end

  def remove_funds(amount)

    @funds -= amount

  end

end

Let’s break that apart. You can paste that whole class into irb to follow along.

When a customer is initialized, it receives a specified amount of funds and a password is set.

diego = Customer.new(500, "udacious")

# => #<Customer:0x007fcdb48ca5a8 @funds=500 @password="udacious">

Thanks to the attr_reader, you can see the value of his current funds.

diego.funds

# => 500

And the remove_funds method allows funds to be removed from the customer’s account.

Checking on the funds again confirms this.

diego.remove_funds(50)

# => 450

diego.funds

# => 450

These methods, funds and remove_funds, are part of the Customer class’ API, or application programming interface.

An API is, according to Wikipedia, “a set of routines, protocols, and tools for building software applications”.

Well, that’s vague.

“API” is a popular term in recent years, but many people use it without quite understanding what it means. Think of methods like remove_funds as your way of interfacing with the Customer class. These methods are the keys to accessing information about a particular customer.

There isn’t currently a way to access the @password instance variable.

It could be said that the customer’s password can’t be accessed by the customer’s public API.

In this situation, that’s a good thing! You don’t want information like a password to be publicly available to other objects.

Let’s implement a method called withdraw_securely, which takes two arguments, amount andpassword.

If the password entered matches the customer’s password, go ahead and remove the funds. Otherwise, nothing happens.

class Customer

  attr_reader :funds

  def initialize(funds, password)

    @password = password

    @funds = funds

  end

  def remove_funds(amount)

    @funds -= amount

  end

  def withdraw_securely(amount, password)

    if password == @password

      remove_funds(amount)

    end

  end

end

Play around with this in irb to see it in action.

diego.withdraw_securely(50, "udacious")

# => 400

diego.withdraw_securely(100, "wrong password")

# => nil

diego.funds

# => 400

✨Hooray. Calling withdraw_securely using the correct password decreases the total funds by calling remove_funds,

while using the incorrect password does nothing.

There’s one issue here, can you spot it?

diego.remove_funds(75)

# => 325

diego.funds

# => 325

Malicious users can still withdraw funds directly using the remove_funds method!

Public and Private Interfaces in ruby的更多相关文章

  1. Ruby中访问控制符public,private,protected区别总结

    重点关注private与protected public 默认即为public,全局都可以访问,这个不解释 private C++, “private” 意为 “private to this cla ...

  2. swift 中关于open ,public ,fileprivate,private ,internal,修饰的说明

    关于 swift 中的open ,public ,fileprivate,private, internal的区别 以下按照修饰关键字的访问约束范围 从约束的限定范围大到小的排序进行说明 open,p ...

  3. public protect private. 草稿。

    public protect private. 草稿. #include <iostream> #include <thread> #include <memory> ...

  4. Java修饰符public,private,protected及默认的区别

    Java中访问修饰符public.private.protecte.default的意义讲解:public(接口访问权限): Java语言中访问限制最宽的修饰符,一般称之为“公共的”.被其修饰的类.属 ...

  5. C++中public,protected,private派生类继承问题和访问权限问题

    C++中public,protected,private派生类继承问题和访问权限问题 当一个子类从父类继承时,父类的所有成员成为子类的成员,此时对父类成员的访问状态由继承时使用的继承限定符决定. 1. ...

  6. 【转载】C++中public,protected,private访问

    第一:private, public, protected 访问标号的访问范围. 假如我们约定: 类内部-----指的是当前类类型的定义中,以及其成员函数的声明和定义中: 类外部-----指的是不在当 ...

  7. JAVA修饰符类型(public,protected,private,friendly)

    转自:http://www.cnblogs.com/webapplee/p/3771708.html JAVA修饰符类型(public,protected,private,friendly) publ ...

  8. php public protected private属性实例详解

    php 类中函数和类变量都有三个属性:public protected private,具体什么时候使用什么属性好纠结,特意找了个实例,这样看起来更清晰. public 表示全局,类内部外部子类都可以 ...

  9. C# 访问控制:public、private、protected和internal

    平日工作时最常用的访问控制符是public和private,当看到prism里面大量使用protected的时候,觉得还是不太理解为啥. 所以就静下心来查找并理解了一下,这里记录下,以便回顾和交流. ...

随机推荐

  1. jdbc基础 (二) 通过properties配置文件连接数据库

    csdn博文地址:jdbc基础 (二) 通过properties配置文件连接数据库 上一篇描述了对mysql数据库的简单操作,下面来看一下开发中应该如何灵活应用. 因为jdbc对数据库的驱动加载.连接 ...

  2. [BZOJ2038]小Z的袜子(莫队算法)

    题目:http://www.lydsy.com/JudgeOnline/problem.php?id=2038 分析:莫队算法 莫队算法是一种思想…… 处理问题:不带修改的区间询问 使用要求:[l-1 ...

  3. linux中的帮助命令

    关键字 man --help help 1.man (1)查看命令 man 命令用来查看别的命令的信息和用法,如man ls表示查看ls的介绍以及用法: (2)查看配置文件的帮助文档 linux下的配 ...

  4. 前端自动化神器LiveReload配合浏览器和less/sass使用方法

    前言:搜了半天,各种推荐,什么十大工具啦.优秀工具集合啦之类的咸淡文章,就是没有一个讲怎么弄的.配合官网的article自己研究了半天总算配置好了.顺便吐槽下官网关于sass/less设置这块说的模糊 ...

  5. Learn sed using these command on Linux(流线式编辑器——sed)

    是对文件中的每一行进行处理,不会对源文件进行修改 sed --version sed '11d' sed_file sed -n '/[Bb]erry/p' sed_file (由于设置了n,所以只打 ...

  6. [NOIP2011] 提高组 洛谷P1003 铺地毯

    题目描述 为了准备一个独特的颁奖典礼,组织者在会场的一片矩形区域(可看做是平面直角坐标系的第一象限)铺上一些矩形地毯.一共有 n 张地毯,编号从 1 到n .现在将这些地毯按照编号从小到大的顺序平行于 ...

  7. Bzoj1150 数据备份Backup

    Description 你在一家 IT 公司为大型写字楼或办公楼(offices)的计算机数据做备份.然而数据备份的工作是枯燥乏味 的,因此你想设计一个系统让不同的办公楼彼此之间互相备份,而你则坐在家 ...

  8. Erlang第二课 ---- bit串

    Erlang是被设计来用在电信设备中的,这意味着需要处理大量的二进制数据.也正因为如此,Erlang把binary和binary string提升到了一个相当高的位置,提供了极为丰富的操作机制.当然, ...

  9. 从js的repeat方法谈js字符串与数组的扩展方法

    js将字符串重复N次的repeat方法的8个版本 /* *@desc: 将一个字符串重复自身N次 */ //版本1:利用空数组的join方法 function repeat(target, n) { ...

  10. 深入浅出Redis03 使用Redis数据库(hashes类型)

    一 hashes类型及操作 Redis hash是一个string类型的field和value的映射表.它的添加,删除操作都是0(1)(平均).hash特别适合用于存储对象,相较于对将对象的每个字段存 ...