Inappropriate coding practices
Need
Enforcement of proper encapsulation in coding practices
Context
- Usage of Ruby for building dynamic and object-oriented applications
Description
Non compliant code
class User
public
attr_accessor :name, :email, :password
end
In the code snippet above, we have a class User with three fields: name, email, and password. The attr_accessor method is used to create getter and setter methods for these fields.
However, the public keyword before attr_accessor means that these fields can be accessed and modified from outside of the class. This violates the principle of encapsulation, which is a fundamental concept in object-oriented programming.
Encapsulation is meant to hide the internal states and values of an object and only allow them to be accessed and modified through methods. By having these fields as public, we risk exposing sensitive data (such as the password field) and allow them to be changed in ways that the class is not designed to handle. This can lead to data corruption and potential security risks.
Steps
- Remove the 'public' keyword from the class definition.
- Remove the 'attr_accessor' method and replace it with individual getter and setter methods for each field.
- Make the fields private by using the 'private' keyword.
- Define getter methods to access the field values.
- Define setter methods to modify the field values.
- Add any necessary validation or logic within the getter and setter methods.
- Update any references to the fields within the class to use the getter and setter methods instead.
Compliant code
class User
private
attr_writer :name, :email, :password
public
def name
@name
end
def email
@email
end
def password
@password
end
def name=(value)
@name = value
end
def email=(value)
@email = value
end
def password=(value)
@password = value
end
end
The updated code respects the encapsulation principle by making the fields private and providing public getter and setter methods for accessing and modifying the field values.
- The 'public' keyword has been removed from the class definition.
- The 'attr_accessor' method has been replaced with individual getter and setter methods for each field.
- The fields have been made private by using the 'private' keyword.
- Getter methods have been defined to access the field values. These methods simply return the value of the corresponding field.
- Setter methods have been defined to modify the field values. These methods take a value as an argument and assign it to the corresponding field.
- Any necessary validation or logic can be added within the getter and setter methods.
- Any references to the fields within the class should now use the getter and setter methods instead of directly accessing the fields.