Class: RailsBestPractices::Reviews::UseScopeAccessReview

Inherits:

Review

Object
Core::Check
Review
RailsBestPractices::Reviews::UseScopeAccessReview

show all

Defined in:: lib/rails_best_practices/reviews/use_scope_access_review.rb

Overview

Review a controller to make sure to use scope access instead of manually checking current_user and redirect.

See the best practice details here rails-bestpractices.com/posts/3-use-scope-access.

Implementation:

Review process:

check all if nodes to see

if they are compared with current_user or current_user.id,
and there is redirect_to method call in if block body,
then it should be replaced by using scope access.

Constant Summary

Constants inherited from Core::Check

Core::Check::CONTROLLER_FILES, Core::Check::HELPER_FILES, Core::Check::MAILER_FILES, Core::Check::MIGRATION_FILES, Core::Check::MODEL_FILES, Core::Check::NODE_TYPES, Core::Check::PARTIAL_VIEW_FILES, Core::Check::ROUTE_FILE, Core::Check::SCHEMA_FILE, Core::Check::VIEW_FILES

Instance Attribute Summary

Attributes inherited from Core::Check

#errors

Instance Method Summary collapse

#interesting_files ⇒ Object
#interesting_nodes ⇒ Object
#start_if(node) ⇒ Object

check if node.
#url ⇒ Object

Methods inherited from Review

#equal?, #model_associations, #model_attributes, #models, #remember_variable_use_count, #reset_variable_use_count, #variable, #variable_use_count

Methods inherited from Core::Check

#add_error, #initialize, #method_missing, #node_end, #node_start

Constructor Details

This class inherits a constructor from RailsBestPractices::Core::Check

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class RailsBestPractices::Core::Check

Instance Method Details

#interesting_files ⇒ `Object`



27
28
29

# File 'lib/rails_best_practices/reviews/use_scope_access_review.rb', line 27

def interesting_files
  CONTROLLER_FILES
end

#interesting_nodes ⇒ `Object`



23
24
25

# File 'lib/rails_best_practices/reviews/use_scope_access_review.rb', line 23

def interesting_nodes
  [:if]
end

#start_if(node) ⇒ `Object`

check if node.

if it is a method call compared with current_user or current_user.id, and there is a redirect_to method call in the block body, like

unless @post.user == current_user
  falsh[:error] = "Access Denied"
  redirect_to posts_url
end

then it should be replaced by using scope access.



42
43
44

# File 'lib/rails_best_practices/reviews/use_scope_access_review.rb', line 42

def start_if(node)
  add_error "use scope access" if current_user_redirect?(node)
end

#url ⇒ `Object`



19
20
21

# File 'lib/rails_best_practices/reviews/use_scope_access_review.rb', line 19

def url
  "http://rails-bestpractices.com/posts/3-use-scope-access"
end