Mass assignment is not restricted using attr_accessible Open
class Role < ActiveRecord::Base
- Read upRead up
- Exclude checks
This warning comes up if a model does not limit what attributes can be set through mass assignment.
In particular, this check looks for attr_accessible
inside model definitions. If it is not found, this warning will be issued.
Brakeman also warns on use of attr_protected
- especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected
will be reported, but at a lower confidence level.
Note that disabling mass assignment globally will suppress these warnings.
Class Role
has 22 methods (exceeds 20 allowed). Consider refactoring. Open
class Role < ActiveRecord::Base
belongs_to :parent, class_name: 'Role'
has_many :users
serialize :cache
Method get_parents
has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring. Open
def get_parents
parents = []
seen = {}
current = self.id
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Method get_available_roles
has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring. Open
def get_available_roles
ids = []
current = self.parent_id
while current
- Read upRead up
Cognitive Complexity
Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.
A method's cognitive complexity is based on a few simple rules:
- Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
- Code is considered more complex for each "break in the linear flow of the code"
- Code is considered more complex when "flow breaking structures are nested"
Further reading
Specify a :dependent
option. Open
has_many :users
- Read upRead up
- Exclude checks
This cop looks for has_many
or has_one
associations that don't
specify a :dependent
option.
It doesn't register an offense if :through
option was specified.
Example:
# bad
class User < ActiveRecord::Base
has_many :comments
has_one :avatar
end
# good
class User < ActiveRecord::Base
has_many :comments, dependent: :restrict_with_exception
has_one :avatar, dependent: :destroy
has_many :patients, through: :appointments
end
Specify an :inverse_of
option. Open
belongs_to :parent, class_name: 'Role'
- Read upRead up
- Exclude checks
This cop looks for has(one|many) and belongsto associations where
ActiveRecord can't automatically determine the inverse association
because of a scope or the options used. This can result in unnecessary
queries in some circumstances. :inverse_of
must be manually specified
for associations to work in both ways, or set to false
to opt-out.
Example:
# good
class Blog < ApplicationRecord
has_many :posts
end
class Post < ApplicationRecord
belongs_to :blog
end
Example:
# bad
class Blog < ApplicationRecord
has_many :posts, -> { order(published_at: :desc) }
end
class Post < ApplicationRecord
belongs_to :blog
end
# good
class Blog < ApplicationRecord
has_many(:posts,
-> { order(published_at: :desc) },
inverse_of: :blog
)
end
class Post < ApplicationRecord
belongs_to :blog
end
# good
class Blog < ApplicationRecord
with_options inverse_of: :blog do
has_many :posts, -> { order(published_at: :desc) }
end
end
class Post < ApplicationRecord
belongs_to :blog
end
Example:
# bad
class Picture < ApplicationRecord
belongs_to :imageable, polymorphic: true
end
class Employee < ApplicationRecord
has_many :pictures, as: :imageable
end
class Product < ApplicationRecord
has_many :pictures, as: :imageable
end
# good
class Picture < ApplicationRecord
belongs_to :imageable, polymorphic: true
end
class Employee < ApplicationRecord
has_many :pictures, as: :imageable, inverse_of: :imageable
end
class Product < ApplicationRecord
has_many :pictures, as: :imageable, inverse_of: :imageable
end
Example:
# bad
# However, RuboCop can not detect this pattern...
class Physician < ApplicationRecord
has_many :appointments
has_many :patients, through: :appointments
end
class Appointment < ApplicationRecord
belongs_to :physician
belongs_to :patient
end
class Patient < ApplicationRecord
has_many :appointments
has_many :physicians, through: :appointments
end
# good
class Physician < ApplicationRecord
has_many :appointments
has_many :patients, through: :appointments
end
class Appointment < ApplicationRecord
belongs_to :physician, inverse_of: :appointments
belongs_to :patient, inverse_of: :appointments
end
class Patient < ApplicationRecord
has_many :appointments
has_many :physicians, through: :appointments
end
@see http://guides.rubyonrails.org/association_basics.html#bi-directional-associations @see http://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html#module-ActiveRecord::Associations::ClassMethods-label-Setting+Inverses
Replace class var @@student_role with a class instance var. Open
@@student_role ||= find_by name: 'Student'
- Read upRead up
- Exclude checks
This cop checks for uses of class variables. Offenses are signaled only on assignment to class variables to reduce the number of offenses that would be reported.
Replace class var @@instructor_role with a class instance var. Open
@@instructor_role ||= find_by name: 'Instructor'
- Read upRead up
- Exclude checks
This cop checks for uses of class variables. Offenses are signaled only on assignment to class variables to reduce the number of offenses that would be reported.
Do not prefix reader method names with get_
. Open
def get_available_roles
- Read upRead up
- Exclude checks
This cop makes sure that accessor methods are named properly.
Example:
# bad
def set_attribute(value)
end
# good
def attribute=(value)
end
# bad
def get_attribute
end
# good
def attribute
end
Do not prefix reader method names with get_
. Open
def get_parents
- Read upRead up
- Exclude checks
This cop makes sure that accessor methods are named properly.
Example:
# bad
def set_attribute(value)
end
# good
def attribute=(value)
end
# bad
def get_attribute
end
# good
def attribute
end
Replace class var @@administrator_role with a class instance var. Open
@@administrator_role ||= find_by name: 'Administrator'
- Read upRead up
- Exclude checks
This cop checks for uses of class variables. Offenses are signaled only on assignment to class variables to reduce the number of offenses that would be reported.
Replace class var @@ta_role with a class instance var. Open
@@ta_role ||= find_by name: 'Teaching Assistant'
- Read upRead up
- Exclude checks
This cop checks for uses of class variables. Offenses are signaled only on assignment to class variables to reduce the number of offenses that would be reported.
Method Role#cache
is defined at both app/models/role.rb:12 and app/models/role.rb:15. Open
def cache
- Read upRead up
- Exclude checks
This cop checks for duplicated instance (or singleton) method definitions.
Example:
# bad
def duplicated
1
end
def duplicated
2
end
Example:
# bad
def duplicated
1
end
alias duplicated other_duplicated
Example:
# good
def duplicated
1
end
def other_duplicated
2
end
Use snake_case for method names. Open
def hasAllPrivilegesOf(target_role)
- Read upRead up
- Exclude checks
This cop makes sure that all methods use the configured style, snake_case or camelCase, for their names.
Example: EnforcedStyle: snake_case (default)
# bad
def fooBar; end
# good
def foo_bar; end
Example: EnforcedStyle: camelCase
# bad
def foo_bar; end
# good
def fooBar; end
Useless assignment to variable - e
. Open
rescue StandardError => e
- Read upRead up
- Exclude checks
This cop checks for every useless assignment to local variable in every
scope.
The basic idea for this cop was from the warning of ruby -cw
:
assigned but unused variable - foo
Currently this cop has advanced logic that detects unreferenced reassignments and properly handles varied cases such as branch, loop, rescue, ensure, etc.
Example:
# bad
def some_method
some_var = 1
do_something
end
Example:
# good
def some_method
some_var = 1
do_something(some_var)
end
Replace class var @@superadministrator_role with a class instance var. Open
@@superadministrator_role ||= find_by name: 'Super-Administrator'
- Read upRead up
- Exclude checks
This cop checks for uses of class variables. Offenses are signaled only on assignment to class variables to reduce the number of offenses that would be reported.