rails_best_practices 1.8.0 → 1.9.0

data/.rvmrc

@@ -1,2 +1,2 @@
 rvm_gemset_create_on_use_flag=1
-rvm gemset use ruby-1.9.2-p290@rails_best_practices
+rvm gemset use ruby-1.9.3-p125@rails_best_practices

data/.travis.yml

@@ -1 +1 @@
-rvm: 1.9.2
+rvm: 1.9.3

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rails_best_practices (1.8.0)
+    rails_best_practices (1.9.0)
       activesupport
       colored
       erubis

data/README.md

@@ -19,6 +19,8 @@ following template engines:
 * haml
 * slim
 
+rails_best_practices works well only in ruby 1.9.2 and ruby 1.9.3 so far.
+
 Usage
 -----
 
@@ -78,8 +80,6 @@ Install
 
 rails_best_practices gem is rewritten based on ripper instead of ruby_parser to support ruby 1.9 new syntax.
 
-Ruby 1.9
-
     gem install rails_best_practices
 
 or add in Gemfile
@@ -143,6 +143,7 @@ Now you can customize this configuration file, the default configuration is as f
     RemoveUnusedMethodsInControllersCheck: { except_methods: [] }
     RemoveUnusedMethodsInHelpersCheck: { except_methods: [] }
     NotUseTimeAgoInWordsCheck: {}
+    ProtectMassAssignmentCheck: {}
 
 You can remove or comment one review to disable it, and you can change the options.
 
@@ -172,6 +173,7 @@ Model
 3. Use observer
 4. Use query attribute
 5. Remove unused methods in models
+6. Protect mass assignment
 
 Mailer
 

data/install_supported_rubies.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-rubies=( 1.8.7 1.9.2 ree )
+rubies=( 1.9.2 1.9.3 )
 for x in ${rubies[*]}
 do
   rvm install $x

data/lib/rails_best_practices/core.rb

@@ -15,7 +15,6 @@ require 'rails_best_practices/core/controllers'
 require 'rails_best_practices/core/helpers'
 require 'rails_best_practices/core/routes'
 
-require 'rails_best_practices/core_ext/string'
 require 'rails_best_practices/core_ext/sexp'
 require 'rails_best_practices/core_ext/enumerable'
 require 'rails_best_practices/core_ext/erubis'

data/lib/rails_best_practices/core/check.rb

@@ -238,7 +238,7 @@ module RailsBestPractices
       module Callable
         def self.included(base)
           base.class_eval do
-            interesting_nodes :call, :fcall, :var_ref, :command_call, :command, :alias, :bare_assoc_hash, :method_add_arg
+            interesting_nodes :call, :fcall, :var_ref, :vcall, :command_call, :command, :alias, :bare_assoc_hash, :method_add_arg
 
             # remembe the message of call node.
             add_callback "start_call" do |node|
@@ -255,6 +255,11 @@ module RailsBestPractices
               mark_used(node)
             end
 
+            # remembe name of vcall node.
+            add_callback "start_vcall" do |node|
+              mark_used(node)
+            end
+
             # skip start_command callback for these nodes
             def skip_command_callback_nodes
               []
@@ -346,7 +351,7 @@ module RailsBestPractices
       module InheritedResourcesable
         def self.included(base)
           base.class_eval do
-            interesting_nodes :class, :var_ref
+            interesting_nodes :class, :var_ref, :vcall
             interesting_files CONTROLLER_FILES
 
             # check if the controller is inherit from InheritedResources::Base.
@@ -362,6 +367,13 @@ module RailsBestPractices
                 @inherited_resources = true
               end
             end
+
+            # check if there is a DSL call inherit_resources.
+            add_callback "start_vcall" do |node|
+              if "inherit_resources" == node.to_s
+                @inherited_resources = true
+              end
+            end
           end
         end
       end
@@ -396,7 +408,7 @@ module RailsBestPractices
       module Accessable
         def self.included(base)
           base.class_eval do
-            interesting_nodes :var_ref, :class, :module
+            interesting_nodes :var_ref, :vcall, :class, :module
 
             # remember the current access control for methods.
             add_callback "start_var_ref" do |node|
@@ -405,6 +417,13 @@ module RailsBestPractices
               end
             end
 
+            # remember the current access control for methods.
+            add_callback "start_vcall" do |node|
+              if %w(public protected private).include? node.to_s
+                @access_control = node.to_s
+              end
+            end
+
             # set access control to "public" by default.
             add_callback "start_class" do |node|
               @access_control = "public"

data/lib/rails_best_practices/core/checking_visitor.rb

@@ -49,27 +49,30 @@ module RailsBestPractices
       # then run the reivew for that node.
       [:prepare, :review].each do |process|
         class_eval <<-EOS
-          def #{process}(node)                                         # def review(node)
-            checks = @#{process}_checks[node.sexp_type]                #   checks = @review_checks[node.sexp_type]
-            if checks                                                  #   if checks
-              checks.each { |check|                                    #     checks.each { |check|
-                if check.parse_file?(node.file)                        #      if check.parse_file?(node.file)
-                  check.node_start(node)                               #         check.node_start(node)
-                end                                                    #       end
-              }                                                        #     }
-            end                                                        #   end
-            node.children.each { |sexp|                                #   node.children.each { |sexp|
-              sexp.file = node.file                                    #     sexp.filename = node.file
-              sexp.#{process}(self)                                    #     sexp.review(self)
-            }                                                          #   }
-            if checks                                                  #   if checks
-              checks.each { |check|                                    #     checks.each { |check|
-                if check.parse_file?(node.file)                        #      if check.parse_file?(node.file)
-                  check.node_end(node)                                 #         check.node_end(node)
-                end                                                    #       end
-              }                                                        #     }
-            end                                                        #   end
-          end                                                          # end
+          def #{process}(node)                                           # def review(node)
+            checks = @#{process}_checks[node.sexp_type]                  #   checks = @review_checks[node.sexp_type]
+            if checks                                                    #   if checks
+              checks.each { |check|                                      #     checks.each { |check|
+                if check.parse_file?(node.file)                          #      if check.parse_file?(node.file)
+                  check.node_start(node)                                 #         check.node_start(node)
+                end                                                      #       end
+              }                                                          #     }
+            end                                                          #   end
+            node.children.each { |sexp|                                  #   node.children.each { |sexp|
+              sexp.file = node.file                                      #     sexp.filename = node.file
+              sexp.#{process}(self)                                      #     sexp.review(self)
+            }                                                            #   }
+            if checks                                                    #   if checks
+              checks.each { |check|                                      #     checks.each { |check|
+                if check.parse_file?(node.file)                          #      if check.parse_file?(node.file)
+                  check.node_end(node)                                   #         check.node_end(node)
+                end                                                      #       end
+              }                                                          #     }
+            end                                                          #   end
+          rescue Exception                                               # rescue Exception
+            puts "find error in file: \#{node.file} line: \#{node.line}" #   puts "find error in file: \#{node.file} line: \#{node.line}"
+            raise $!                                                     #   raise $!
+          end                                                            # end
         EOS
       end
     end

data/lib/rails_best_practices/core/model_associations.rb

@@ -48,7 +48,7 @@ module RailsBestPractices
       # @param [String] association_name
       # @return [String] association's class name
       def get_association_class_name(table_name, association_name)
-        associations = @associations.select { |model, model_associations| model.table_name == table_name }.values.first and
+        associations = @associations.select { |model, model_associations| model.gsub("::", "").tableize == table_name }.values.first and
           association_meta = associations.select { |name, meta| name == association_name }.values.first and
           association_meta["class_name"]
       end

data/lib/rails_best_practices/core/routes.rb

@@ -8,7 +8,9 @@ module RailsBestPractices
       # @param [String] controller name
       # @param [String] action name
       def add_route(namespaces, controller_name, action_name)
-        self << Route.new(namespaces, controller_name, action_name)
+        if controller_name.present?
+          self << Route.new(namespaces, controller_name, action_name)
+        end
       end
     end
 

data/lib/rails_best_practices/core_ext/sexp.rb

@@ -22,7 +22,7 @@ class Sexp
   #       => 2
   def line
     if [:def, :defs, :command, :command_call, :call, :fcall, :method_add_arg, :method_add_block,
-      :var_ref, :const_ref, :const_path_ref, :class, :module, :if, :unless, :elsif, :binary,
+      :var_ref, :vcall, :const_ref, :const_path_ref, :class, :module, :if, :unless, :elsif, :binary,
       :alias, :symbol_literal, :symbol, :aref].include? sexp_type
       self[1].line
     elsif :array == sexp_type
@@ -56,17 +56,20 @@ class Sexp
   #     :sexp_type => :call,
   #     :subject => "Post",
   #     :message => ["find", "new"]
+  #     :to_s => "devise"
   #
-  # the condition key is one of :sexp_type, :subject or :message,
+  # the condition key is one of :sexp_type, :subject, :message, :to_s,
   # the condition value can be Symbol, Array or Sexp.
   def grep_nodes(options)
     sexp_type = options[:sexp_type]
     subject = options[:subject]
     message = options[:message]
+    to_s = options[:to_s]
     self.recursive_children do |child|
       if (!sexp_type || (sexp_type.is_a?(Array) ? sexp_type.include?(child.sexp_type) : sexp_type == child.sexp_type)) &&
          (!subject || (subject.is_a?(Array) ? subject.include?(child.subject.to_s) : subject == child.subject.to_s)) &&
-         (!message || (message.is_a?(Array) ? message.include?(child.message.to_s) : message == child.message.to_s))
+         (!message || (message.is_a?(Array) ? message.include?(child.message.to_s) : message == child.message.to_s)) &&
+         (!to_s || (to_s.is_a?(Array) ? to_s.include?(child.to_s) : to_s == child.to_s))
         yield child
       end
     end
@@ -82,7 +85,7 @@ class Sexp
   #     :subject => s(:const, Post),
   #     :message => [:find, :new]
   #
-  # the condition key is one of :sexp_type, :subject, :message,
+  # the condition key is one of :sexp_type, :subject, :message, and to_s,
   # the condition value can be Symbol, Array or Sexp.
   def grep_node(options)
     result = RailsBestPractices::Core::Nil.new
@@ -295,13 +298,17 @@ class Sexp
     nodes = []
     case sexp_type
     when :args_add_block, :array
-      node = self[1]
-      while true
-        if [:args_add, :args_add_star].include? node.sexp_type
-          nodes.unshift node[2]
-          node = node[1]
-        elsif :args_new == node.sexp_type
-          break
+      if self[1].sexp_type == :args_new
+        nodes << self[2]
+      else
+        node = self[1]
+        while true
+          if [:args_add, :args_add_star].include? node.sexp_type
+            nodes.unshift node[2]
+            node = node[1]
+          elsif :args_new == node.sexp_type
+            break
+          end
         end
       end
     end
@@ -754,7 +761,7 @@ class Sexp
   def to_s
     case sexp_type
     when :string_literal, :xstring_literal, :string_content, :const_ref, :symbol_literal, :symbol,
-         :args_add_block, :var_ref, :var_field,
+         :args_add_block, :var_ref, :vcall, :var_field,
          :@ident, :@tstring_content, :@const, :@ivar, :@kw, :@gvar, :@cvar
       self[1].to_s
     when :string_add
@@ -788,7 +795,7 @@ class Sexp
 
   # check if the self node is a const.
   def const?
-    :@const == self.sexp_type || (:var_ref == self.sexp_type && :@const == self[1].sexp_type)
+    :@const == self.sexp_type || ([:var_ref, :vcall].include?(self.sexp_type) && :@const == self[1].sexp_type)
   end
 
   # true

data/lib/rails_best_practices/prepares/controller_prepare.rb

@@ -10,7 +10,7 @@ module RailsBestPractices
       include Core::Check::Accessable
       include Core::Check::Afterable
 
-      interesting_nodes :class, :var_ref, :command, :def
+      interesting_nodes :class, :var_ref, :vcall, :command, :def
       interesting_files CONTROLLER_FILES
 
       DEFAULT_ACTIONS = %w(index show new create edit update destroy)
@@ -47,6 +47,13 @@ module RailsBestPractices
         end
       end
 
+      # check if there is a DSL call inherit_resources.
+      def start_vcall(node)
+        if @inherited_resources
+          @actions = DEFAULT_ACTIONS
+        end
+      end
+
       # restrict actions for inherited_resources
       def start_command(node)
         if "include" == node.message.to_s

data/lib/rails_best_practices/prepares/model_prepare.rb

@@ -9,7 +9,7 @@ module RailsBestPractices
       include Core::Check::Accessable
       include Core::Check::Afterable
 
-      interesting_nodes :class, :def, :defs, :command, :var_ref, :alias
+      interesting_nodes :class, :def, :defs, :command, :alias
       interesting_files MODEL_FILES
 
       ASSOCIATION_METHODS = %w(belongs_to has_one has_many has_and_belongs_to_many embeds_many embeds_one embedded_in many one)

data/lib/rails_best_practices/prepares/route_prepare.rb

@@ -28,7 +28,11 @@ module RailsBestPractices
           first_argument = node.arguments.all.first
           second_argument = node.arguments.all[1]
           if @controller_names.last
-            action_name = first_argument.to_s
+            if :bare_assoc_hash == first_argument.sexp_type
+              action_name = first_argument.hash_values.first.to_s
+            else
+              action_name = first_argument.to_s
+            end
             @routes.add_route(current_namespaces, current_controller_name, action_name)
           else
             if :bare_assoc_hash == first_argument.sexp_type
@@ -83,7 +87,7 @@ module RailsBestPractices
         else
           options = node.arguments.all.last
           if options.hash_value("controller").present?
-            @controller_name = options.hash_value("controller").to_s
+            @controller_name = [:option, options.hash_value("controller").to_s]
           end
           action_name = options.hash_value("action").present? ? options.hash_value("action").to_s : "*"
           @routes.add_route(current_namespaces, current_controller_name, action_name)
@@ -100,11 +104,15 @@ module RailsBestPractices
           if node.arguments.all.last.hash_value("module").present?
             @namespaces << node.arguments.all.last.hash_value("module").to_s
           end
-          @controller_name = nil
+          if node.arguments.all.last.hash_value("controller").present?
+            @controller_name = [:scope, node.arguments.all.last.hash_value("controller").to_s]
+          else
+            @controller_name = @controller_name.try(:first) == :scope ? @controller_name : nil
+          end
         when "with_options"
           argument = node.arguments.all.last
           if :bare_assoc_hash == argument.sexp_type && argument.hash_value("controller").present?
-            @controller_name = argument.hash_value("controller").to_s
+            @controller_name = [:with_option, argument.hash_value("controller").to_s]
           end
         else
           # do nothing
@@ -127,7 +135,7 @@ module RailsBestPractices
 
       # remember current controller name, used for nested resources.
       def start_do_block(node)
-        @controller_names << @controller_name
+        @controller_names << @controller_name.try(:last)
       end
 
       # remove current controller name, and use upper lever resource name.
@@ -140,13 +148,13 @@ module RailsBestPractices
         def add_#{route_name}_routes(node)
           resource_names = node.arguments.all.select { |argument| :symbol_literal == argument.sexp_type }
           resource_names.each do |resource_name|
-            @controller_name = node.arguments.all.first.to_s
+            @controller_name = [:#{route_name}, node.arguments.all.first.to_s]
             options = node.arguments.all.last
             if options.hash_value("module").present?
               @namespaces << options.hash_value("module").to_s
             end
             if options.hash_value("controller").present?
-              @controller_name = options.hash_value("controller").to_s
+              @controller_name = [:#{route_name}, options.hash_value("controller").to_s]
             end
             action_names = if options.hash_value("only").present?
                              get_#{route_name}_actions(options.hash_value("only").to_object)
@@ -201,7 +209,7 @@ module RailsBestPractices
       end
 
       def current_controller_name
-        @controller_names.last || @controller_name
+        @controller_names.last || @controller_name.try(:last)
       end
     end
   end

data/lib/rails_best_practices/reviews.rb

@@ -30,3 +30,4 @@ require 'rails_best_practices/reviews/remove_unused_methods_in_models_review'
 require 'rails_best_practices/reviews/remove_unused_methods_in_controllers_review'
 require 'rails_best_practices/reviews/remove_unused_methods_in_helpers_review'
 require 'rails_best_practices/reviews/not_use_time_ago_in_words_review'
+require 'rails_best_practices/reviews/protect_mass_assignment_review'

data/lib/rails_best_practices/reviews/always_add_db_index_review.rb

@@ -130,7 +130,7 @@ module RailsBestPractices
             foreign_keys.delete_if do |key|
               if key =~ /_id$/
                 class_name = Prepares.model_associations.get_association_class_name(table, key[0..-4])
-                class_name ? !@table_nodes[class_name.table_name] : !@table_nodes[key[0..-4].pluralize]
+                class_name ? !@table_nodes[class_name.gsub("::", "").tableize] : !@table_nodes[key[0..-4].pluralize]
               end
             end
           end

data/lib/rails_best_practices/reviews/protect_mass_assignment_review.rb

@@ -0,0 +1,45 @@
+# encoding: utf-8
+require 'rails_best_practices/reviews/review'
+
+module RailsBestPractices
+  module Reviews
+    # Review model files to make sure to use attr_accessible or attr_protected to protect mass assignment.
+    #
+    # See the best practices details here http://rails-bestpractices.com/posts/148-protect-mass-assignment.
+    #
+    # Implmentation:
+    #
+    # Review process:
+    #   check class node to see if there is a command with message attr_accessible or attr_protected.
+    class ProtectMassAssignmentReview < Review
+      interesting_nodes :class
+      interesting_files MODEL_FILES
+
+      def url
+        "http://rails-bestpractices.com/posts/148-protect-mass-assignment"
+      end
+
+      # check class node, grep all command nodes, if none of them is with message attr_accessible or attr_protected,
+      # then it should add attr_accessible or attr_protected to protect mass assignment.
+      def start_class(node)
+        if !rails_builtin?(node) && !devise?(node) && !authlogic?(node)
+          add_error "protect mass assignment"
+        end
+      end
+
+      private
+        def rails_builtin?(node)
+          node.grep_node(:sexp_type => :command, :message => %w(attr_accessible attr_protected)).present?
+        end
+
+        def devise?(node)
+          node.grep_node(:sexp_type => :command, :message => "devise").present?
+        end
+
+        def authlogic?(node)
+         node.grep_node(:sexp_type => :vcall, :to_s => "acts_as_authentic").present? ||
+         node.grep_node(:sexp_type => :fcall, :message => "acts_as_authentic").present?
+        end
+    end
+  end
+end

data/lib/rails_best_practices/reviews/replace_instance_variable_with_local_variable_review.rb

@@ -13,7 +13,7 @@ module RailsBestPractices
     #   check all instance variable in partial view files,
     #   if exist, then they should be replaced with local variable
     class ReplaceInstanceVariableWithLocalVariableReview < Review
-      interesting_nodes :var_ref
+      interesting_nodes :var_ref, :vcall
       interesting_files PARTIAL_VIEW_FILES
 
       def url
@@ -27,6 +27,14 @@ module RailsBestPractices
           add_error "replace instance variable with local variable"
         end
       end
+
+      # check ivar node in partial view file,
+      # it is an instance variable, and should be replaced with local variable.
+      def start_vcall(node)
+        if node.to_s.start_with?('@')
+          add_error "replace instance variable with local variable"
+        end
+      end
     end
   end
 end

data/lib/rails_best_practices/reviews/restrict_auto_generated_routes_review.rb

@@ -86,10 +86,10 @@ module RailsBestPractices
             if hash_key_exist?(option_node,"controller")
               name = option_node.hash_value("controller").to_s
             else
-              name = node.arguments.all.first.to_s.table_name
+              name = node.arguments.all.first.to_s.gsub("::", "").tableize
             end
           else
-            name = node.arguments.all.first.to_s.table_name
+            name = node.arguments.all.first.to_s.gsub("::", "").tableize
           end
           namespaced_class_name(name)
         end

data/lib/rails_best_practices/reviews/use_before_filter_review.rb

@@ -34,7 +34,7 @@ module RailsBestPractices
         @first_sentences = {}
 
         node.body.statements.each do |statement_node|
-          break if :var_ref == statement_node.sexp_type && ["protected", "private"].include?(statement_node.to_s)
+          break if [:var_ref, :vcall].include?(statement_node.sexp_type) && ["protected", "private"].include?(statement_node.to_s)
           remember_first_sentence(statement_node) if :def == statement_node.sexp_type
         end
         @first_sentences.each do |first_sentence, def_nodes|

data/lib/rails_best_practices/version.rb

@@ -1,4 +1,4 @@
 # encoding: utf-8
 module RailsBestPractices
-  VERSION = "1.8.0"
+  VERSION = "1.9.0"
 end

data/rails_best_practices.gemspec

@@ -42,7 +42,7 @@ Gem::Specification.new do |s|
 
   Please also try our online service
 
-      https://railsbp.com
+      http://railsbp.com
 
   Enjoy!
 

data/rails_best_practices.yml

@@ -31,3 +31,4 @@ RemoveUnusedMethodsInModelsCheck: { except_methods: [] }
 RemoveUnusedMethodsInControllersCheck: { except_methods: [] }
 RemoveUnusedMethodsInHelpersCheck: { except_methods: [] }
 NotUseTimeAgoInWordsCheck: { }
+ProtectMassAssignmentCheck: { }

data/rake_rubies.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
-rubies=( 1.9.2-p180 1.9.2-p290 1.9.3-p0 )
+rubies=( 1.9.2-p290 1.9.3-p125 )
 gemset="rails_best_practices"
 
 for x in ${rubies[*]}
 do
   echo $x@$gemset
-  rvm $x@$gemset do bundle exec rake spec:progress
+  rvm $x@$gemset do bundle exec rake spec
 done

data/spec/rails_best_practices/core_ext/sexp_spec.rb

@@ -48,13 +48,19 @@ describe Sexp do
     it "should get the call nodes with subject current_user" do
       nodes = []
       @node.grep_nodes(:sexp_type => :call, :subject => "current_user") { |node| nodes << node }
-      nodes.should == [s(:call, s(:var_ref, s(:@ident, "current_user", s(2, 8))), :".", s(:@ident, "posts", s(2, 21)))]
+      nodes.should == [s(:call, s(:vcall, s(:@ident, "current_user", s(2, 8))), :".", s(:@ident, "posts", s(2, 21)))]
     end
 
     it "should get the call nodes with different messages" do
       nodes = []
       @node.grep_nodes(:sexp_type => :call, :message => ["posts", "find"]) { |node| nodes << node }
-      nodes.should == [s(:call, s(:call, s(:var_ref, s(:@ident, "current_user", s(2, 8))), :".", s(:@ident, "posts", s(2, 21))), :".", s(:@ident, "find", s(2, 27))), s(:call, s(:var_ref, s(:@ident, "current_user", s(2, 8))), :".", s(:@ident, "posts", s(2, 21)))]
+      nodes.should == [s(:call, s(:call, s(:vcall, s(:@ident, "current_user", s(2, 8))), :".", s(:@ident, "posts", s(2, 21))), :".", s(:@ident, "find", s(2, 27))), s(:call, s(:vcall, s(:@ident, "current_user", s(2, 8))), :".", s(:@ident, "posts", s(2, 21)))]
+    end
+
+    it "should get the vcall node with to_s" do
+      nodes = []
+      @node.grep_nodes(:sexp_type => :vcall, :to_s => "current_user") { |node| nodes << node }
+      nodes.should == [s(:vcall, s(:@ident, "current_user", s(2, 8)))]
     end
   end
 
@@ -70,7 +76,7 @@ describe Sexp do
 
     it "should get first node with empty argument" do
       node = @node.grep_node(:sexp_type => :call, :subject => "current_user")
-      node.should == s(:call, s(:var_ref, s(:@ident, "current_user", s(2, 8))), :".", s(:@ident, "posts", s(2, 21)))
+      node.should == s(:call, s(:vcall, s(:@ident, "current_user", s(2, 8))), :".", s(:@ident, "posts", s(2, 21)))
     end
   end
 
@@ -221,7 +227,7 @@ describe Sexp do
       node.arguments.sexp_type.should == :args_add_block
     end
 
-    it "should get the arguments of method_add_args" do
+    it "should get the arguments of method_add_arg" do
       node = parse_content("User.find(:all)").grep_node(:sexp_type => :method_add_arg)
       node.arguments.sexp_type.should == :args_add_block
     end
@@ -245,6 +251,11 @@ describe Sexp do
       node.all.map(&:to_s).should == ["hello", "world"]
     end
 
+    it "should get all arguments with &:" do
+      node = parse_content("user.posts.map(&:title)").grep_node(:sexp_type => :args_add_block)
+      node.all.map(&:to_s).should == ["title"]
+    end
+
     it "no error for args_add_star" do
       node = parse_content("send(:\"\#{route}_url\", *args)").grep_node(:sexp_type => :args_add_block)
       lambda { node.all }.should_not raise_error

data/spec/rails_best_practices/prepares/route_prepare_spec.rb

@@ -505,11 +505,23 @@ describe RailsBestPractices::Prepares::RoutePrepare do
             scope "/admin" do
               resources :comments, :only => [:index]
             end
+            scope "/:username", controller: :users do
+              get '/' => :show
+              scope 'topic' do
+                get 'preview', :as => 'preview_user', :action => 'preview'
+              end
+            end
           end
         EOF
         runner.prepare('config/routes.rb', content)
         routes = RailsBestPractices::Prepares.routes
-        routes.map(&:to_s).should == ["Admin::PostsController#index", "Admin::DiscussionsController#index", "CommentsController#index"]
+        routes.map(&:to_s).should == [
+                                       "Admin::PostsController#index",
+                                       "Admin::DiscussionsController#index",
+                                       "CommentsController#index",
+                                       "UsersController#show",
+                                       "UsersController#preview"
+                                     ]
       end
     end
 
@@ -531,7 +543,7 @@ describe RailsBestPractices::Prepares::RoutePrepare do
 
     it "should add routes for another get/post" do
       content =<<-EOF
-      RailsBestPracticesCom::Application.routes.draw do
+      RailsBestPracticesCom::Application.routes.draw
         get "/login", to: 'sessions#new', as: :login
       end
       EOF
@@ -622,5 +634,16 @@ describe RailsBestPractices::Prepares::RoutePrepare do
       routes = RailsBestPractices::Prepares.routes
       routes.last.to_s.should == "SprintsController#stop"
     end
+
+    it "should not parse wrong route" do
+      content =<<-EOF
+      RailsBestPracticesCom::Application.routes.draw do
+        match ':controller/:action' => '#index', :as => :auto_complete
+      end
+      EOF
+      runner.prepare('config/routes.rb', content)
+      routes = RailsBestPractices::Prepares.routes
+      routes.size.should == 0
+    end
   end
 end

data/spec/rails_best_practices/reviews/protect_mass_assignment_review_spec.rb

@@ -0,0 +1,67 @@
+require 'spec_helper'
+
+describe RailsBestPractices::Reviews::ProtectMassAssignmentReview do
+  let(:runner) { RailsBestPractices::Core::Runner.new(:reviews => RailsBestPractices::Reviews::ProtectMassAssignmentReview.new) }
+
+  it "should protect mass assignment" do
+    content =<<-EOF
+    class User < ActiveRecord::Base
+    end
+    EOF
+    runner.review('app/models/user.rb', content)
+    runner.should have(1).errors
+    runner.errors[0].to_s.should == "app/models/user.rb:1 - protect mass assignment"
+  end
+
+  it "should not protect mass assignment with attr_accessible" do
+    content =<<-EOF
+    class User < ActiveRecord::Base
+      attr_accessible :email, :password, :password_confirmation
+    end
+    EOF
+    runner.review('app/models/user.rb', content)
+    runner.should have(0).errors
+  end
+
+  it "should not protect mass assignment with attr_protected" do
+    content =<<-EOF
+    class User < ActiveRecord::Base
+      attr_protected :role
+    end
+    EOF
+    runner.review('app/models/user.rb', content)
+    runner.should have(0).errors
+  end
+
+  it "should not protect mass assignment if using devise" do
+    content =<<-EOF
+    class User < ActiveRecord::Base
+      devise :database_authenticatable, :registerable, :confirmable, :recoverable, :stretches => 20
+    end
+    EOF
+    runner.review('app/models/user.rb', content)
+    runner.should have(0).errors
+  end
+
+  it "should not protect mass assignment if using authlogic with configuration" do
+    content =<<-EOF
+    class User < ActiveRecord::Base
+      acts_as_authentic do |c|
+        c.my_config_option = my_value
+      end
+    end
+    EOF
+    runner.review('app/models/user.rb', content)
+    runner.should have(0).errors
+  end
+
+  it "should not protect mass assignment if using authlogic without configuration" do
+    content =<<-EOF
+    class User < ActiveRecord::Base
+      acts_as_authentic
+    end
+    EOF
+    runner.review('app/models/user.rb', content)
+    runner.should have(0).errors
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails_best_practices
 version: !ruby/object:Gem::Version
-  version: 1.8.0
+  version: 1.9.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-02-24 00:00:00.000000000Z
+date: 2012-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sexp_processor
-  requirement: &70270463469100 !ruby/object:Gem::Requirement
+  requirement: &70152469216300 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70270463469100
+  version_requirements: *70152469216300
 - !ruby/object:Gem::Dependency
   name: progressbar
-  requirement: &70270463467440 !ruby/object:Gem::Requirement
+  requirement: &70152469214420 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70270463467440
+  version_requirements: *70152469214420
 - !ruby/object:Gem::Dependency
   name: colored
-  requirement: &70270463456860 !ruby/object:Gem::Requirement
+  requirement: &70152469213480 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,10 +43,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70270463456860
+  version_requirements: *70152469213480
 - !ruby/object:Gem::Dependency
   name: erubis
-  requirement: &70270463455020 !ruby/object:Gem::Requirement
+  requirement: &70152469212320 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -54,10 +54,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70270463455020
+  version_requirements: *70152469212320
 - !ruby/object:Gem::Dependency
   name: i18n
-  requirement: &70270463453880 !ruby/object:Gem::Requirement
+  requirement: &70152469211160 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -65,10 +65,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70270463453880
+  version_requirements: *70152469211160
 - !ruby/object:Gem::Dependency
   name: activesupport
-  requirement: &70270463452620 !ruby/object:Gem::Requirement
+  requirement: &70152469209960 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -76,10 +76,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70270463452620
+  version_requirements: *70152469209960
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &70270463451560 !ruby/object:Gem::Requirement
+  requirement: &70152469209140 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -87,10 +87,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70270463451560
+  version_requirements: *70152469209140
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70270463450820 !ruby/object:Gem::Requirement
+  requirement: &70152469208480 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -98,10 +98,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70270463450820
+  version_requirements: *70152469208480
 - !ruby/object:Gem::Dependency
   name: haml
-  requirement: &70270463450120 !ruby/object:Gem::Requirement
+  requirement: &70152469207680 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -109,10 +109,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70270463450120
+  version_requirements: *70152469207680
 - !ruby/object:Gem::Dependency
   name: slim
-  requirement: &70270463444400 !ruby/object:Gem::Requirement
+  requirement: &70152469206760 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -120,10 +120,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70270463444400
+  version_requirements: *70152469206760
 - !ruby/object:Gem::Dependency
   name: bundler
-  requirement: &70270463443380 !ruby/object:Gem::Requirement
+  requirement: &70152469205560 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -131,7 +131,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70270463443380
+  version_requirements: *70152469205560
 description: a code metric tool for rails codes, written in Ruby.
 email:
 - flyerhzm@gmail.com
@@ -179,7 +179,6 @@ files:
 - lib/rails_best_practices/core_ext/enumerable.rb
 - lib/rails_best_practices/core_ext/erubis.rb
 - lib/rails_best_practices/core_ext/sexp.rb
-- lib/rails_best_practices/core_ext/string.rb
 - lib/rails_best_practices/lexicals.rb
 - lib/rails_best_practices/lexicals/remove_tab_check.rb
 - lib/rails_best_practices/lexicals/remove_trailing_whitespace_check.rb
@@ -206,6 +205,7 @@ files:
 - lib/rails_best_practices/reviews/not_use_default_route_review.rb
 - lib/rails_best_practices/reviews/not_use_time_ago_in_words_review.rb
 - lib/rails_best_practices/reviews/overuse_route_customizations_review.rb
+- lib/rails_best_practices/reviews/protect_mass_assignment_review.rb
 - lib/rails_best_practices/reviews/remove_empty_helpers_review.rb
 - lib/rails_best_practices/reviews/remove_unused_methods_in_controllers_review.rb
 - lib/rails_best_practices/reviews/remove_unused_methods_in_helpers_review.rb
@@ -270,6 +270,7 @@ files:
 - spec/rails_best_practices/reviews/not_use_default_route_review_spec.rb
 - spec/rails_best_practices/reviews/not_use_times_ago_in_words_review_spec.rb
 - spec/rails_best_practices/reviews/overuse_route_customizations_review_spec.rb
+- spec/rails_best_practices/reviews/protect_mass_assignment_review_spec.rb
 - spec/rails_best_practices/reviews/remove_empty_helpers_review_spec.rb
 - spec/rails_best_practices/reviews/remove_unused_methods_in_controllers_review_spec.rb
 - spec/rails_best_practices/reviews/remove_unused_methods_in_helpers_review_spec.rb
@@ -292,7 +293,7 @@ licenses: []
 post_install_message: ! "********************************************************************************\n\n
   \ rails_best_practices is a code metric tool to check the quality of rails codes.\n\n
   \ I highly recommend you browse the Rails Best Practices website first.\n\n      http://rails-bestpractices.com\n\n
-  \ Please also try our online service\n\n      https://railsbp.com\n\n  Enjoy!\n\n
+  \ Please also try our online service\n\n      http://railsbp.com\n\n  Enjoy!\n\n
   \     Richard Huang (flyerhzm@gmail.com)\n\n********************************************************************************\n"
 rdoc_options: []
 require_paths:
@@ -306,7 +307,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 920336894600409116
+      hash: -964066537248826324
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -315,7 +316,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.6
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.15
+rubygems_version: 1.8.17
 signing_key: 
 specification_version: 3
 summary: a code metric tool for rails codes.
@@ -363,6 +364,7 @@ test_files:
 - spec/rails_best_practices/reviews/not_use_default_route_review_spec.rb
 - spec/rails_best_practices/reviews/not_use_times_ago_in_words_review_spec.rb
 - spec/rails_best_practices/reviews/overuse_route_customizations_review_spec.rb
+- spec/rails_best_practices/reviews/protect_mass_assignment_review_spec.rb
 - spec/rails_best_practices/reviews/remove_empty_helpers_review_spec.rb
 - spec/rails_best_practices/reviews/remove_unused_methods_in_controllers_review_spec.rb
 - spec/rails_best_practices/reviews/remove_unused_methods_in_helpers_review_spec.rb

data/lib/rails_best_practices/core_ext/string.rb

@@ -1,5 +0,0 @@
-class String
-  def table_name
-    self.gsub("::", "").tableize
-  end
-end