rubocop-rails 2.0.0

data/lib/rubocop/cop/rails/helper_instance_variable.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rails
+      # This cop checks for use of the helper methods which reference
+      # instance variables.
+      #
+      # Relying on instance variables makes it difficult to re-use helper
+      # methods.
+      #
+      # If it seems awkward to explicitly pass in each dependent
+      # variable, consider moving the behaviour elsewhere, for
+      # example to a model, decorator or presenter.
+      #
+      # @example
+      #   # bad
+      #   def welcome_message
+      #     "Hello #{@user.name}"
+      #   end
+      #
+      #   # good
+      #   def welcome_message(user)
+      #     "Hello #{user.name}"
+      #   end
+      class HelperInstanceVariable < Cop
+        MSG = 'Do not use instance variables in helpers.'
+
+        def on_ivar(node)
+          add_offense(node)
+        end
+
+        def on_ivasgn(node)
+          add_offense(node, location: :name)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rails/http_positional_arguments.rb

@@ -0,0 +1,117 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rails
+      # This cop is used to identify usages of http methods like `get`, `post`,
+      # `put`, `patch` without the usage of keyword arguments in your tests and
+      # change them to use keyword args. This cop only applies to Rails >= 5.
+      # If you are running Rails < 5 you should disable the
+      # Rails/HttpPositionalArguments cop or set your TargetRailsVersion in your
+      # .rubocop.yml file to 4.0, etc.
+      #
+      # @example
+      #   # bad
+      #   get :new, { user_id: 1}
+      #
+      #   # good
+      #   get :new, params: { user_id: 1 }
+      class HttpPositionalArguments < Cop
+        extend TargetRailsVersion
+
+        MSG = 'Use keyword arguments instead of ' \
+              'positional arguments for http call: `%<verb>s`.'
+        KEYWORD_ARGS = %i[
+          method params session body flash xhr as headers env
+        ].freeze
+        HTTP_METHODS = %i[get post put patch delete head].freeze
+
+        minimum_target_rails_version 5.0
+
+        def_node_matcher :http_request?, <<-PATTERN
+          (send nil? {#{HTTP_METHODS.map(&:inspect).join(' ')}} !nil? $_ ...)
+        PATTERN
+
+        def on_send(node)
+          http_request?(node) do |data|
+            return unless needs_conversion?(data)
+
+            add_offense(node, location: :selector,
+                              message: format(MSG, verb: node.method_name))
+          end
+        end
+
+        # given a pre Rails 5 method: get :new, {user_id: @user.id}, {}
+        #
+        # @return lambda of auto correct procedure
+        # the result should look like:
+        #     get :new, params: { user_id: @user.id }, session: {}
+        # the http_method is the method used to call the controller
+        # the controller node can be a symbol, method, object or string
+        # that represents the path/action on the Rails controller
+        # the data is the http parameters and environment sent in
+        # the Rails 5 http call
+        def autocorrect(node)
+          lambda do |corrector|
+            corrector.replace(node.loc.expression, correction(node))
+          end
+        end
+
+        private
+
+        def needs_conversion?(data)
+          return true unless data.hash_type?
+
+          data.each_pair.none? do |pair|
+            special_keyword_arg?(pair.key) ||
+              format_arg?(pair.key) && data.pairs.one?
+          end
+        end
+
+        def special_keyword_arg?(node)
+          node.sym_type? && KEYWORD_ARGS.include?(node.value)
+        end
+
+        def format_arg?(node)
+          node.sym_type? && node.value == :format
+        end
+
+        def convert_hash_data(data, type)
+          return '' if data.hash_type? && data.empty?
+
+          hash_data = if data.hash_type?
+                        format('{ %<data>s }',
+                               data: data.pairs.map(&:source).join(', '))
+                      else
+                        # user supplies an object,
+                        # no need to surround with braces
+                        data.source
+                      end
+
+          format(', %<type>s: %<hash_data>s', type: type, hash_data: hash_data)
+        end
+
+        def correction(node)
+          http_path, *data = *node.arguments
+
+          controller_action = http_path.source
+          params = convert_hash_data(data.first, 'params')
+          session = convert_hash_data(data.last, 'session') if data.size > 1
+
+          format(correction_template(node), name: node.method_name,
+                                            action: controller_action,
+                                            params: params,
+                                            session: session)
+        end
+
+        def correction_template(node)
+          if parentheses?(node)
+            '%<name>s(%<action>s%<params>s%<session>s)'
+          else
+            '%<name>s %<action>s%<params>s%<session>s'
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rails/http_status.rb

@@ -0,0 +1,160 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rails
+      # Enforces use of symbolic or numeric value to define HTTP status.
+      #
+      # @example EnforcedStyle: symbolic (default)
+      #   # bad
+      #   render :foo, status: 200
+      #   render json: { foo: 'bar' }, status: 200
+      #   render plain: 'foo/bar', status: 304
+      #   redirect_to root_url, status: 301
+      #
+      #   # good
+      #   render :foo, status: :ok
+      #   render json: { foo: 'bar' }, status: :ok
+      #   render plain: 'foo/bar', status: :not_modified
+      #   redirect_to root_url, status: :moved_permanently
+      #
+      # @example EnforcedStyle: numeric
+      #   # bad
+      #   render :foo, status: :ok
+      #   render json: { foo: 'bar' }, status: :not_found
+      #   render plain: 'foo/bar', status: :not_modified
+      #   redirect_to root_url, status: :moved_permanently
+      #
+      #   # good
+      #   render :foo, status: 200
+      #   render json: { foo: 'bar' }, status: 404
+      #   render plain: 'foo/bar', status: 304
+      #   redirect_to root_url, status: 301
+      #
+      class HttpStatus < Cop
+        include ConfigurableEnforcedStyle
+
+        def_node_matcher :http_status, <<-PATTERN
+          {
+            (send nil? {:render :redirect_to} _ $hash)
+            (send nil? {:render :redirect_to} $hash)
+          }
+        PATTERN
+
+        def_node_matcher :status_code, <<-PATTERN
+          (hash <(pair (sym :status) ${int sym}) ...>)
+        PATTERN
+
+        def on_send(node)
+          http_status(node) do |hash_node|
+            status = status_code(hash_node)
+            return unless status
+
+            checker = checker_class.new(status)
+            return unless checker.offensive?
+
+            add_offense(checker.node, message: checker.message)
+          end
+        end
+
+        def autocorrect(node)
+          lambda do |corrector|
+            checker = checker_class.new(node)
+            corrector.replace(node.loc.expression, checker.preferred_style)
+          end
+        end
+
+        private
+
+        def checker_class
+          case style
+          when :symbolic
+            SymbolicStyleChecker
+          when :numeric
+            NumericStyleChecker
+          end
+        end
+
+        # :nodoc:
+        class SymbolicStyleChecker
+          MSG = 'Prefer `%<prefer>s` over `%<current>s` ' \
+                'to define HTTP status code.'
+          DEFAULT_MSG = 'Prefer `symbolic` over `numeric` ' \
+                        'to define HTTP status code.'
+
+          attr_reader :node
+          def initialize(node)
+            @node = node
+          end
+
+          def offensive?
+            !node.sym_type? && !custom_http_status_code?
+          end
+
+          def message
+            format(MSG, prefer: preferred_style, current: number.to_s)
+          end
+
+          def preferred_style
+            symbol.inspect
+          end
+
+          private
+
+          def symbol
+            ::Rack::Utils::SYMBOL_TO_STATUS_CODE.key(number)
+          end
+
+          def number
+            node.children.first
+          end
+
+          def custom_http_status_code?
+            node.int_type? &&
+              !::Rack::Utils::SYMBOL_TO_STATUS_CODE.value?(number)
+          end
+        end
+
+        # :nodoc:
+        class NumericStyleChecker
+          MSG = 'Prefer `%<prefer>s` over `%<current>s` ' \
+                'to define HTTP status code.'
+          DEFAULT_MSG = 'Prefer `numeric` over `symbolic` ' \
+                        'to define HTTP status code.'
+          PERMITTED_STATUS = %i[error success missing redirect].freeze
+
+          attr_reader :node
+          def initialize(node)
+            @node = node
+          end
+
+          def offensive?
+            !node.int_type? && !permitted_symbol?
+          end
+
+          def message
+            format(MSG, prefer: preferred_style, current: symbol.inspect)
+          end
+
+          def preferred_style
+            number.to_s
+          end
+
+          private
+
+          def number
+            ::Rack::Utils::SYMBOL_TO_STATUS_CODE[symbol]
+          end
+
+          def symbol
+            node.value
+          end
+
+          def permitted_symbol?
+            node.sym_type? && PERMITTED_STATUS.include?(node.value)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rails/ignored_skip_action_filter_option.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rails
+      # This cop checks that `if` and `only` (or `except`) are not used together
+      # as options of `skip_*` action filter.
+      #
+      # The `if` option will be ignored when `if` and `only` are used together.
+      # Similarly, the `except` option will be ignored when `if` and `except`
+      # are used together.
+      #
+      # @example
+      #   # bad
+      #   class MyPageController < ApplicationController
+      #     skip_before_action :login_required,
+      #       only: :show, if: :trusted_origin?
+      #   end
+      #
+      #   # good
+      #   class MyPageController < ApplicationController
+      #     skip_before_action :login_required,
+      #       if: -> { trusted_origin? && action_name == "show" }
+      #   end
+      #
+      # @example
+      #   # bad
+      #   class MyPageController < ApplicationController
+      #     skip_before_action :login_required,
+      #       except: :admin, if: :trusted_origin?
+      #   end
+      #
+      #   # good
+      #   class MyPageController < ApplicationController
+      #     skip_before_action :login_required,
+      #       if: -> { trusted_origin? && action_name != "admin" }
+      #   end
+      #
+      # @see https://api.rubyonrails.org/classes/AbstractController/Callbacks/ClassMethods.html#method-i-_normalize_callback_options
+      class IgnoredSkipActionFilterOption < Cop
+        MSG = <<~MSG.chomp.freeze
+          `%<ignore>s` option will be ignored when `%<prefer>s` and `%<ignore>s` are used together.
+        MSG
+
+        FILTERS = %w[
+          :skip_after_action
+          :skip_around_action
+          :skip_before_action
+          :skip_action_callback
+        ].freeze
+
+        def_node_matcher :filter_options, <<-PATTERN
+          (send
+            nil?
+            {#{FILTERS.join(' ')}}
+            _
+            $_)
+        PATTERN
+
+        def on_send(node)
+          options = filter_options(node)
+          return unless options
+          return unless options.hash_type?
+
+          options = options_hash(options)
+
+          if if_and_only?(options)
+            add_offense(options[:if],
+                        message: format(MSG, prefer: :only, ignore: :if))
+          elsif if_and_except?(options)
+            add_offense(options[:except],
+                        message: format(MSG, prefer: :if, ignore: :except))
+          end
+        end
+
+        private
+
+        def options_hash(options)
+          options.pairs
+                 .select { |pair| pair.key.sym_type? }
+                 .map { |pair| [pair.key.value, pair] }.to_h
+        end
+
+        def if_and_only?(options)
+          options.key?(:if) && options.key?(:only)
+        end
+
+        def if_and_except?(options)
+          options.key?(:if) && options.key?(:except)
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/rails/inverse_of.rb

@@ -0,0 +1,246 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module Rails
+      # This cop looks for has_(one|many) and belongs_to associations where
+      # Active Record can't automatically determine the inverse association
+      # because of a scope or the options used. Using the blog with order scope
+      # example below, traversing the a Blog's association in both directions
+      # with `blog.posts.first.blog` would cause the `blog` to be loaded from
+      # the database twice.
+      #
+      # `:inverse_of` must be manually specified for Active Record to use the
+      # associated object in memory, or set to `false` to opt-out. Note that
+      # setting `nil` does not stop Active Record from trying to determine the
+      # inverse automatically, and is not considered a valid value for this.
+      #
+      # @example
+      #   # good
+      #   class Blog < ApplicationRecord
+      #     has_many :posts
+      #   end
+      #
+      #   class Post < ApplicationRecord
+      #     belongs_to :blog
+      #   end
+      #
+      # @example
+      #   # bad
+      #   class Blog < ApplicationRecord
+      #     has_many :posts, -> { order(published_at: :desc) }
+      #   end
+      #
+      #   class Post < ApplicationRecord
+      #     belongs_to :blog
+      #   end
+      #
+      #   # good
+      #   class Blog < ApplicationRecord
+      #     has_many(:posts,
+      #              -> { order(published_at: :desc) },
+      #              inverse_of: :blog)
+      #   end
+      #
+      #   class Post < ApplicationRecord
+      #     belongs_to :blog
+      #   end
+      #
+      #   # good
+      #   class Blog < ApplicationRecord
+      #     with_options inverse_of: :blog do
+      #       has_many :posts, -> { order(published_at: :desc) }
+      #     end
+      #   end
+      #
+      #   class Post < ApplicationRecord
+      #     belongs_to :blog
+      #   end
+      #
+      #   # good
+      #   # When you don't want to use the inverse association.
+      #   class Blog < ApplicationRecord
+      #     has_many(:posts,
+      #              -> { order(published_at: :desc) },
+      #              inverse_of: false)
+      #   end
+      #
+      # @example
+      #   # bad
+      #   class Picture < ApplicationRecord
+      #     belongs_to :imageable, polymorphic: true
+      #   end
+      #
+      #   class Employee < ApplicationRecord
+      #     has_many :pictures, as: :imageable
+      #   end
+      #
+      #   class Product < ApplicationRecord
+      #     has_many :pictures, as: :imageable
+      #   end
+      #
+      #   # good
+      #   class Picture < ApplicationRecord
+      #     belongs_to :imageable, polymorphic: true
+      #   end
+      #
+      #   class Employee < ApplicationRecord
+      #     has_many :pictures, as: :imageable, inverse_of: :imageable
+      #   end
+      #
+      #   class Product < ApplicationRecord
+      #     has_many :pictures, as: :imageable, inverse_of: :imageable
+      #   end
+      #
+      # @example
+      #   # bad
+      #   # However, RuboCop can not detect this pattern...
+      #   class Physician < ApplicationRecord
+      #     has_many :appointments
+      #     has_many :patients, through: :appointments
+      #   end
+      #
+      #   class Appointment < ApplicationRecord
+      #     belongs_to :physician
+      #     belongs_to :patient
+      #   end
+      #
+      #   class Patient < ApplicationRecord
+      #     has_many :appointments
+      #     has_many :physicians, through: :appointments
+      #   end
+      #
+      #   # good
+      #   class Physician < ApplicationRecord
+      #     has_many :appointments
+      #     has_many :patients, through: :appointments
+      #   end
+      #
+      #   class Appointment < ApplicationRecord
+      #     belongs_to :physician, inverse_of: :appointments
+      #     belongs_to :patient, inverse_of: :appointments
+      #   end
+      #
+      #   class Patient < ApplicationRecord
+      #     has_many :appointments
+      #     has_many :physicians, through: :appointments
+      #   end
+      #
+      # @see https://guides.rubyonrails.org/association_basics.html#bi-directional-associations
+      # @see https://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html#module-ActiveRecord::Associations::ClassMethods-label-Setting+Inverses
+      class InverseOf < Cop
+        extend TargetRailsVersion
+
+        minimum_target_rails_version 4.1
+
+        SPECIFY_MSG = 'Specify an `:inverse_of` option.'
+        NIL_MSG = 'You specified `inverse_of: nil`, you probably meant to ' \
+          'use `inverse_of: false`.'
+
+        def_node_matcher :association_recv_arguments, <<-PATTERN
+          (send $_ {:has_many :has_one :belongs_to} _ $...)
+        PATTERN
+
+        def_node_matcher :options_from_argument, <<-PATTERN
+          (hash $...)
+        PATTERN
+
+        def_node_matcher :conditions_option?, <<-PATTERN
+          (pair (sym :conditions) !nil)
+        PATTERN
+
+        def_node_matcher :through_option?, <<-PATTERN
+          (pair (sym :through) !nil)
+        PATTERN
+
+        def_node_matcher :polymorphic_option?, <<-PATTERN
+          (pair (sym :polymorphic) !nil)
+        PATTERN
+
+        def_node_matcher :as_option?, <<-PATTERN
+          (pair (sym :as) !nil)
+        PATTERN
+
+        def_node_matcher :foreign_key_option?, <<-PATTERN
+          (pair (sym :foreign_key) !nil)
+        PATTERN
+
+        def_node_matcher :inverse_of_option?, <<-PATTERN
+          (pair (sym :inverse_of) !nil)
+        PATTERN
+
+        def_node_matcher :inverse_of_nil_option?, <<-PATTERN
+          (pair (sym :inverse_of) nil)
+        PATTERN
+
+        def on_send(node)
+          recv, arguments = association_recv_arguments(node)
+          return unless arguments
+
+          with_options = with_options_arguments(recv, node)
+
+          options = arguments.concat(with_options).flat_map do |arg|
+            options_from_argument(arg)
+          end
+          return if options_ignoring_inverse_of?(options)
+
+          return unless scope?(arguments) ||
+                        options_requiring_inverse_of?(options)
+
+          return if options_contain_inverse_of?(options)
+
+          add_offense(node, message: message(options), location: :selector)
+        end
+
+        def scope?(arguments)
+          arguments.any?(&:block_type?)
+        end
+
+        def options_requiring_inverse_of?(options)
+          required = options.any? do |opt|
+            conditions_option?(opt) ||
+              foreign_key_option?(opt)
+          end
+
+          return required if target_rails_version >= 5.2
+
+          required || options.any? { |opt| as_option?(opt) }
+        end
+
+        def options_ignoring_inverse_of?(options)
+          options.any? do |opt|
+            through_option?(opt) || polymorphic_option?(opt)
+          end
+        end
+
+        def options_contain_inverse_of?(options)
+          options.any? { |opt| inverse_of_option?(opt) }
+        end
+
+        def with_options_arguments(recv, node)
+          blocks = node.each_ancestor(:block).select do |block|
+            block.send_node.command?(:with_options) &&
+              same_context_in_with_options?(block.arguments.first, recv)
+          end
+          blocks.flat_map { |n| n.send_node.arguments }
+        end
+
+        def same_context_in_with_options?(arg, recv)
+          return true if arg.nil? && recv.nil?
+
+          arg && recv && arg.children[0] == recv.children[0]
+        end
+
+        private
+
+        def message(options)
+          if options.any? { |opt| inverse_of_nil_option?(opt) }
+            NIL_MSG
+          else
+            SPECIFY_MSG
+          end
+        end
+      end
+    end
+  end
+end