rubocop-yiffspace 0.0.1

data/lib/rubocop/cop/yiff_space/belongs_to_user.rb

@@ -0,0 +1,121 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module YiffSpace
+      # Enforces using `belongs_to_user` instead of `belongs_to` for
+      # User associations. `belongs_to_user` provides additional helper methods
+      # and is the project standard for any relation backed by a User record.
+      #
+      # It matches both `belongs_to(:user)` and associations with an explicit
+      # `class_name: "User"` option, auto-correcting both forms.
+      #
+      # The class name is configurable via `ClassName` (default: `User`).
+      # The inferred attribute name is the snake_case of the last segment
+      # (e.g. `ClassName: CurrentUser` matches `belongs_to(:current_user)`).
+      #
+      # @safety
+      #   `belongs_to_user` must be defined in the target codebase, and the
+      #   backing column must reference a User. Auto-correct is unsafe when
+      #   either condition cannot be verified statically.
+      #
+      # @example
+      #   # bad
+      #   belongs_to(:user)
+      #
+      #   # bad
+      #   belongs_to(:creator, class_name: "User")
+      #
+      #   # good
+      #   belongs_to_user(:user)
+      #
+      #   # good
+      #   belongs_to_user(:creator)
+      #
+      # @example ClassName: CurrentUser
+      #   # bad
+      #   belongs_to(:current_user, optional: false)
+      #
+      #   # bad
+      #   belongs_to(:creator, class_name: "CurrentUser")
+      #
+      #   # good
+      #   belongs_to_user(:current_user, optional: false)
+      #
+      #   # good
+      #   belongs_to_user(:creator)
+      #
+      class BelongsToUser < Base
+        extend(AutoCorrector)
+        include(NodeFormattingHelper)
+
+        MSG = "Use `belongs_to_user(%<attr>s)` instead of `belongs_to(%<attr>s)`"
+
+        # requires_gem("activerecord")
+
+        # @!method belongs_to_user?(node)
+        def_node_matcher(:belongs_to_user?, <<~PATTERN)
+          (send nil? :belongs_to $_ $...)
+        PATTERN
+
+        def on_send(node)
+          belongs_to_user?(node) do |receiver, code|
+            return unless receiver.type?(:str, :sym)
+
+            attr = format_node(receiver)
+
+            return if attr.nil? || attr.empty? || !code.last&.hash_type?
+
+            options = format_node(code.last, {})
+
+            # Match belongs_to(:user) (or configured attr name)
+            if attr.to_sym == user_attr_name && !options.key?(:class_name)
+              register_offense(node, attr, options)
+              return
+            end
+
+            # Match belongs_to(attr, class_name: "User") (or configured ClassName)
+            register_offense(node, attr, options) if options[:class_name] == user_class_name
+          end
+        end
+
+        def on_csend(node)
+          on_send(node)
+        end
+
+        private
+
+        def register_offense(node, attr, options)
+          message = format(MSG, attr: attr.inspect)
+
+          add_offense(node, message: message) do |corrector|
+            new_options = format_new_options(attr, options)
+
+            corrector.replace(node, "belongs_to_user(#{new_options})")
+          end
+        end
+
+        def user_class_name
+          cop_config.fetch("ClassName", "User")
+        end
+
+        def user_attr_name
+          last_segment = user_class_name.split("::").last
+          last_segment.gsub(/([a-z])([A-Z])/, '\1_\2').downcase.to_sym
+        end
+
+        def format_new_options(attr, options)
+          list = [attr.inspect]
+
+          options.delete(:class_name)
+          if options.any?
+            options.each do |k, v|
+              list << "#{k}: #{v.inspect}"
+            end
+          end
+          list.join(", ")
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/yiff_space/belongs_to_user_invalid_ip.rb

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module YiffSpace
+      # Detects when `ip:` is specified in a `belongs_to_user` call
+      # but the corresponding IP address column does not exist in the database
+      # schema. It auto-corrects by removing the invalid `ip:` option.
+      #
+      # @safety
+      #   This cop reads the database schema to determine whether the column
+      #   exists. It will not flag anything if the schema cannot be loaded.
+      #
+      # @example
+      #   # bad - no `creator_ip_addr` column exists in the schema
+      #   belongs_to_user(:creator, ip: true)
+      #
+      #   # bad - no `creator_custom` column exists in the schema
+      #   belongs_to_user(:creator, ip: "creator_custom")
+      #
+      #   # good
+      #   belongs_to_user(:creator)
+      #
+      #   # good - `creator_ip_addr` column exists in the schema
+      #   belongs_to_user(:creator, ip: true)
+      #
+      class BelongsToUserInvalidIp < Base
+        extend(AutoCorrector)
+        include(ActiveRecordHelper)
+        include(NodeFormattingHelper)
+
+        MSG = "`ip: %<ip_set>s` set for `belongs_to_user(%<attr>s)` when `%<ip_attr>s` column does not exist"
+
+        # requires_gem("activerecord")
+
+        # @!method belongs_to_user?(node)
+        def_node_matcher(:belongs_to_user?, <<~PATTERN)
+          (send nil? :belongs_to_user $_ $...)
+        PATTERN
+
+        def on_send(node)
+          belongs_to_user?(node) do |receiver, code|
+            return unless receiver.type?(:str, :sym)
+
+            attr = format_node(receiver)
+            return if attr.nil? || attr.empty?
+
+            options = format_node(code.last, {})
+            return if [nil, "", false].include?(options[:ip])
+
+            return unless schema
+
+            table = table(node)
+            return unless table
+
+            column = options[:ip] == true ? "#{attr}_ip_addr" : options[:ip].to_s
+            exists = table.with_column?(name: column)
+
+            return if exists
+
+            register_offense(node, attr, options, column, options[:ip])
+          end
+        end
+
+        def on_csend(node)
+          on_send(node)
+        end
+
+        private
+
+        def class_node(node)
+          node.each_ancestor.find(&:class_type?)
+        end
+
+        def table(node)
+          klass = class_node(node)
+          return unless klass
+
+          schema.table_by(name: table_name(klass))
+        end
+
+        def register_offense(node, attr, options, column, original)
+          message = format(MSG, attr: attr.inspect, ip_attr: "#{table(node).name}.#{column}".inspect,
+                                ip_set: original.inspect)
+
+          add_offense(node, message: message) do |corrector|
+            new_options = format_new_options(attr, options)
+
+            corrector.replace(node, "belongs_to_user(#{new_options})")
+          end
+        end
+
+        def format_new_options(attr, options)
+          list = [attr.inspect]
+
+          options.delete(:ip)
+          if options.any?
+            options.each do |k, v|
+              list << "#{k}: #{v.inspect}"
+            end
+          end
+          list.join(", ")
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/yiff_space/belongs_to_user_missing_ip.rb

@@ -0,0 +1,105 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module YiffSpace
+      # Detects when a `belongs_to_user` call is missing `ip: true`
+      # even though a corresponding `<attr>_ip_addr` column exists in the
+      # database schema. It auto-corrects by adding `ip: true`.
+      #
+      # @safety
+      #   This cop reads the database schema to determine whether the column
+      #   exists. It will not flag anything if the schema cannot be loaded.
+      #
+      # @example
+      #   # bad - `creator_ip_addr` column exists but `ip:` is not specified
+      #   belongs_to_user(:creator)
+      #
+      #   # bad - `ip: false` explicitly opts out but the column exists
+      #   belongs_to_user(:creator, ip: false)
+      #
+      #   # good
+      #   belongs_to_user(:creator, ip: true)
+      #
+      #   # good - no `creator_ip_addr` column exists in the schema
+      #   belongs_to_user(:creator)
+      #
+      class BelongsToUserMissingIp < Base
+        extend(AutoCorrector)
+        include(ActiveRecordHelper)
+        include(NodeFormattingHelper)
+
+        MSG = "Specify `ip: true` when a `belongs_to_user(%<attr>s)` relation has a corresponding `%<ip_attr>s` column"
+
+        # requires_gem("activerecord")
+
+        # @!method belongs_to_user?(node)
+        def_node_matcher(:belongs_to_user?, <<~PATTERN)
+          (send nil? :belongs_to_user $_ $...)
+        PATTERN
+
+        def on_send(node)
+          belongs_to_user?(node) do |receiver, code|
+            return unless receiver.type?(:str, :sym)
+
+            attr = format_node(receiver)
+            return if attr.nil? || attr.empty?
+
+            options = format_node(code.last, {})
+            return unless [nil, "", false].include?(options[:ip])
+
+            return unless schema
+
+            table = table(node)
+            return unless table
+
+            column = "#{attr}_ip_addr"
+            exists = table.with_column?(name: column)
+
+            return unless exists
+
+            register_offense(node, attr, options, column)
+          end
+        end
+
+        def on_csend(node)
+          on_send(node)
+        end
+
+        private
+
+        def class_node(node)
+          node.each_ancestor.find(&:class_type?)
+        end
+
+        def table(node)
+          klass = class_node(node)
+          return unless klass
+
+          schema.table_by(name: table_name(klass))
+        end
+
+        def register_offense(node, attr, options, column)
+          message = format(MSG, attr: attr.inspect, ip_attr: column.inspect)
+
+          add_offense(node, message: message) do |corrector|
+            new_options = format_new_options(attr, options)
+
+            corrector.replace(node, "belongs_to_user(#{new_options})")
+          end
+        end
+
+        def format_new_options(attr, options)
+          list = [attr.inspect, "ip: true"]
+
+          if options.any?
+            options.each do |k, v|
+              list << "#{k}: #{v.inspect}"
+            end
+          end
+          list.join(", ")
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/yiff_space/current_user_outside_of_requests.rb

@@ -0,0 +1,194 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module YiffSpace
+      # Prevents use of the CurrentUser class outside of the request
+      # cycle. CurrentUser relies on thread-local state set by request
+      # middleware and is unavailable in background jobs, rake tasks, or other
+      # contexts outside of the request lifecycle.
+      #
+      # The class name is configurable via `ClassName` (default: `CurrentUser`).
+      # References inside the class that defines CurrentUser itself are always
+      # ignored. Controllers, views, helpers, presenters, and decorators are
+      # excluded by default. Use `IgnoredMethods`, `IgnoredMethodPrefixes`,
+      # `IgnoredMethodSuffixes`, or `IgnoredMethodPatterns` to allow
+      # CurrentUser in specific methods in checked files.
+      #
+      # @example
+      #   # bad
+      #   def process_records
+      #     CurrentUser.id
+      #   end
+      #
+      #   # bad
+      #   def notify
+      #     CurrentUser.email
+      #   end
+      #
+      #   # good - inside the CurrentUser class definition itself
+      #   class CurrentUser
+      #     def self.id
+      #       RequestStore[:current_user]&.id
+      #     end
+      #   end
+      #
+      #   # good (IgnoredMethodSuffixes: [_current])
+      #   def user_current
+      #     CurrentUser.id
+      #   end
+      #
+      #   # good (IgnoredMethodPrefixes: [apionly_])
+      #   def apionly_serialize
+      #     CurrentUser.email
+      #   end
+      #
+      #   # good (IgnoredMethodPatterns: [/_current_user_/])
+      #   def serialize_current_user_email
+      #     CurrentUser.email
+      #   end
+      #
+      class CurrentUserOutsideOfRequests < Base
+        MSG = "`%<class_name>s` should only be used within the request cycle (controllers, views, helpers, decorators)"
+
+        def on_send(node)
+          return unless starts_with_current_user?(node)
+          return if ignored_method?(node)
+          return if inside_current_user_class?(node)
+
+          add_offense(node, message: message)
+        end
+
+        def on_csend(node)
+          on_send(node)
+        end
+
+        def on_const(node)
+          return unless current_user?(node)
+          return if ignored_method?(node)
+          return if inside_current_user_class?(node)
+          return if node.parent&.send_type? && node.parent.receiver == node
+
+          add_offense(node, message: message)
+        end
+
+        private
+
+        def message
+          format(MSG, class_name: current_user_class_name)
+        end
+
+        def current_user_class_name
+          cop_config.fetch("ClassName", "CurrentUser")
+        end
+
+        def current_user?(node)
+          return false unless node.const_type?
+
+          class_parts = current_user_class_name.split("::")
+          is_absolute, ref_parts = extract_const_info(node)
+
+          return ref_parts == class_parts if is_absolute
+
+          return false if ref_parts.length > class_parts.length
+          return false unless class_parts.last(ref_parts.length) == ref_parts
+
+          expected_ns = class_parts.first(class_parts.length - ref_parts.length)
+
+          ancestors = node.each_ancestor(:module, :class).to_a.reverse
+          cumulative = []
+          idx = 0
+          inner_ancestors = []
+
+          ancestors.each do |anc|
+            parts = const_parts(anc.identifier)
+            inner_ancestors << anc if idx + parts.length > expected_ns.length
+            cumulative.concat(parts)
+            idx += parts.length
+          end
+
+          return false unless cumulative.first(expected_ns.length) == expected_ns
+
+          inner_ancestors.none? { |anc| defines_const_in_body?(anc, ref_parts[0]) }
+        end
+
+        def starts_with_current_user?(node)
+          node.receiver && current_user?(node.receiver)
+        end
+
+        def inside_current_user_class?(node)
+          node.each_ancestor(:class).any? do |class_node|
+            resolved_class_name(class_node) == current_user_class_name
+          end
+        end
+
+        def resolved_class_name(class_node)
+          parts = const_parts(class_node.identifier)
+          class_node.each_ancestor(:module, :class) { |ancestor| parts = const_parts(ancestor.identifier) + parts }
+          parts.join("::")
+        end
+
+        def const_parts(const_node)
+          parts = []
+          node = const_node
+          while node&.const_type?
+            parts.unshift(node.short_name.to_s)
+            node = node.namespace
+          end
+          parts
+        end
+
+        def extract_const_info(node)
+          parts = []
+          current = node
+          while current&.const_type?
+            parts.unshift(current.short_name.to_s)
+            current = current.namespace
+          end
+          [current&.cbase_type? || false, parts]
+        end
+
+        def defines_const_in_body?(scope_node, name)
+          scope_node.body&.each_child_node(:class, :module)&.any? do |child|
+            child.identifier.short_name.to_s == name
+          end
+        end
+
+        def ignored_method?(node)
+          enclosing_method = node.each_ancestor(:any_def).first
+
+          return false unless enclosing_method&.any_def_type?
+
+          method_name = enclosing_method.method_name.to_s
+          ignored.any? { |pattern| pattern.match?(method_name) }
+        end
+
+        def ignored
+          @ignored ||= begin
+            pattern = ignored_patterns
+            prefix = ignored_prefixes.map { |p| Regexp.new("^#{p}") }
+            suffix = ignored_suffixes.map { |p| Regexp.new("#{p}$") }
+            methods = ignored_methods.map { |p| Regexp.new("^#{p}$") }
+            [*pattern, *prefix, *suffix, *methods]
+          end
+        end
+
+        def ignored_patterns
+          @ignored_patterns ||= Array(cop_config["IgnoredMethodPatterns"]).map { |p| Regexp.new(p) }
+        end
+
+        def ignored_prefixes
+          @ignored_prefixes ||= Array(cop_config["IgnoredMethodPrefixes"])
+        end
+
+        def ignored_suffixes
+          @ignored_suffixes ||= Array(cop_config["IgnoredMethodSuffixes"])
+        end
+
+        def ignored_methods
+          @ignored_methods ||= Array(cop_config["IgnoredMethods"])
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/yiff_space/resolvable_user.rb

@@ -0,0 +1,113 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module YiffSpace
+      # Detects `resolvable` calls that should instead use
+      # `belongs_to_user` because the corresponding `<attr>_id` column exists
+      # in the database schema. It auto-corrects to `belongs_to_user`, adding
+      # `ip: true` when a `<attr>_ip_addr` column also exists.
+      #
+      # @safety
+      #   This cop reads the database schema to determine whether the columns
+      #   exist. It will not flag anything if the schema cannot be loaded.
+      #   `belongs_to_user` must be defined in the target codebase.
+      #
+      # @example
+      #   # bad - `creator_id` column exists in the schema
+      #   resolvable(:creator)
+      #
+      #   # good
+      #   belongs_to_user(:creator)
+      #
+      #   # bad - `creator_id` and `creator_ip_addr` columns exist in the schema
+      #   resolvable(:creator)
+      #
+      #   # good
+      #   belongs_to_user(:creator, ip: true)
+      #
+      class ResolvableUser < Base
+        extend(AutoCorrector)
+        include(ActiveRecordHelper)
+        include(NodeFormattingHelper)
+
+        MSG = "use `belongs_to_user(%<attr>s)` when `%<id_column>s` column exists"
+        MSG_IP = "use `belongs_to_user(%<attr>s, ip: true)` when `%<id_column>s` and `%<ip_column>s` columns exist"
+
+        # @!method resolvable?(node)
+        def_node_matcher(:resolvable?, <<~PATTERN)
+          (send nil? :resolvable $_ $...)
+        PATTERN
+
+        def on_send(node)
+          resolvable?(node) do |receiver, code|
+            return unless receiver.type?(:str, :sym)
+
+            attr = format_node(receiver)
+            return if attr.nil? || attr.empty?
+
+            options = format_node(code.last, {})
+
+            return unless schema
+
+            table = table(node)
+            return unless table
+
+            column = "#{attr}_id"
+            ip_column = "#{attr}_ip_addr"
+            exists = table.with_column?(name: column)
+            ip_exists = table.with_column?(name: ip_column)
+
+            return unless exists
+
+            options[:ip] = true if ip_exists
+
+            register_offense(node, attr, options, column, ip_column)
+          end
+        end
+
+        def on_csend(node)
+          on_send(node)
+        end
+
+        private
+
+        def class_node(node)
+          node.each_ancestor.find(&:class_type?)
+        end
+
+        def table(node)
+          klass = class_node(node)
+          return unless klass
+
+          schema.table_by(name: table_name(klass))
+        end
+
+        def register_offense(node, attr, options, id_column, ip_column)
+          message = if options[:ip]
+                      format(MSG_IP, attr: attr.inspect, id_column: id_column.inspect, ip_column: ip_column.inspect)
+                    else
+                      format(MSG, attr: attr.inspect, id_column: id_column.inspect)
+                    end
+
+          add_offense(node, message: message) do |corrector|
+            new_options = format_new_options(attr, options)
+
+            corrector.replace(node, "belongs_to_user(#{new_options})")
+          end
+        end
+
+        def format_new_options(attr, options)
+          list = [attr.inspect]
+
+          if options.any?
+            options.slice(:ip, :clone).merge(options.except(:ip, :clone)).each do |k, v|
+              list << "#{k}: #{v.inspect}"
+            end
+          end
+          list.join(", ")
+        end
+      end
+    end
+  end
+end

data/lib/rubocop/cop/yiff_space/user_to_id.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+module RuboCop
+  module Cop
+    module YiffSpace
+      # Detects the ternary pattern `x.is_a?(User) ? x.id : x` and
+      # enforces use of the `u2id` helper instead, which handles both User
+      # objects and raw IDs without the inline type check.
+      #
+      # @safety
+      #   `u2id` must be defined in the target codebase. The auto-correct is
+      #   safe when `u2id` accepts both User objects and integer IDs.
+      #
+      # @example
+      #   # bad
+      #   user.is_a?(User) ? user.id : user
+      #
+      #   # bad
+      #   creator.is_a?(User) ? creator.id : creator
+      #
+      #   # good
+      #   u2id(user)
+      #
+      #   # good
+      #   u2id(creator)
+      #
+      class UserToId < Base
+        extend(AutoCorrector)
+        include(NodeFormattingHelper)
+
+        MSG = "Use `u2id(%<var>s)` instead of `%<original>s`"
+
+        def on_if(node)
+          return unless node.ternary?
+
+          return unless user_check?(node.condition)
+          return unless id_call?(node.if_branch)
+          return unless same_value?(node.if_branch.receiver, node.else_branch)
+
+          message = format(MSG, var: node.else_branch.source, original: node.source)
+          add_offense(node, message: message) do |corrector|
+            corrector.replace(node, "u2id(#{node.else_branch.source})")
+          end
+        end
+
+        private
+
+        def user_check?(node)
+          node&.send_type? &&
+            node.method?(:is_a?) &&
+            node.first_argument&.const_name == "User"
+        end
+
+        def id_call?(node)
+          node&.send_type? && node.method?(:id)
+        end
+
+        def same_value?(a, b)
+          a && b && a.source == b.source
+        end
+      end
+    end
+  end
+end