New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify dangers of Rails/LexicallyScopedActionFilter #6854
Conversation
47e29a2
to
74a5aa2
Compare
Oh - should I have opened this on rubocop-rails instead? Happy to reopen there if so. |
Interesting. I wasn't considering the possibility of this cop would such mislead.
I agree with this idea 👍
Hmm... This is a very difficult problem. I believe that this Cop will help a lot, but we should avoid introducing such bugs. An alternative is to mark this cop as unsafe. |
74a5aa2
to
b1ef40d
Compare
@wata727 Thanks for the feedback - I've added the inheritance example as a separate case. What does marking the cop unsafe involve? |
Cops marked as unsafe will not run when executed with the |
Ah okay, interesting - thanks very much for the extra context. 👍 As you say, we'd be changing the definition of "safety" somewhat if we used that here, and while I certainly feel that the suggestions this cop makes are "unsafe" in some general sense, I'd be interested in whether other people think this flag is an appropriate way to indicate that. @bbatsov, what do you think about using the "Safe: false" flag for cops that suggest semantically meaningful edits, as well as those that emit false positives? (On a side note: the expanded |
That's what we usually do. I guess we should mark this one as unsafe indeed. |
This cop encourages users to define action methods in the same class as any before_, after_ or around_actions that refer to the action. However, the examples given don't account for the fact that behaviour might be defined in the superclass. Indeed, this sort of decoration is one of the main use cases for action decorators. If this is the case, then the empty action definitions shown in the docs will override the desired behaviour, and lead users to introduce bugs. This change emphasises this in the docs, and gives an example to encourage users to think about the inheritance chain.
b1ef40d
to
32eea68
Compare
Okay, thanks very much both - I've marked the cop as unsafe and updated the changelog. From my perspective this is ready to go, but please let me know if you'd like anything changed. |
32eea68
to
ed2ac48
Compare
In the previous commit we documented an inheritance case in which the Rails/LexicallyScopedActionFilter cop recommends unsafe edits that have semantic implications. Since not everyone will see the documentation examples, we're also marking the cop as unsafe to signal that its recommendations should be treated carefully.
ed2ac48
to
a008bf6
Compare
Thanks! |
This cop insists that users define action methods in the same controller class as any
before_
,after_
oraround_action
s that refer to the action.However, the examples given don't account for the fact that behaviour might be defined in the superclass. Indeed, this is one of the main use cases for action decorators: customisations can be applied to superclass behaviour without redefining the whole action in the subclass.
If this is the case, then the empty action definitions shown in the docs will override the desired behaviour, and lead users to introduce bugs.
In this PR I've tried to emphasise this in the docs, and have added an example to encourage users to think about the inheritance chain. The example is slightly awkward because the superclass in this case is
ApplicationController
, which is pretty unlikely to define actions in most apps; I wasn't sure about this, but also felt that introducing a different named superclass might also be confusing. An alternative might be to add the above snippet as a third, more realistic example case. What do people think?I'd also be interested in people's thoughts about whether this cop should be disabled by default. My view is that it encourages semantically meaningful changes, and is therefore quite risky no matter how clear the documentation is, so I'd be tempted to disable it.
Before submitting the PR make sure the following are checked:
Commit message starts with[Fix #issue-number]
(if the related issue exists).master
(if not - rebase it).Added tests.Added an entry to the Changelog if the new code introduces user-observable changes. See changelog entry format.and description in grammatically correct, complete sentences.
bundle exec rake default
. It executes all tests and RuboCop for itself, and generates the documentation.