Module: RuboCop::Cop::DevDoc::Auth::CurrentUserBranchingHelpers
- Included in:
- CurrentUserBranching
- Defined in:
- lib/rubocop/cop/dev_doc/auth/current_user_branching_helpers.rb
Overview
Condition analysis for CurrentUserBranching, extracted so the cop class stays within size limits. Everything here answers one question: is this AST node auth-state/authorization branching?
Three mechanisms cooperate (see the cop docstring for doctrine):
- AUTH ROOTS: bare
current_user/user_signed_in?calls, PLUS any local/instance variable assigned fromcurrent_userin the same file (taint tracking —@user = current_usermust not be a way to launder the branch). Taint is per-file: an ivar assigned in a controller and read in a view is NOT tracked — the companion role-predicate cop covers that gap receiver-agnostically. - ALLOWED METHODS: the first method called on an auth root is
classified. Data reads (
errors, project-configured readers likeotp_required_for_login) pass; everything else — role predicates, unknown methods — flags until someone classifies it inAllowedMethods(a deliberate, reviewed decision). - GUARD EXEMPTION: bare-return nil guards in every spelling stay allowed (the correct pre-auth pattern).
Constant Summary collapse
- DEFAULT_ALLOWED_METHODS =
Universal non-permission data reads, allowed WITHOUT configuration. Lives in code (not default.yml) so a project setting its own AllowedMethods cannot accidentally drop the baseline — RuboCop REPLACES array config wholesale, it does not merge. The yml key is therefore purely additive.
%i[errors id email persisted? new_record?].freeze
- NIL_TEST_METHODS =
Nil-test spellings that keep the guard-return exemption; role/data chains never qualify.
%i[present? blank? nil? !].freeze
- IDENTITY_COMPARISON_METHODS =
Identity comparisons are display logic, not access decisions.
%i[== !=].freeze
Instance Method Summary collapse
Instance Method Details
#on_new_investigation ⇒ Object
38 39 40 41 |
# File 'lib/rubocop/cop/dev_doc/auth/current_user_branching_helpers.rb', line 38 def on_new_investigation super @tainted_names = collect_tainted_names(processed_source.ast) end |