Module: RuboCop::Cop::DevDoc::Auth::CurrentUserBranchingHelpers

Included in:
CurrentUserBranching
Defined in:
lib/rubocop/cop/dev_doc/auth/current_user_branching_helpers.rb

Overview

Condition analysis for CurrentUserBranching, extracted so the cop class stays within size limits. Everything here answers one question: is this AST node auth-state/authorization branching?

Three mechanisms cooperate (see the cop docstring for doctrine):

  • AUTH ROOTS: bare current_user / user_signed_in? calls, PLUS any local/instance variable assigned from current_user in the same file (taint tracking — @user = current_user must not be a way to launder the branch). Taint is per-file: an ivar assigned in a controller and read in a view is NOT tracked — the companion role-predicate cop covers that gap receiver-agnostically.
  • ALLOWED METHODS: the first method called on an auth root is classified. Data reads (errors, project-configured readers like otp_required_for_login) pass; everything else — role predicates, unknown methods — flags until someone classifies it in AllowedMethods (a deliberate, reviewed decision).
  • GUARD EXEMPTION: bare-return nil guards in every spelling stay allowed (the correct pre-auth pattern).

Constant Summary collapse

DEFAULT_ALLOWED_METHODS =

Universal non-permission data reads, allowed WITHOUT configuration. Lives in code (not default.yml) so a project setting its own AllowedMethods cannot accidentally drop the baseline — RuboCop REPLACES array config wholesale, it does not merge. The yml key is therefore purely additive.

%i[errors id email persisted? new_record?].freeze
NIL_TEST_METHODS =

Nil-test spellings that keep the guard-return exemption; role/data chains never qualify.

%i[present? blank? nil? !].freeze
IDENTITY_COMPARISON_METHODS =

Identity comparisons are display logic, not access decisions.

%i[== !=].freeze

Instance Method Summary collapse

Instance Method Details

#on_new_investigationObject



38
39
40
41
# File 'lib/rubocop/cop/dev_doc/auth/current_user_branching_helpers.rb', line 38

def on_new_investigation
  super
  @tainted_names = collect_tainted_names(processed_source.ast)
end