Create a rubocop to ensure policy scopes are applied correctly
If scopes are used in policy files they should meet the following conditions
| Scope | Condition |
|---|---|
:subject |
Block should reference @subject but not @user
|
:user |
Block should reference @user but not @subject
|
:global |
Block should not reference @user or @subject
|
Scopes can be applied in two ways
with_options scope: :subject, score: 0
condition(:thing_is_enabled) { @subject.thing_is_enabled }or
condition(:thing_is_enabled, scope: :subject) { @subject.thing_is_enabled }Additionally, there is an attr_reader for @user and @subject so we should also account for situations where conditions use the attr_reader instead of the instance variables.
For example, this condition uses user which is defined by attr_reader so the cop should fail this example since user is in a condition with a :subject scope.
condition(:thing_is_enabled, scope: :subject) { @subject.thing_is_enabled(user) }Edited by Ian Anderson