Skip to content

Draft: DeclarativePolicy/Scope: Detect wrong use of condition scope

Peter Leitzen requested to merge pl-declarative-policy-scope-cop into master

What does this MR do and why?

This MR adds a new rule DeclarativePolicy/Scope to detect invalid use of scope in conditions.

Refs gitlab-org/ruby/gems/declarative-policy#36 and https://docs.gitlab.com/ee/development/policies.html#scope.

See !154906 (diffs).

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

$ be rubocop --only DeclarativePolicy/Scope ee/app/policies/ee/group_policy.rb app/policies/
Inspecting 163 files
C.C.............................................................................C......C...........................................................................

Offenses:

ee/app/policies/ee/group_policy.rb:87:48: C: DeclarativePolicy/Scope: Scope :subject uses uncachable instance variables @user.
      condition(:needs_new_sso_session, scope: :subject) do
                                               ^^^^^^^^
ee/app/policies/ee/group_policy.rb:91:48: C: DeclarativePolicy/Scope: Scope :subject uses uncachable instance variables @user.
      condition(:no_active_sso_session, scope: :subject) do
                                               ^^^^^^^^
ee/app/policies/ee/group_policy.rb:235:50: C: DeclarativePolicy/Scope: Scope :global uses uncachable instance variables @user.
      condition(:chat_available_for_user, scope: :global) do
                                                 ^^^^^^^
app/policies/achievements/achievement_policy.rb:7:46: C: DeclarativePolicy/Scope: Scope :subject uses uncachable instance variables @user.
    condition(:achievement_recipient, scope: :subject) do
                                             ^^^^^^^^
app/policies/group_policy.rb:47:47: C: DeclarativePolicy/Scope: Scope :subject uses uncachable instance variables @user.
  condition(:create_projects_disabled, scope: :subject) do
                                              ^^^^^^^^
app/policies/group_policy.rb:64:47: C: DeclarativePolicy/Scope: Scope :subject uses uncachable instance variables @user.
  condition(:create_subgroup_disabled, scope: :subject) do
                                              ^^^^^^^^
app/policies/issue_policy.rb:16:44: C: DeclarativePolicy/Scope: Scope :subject uses uncachable instance variables @user.
  condition(:can_read_crm_contacts, scope: :subject) do
                                           ^^^^^^^^

163 files inspected, 7 offenses detected
Edited by Peter Leitzen

Merge request reports