diff options
Diffstat (limited to 'rubocop/cop/user_admin.rb')
-rw-r--r-- | rubocop/cop/user_admin.rb | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/rubocop/cop/user_admin.rb b/rubocop/cop/user_admin.rb new file mode 100644 index 00000000000..3ba0e770ec1 --- /dev/null +++ b/rubocop/cop/user_admin.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +module RuboCop + module Cop + # Cop that rejects the usage of `User#admin?` + class UserAdmin < RuboCop::Cop::Cop + MSG = 'Direct calls to `User#admin?` to determine admin status should be ' \ + 'avoided as they will not take into account the policies framework ' \ + 'and will ignore Admin Mode if enabled. Please use a policy check ' \ + 'with `User#can_admin_all_resources?` or `User#can_read_all_resources?`.' + + def_node_matcher :admin_call?, <<~PATTERN + ({send | csend} _ :admin? ...) + PATTERN + + def on_send(node) + on_handler(node) + end + + def on_csend(node) + on_handler(node) + end + + private + + def on_handler(node) + return unless admin_call?(node) + + add_offense(node, location: :selector) + end + end + end +end |