Added option to validate which models are allowed to be associated to a polymorphic belongs_to

[natematykiewicz]

Motivation / Background

When using a polymorphic belongs_to, I usually have a list of allowed classes that I expect this association to use. Oftentimes there's even certain views that need to handle each expected option. Unexpected types in the table would cause problems and potentially pose a security risk.

I've manually added an inclusion validator before, but wished I could just tell the association what the allowed options are.

Detail

This Pull Request changes belongs_to's polymorphic option to allow a String, Symbol, or array of Strings/Symbols of allowed model names. When provided, an inclusion validator is added to the model to ensure the _type field is in the list of allowed class names.

Checklist

Before submitting the PR make sure the following are checked:

• This Pull Request is related to one change. Unrelated changes should be opened in separate PRs.
• Commit message has a detailed description of what changed and why. If this PR fixes a related issue include it in the commit message. Ex: [Fix #issue-number]
• Tests are added or updated if you fix a bug or add a feature.
• CHANGELOG files are updated for the changed libraries if there is a behavior change or additional feature. Minor bug fixes and documentation changes should not be included.

[flavorjones]

I like this feature and the code and tests look good to me.

Presuming a Core team member will also approve, can you also add something to the "Polymorphic Associations" section in guides/source/association_basics.md?

[natematykiewicz]

I like this feature and the code and tests look good to me.

Presuming a Core team member will also approve, can you also add something to the "Polymorphic Associations" section in guides/source/association_basics.md?

Done! https://github.com/rails/rails/pull/51738/files#diff-d977574b785ce95fe656c58211c668992bf95214d52d3ffadb409ef8f69ad287

I've not done many references in markdown. I tried to follow other parts of the guide. I think I linked the text to https://edgeguides.rubyonrails.org/active_record_validations.html#inclusion correctly. I'm not quite sure of the best way to preview the guides, so I'm sort of flying blind on that.

[flavorjones]

This looks good to me. Needs to be rebased but as soon as you do that, I'll tag it for review by one of the core team.

[natematykiewicz]

@flavorjones I've rebased the branch

[natematykiewicz]

Just fixed another merge conflict on the changelog. The ActiveRecord changelog is a hot file. I guess this is why the Rubocop repo has PRs add a new file to a changelogs folder, and then they generate a CHANGELOG.md at each release.

[flavorjones]

@natematykiewicz Thanks! I've poked the core team to review.

[rafaelfranca]

Should we accept String and Symbol? If there is only one possible value people should just pass an array with one element

[natematykiewicz]

Are you thinking we simply support arrays of strings? I was trying to be flexible, but only supporting an array of strings is certainly easier to document and explain.

[natematykiewicz]

Or are you saying I just support an array, and then map the values to string still (which would allow an array of strings/symbols)?

[flavorjones]

I think Rafael is suggesting the latter: just support Array[String|Symbol] and not support passing a single string or symbol.

[natematykiewicz]

I've made the changes, but I'm not sure what to do about the changelog. I see @rafaelfranca changed the milestone to 8.0.0. So I need to rebase this to main's recently wiped changelog instead of 7.2.0's changelog?