Deprecate using class level querying methods if the receiver scope regarded as leaked #35280

kamipo · 2019-02-15T03:15:21Z

This deprecates using class level querying methods if the receiver scope
regarded as leaked, since #32380 and #35186 may cause that silently
leaking information when people upgrade the app.

We need deprecation first before making those.

…on_relation_create" This reverts commit b67d5c6, reversing changes made to 2e01836. Reason: rails#35186 may cause that silently leaking information when people upgrade the app. We need deprecation first before making this.

jeremy

Tricky situation. Great fix!

matthewd · 2019-02-15T03:37:11Z

What are the non-"leak" ways a scope can be set after this? Is it only explicit .scoping { .. }?

kamipo · 2019-02-15T03:45:10Z

Yes, since .scoping { .. } is public API, I leaved the way as to inject the scope at global.

activerecord/lib/active_record/scoping/named.rb

kamipo · 2019-02-15T04:26:52Z

Maybe I don't get the point of "What are the non-"leak" ways a scope can be set after this?".

Can you expand about your concerned situation? @matthewd

kamipo · 2019-02-15T04:48:58Z

activerecord/lib/active_record/scoping/named.rb

…garded as leaked This deprecates using class level querying methods if the receiver scope regarded as leaked, since rails#32380 and rails#35186 may cause that silently leaking information when people upgrade the app. We need deprecation first before making those.

Follow up of rails#35280, I missed that `AssociationRelation` is using `scoping` and not use `super`.

Related rails#35280, rails#37360, rails#37511. Using `klass.all` in `scoping` would potentially cause the warning. https://buildkite.com/rails/rails/builds/64444#203174d8-b527-4c43-9bd4-44e272f43555/996-1003

sgrif · 2019-11-12T20:18:55Z

The code from the documentation for find_or_create_by now triggers this deprecation warning:

User.create_with(last_name: 'Johansson').find_or_create_by(first_name: 'Scarlett')

It seems like this deprecation is either too aggressive, or create_with is now useless and should be deprecated?

kamipo · 2019-11-13T02:37:13Z

We have some tests for find_or_create_by, but it won't trigger any deprecation warning.

rails/activerecord/test/cases/relations_test.rb

Lines 1415 to 1422 in 30349de

    
           def test_find_or_create_by 
        
             assert_nil Bird.find_by(name: "bob") 
        
             bird = Bird.find_or_create_by(name: "bob") 
        
             assert_predicate bird, :persisted? 
        
             assert_equal bird, Bird.find_or_create_by(name: "bob") 
        
           end

rails/activerecord/test/cases/relations_test.rb

Lines 1424 to 1432 in 30349de

    
           def test_find_or_create_by_with_create_with 
        
             assert_nil Bird.find_by(name: "bob") 
        
             bird = Bird.create_with(color: "green").find_or_create_by(name: "bob") 
        
             assert_predicate bird, :persisted? 
        
             assert_equal "green", bird.color 
        
             assert_equal bird, Bird.create_with(color: "blue").find_or_create_by(name: "bob") 
        
           end

Let me know more executable information I can take a closer look at an issue around this deprecation.

nbulaj · 2019-11-14T12:26:26Z

It looks really aggressive 🤔 We have a models that generates slug on creation using such concern:

module Sluggable
  extend ActiveSupport::Concern

  included do
    before_create :set_slug

    def generate_slug(payload)
      slug = payload.to_slug

      if self.class.where(slug: slug).exists? # <------ ¯\_(ツ)_/¯
        "#{slug}_#{SecureRandom.hex(6)}"
      else
        slug
      end
    end

    def sluggable_value
      name
    end

    private

    def set_slug
      self.slug = generate_slug(sluggable_value) if slug.blank?
    end
  end
end

And then I got a lot of deprecation warnings on the line marked above with a comment. Don't sure which scoping self.class.where().exists? may use, BTW it would be great to hear your feedback @kamipo . When adding .unscoped to self.class - it resolves the issue, but breaks our business that tied to paranoid behavior. See the script that tries to reproduce the issue

Adds a fix for the following deprecation error: DEPRECATION WARNING: Class level methods will no longer inherit scoping from `create!` in Rails 6.1. To continue using the scoped relation, pass it into the block directly. To instead access the full set of models, as Rails 6.1 will, use `MiqGroup.default_scoped`. (called from validate_each at /Users/nicklamuro/code/redhat/manageiq/lib/unique_within_region_validator.rb:25) This was added to fix "leaking scopes" in Rails 6.1, but was added as a deprecation warning first: - rails/rails#35280 - rails/rails#37727

Similar to previous commits, this fixes the following deprecation error that was propagating when running `task_helpers/imports/tags_spec.rb` DEPRECATION WARNING: Class level methods will no longer inherit scoping from `create` in Rails 6.1. To continue using the scoped relation, pass it into the block directly. To instead access the full set of models, as Rails 6.1 will, use `Classification.default_scoped`. (called from validate_each at /Users/nicklamuro/code/redhat/manageiq/app/models/classification.rb:512) This was added to fix "leaking scopes" in Rails 6.1, but was added as a deprecation warning first: - rails/rails#35280 - rails/rails#37727

Adds a fix for the following deprecation error: DEPRECATION WARNING: Class level methods will no longer inherit scoping from `create!` in Rails 6.1. To continue using the scoped relation, pass it into the block directly. To instead access the full set of models, as Rails 6.1 will, use `Vm.default_scoped`. (called from validate_each at /Users/nicklamuro/code/redhat/manageiq/spec/lib/rbac/filterer_spec.rb:2086) This was added to fix "leaking scopes" in Rails 6.1, but was added as a deprecation warning first: - rails/rails#35280 - rails/rails#37727 This specifically was just a fake `Vm` model specifically used for the Rbac specs, so this isn't something that needs to be fixed in the app codebase proper.

Fixes the following deprecation warning in MiqGroup: DEPRECATION WARNING: Class level methods will no longer inherit scoping from `create!` in Rails 6.1. To continue using the scoped relation, pass it into the block directly. To instead access the full set of models, as Rails 6.1 will, use `MiqGroup.default_scoped`. (called from next_sequence at /Users/nicklamuro/code/redhat/manageiq/app/models/miq_group.rb:72) There was a change coming that will prevent leaking scopes in Rails 6.1, and causes a deprecation warning as part of Rails 6.0: - rails/rails#35280 - rails/rails#37727 Since our use case probably benefited from the leaking scope, we needed to support that functionality when it make sense, otherwise default to the .default_scope (aka: self) when appropriate.