From 815c9deae8de557688e1c99aabe30454bcbe5970 Mon Sep 17 00:00:00 2001
From: Arthur Neves <arthurnn@gmail.com>
Date: Thu, 3 Apr 2014 10:39:05 -0400
Subject: Block a few default Class methods as scope name.

Add tests to make sure scopes cannot be create with names such as:
private, protected, public.
Make sure enum values don't collide with those methods too.
---
 activerecord/CHANGELOG.md                             | 8 ++++++++
 activerecord/lib/active_record/attribute_methods.rb   | 4 +++-
 activerecord/test/cases/enum_test.rb                  | 1 +
 activerecord/test/cases/scoping/named_scoping_test.rb | 3 +++
 4 files changed, 15 insertions(+), 1 deletion(-)

(limited to 'activerecord')

diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md
index 4abfdfa81b..98fe0fbd62 100644
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@@ -1,3 +1,11 @@
+*   Block a few default Class methods as scope name.
+
+    For instance, this will raise:
+
+        scope :public, -> { where(status: 1) }
+
+    *arthurnn*
+
 *   Fixed error when using `with_options` with lambda.
 
     Fixes #9805.
diff --git a/activerecord/lib/active_record/attribute_methods.rb b/activerecord/lib/active_record/attribute_methods.rb
index ea48a13ea8..4b1733619a 100644
--- a/activerecord/lib/active_record/attribute_methods.rb
+++ b/activerecord/lib/active_record/attribute_methods.rb
@@ -29,6 +29,8 @@ module ActiveRecord
       end
     }
 
+    BLACKLISTED_CLASS_METHODS = %w(private public protected)
+
     class AttributeMethodCache
       def initialize
         @module = Module.new
@@ -132,7 +134,7 @@ module ActiveRecord
       # A class method is 'dangerous' if it is already (re)defined by Active Record, but
       # not by any ancestors. (So 'puts' is not dangerous but 'new' is.)
       def dangerous_class_method?(method_name)
-        class_method_defined_within?(method_name, Base)
+        BLACKLISTED_CLASS_METHODS.include?(method_name.to_s) || class_method_defined_within?(method_name, Base)
       end
 
       def class_method_defined_within?(name, klass, superklass = klass.superclass) # :nodoc
diff --git a/activerecord/test/cases/enum_test.rb b/activerecord/test/cases/enum_test.rb
index f8ebd7caee..47de3dec98 100644
--- a/activerecord/test/cases/enum_test.rb
+++ b/activerecord/test/cases/enum_test.rb
@@ -194,6 +194,7 @@ class EnumTest < ActiveRecord::TestCase
       :valid,    # generates #valid?, which conflicts with an AR method
       :save,     # generates #save!, which conflicts with an AR method
       :proposed, # same value as an existing enum
+      :public, :private, :protected, # generates a method that conflict with ruby words
     ]
 
     conflicts.each_with_index do |value, i|
diff --git a/activerecord/test/cases/scoping/named_scoping_test.rb b/activerecord/test/cases/scoping/named_scoping_test.rb
index f0ad9ebb8a..59ec2dd6a4 100644
--- a/activerecord/test/cases/scoping/named_scoping_test.rb
+++ b/activerecord/test/cases/scoping/named_scoping_test.rb
@@ -291,6 +291,9 @@ class NamedScopingTest < ActiveRecord::TestCase
       :relation,      # private class method on AR::Base
       :new,           # redefined class method on AR::Base
       :all,           # a default scope
+      :public,
+      :protected,
+      :private
     ]
 
     non_conflicts = [
-- 
cgit v1.2.3