CSC/ECE 517 Spring 2019 - Project E1917. Fix Code Climate issues in controllers with names beginning with P through Z

From Expertiza_Wiki
Jump to navigation Jump to search

About Expertiza

Expertiza is an open source project based on Ruby on Rails framework. Expertiza allows the instructor to create new assignments and customize new or existing assignments. It also allows the instructor to create a list of topics the students can sign up for. Students can form teams in Expertiza to work on various projects and assignments. Students can also peer review other students' submissions. Expertiza supports submission across various document types, including the URLs and wiki pages[1].

Code Climate Issues and Problem Statements

Codeclimate is a command line interface for the Code Climate analysis platform [2]. It can detect code smells which violate ruby/rails best practices. The task is to fix certain code climate issues detected by Code Climate analysis platform in controllers with the name beginning with P through Z. These issues includes unsafe use of methods, inappropriate syntax, non-optimal code structure which violates the DRY principle and so on. There are 37 different types of issues fixed in this project.

List of Issues

  • Unprotected mass assignment
  • Use a guard clause instead of wrapping the code inside a conditional expression
  • Do not use Time.now without zone. Use one of Time.zone.now, Time.current, Time.now.in_time_zone, Time.now.utc, Time.now.getlocal, Time.now.iso8601, Time.now.jisx0301, Time.now.rfc3339, Time.now.to_i, Time.now.to_f instead
  • Move redirect_to "/" out of the conditional.
  • Block has too many lines
  • Useless assignment to variable - initheader.
  • Replace class var @@assignment_id with a class instance var
  • Avoid comparing a variable with multiple items in a conditional, use Array#include? Instead
  • Identical blocks of code found in 2 locations. Consider refactoring.
  • Favor unless over if for negative conditions.
  • Operator = should be surrounded by a single space.
  • Line is too long
  • Extra empty line detected at method body beginning.
  • Unnecessary spacing detected.
  • Parameters should be whitelisted for mass assignment
  • Avoid using update_attribute because it skips validations.
  • end at 44, 4 is not aligned with def at 39, 2.
  • Unsafe reflection method const_get called with parameter value
  • TODO found
  • Convert if nested inside else to elsif
  • Similar blocks of code found in 3 locations. Consider refactoring
  • User controlled method execution
  • Extra blank line detected
  • Use empty lines between method definitions.
  • Prefer each over for
  • Prefer Date or Time over DateTime.
  • Omit parentheses for ternary conditions
  • Do not place comments on the same line as the end keyword.
  • Useless assignment to variable - controllers. Did you mean controller?
  • end at 135, 2 is not aligned with class at 1, 0
  • Put one space between the method name and the first argument.
  • Space missing after colon.
  • Use the new Ruby 1.9 hash syntax
  • show, edit, update, destroy are not explicitly defined on the controller.
  • Rename is_user_ta? to user_ta?
  • Avoid comma after the last item of an array
  • Move redirect_to view_student_teams_path student_id: student.id out of the conditional

Implementation

There are many minor issues such as unnecessary spacing, extra blank line detected, extra parentheses used and so on. We're not going to show all these minor fixing in this section. The focus would be on some of the important issues listed above that we fixed.

Issue - Unprotected Mass Assignment

Mass assignment is a feature of Rails which allows an application to create a record from the values of a hash. Protection for mass assignment is on by default. Query parameters must be explicitly whitelisted via permit in order to be used in mass assignment.This issue appears in different controller files. An example of how we fixed it in questions_controller.rb is shown below:

Issue - Use a guard clause instead of wrapping the code inside a conditional expression.

Used a return/unless combination to return in case the condition is false.

Issue - Do not use Time.now without zone. Use one of Time.zone.now, Time.current, Time.now.in_time_zone, Time.now.utc, Time.now.getlocal, Time.now.iso8601, Time.now.jisx0301, Time.now.rfc3339, Time.now.to_i, Time.now.to_f instead.

Issue - Move redirect_to "/" out of the conditional.

Issue - Avoid comparing a variable with multiple items in a conditional, use Array#include? Instead

Issue - Favor unless over if for negative conditions.

Issue - Parameters should be whitelisted for mass assignment.

Avoid using update_attribute because it skips validations

The method update_attribute will skip validation. Should use update_attributes instead.

Issue - Unsafe reflection method const_get called with parameter value

Issue - Avoid comma after the last item of an array

Issue - Line is too long.

Code climate will complain when a line is too long.

Issue - Similar blocks of code found in 3 locations. Consider refactoring

Issue - Rename is_user_ta? to user_ta?

Renamed is_user_ta? to user_ta? to follow naming conventions enforced by Rubocop.

Issue - show, edit, update, destroy are not explicitly defined on the controller.

Show, edit, update and destroy have been explicitly defined to avoid confusion among filters between different controllers.

Issue - Use the new Ruby 1.9 hash syntax

This ruby syntax has been deprecated as of the current ruby version(2.3.7) used in expertiza.

Issue - Space missing after colon

Space has been added after colon to make the code easily readable.

Issue - Put one space between the method name and the first argument.

Space has been added between method name and the first argument to make the code easily readable.

Issue - Do not place comments on the same line as the end keyword.

Adding comments at the last the line of the code is considered a bad coding practice according to rubocop standards.

Testing

The Expertiza project provides 77 rspec tests under expertiza/spec and 8 of them are related to our controllers files. After modifying those 28 files, we want to make sure these tests could still pass. We passed all the Rspec tests except for "response_controller". However, we were not requirement to fix the issues for this controllers.


Reference