As part of my research on improving Rails application, I noticed a pattern in the bugs that are quite characteristic to Rails in several applications.
They have certain 'visible' things in common:
- often security related, like leaking some information to unauthorized users
- they live somewhere in the area of business logic/persistence
- they are not so easy to fix in the existing codebase
- they tend to exist in groups, similar bugs in different areas
- they are easy to miss
- often they appear during the requirements changes
- validations, which often turn into conditional validations
- Single Table Inheritance
- models callbacks
- virtual attributes
- external gems that provide value magically, by using ActiveRecord (implicit dependencies)
Quite a problem as I unfortunately found out.
2. Non-authenticated users see private topics in 404 page
The 404 page should not show private topics.
3. Auto-suggest topics shows private topics
We've got Discourse running with private categories. When a user without access to the private categories type a new topic, they are presented with topics in categories to which they don't have access.
Comment: Did you notice the pattern here?
Accidentally, I've had a small conversation at HN with one of the Discourse founders. He said:
Those private topic bugs are not the result of ActiveRecord. We added a group layer on top of existing code and missed some places where queries did not respect it.
Had we used raw SQL instead of an ORM we would have had the same issues. All projects are open to this style of bug. The correct thing to do is report, close them quickly and add tests to prevent them from happening again (which we do.)
Fix wrong discount calculation with flat percent promotions when there are more than one line item in the order.
This error happened because the order instance here:
is not always the same instance in memory here:
Adding the inverse option to the relationship makes sure you have the same object instance in both places.
When kaminary determines the total count of records it runs the following code
@collection.except(:offset, :limit, :order).count
The issue is that this sequence loads entire dataset to determine the count. This makes heavy load when products have large number of items.
The reason of this behaviour is group_by_products_id here https://github.com/spree/spree/blob/1-2-stable/core/app/controllers/spree/admin/products_controller.rb#L94