Misleading ActiveRecord find(id) deprecation

On the latest Rubymine 2016.1,  Rubymine is showing that ActiveRecord find(id) is deprecated. Let's say I have an ActiveRecord model User, Rubymine tells me that User.find(id) is deprecated. 

As far as I know, what is deprecated is find(:first) and find(:all), but find(id) is still valid as far as Rails 4.2.6 

http://guides.rubyonrails.org/active_record_querying.html#retrieving-a-single-object

 

4
Avatar
Permanently deleted user

Note: I can disable checking for deprecated Rails feature, but that will also disable other valid Rails 3 deprecation warnings.

0
Avatar
Permanently deleted user

I just ran into the same thing. Someone on stack overflow came back and said that the way I was using find was not deprecated. 

 

https://github.com/rails/activerecord-deprecated_finders which says 'Note that find(primary_key), find_by..., and find_by...! are not deprecated.'

Someone on Stack Overflow ( http://stackoverflow.com/questions/36483743/what-is-the-replacement-for-the-deprecated-findparamsid/36484125#36484125) replied 

 

t

I don't think find method has been deprecated. But I think it is not secure to use find method as if passed params[:id] don't hold correct/existing record id, then it will throw error.

So it would be better to use where clause

@search = Search.where(:id => params[:id]).first
if @search
  #write the code here
end

instead

Therefore, while this isn't an immediate issue, I will look at the way I'm using find. 

 

Back to the original issue with Rubymine, I agree that the error they are showing is misleading. 

0
Avatar
Permanently deleted user

So I guess there is already a bug report here

https://youtrack.jetbrains.com/issue/RUBY-17979 

Chris, the answer on stackoverflow is not accurate. I left some comments there. It's perfectly secure to use find(params[:id]). An exception being raised when nothing is found doesn't  mean it's insecure. You just have to handle it. and if you don't want an exception you can use find_by(id: params[:id])

0

请先登录再写评论。