Misleading ActiveRecord find(id) deprecation
On the latest Rubymine 2016.1, Rubymine is showing that ActiveRecord find(id) is deprecated. Let's say I have an ActiveRecord model User, Rubymine tells me that User.find(id) is deprecated.
As far as I know, what is deprecated is find(:first) and find(:all), but find(id) is still valid as far as Rails 4.2.6
http://guides.rubyonrails.org/active_record_querying.html#retrieving-a-single-object
请先登录再写评论。
Note: I can disable checking for deprecated Rails feature, but that will also disable other valid Rails 3 deprecation warnings.
I just ran into the same thing. Someone on stack overflow came back and said that the way I was using find was not deprecated.
https://github.com/rails/activerecord-deprecated_finders which says 'Note that
find(primary_key)
,find_by...
, andfind_by...!
are not deprecated.'Someone on Stack Overflow ( http://stackoverflow.com/questions/36483743/what-is-the-replacement-for-the-deprecated-findparamsid/36484125#36484125) replied
I don't think find method has been deprecated. But I think it is not secure to use find method as if passed params[:id] don't hold correct/existing record id, then it will throw error.
So it would be better to use where clause
instead
Therefore, while this isn't an immediate issue, I will look at the way I'm using find.
Back to the original issue with Rubymine, I agree that the error they are showing is misleading.
So I guess there is already a bug report here
https://youtrack.jetbrains.com/issue/RUBY-17979
Chris, the answer on stackoverflow is not accurate. I left some comments there. It's perfectly secure to use find(params[:id]). An exception being raised when nothing is found doesn't mean it's insecure. You just have to handle it. and if you don't want an exception you can use find_by(id: params[:id])