From 8683964d22d8a22b753d4ce816c47e6e617d0830 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karl=20Erik=20=C3=95unapuu?= <karlerik@kreative.ee>
Date: Wed, 12 Aug 2020 17:35:49 +0300
Subject: [PATCH] Disallow instance method names as Setting code

---
 app/models/setting_entry.rb       | 14 ++++++++++----
 test/models/setting_entry_test.rb |  9 +++++++++
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/app/models/setting_entry.rb b/app/models/setting_entry.rb
index 3079573f6..ce67ae441 100644
--- a/app/models/setting_entry.rb
+++ b/app/models/setting_entry.rb
@@ -1,10 +1,10 @@
 class SettingEntry < ApplicationRecord
   include Versions
-  validates :code, presence: true, uniqueness: true
+  validates :code, presence: true, uniqueness: true, format: { with: /\A([a-z])[a-z|_]+[a-z]\z/ }
   validates :format, presence: true
   validates :group, presence: true
-  validate :valid_value_format
-  validates_format_of :code, with: /([a-z])[a-z|_]+[a-z]/
+  validate :validate_value_format
+  validate :validate_code_is_not_using_reserved_name
 
   VALUE_FORMATS = {
     string: :string_format,
@@ -44,7 +44,13 @@ class SettingEntry < ApplicationRecord
   end
 
   # Validators
-  def valid_value_format
+  def validate_code_is_not_using_reserved_name
+    disallowed = []
+    ActiveRecord::Base.instance_methods.sort.each { |m| disallowed << m.to_s }
+    errors.add(:code, :invalid) if disallowed.include? code
+  end
+
+  def validate_value_format
     formats = VALUE_FORMATS.with_indifferent_access
     errors.add(:format, :invalid) unless formats.keys.any? format
   end
diff --git a/test/models/setting_entry_test.rb b/test/models/setting_entry_test.rb
index b75b3fa8c..c7f6d500d 100644
--- a/test/models/setting_entry_test.rb
+++ b/test/models/setting_entry_test.rb
@@ -35,6 +35,15 @@ class SettingEntryTest < ActiveSupport::TestCase
     @new_setting.code = 'a b'
     assert_not @new_setting.valid?
 
+    @new_setting.code = 'ab_'
+    assert_not @new_setting.valid?
+
+    @new_setting.code = '_ab'
+    assert_not @new_setting.valid?
+
+    @new_setting.code = '1_2'
+    assert_not @new_setting.valid?
+
     @new_setting.code = 'a_b'
     assert @new_setting.valid?
   end