Allow rubocop to pass with the -R flag (mostly by disabling Railsy …

…rules)

.rubocop.yml

@@ -32,7 +32,7 @@ Metrics/AbcSize:
 Metrics/ClassLength:
   Max: 500
   Exclude:
-    - 'app/models/course.rb'
+    - db/seeds/course_populator.rb
 
 Metrics/CyclomaticComplexity:
   Max: 11
@@ -52,6 +52,31 @@ Metrics/PerceivedComplexity:
 Performance/Count:
   Enabled: false
 
+Rails/Date:
+  Enabled: false
+
+Rails/Delegate:
+  Enabled: false
+
+Rails/Exit:
+  Exclude:
+    - lib/tasks/support/rspec_rerunner.rb
+
+Rails/HasAndBelongsToMany:
+  Enabled: false
+
+Rails/Output:
+  Enabled: false
+
+Rails/ReadWriteAttribute:
+  Enabled: false
+
+Rails/TimeZone:
+  Enabled: false
+
+Rails/Validation:
+  Enabled: false
+
 Style/AccessorMethodName:
   Enabled: false
 

app/controllers/application_controller.rb

@@ -40,6 +40,6 @@ def allow_insecure?
 
   def user_not_authorized
     flash[:error] = "You are not authorized to perform this action."
-    redirect_to(request.referrer || root_path)
+    redirect_to(request.referer || root_path)
   end
 end

app/helpers/application_helper.rb

@@ -13,7 +13,9 @@ def devise_mapping
 
   def test_only_stylesheet
     content_tag :style do
+      # rubocop:disable Rails/OutputSafety
       Rails.application.assets.find_asset('test').to_s.html_safe
+      # rubocop:enable Rails/OutputSafety
     end
   end
 end

app/helpers/events_helper.rb

@@ -72,20 +72,22 @@ def formatted_session_datetime(event_session)
     "#{formatted_session_date(event_session)} - #{formatted_session_timerange(event_session)}"
   end
 
+  # rubocop:disable Rails/OutputSafety
   def simple_format_with_html(string)
     simple_format(
       Sanitize.clean(string, Sanitize::Config::RELAXED),
       sanitize: false
     ).gsub(%r{(</h\d>|</li>|<ul>|<li>)\s*<br\s*/>}, '\1').html_safe # remove unsightly </h2>\n<br/> combos
   end
+  # rubocop:enable Rails/OutputSafety
 
   def external_links(event)
     links = []
     if event.imported_event_data
-      links << link_to("[S]", event.imported_event_data['student_event']['url'], class: 'external-link').html_safe
-      links << link_to("[V]", event.imported_event_data['volunteer_event']['url'], class: 'external-link').html_safe
+      links << link_to("[S]", event.imported_event_data['student_event']['url'], class: 'external-link')
+      links << link_to("[V]", event.imported_event_data['volunteer_event']['url'], class: 'external-link')
     end
-    links.join("\n").html_safe
+    safe_join(links, "\n")
   end
 
   def formatted_event_date_range(event)
@@ -188,6 +190,6 @@ def event_form_section(label:, form:)
       yield
     end
 
-    results.join("\n").html_safe
+    safe_join(results, "\n")
   end
 end

app/helpers/locations_helper.rb

@@ -1,8 +1,7 @@
 module LocationsHelper
 
   def pretty_print_address location
-    tags = location_array(location).map { |line| content_tag(:div, line) }
-    tags.join('').html_safe
+    safe_join(location_array(location).map { |line| content_tag(:div, line) }, '')
   end
 
   def location_map_link location

app/helpers/navigation_helper.rb

@@ -18,11 +18,12 @@ def crud_object_nav_links(current_object, authenticated_link = nil)
   end
 
   def devise_links(*links_to_show)
-    links_to_show.map do |link_symbol|
+    link_divs = links_to_show.map do |link_symbol|
       content_tag :div do
         devise_link(link_symbol)
       end
-    end.join("\n").html_safe
+    end
+    safe_join(link_divs, "\n")
   end
 
   private

app/models/user.rb

@@ -25,7 +25,7 @@ class User < ActiveRecord::Base
   validates_inclusion_of :time_zone, in: ActiveSupport::TimeZone.all.map(&:name), allow_blank: true
 
   def self.from_omniauth(omniauth)
-    authentication = Authentication.where(provider: omniauth['provider'], uid: omniauth['uid'].to_s).first
+    authentication = Authentication.find_by(provider: omniauth['provider'], uid: omniauth['uid'].to_s)
     if authentication
       authentication.user
     else