Those private topic bugs are not the result of ActiveRecord. We added a group layer on top of existing code and missed some places where queries did not respect it.
Had we used raw SQL instead of an ORM we would have had the same issues. All projects are open to this style of bug. The correct thing to do is report, close them quickly and add tests to prevent them from happening again (which we do.)
"Those private topic bugs are not the result of ActiveRecord. We added a group layer on top of existing code and missed some places where queries did not respect it."
I've seen so many of such bugs in other apps, that I treat them as part of "ActiveRecord price".
ActiveRecord over-usage makes it very easy to miss the places, where queries need to respect new rules.
You're doing an awesome job with Discourse and the team approach to such bugs is very good - no doubts here. Thanks for your work!
Had we used raw SQL instead of an ORM we would have had the same issues. All projects are open to this style of bug. The correct thing to do is report, close them quickly and add tests to prevent them from happening again (which we do.)