DiamondLightSource · coretl · Jul 23, 2024 · Jul 1, 2024 · Jul 2, 2024
diff --git a/docs/explanations/decisions/0018-forbid-private-member-access-in-prod.md b/docs/explanations/decisions/0018-forbid-private-member-access-in-prod.md
@@ -0,0 +1,20 @@
+# 18. Forbid Private Member Access in Production Code
+
+Date: 2024-07-02
+
+## Status
+
+Accepted
+
+## Context
+
+Most programming languages forbid access to private member variables at compile time to guarantee encapsulation. Python only does this by convention. Ruff now provides a rule (SLF001) that forbids it.
+See https://github.com/DiamondLightSource/python-copier-template/issues/154 for further discussion.
+
+## Decision
+
+We will enable SLF001 for the `src` directory but not the `tests` directory, as we want to keep production code clean without raising the barrier to entry for writing tests.
+
+## Consequences
+
+Any private member access in `src` will cause CI to fail, the ultimate override of `noqa` remains available.
diff --git a/template/pyproject.toml.jinja b/template/pyproject.toml.jinja
@@ -102,11 +102,18 @@ allowlist_externals =
 src = ["src", "tests"]
 line-length = 88
 lint.select = [
-    "B",  # flake8-bugbear - https://docs.astral.sh/ruff/rules/#flake8-bugbear-b
-    "C4", # flake8-comprehensions - https://docs.astral.sh/ruff/rules/#flake8-comprehensions-c4
-    "E",  # pycodestyle errors - https://docs.astral.sh/ruff/rules/#error-e
-    "F",  # pyflakes rules - https://docs.astral.sh/ruff/rules/#pyflakes-f
-    "W",  # pycodestyle warnings - https://docs.astral.sh/ruff/rules/#warning-w
-    "I",  # isort - https://docs.astral.sh/ruff/rules/#isort-i
-    "UP", # pyupgrade - https://docs.astral.sh/ruff/rules/#pyupgrade-up
+    "B",   # flake8-bugbear - https://docs.astral.sh/ruff/rules/#flake8-bugbear-b
+    "C4",  # flake8-comprehensions - https://docs.astral.sh/ruff/rules/#flake8-comprehensions-c4
+    "E",   # pycodestyle errors - https://docs.astral.sh/ruff/rules/#error-e
+    "F",   # pyflakes rules - https://docs.astral.sh/ruff/rules/#pyflakes-f
+    "W",   # pycodestyle warnings - https://docs.astral.sh/ruff/rules/#warning-w
+    "I",   # isort - https://docs.astral.sh/ruff/rules/#isort-i
+    "UP",  # pyupgrade - https://docs.astral.sh/ruff/rules/#pyupgrade-up
+    "SLF", # self - https://docs.astral.sh/ruff/settings/#lintflake8-self
 ]
+
+[tool.ruff.lint.per-file-ignores]
+# By default, private member access is allowed in tests
+# See https://github.com/DiamondLightSource/python-copier-template/issues/154
+# Remove this line to forbid private member access in tests
+"tests/**/*" = ["SLF001"]
diff --git a/tests/test_example.py b/tests/test_example.py
@@ -120,3 +120,32 @@ def test_gitignore_same():
         open(TOP / "template" / ".gitignore") as template_gi,
     ):
         assert top_gi.read() == template_gi.read()
+
+
+def test_private_member_access(tmp_path: Path):
+    code = """
+class MyClass:
+    def __init__(self):
+        self.foo: int = 1
+        self._bar: int = 2
+
+obj = MyClass()
+print(obj.foo)
+print(obj._bar)
+"""
+
+    copy_project(tmp_path)
+    run = make_venv(tmp_path)
+
+    # Private member access should be allowed in tests
+    test_file = tmp_path / "tests" / "test_private_access.py"
+    with test_file.open("w") as stream:
+        stream.write(code)
+    run("ruff check")
+
+    # Private member access should not be allowed in src
+    src_file = tmp_path / "src" / "python_copier_template_example" / "private_access.py"
+    with src_file.open("w") as stream:
+        stream.write(code)
+    with pytest.raises(AssertionError, match="SLF001 Private member accessed: `_bar`"):
+        run("ruff check")