audited 3.0.0.rc1

data/lib/audited/auditor.rb

@@ -0,0 +1,272 @@
+module Audited
+  # Specify this act if you want changes to your model to be saved in an
+  # audit table.  This assumes there is an audits table ready.
+  #
+  #   class User < ActiveRecord::Base
+  #     audited
+  #   end
+  #
+  # To store an audit comment set model.audit_comment to your comment before
+  # a create, update or destroy operation.
+  #
+  # See <tt>Audited::Adapters::ActiveRecord::Auditor::ClassMethods#audited</tt>
+  # for configuration options
+  module Auditor #:nodoc:
+    extend ActiveSupport::Concern
+
+    CALLBACKS = [:audit_create, :audit_update, :audit_destroy]
+
+    module ClassMethods
+      # == Configuration options
+      #
+      #
+      # * +only+ - Only audit the given attributes
+      # * +except+ - Excludes fields from being saved in the audit log.
+      #   By default, Audited will audit all but these fields:
+      #
+      #     [self.primary_key, inheritance_column, 'lock_version', 'created_at', 'updated_at']
+      #   You can add to those by passing one or an array of fields to skip.
+      #
+      #     class User < ActiveRecord::Base
+      #       audited :except => :password
+      #     end
+      # * +protect+ - If your model uses +attr_protected+, set this to false to prevent Rails from
+      #   raising an error.  If you declare +attr_accessible+ before calling +audited+, it
+      #   will automatically default to false.  You only need to explicitly set this if you are
+      #   calling +attr_accessible+ after.
+      #
+      # * +require_comment+ - Ensures that audit_comment is supplied before
+      #   any create, update or destroy operation.
+      #
+      #     class User < ActiveRecord::Base
+      #       audited :protect => false
+      #       attr_accessible :name
+      #     end
+      #
+      def audited(options = {})
+        # don't allow multiple calls
+        return if self.included_modules.include?(Audited::Auditor::AuditedInstanceMethods)
+
+        options = { :protect => accessible_attributes.blank? }.merge(options)
+
+        class_attribute :non_audited_columns,   :instance_writer => false
+        class_attribute :auditing_enabled,      :instance_writer => false
+        class_attribute :audit_associated_with, :instance_writer => false
+
+        if options[:only]
+          except = self.column_names - options[:only].flatten.map(&:to_s)
+        else
+          except = default_ignored_attributes + Audited.ignored_attributes
+          except |= Array(options[:except]).collect(&:to_s) if options[:except]
+        end
+        self.non_audited_columns = except
+        self.audit_associated_with = options[:associated_with]
+
+        if options[:comment_required]
+          validates_presence_of :audit_comment, :if => :auditing_enabled
+          before_destroy :require_comment
+        end
+
+        attr_accessor :audit_comment
+        unless accessible_attributes.blank? || options[:protect]
+          attr_accessible :audit_comment
+        end
+
+        has_many :audits, :as => :auditable, :class_name => Audited.audit_class.name
+        attr_protected :audit_ids if options[:protect]
+        Audited.audit_class.audited_class_names << self.to_s
+
+        after_create  :audit_create if !options[:on] || (options[:on] && options[:on].include?(:create))
+        before_update :audit_update if !options[:on] || (options[:on] && options[:on].include?(:update))
+        before_destroy :audit_destroy if !options[:on] || (options[:on] && options[:on].include?(:destroy))
+
+        # Define and set an after_audit callback. This might be useful if you want
+        # to notify a party after the audit has been created.
+        define_callbacks :audit
+        set_callback :audit, :after, :after_audit, :if => lambda { self.respond_to?(:after_audit) }
+
+        attr_accessor :version
+
+        extend Audited::Auditor::AuditedClassMethods
+        include Audited::Auditor::AuditedInstanceMethods
+
+        self.auditing_enabled = true
+      end
+
+      def has_associated_audits
+        has_many :associated_audits, :as => :associated, :class_name => Audited.audit_class.name
+      end
+    end
+
+    module AuditedInstanceMethods
+      # Temporarily turns off auditing while saving.
+      def save_without_auditing
+        without_auditing { save }
+      end
+
+      # Executes the block with the auditing callbacks disabled.
+      #
+      #   @foo.without_auditing do
+      #     @foo.save
+      #   end
+      #
+      def without_auditing(&block)
+        self.class.without_auditing(&block)
+      end
+
+      # Gets an array of the revisions available
+      #
+      #   user.revisions.each do |revision|
+      #     user.name
+      #     user.version
+      #   end
+      #
+      def revisions(from_version = 1)
+        audits = self.audits.from_version(from_version)
+        return [] if audits.empty?
+        revisions = []
+        audits.each do |audit|
+          revisions << audit.revision
+        end
+        revisions
+      end
+
+      # Get a specific revision specified by the version number, or +:previous+
+      def revision(version)
+        revision_with Audited.audit_class.reconstruct_attributes(audits_to(version))
+      end
+
+      # Find the oldest revision recorded prior to the date/time provided.
+      def revision_at(date_or_time)
+        audits = self.audits.up_until(date_or_time)
+        revision_with Audited.audit_class.reconstruct_attributes(audits) unless audits.empty?
+      end
+
+      # List of attributes that are audited.
+      def audited_attributes
+        attributes.except(*non_audited_columns)
+      end
+
+      protected
+
+      def revision_with(attributes)
+        self.dup.tap do |revision|
+          revision.id = id
+          revision.send :instance_variable_set, '@attributes', self.attributes
+          revision.send :instance_variable_set, '@new_record', self.destroyed?
+          revision.send :instance_variable_set, '@persisted', !self.destroyed?
+          revision.send :instance_variable_set, '@readonly', false
+          revision.send :instance_variable_set, '@destroyed', false
+          revision.send :instance_variable_set, '@marked_for_destruction', false
+          Audited.audit_class.assign_revision_attributes(revision, attributes)
+
+          # Remove any association proxies so that they will be recreated
+          # and reference the correct object for this revision. The only way
+          # to determine if an instance variable is a proxy object is to
+          # see if it responds to certain methods, as it forwards almost
+          # everything to its target.
+          for ivar in revision.instance_variables
+            proxy = revision.instance_variable_get ivar
+            if !proxy.nil? and proxy.respond_to? :proxy_respond_to?
+              revision.instance_variable_set ivar, nil
+            end
+          end
+        end
+      end
+
+      private
+
+      def audited_changes
+        changed_attributes.except(*non_audited_columns).inject({}) do |changes,(attr, old_value)|
+          changes[attr] = [old_value, self[attr]]
+          changes
+        end
+      end
+
+      def audits_to(version = nil)
+        if version == :previous
+          version = if self.version
+                      self.version - 1
+                    else
+                      previous = audits.descending.offset(1).first
+                      previous ? previous.version : 1
+                    end
+        end
+        audits.to_version(version)
+      end
+
+      def audit_create
+        write_audit(:action => 'create', :audited_changes => audited_attributes,
+                    :comment => audit_comment)
+      end
+
+      def audit_update
+        unless (changes = audited_changes).empty? && audit_comment.blank?
+          write_audit(:action => 'update', :audited_changes => changes,
+                      :comment => audit_comment)
+        end
+      end
+
+      def audit_destroy
+        write_audit(:action => 'destroy', :audited_changes => audited_attributes,
+                    :comment => audit_comment)
+      end
+
+      def write_audit(attrs)
+        attrs[:associated] = self.send(audit_associated_with) unless audit_associated_with.nil?
+        self.audit_comment = nil
+        run_callbacks(:audit)  { self.audits.create(attrs) } if auditing_enabled
+      end
+
+      def require_comment
+        if auditing_enabled && audit_comment.blank?
+          errors.add(:audit_comment, "Comment required before destruction")
+          return false
+        end
+      end
+
+      CALLBACKS.each do |attr_name|
+        alias_method "#{attr_name}_callback".to_sym, attr_name
+      end
+
+      def empty_callback #:nodoc:
+      end
+
+    end # InstanceMethods
+
+    module AuditedClassMethods
+      # Returns an array of columns that are audited. See non_audited_columns
+      def audited_columns
+        self.columns.select { |c| !non_audited_columns.include?(c.name) }
+      end
+
+      # Executes the block with auditing disabled.
+      #
+      #   Foo.without_auditing do
+      #     @foo.save
+      #   end
+      #
+      def without_auditing(&block)
+        auditing_was_enabled = auditing_enabled
+        disable_auditing
+        block.call.tap { enable_auditing if auditing_was_enabled }
+      end
+
+      def disable_auditing
+        self.auditing_enabled = false
+      end
+
+      def enable_auditing
+        self.auditing_enabled = true
+      end
+
+      # All audit operations during the block are recorded as being
+      # made by +user+. This is not model specific, the method is a
+      # convenience wrapper around
+      # @see Audit#as_user.
+      def audit_as( user, &block )
+        Audited.audit_class.as_user( user, &block )
+      end
+    end
+  end
+end

data/lib/audited/sweeper.rb

@@ -0,0 +1,45 @@
+module Audited
+  class Sweeper < ActiveModel::Observer
+    observe Audited.audit_class
+
+    attr_accessor :controller
+
+    def before(controller)
+      self.controller = controller
+      true
+    end
+
+    def after(controller)
+      self.controller = nil
+    end
+
+    def before_create(audit)
+      audit.user ||= current_user
+      audit.remote_address = controller.try(:request).try(:ip)
+    end
+
+    def current_user
+      controller.send(Audited.current_user_method) if controller.respond_to?(Audited.current_user_method, true)
+    end
+
+    def add_observer!(klass)
+      super
+      define_callback(klass)
+    end
+
+    def define_callback(klass)
+      observer = self
+      callback_meth = :"_notify_audited_sweeper"
+      klass.send(:define_method, callback_meth) do
+        observer.update(:before_create, self)
+      end
+      klass.send(:before_create, callback_meth)
+    end
+  end
+end
+
+if defined?(ActionController) and defined?(ActionController::Base)
+  ActionController::Base.class_eval do
+    around_filter Audited::Sweeper.instance
+  end
+end

data/spec/audited_spec_helpers.rb

@@ -0,0 +1,31 @@
+module AuditedSpecHelpers
+
+  def create_user(use_mongo = false, attrs = {})
+    klass = use_mongo ? Models::MongoMapper::User : Models::ActiveRecord::User
+    klass.create({:name => 'Brandon', :username => 'brandon', :password => 'password'}.merge(attrs))
+  end
+
+  def create_versions(n = 2, use_mongo = false)
+    klass = use_mongo ? Models::MongoMapper::User : Models::ActiveRecord::User
+
+    klass.create(:name => 'Foobar 1').tap do |u|
+      (n - 1).times do |i|
+        u.update_attribute :name, "Foobar #{i + 2}"
+      end
+      u.reload
+    end
+  end
+
+  def create_active_record_user(attrs = {})
+    create_user(false, attrs)
+  end
+
+  def create_mongo_user(attrs = {})
+    create_user(true, attrs)
+  end
+
+  def create_mongo_versions(n = 2)
+    create_versions(n, true)
+  end
+
+end

data/spec/rails_app/config/application.rb

@@ -0,0 +1,5 @@
+module RailsApp
+  class Application < Rails::Application
+    config.root = File.expand_path('../../', __FILE__)
+  end
+end

data/spec/rails_app/config/database.yml

@@ -0,0 +1,24 @@
+sqlite3mem: &SQLITE3MEM
+  adapter: sqlite3
+  database: ":memory:"
+
+sqlite3: &SQLITE
+  adapter: sqlite3
+  database: audited_test.sqlite3.db
+
+postgresql: &POSTGRES
+  adapter: postgresql
+  username: postgres
+  password: postgres
+  database: audited_test
+  min_messages: ERROR
+
+mysql: &MYSQL
+  adapter: mysql
+  host: localhost
+  username: root
+  password:
+  database: audited_test
+
+test:
+  <<: *<%= ENV['DB'] || 'SQLITE3MEM' %>

data/spec/rails_app/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+RailsApp::Application.initialize!

data/spec/rails_app/config/environments/development.rb

@@ -0,0 +1,19 @@
+RailsApp::Application.configure do
+  # Settings specified here will take precedence over those in config/environment.rb
+
+  # In the development environment your application's code is reloaded on
+  # every request.  This slows down response time but is perfect for development
+  # since you don't have to restart the webserver when you make code changes.
+  config.cache_classes = false
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_view.debug_rjs             = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  config.action_mailer.raise_delivery_errors = false
+end

data/spec/rails_app/config/environments/production.rb

@@ -0,0 +1,33 @@
+RailsApp::Application.configure do
+  # Settings specified here will take precedence over those in config/environment.rb
+
+  # The production environment is meant for finished, "live" apps.
+  # Code is not reloaded between requests
+  config.cache_classes = true
+
+  # Full error reports are disabled and caching is turned on
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # See everything in the log (default is :info)
+  # config.log_level = :debug
+
+  # Use a different logger for distributed setups
+  # config.logger = SyslogLogger.new
+
+  # Use a different cache store in production
+  # config.cache_store = :mem_cache_store
+
+  # Disable Rails's static asset server
+  # In production, Apache or nginx will already do this
+  config.serve_static_assets = false
+
+  # Enable serving of images, stylesheets, and javascripts from an asset server
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Disable delivery errors, bad email addresses will be ignored
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable threaded mode
+  # config.threadsafe!
+end

data/spec/rails_app/config/environments/test.rb

@@ -0,0 +1,33 @@
+RailsApp::Application.configure do
+  # Settings specified here will take precedence over those in config/environment.rb
+
+  # The test environment is used exclusively to run your application's
+  # test suite.  You never need to work with it otherwise.  Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs.  Don't rely on the data there!
+  config.cache_classes = true
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Disable request forgery protection in test environment
+  config.action_controller.allow_forgery_protection    = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+
+  # Use SQL instead of Active Record's schema dumper when creating the test database.
+  # This is necessary if your schema can't be completely dumped by the schema dumper,
+  # like if you have constraints or database-specific column types
+  # config.active_record.schema_format = :sql
+
+  config.action_dispatch.show_exceptions = false
+
+  config.active_support.deprecation = :stderr
+end