audited 4.2.1 → 4.4.0

data/lib/audited/audit.rb

@@ -1,60 +1,63 @@
-module Audited
-  module Audit
-    def self.included(klass)
-      klass.extend(ClassMethods)
-      klass.setup_audit
-    end
-
-    module ClassMethods
-      def setup_audit
-        belongs_to :auditable,  :polymorphic => true
-        belongs_to :user,       :polymorphic => true
-        belongs_to :associated, :polymorphic => true
+require 'set'
 
-        before_create :set_version_number, :set_audit_user, :set_request_uuid
+module Audited
+  # Audit saves the changes to ActiveRecord models.  It has the following attributes:
+  #
+  # * <tt>auditable</tt>: the ActiveRecord model that was changed
+  # * <tt>user</tt>: the user that performed the change; a string or an ActiveRecord model
+  # * <tt>action</tt>: one of create, update, or delete
+  # * <tt>audited_changes</tt>: a hash of all the changes
+  # * <tt>comment</tt>: a comment set with the audit
+  # * <tt>version</tt>: the version of the model
+  # * <tt>request_uuid</tt>: a uuid based that allows audits from the same controller request
+  # * <tt>created_at</tt>: Time that the change was performed
+  #
 
-        cattr_accessor :audited_class_names
-        self.audited_class_names = Set.new
+  class YAMLIfTextColumnType
+    class << self
+      def load(obj)
+        if Audited.audit_class.columns_hash["audited_changes"].sql_type == "text"
+          ActiveRecord::Coders::YAMLColumn.new(Object).load(obj)
+        else
+          obj
+        end
       end
 
-      # Returns the list of classes that are being audited
-      def audited_classes
-        audited_class_names.map(&:constantize)
+      def dump(obj)
+        if Audited.audit_class.columns_hash["audited_changes"].sql_type == "text"
+          ActiveRecord::Coders::YAMLColumn.new(Object).dump(obj)
+        else
+          obj
+        end
       end
+    end
+  end
 
-      # All audits made during the block called will be recorded as made
-      # by +user+. This method is hopefully threadsafe, making it ideal
-      # for background operations that require audit information.
-      def as_user(user, &block)
-        Thread.current[:audited_user] = user
-        yield
-      ensure
-        Thread.current[:audited_user] = nil
-      end
+  class Audit < ::ActiveRecord::Base
+    belongs_to :auditable,  polymorphic: true
+    belongs_to :user,       polymorphic: true
+    belongs_to :associated, polymorphic: true
 
-      # @private
-      def reconstruct_attributes(audits)
-        attributes = {}
-        result = audits.collect do |audit|
-          attributes.merge!(audit.new_attributes).merge!(:version => audit.version)
-          yield attributes if block_given?
-        end
-        block_given? ? result : attributes
-      end
+    before_create :set_version_number, :set_audit_user, :set_request_uuid, :set_remote_address
 
-      # @private
-      def assign_revision_attributes(record, attributes)
-        attributes.each do |attr, val|
-          record = record.dup if record.frozen?
+    cattr_accessor :audited_class_names
+    self.audited_class_names = Set.new
 
-          if record.respond_to?("#{attr}=")
-            record.attributes.has_key?(attr.to_s) ?
-              record[attr] = val :
-              record.send("#{attr}=", val)
-          end
-        end
-        record
-      end
+    serialize :audited_changes, YAMLIfTextColumnType
+
+    scope :ascending,     ->{ reorder(version: :asc) }
+    scope :descending,    ->{ reorder(version: :desc)}
+    scope :creates,       ->{ where(action: 'create')}
+    scope :updates,       ->{ where(action: 'update')}
+    scope :destroys,      ->{ where(action: 'destroy')}
+
+    scope :up_until,      ->(date_or_time){ where("created_at <= ?", date_or_time) }
+    scope :from_version,  ->(version){ where('version >= ?', version) }
+    scope :to_version,    ->(version){ where('version <= ?', version) }
+    scope :auditable_finder, ->(auditable_id, auditable_type){ where(auditable_id: auditable_id, auditable_type: auditable_type)}
+    # Return all audits older than the current one.
+    def ancestors
+      self.class.ascending.auditable_finder(auditable_id, auditable_type).to_version(version)
     end
 
     # Return an instance of what the object looked like at this revision. If
@@ -62,13 +65,13 @@ module Audited
     def revision
       clazz = auditable_type.constantize
       (clazz.find_by_id(auditable_id) || clazz.new).tap do |m|
-        self.class.assign_revision_attributes(m, self.class.reconstruct_attributes(ancestors).merge({ :version => version }))
+        self.class.assign_revision_attributes(m, self.class.reconstruct_attributes(ancestors).merge(version: version))
       end
     end
 
     # Returns a hash of the changed attributes with the new values
     def new_attributes
-      (audited_changes || {}).inject({}.with_indifferent_access) do |attrs,(attr,values)|
+      (audited_changes || {}).inject({}.with_indifferent_access) do |attrs, (attr, values)|
         attrs[attr] = values.is_a?(Array) ? values.last : values
         attrs
       end
@@ -76,29 +79,96 @@ module Audited
 
     # Returns a hash of the changed attributes with the old values
     def old_attributes
-      (audited_changes || {}).inject({}.with_indifferent_access) do |attrs,(attr,values)|
+      (audited_changes || {}).inject({}.with_indifferent_access) do |attrs, (attr, values)|
         attrs[attr] = Array(values).first
 
         attrs
       end
     end
 
+    # Allows user to be set to either a string or an ActiveRecord object
+    # @private
+    def user_as_string=(user)
+      # reset both either way
+      self.user_as_model = self.username = nil
+      user.is_a?(::ActiveRecord::Base) ?
+        self.user_as_model = user :
+        self.username = user
+    end
+    alias_method :user_as_model=, :user=
+    alias_method :user=, :user_as_string=
+
+    # @private
+    def user_as_string
+      user_as_model || username
+    end
+    alias_method :user_as_model, :user
+    alias_method :user, :user_as_string
+
+    # Returns the list of classes that are being audited
+    def self.audited_classes
+      audited_class_names.map(&:constantize)
+    end
+
+    # All audits made during the block called will be recorded as made
+    # by +user+. This method is hopefully threadsafe, making it ideal
+    # for background operations that require audit information.
+    def self.as_user(user, &block)
+      ::Audited.store[:audited_user] = user
+      yield
+    ensure
+      ::Audited.store[:audited_user] = nil
+    end
+
+    # @private
+    def self.reconstruct_attributes(audits)
+      attributes = {}
+      result = audits.collect do |audit|
+        attributes.merge!(audit.new_attributes)[:version] = audit.version
+        yield attributes if block_given?
+      end
+      block_given? ? result : attributes
+    end
+
+    # @private
+    def self.assign_revision_attributes(record, attributes)
+      attributes.each do |attr, val|
+        record = record.dup if record.frozen?
+
+        if record.respond_to?("#{attr}=")
+          record.attributes.key?(attr.to_s) ?
+            record[attr] = val :
+            record.send("#{attr}=", val)
+        end
+      end
+      record
+    end
+
+    # use created_at as timestamp cache key
+    def self.collection_cache_key(collection = all, timestamp_column = :created_at)
+      super(collection, :created_at)
+    end
+
     private
+
     def set_version_number
-      max = self.class.where(
-        :auditable_id => auditable_id,
-        :auditable_type => auditable_type
-      ).order(:version.desc).first.try(:version) || 0
+      max = self.class.auditable_finder(auditable_id, auditable_type).descending.first.try(:version) || 0
       self.version = max + 1
     end
 
     def set_audit_user
-      self.user = Thread.current[:audited_user] if Thread.current[:audited_user]
+      self.user ||= ::Audited.store[:audited_user] # from .as_user
+      self.user ||= ::Audited.store[:current_user] # from Sweeper
       nil # prevent stopping callback chains
     end
 
     def set_request_uuid
+      self.request_uuid ||= ::Audited.store[:current_request_uuid]
       self.request_uuid ||= SecureRandom.uuid
     end
+
+    def set_remote_address
+      self.remote_address ||= ::Audited.store[:current_remote_address]
+    end
   end
 end

data/lib/audited/auditor.rb

@@ -9,7 +9,7 @@ module Audited
   # To store an audit comment set model.audit_comment to your comment before
   # a create, update or destroy operation.
   #
-  # See <tt>Audited::Adapters::ActiveRecord::Auditor::ClassMethods#audited</tt>
+  # See <tt>Audited::Auditor::ClassMethods#audited</tt>
   # for configuration options
   module Auditor #:nodoc:
     extend ActiveSupport::Concern
@@ -28,7 +28,7 @@ module Audited
       #   You can add to those by passing one or an array of fields to skip.
       #
       #     class User < ActiveRecord::Base
-      #       audited :except => :password
+      #       audited except: :password
       #     end
       #
       # * +require_comment+ - Ensures that audit_comment is supplied before
@@ -36,40 +36,35 @@ module Audited
       #
       def audited(options = {})
         # don't allow multiple calls
-        return if self.included_modules.include?(Audited::Auditor::AuditedInstanceMethods)
+        return if included_modules.include?(Audited::Auditor::AuditedInstanceMethods)
 
-        class_attribute :non_audited_columns,   :instance_writer => false
-        class_attribute :audit_associated_with, :instance_writer => false
+        class_attribute :audit_associated_with,   instance_writer: false
+        class_attribute :audited_options,       instance_writer: false
 
-        if options[:only]
-          except = self.column_names - Array(options[:only]).flatten.map(&:to_s)
-        else
-          except = default_ignored_attributes + Audited.ignored_attributes
-          except |= Array(options[:except]).collect(&:to_s) if options[:except]
-        end
-        self.non_audited_columns = except
+        self.audited_options = options
         self.audit_associated_with = options[:associated_with]
 
         if options[:comment_required]
-          validates_presence_of :audit_comment, :if => :auditing_enabled
+          validates_presence_of :audit_comment, if: :auditing_enabled
           before_destroy :require_comment
         end
 
         attr_accessor :audit_comment
 
-        has_many :audits, :as => :auditable, :class_name => Audited.audit_class.name
-        Audited.audit_class.audited_class_names << self.to_s
+        has_many :audits, -> { order(version: :asc) }, as: :auditable, class_name: Audited.audit_class.name
+        Audited.audit_class.audited_class_names << to_s
 
-        after_create  :audit_create if !options[:on] || (options[:on] && options[:on].include?(:create))
-        before_update :audit_update if !options[:on] || (options[:on] && options[:on].include?(:update))
-        before_destroy :audit_destroy if !options[:on] || (options[:on] && options[:on].include?(:destroy))
+        on = Array(options[:on])
+        after_create :audit_create    if on.empty? || on.include?(:create)
+        before_update :audit_update   if on.empty? || on.include?(:update)
+        before_destroy :audit_destroy if on.empty? || on.include?(:destroy)
 
         # Define and set after_audit and around_audit callbacks. This might be useful if you want
         # to notify a party after the audit has been created or if you want to access the newly-created
         # audit.
         define_callbacks :audit
-        set_callback :audit, :after, :after_audit, :if => lambda { self.respond_to?(:after_audit) }
-        set_callback :audit, :around, :around_audit, :if => lambda { self.respond_to?(:around_audit) }
+        set_callback :audit, :after, :after_audit, if: lambda { respond_to?(:after_audit, true) }
+        set_callback :audit, :around, :around_audit, if: lambda { respond_to?(:around_audit, true) }
 
         attr_accessor :version
 
@@ -80,7 +75,11 @@ module Audited
       end
 
       def has_associated_audits
-        has_many :associated_audits, :as => :associated, :class_name => Audited.audit_class.name
+        has_many :associated_audits, as: :associated, class_name: Audited.audit_class.name
+      end
+
+      def default_ignored_attributes
+        [primary_key, inheritance_column]
       end
     end
 
@@ -133,14 +132,22 @@ module Audited
         attributes.except(*non_audited_columns)
       end
 
+      def non_audited_columns
+        self.class.non_audited_columns
+      end
+
       protected
 
+      def non_audited_columns
+        self.class.non_audited_columns
+      end
+
       def revision_with(attributes)
-        self.dup.tap do |revision|
+        dup.tap do |revision|
           revision.id = id
           revision.send :instance_variable_set, '@attributes', self.attributes if rails_below?('4.2.0')
-          revision.send :instance_variable_set, '@new_record', self.destroyed?
-          revision.send :instance_variable_set, '@persisted', !self.destroyed?
+          revision.send :instance_variable_set, '@new_record', destroyed?
+          revision.send :instance_variable_set, '@persisted', !destroyed?
           revision.send :instance_variable_set, '@readonly', false
           revision.send :instance_variable_set, '@destroyed', false
           revision.send :instance_variable_set, '@_destroyed', false
@@ -152,9 +159,9 @@ module Audited
           # to determine if an instance variable is a proxy object is to
           # see if it responds to certain methods, as it forwards almost
           # everything to its target.
-          for ivar in revision.instance_variables
+          revision.instance_variables.each do |ivar|
             proxy = revision.instance_variable_get ivar
-            if !proxy.nil? and proxy.respond_to? :proxy_respond_to?
+            if !proxy.nil? && proxy.respond_to?(:proxy_respond_to?)
               revision.instance_variable_set ivar, nil
             end
           end
@@ -168,7 +175,15 @@ module Audited
       private
 
       def audited_changes
-        changed_attributes.except(*non_audited_columns).inject({}) do |changes,(attr, old_value)|
+        collection =
+          if audited_options[:only]
+            audited_columns = self.class.audited_columns.map(&:name)
+            changed_attributes.slice(*audited_columns)
+          else
+            changed_attributes.except(*non_audited_columns)
+          end
+
+        collection.inject({}) do |changes, (attr, old_value)|
           changes[attr] = [old_value, self[attr]]
           changes
         end
@@ -187,32 +202,33 @@ module Audited
       end
 
       def audit_create
-        write_audit(:action => 'create', :audited_changes => audited_attributes,
-                    :comment => audit_comment)
+        write_audit(action: 'create', audited_changes: audited_attributes,
+                    comment: audit_comment)
       end
 
       def audit_update
         unless (changes = audited_changes).empty? && audit_comment.blank?
-          write_audit(:action => 'update', :audited_changes => changes,
-                      :comment => audit_comment)
+          write_audit(action: 'update', audited_changes: changes,
+                      comment: audit_comment)
         end
       end
 
       def audit_destroy
-        write_audit(:action => 'destroy', :audited_changes => audited_attributes,
-                    :comment => audit_comment) unless self.new_record?
+        write_audit(action: 'destroy', audited_changes: audited_attributes,
+                    comment: audit_comment) unless new_record?
       end
 
       def write_audit(attrs)
-        attrs[:associated] = self.send(audit_associated_with) unless audit_associated_with.nil?
+        attrs[:associated] = send(audit_associated_with) unless audit_associated_with.nil?
         self.audit_comment = nil
-        run_callbacks(:audit)  { self.audits.create(attrs) } if auditing_enabled
+        run_callbacks(:audit)  { audits.create(attrs) } if auditing_enabled
       end
 
       def require_comment
         if auditing_enabled && audit_comment.blank?
           errors.add(:audit_comment, "Comment required before destruction")
-          return false
+          return false if Rails.version.start_with?('4.')
+          throw :abort
         end
       end
 
@@ -227,16 +243,32 @@ module Audited
         self.class.auditing_enabled
       end
 
-      def auditing_enabled= val
+      def auditing_enabled=(val)
         self.class.auditing_enabled = val
       end
-
     end # InstanceMethods
 
     module AuditedClassMethods
       # Returns an array of columns that are audited. See non_audited_columns
       def audited_columns
-        self.columns.select { |c| !non_audited_columns.include?(c.name) }
+        columns.select {|c| !non_audited_columns.include?(c.name) }
+      end
+
+      def non_audited_columns
+        @non_audited_columns ||= begin
+          options = audited_options
+          if options[:only]
+            except = column_names - Array.wrap(options[:only]).flatten.map(&:to_s)
+          else
+            except = default_ignored_attributes + Audited.ignored_attributes
+            except |= Array(options[:except]).collect(&:to_s) if options[:except]
+          end
+          except
+        end
+      end
+
+      def non_audited_columns=(columns)
+        @non_audited_columns = columns
       end
 
       # Executes the block with auditing disabled.
@@ -265,16 +297,16 @@ module Audited
       # made by +user+. This is not model specific, the method is a
       # convenience wrapper around
       # @see Audit#as_user.
-      def audit_as( user, &block )
-        Audited.audit_class.as_user( user, &block )
+      def audit_as(user, &block)
+        Audited.audit_class.as_user(user, &block)
       end
 
       def auditing_enabled
-        Audited.store.fetch("#{name.tableize}_auditing_enabled", true)
+        Audited.store.fetch("#{table_name}_auditing_enabled", true)
       end
 
-      def auditing_enabled= val
-        Audited.store["#{name.tableize}_auditing_enabled"] = val
+      def auditing_enabled=(val)
+        Audited.store["#{table_name}_auditing_enabled"] = val
       end
     end
   end

data/lib/audited/rspec_matchers.rb

@@ -76,6 +76,8 @@ module Audited
         "Did not expect #{@expectation}"
       end
 
+      alias_method :failure_message_when_negated, :negative_failure_message
+
       def description
         description = "audited"
         description += " associated with #{@options[:associated_with]}" if @options.key?(:associated_with)
@@ -149,6 +151,8 @@ module Audited
         "Expected #{model_class} to not have associated audits"
       end
 
+      alias_method :failure_message_when_negated, :negative_failure_message
+
       def description
         "has associated audits"
       end
@@ -164,7 +168,7 @@ module Audited
       end
 
       def association_exists?
-        (!reflection.nil?) &&
+        !reflection.nil? &&
           reflection.macro == :has_many &&
           reflection.options[:class_name] == Audited.audit_class.name
       end

data/lib/audited/sweeper.rb

@@ -1,71 +1,49 @@
-require "rails/observers/activerecord/active_record"
-require "rails/observers/action_controller/caching"
-
 module Audited
-  class Sweeper < ActionController::Caching::Sweeper
-    observe Audited.audit_class
+  class Sweeper
+    STORED_DATA = {
+      current_remote_address: :remote_ip,
+      current_request_uuid: :request_uuid,
+      current_user: :current_user
+    }
 
-    attr_accessor :controller
-    def before(controller)
-      self.controller = controller
-      true
-    end
+    delegate :store, to: ::Audited
 
-    def after(controller)
+    def around(controller)
+      self.controller = controller
+      STORED_DATA.each { |k,m| store[k] = send(m) }
+      yield
+    ensure
       self.controller = nil
-    end
-
-    def before_create(audit)
-      audit.user ||= current_user
-      audit.remote_address = controller.try(:request).try(:remote_ip)
-      audit.request_uuid = request_uuid if request_uuid
+      STORED_DATA.keys.each { |k| store.delete(k) }
     end
 
     def current_user
       controller.send(Audited.current_user_method) if controller.respond_to?(Audited.current_user_method, true)
     end
 
-    def request_uuid
-      controller.try(:request).try(:uuid)
-    end
-
-    def add_observer!(klass)
-      if defined?(::ActiveRecord)
-        super
-        define_callback(klass)
-      end
+    def remote_ip
+      controller.try(:request).try(:remote_ip)
     end
 
-    def define_callback(klass)
-      observer = self
-      callback_meth = :"_notify_audited_sweeper"
-      klass.send(:define_method, callback_meth) do
-        observer.update(:before_create, self)
-      end
-      klass.send(:before_create, callback_meth)
+    def request_uuid
+      controller.try(:request).try(:uuid)
     end
 
     def controller
-      ::Audited.store[:current_controller]
+      store[:current_controller]
     end
 
     def controller=(value)
-      ::Audited.store[:current_controller] = value
+      store[:current_controller] = value
     end
   end
 end
 
-if defined?(ActionController) and defined?(ActionController::Base)
-  # Create dynamic subclass of Audited::Sweeper otherwise rspec will
-  # fail with both ActiveRecord and MongoMapper tests as there will be
-  # around_filter collision
-  sweeper_class = Class.new(Audited::Sweeper) do
-    def self.name
-      "#{Audited.audit_class}::Sweeper"
-    end
+ActiveSupport.on_load(:action_controller) do
+  if defined?(ActionController::Base)
+    ActionController::Base.around_action Audited::Sweeper.new
   end
-
-  ActionController::Base.class_eval do
-    around_filter sweeper_class.instance
+  if defined?(ActionController::API)
+    ActionController::API.around_action Audited::Sweeper.new
   end
 end

data/lib/audited/version.rb

@@ -1,3 +1,3 @@
 module Audited
-  VERSION = "4.2.1"
+  VERSION = "4.4.0"
 end

data/lib/audited-rspec.rb

@@ -0,0 +1,4 @@
+require 'audited/rspec_matchers'
+module RSpec::Matchers
+  include Audited::RspecMatchers
+end

data/lib/audited.rb

@@ -1,16 +1,30 @@
-require 'rails/observers/active_model/active_model'
-
+require 'active_record'
 
 module Audited
   class << self
     attr_accessor :ignored_attributes, :current_user_method, :audit_class
 
+    def audit_class
+      @audit_class || Audit
+    end
+
     def store
       Thread.current[:audited_store] ||= {}
     end
+
+    def config
+      yield(self)
+    end
   end
 
   @ignored_attributes = %w(lock_version created_at updated_at created_on updated_on)
 
   @current_user_method = :current_user
 end
+
+require 'audited/auditor'
+require 'audited/audit'
+
+::ActiveRecord::Base.send :include, Audited::Auditor
+
+require 'audited/sweeper'

data/lib/generators/audited/install_generator.rb

@@ -0,0 +1,24 @@
+require 'rails/generators'
+require 'rails/generators/migration'
+require 'active_record'
+require 'rails/generators/active_record'
+require 'generators/audited/migration'
+require 'generators/audited/migration_helper'
+
+module Audited
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+      include Audited::Generators::MigrationHelper
+      extend Audited::Generators::Migration
+
+      class_option :audited_changes_column_type, type: :string, default: "text", required: false
+
+      source_root File.expand_path("../templates", __FILE__)
+
+      def copy_migration
+        migration_template 'install.rb', 'db/migrate/install_audited.rb'
+      end
+    end
+  end
+end

data/lib/generators/audited/migration.rb

@@ -0,0 +1,15 @@
+module Audited
+  module Generators
+    module Migration
+      # Implement the required interface for Rails::Generators::Migration.
+      def next_migration_number(dirname) #:nodoc:
+        next_migration_number = current_migration_number(dirname) + 1
+        if ::ActiveRecord::Base.timestamped_migrations
+          [Time.now.utc.strftime("%Y%m%d%H%M%S"), "%.14d" % next_migration_number].max
+        else
+          "%.3d" % next_migration_number
+        end
+      end
+    end
+  end
+end