audited 4.6.0 → 4.10.0

data/gemfiles/rails42.gemfile

@@ -4,5 +4,8 @@ source "https://rubygems.org"
 
 gem "rails", "~> 4.2.0"
 gem "protected_attributes"
+gem "mysql2", ">= 0.3.13", "< 0.6.0"
+gem "pg", "~> 0.15"
+gem "sqlite3", "~> 1.3.6"
 
 gemspec name: "audited", path: "../"

data/gemfiles/rails50.gemfile

@@ -3,5 +3,8 @@
 source "https://rubygems.org"
 
 gem "rails", "~> 5.0.0"
+gem "mysql2", ">= 0.3.18", "< 0.6.0"
+gem "pg", ">= 0.18", "< 2.0"
+gem "sqlite3", "~> 1.3.6"
 
 gemspec name: "audited", path: "../"

data/gemfiles/rails51.gemfile

@@ -3,5 +3,8 @@
 source "https://rubygems.org"
 
 gem "rails", "~> 5.1.4"
+gem "mysql2", ">= 0.3.18", "< 0.6.0"
+gem "pg", ">= 0.18", "< 2.0"
+gem "sqlite3", "~> 1.3.6"
 
 gemspec name: "audited", path: "../"

data/gemfiles/rails52.gemfile

@@ -2,7 +2,9 @@
 
 source "https://rubygems.org"
 
-gem "rails", ">= 5.2.0.beta2", "< 5.3"
-gem "mysql2", "~> 0.4.4"
+gem "rails", ">= 5.2.0", "< 5.3"
+gem "mysql2", ">= 0.4.4", "< 0.6.0"
+gem "pg", ">= 0.18", "< 2.0"
+gem "sqlite3", "~> 1.3.6"
 
 gemspec name: "audited", path: "../"

data/gemfiles/rails60.gemfile

@@ -0,0 +1,10 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", ">= 6.0.0", "< 6.1"
+gem "mysql2", ">= 0.4.4"
+gem "pg", ">= 0.18", "< 2.0"
+gem "sqlite3", "~> 1.4"
+
+gemspec name: "audited", path: "../"

data/gemfiles/rails61.gemfile

@@ -0,0 +1,10 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", ">= 6.1.0", "< 6.2"
+gem "mysql2", ">= 0.4.4"
+gem "pg", ">= 1.1", "< 2.0"
+gem "sqlite3", "~> 1.4"
+
+gemspec name: "audited", path: "../"

data/lib/audited.rb

@@ -2,7 +2,7 @@ require 'active_record'
 
 module Audited
   class << self
-    attr_accessor :ignored_attributes, :current_user_method
+    attr_accessor :ignored_attributes, :current_user_method, :max_audits, :auditing_enabled
     attr_writer :audit_class
 
     def audit_class
@@ -21,6 +21,7 @@ module Audited
   @ignored_attributes = %w(lock_version created_at updated_at created_on updated_on)
 
   @current_user_method = :current_user
+  @auditing_enabled = true
 end
 
 require 'audited/auditor'

data/lib/audited/audit.rb

@@ -16,7 +16,7 @@ module Audited
   class YAMLIfTextColumnType
     class << self
       def load(obj)
-        if Audited.audit_class.columns_hash["audited_changes"].type.to_s == "text"
+        if text_column?
           ActiveRecord::Coders::YAMLColumn.new(Object).load(obj)
         else
           obj
@@ -24,12 +24,16 @@ module Audited
       end
 
       def dump(obj)
-        if Audited.audit_class.columns_hash["audited_changes"].type.to_s == "text"
+        if text_column?
           ActiveRecord::Coders::YAMLColumn.new(Object).dump(obj)
         else
           obj
         end
       end
+
+      def text_column?
+        Audited.audit_class.columns_hash["audited_changes"].type.to_s == "text"
+      end
     end
   end
 
@@ -65,7 +69,7 @@ module Audited
     def revision
       clazz = auditable_type.constantize
       (clazz.find_by_id(auditable_id) || clazz.new).tap do |m|
-        self.class.assign_revision_attributes(m, self.class.reconstruct_attributes(ancestors).merge(version: version))
+        self.class.assign_revision_attributes(m, self.class.reconstruct_attributes(ancestors).merge(audit_version: version))
       end
     end
 
@@ -88,20 +92,18 @@ module Audited
 
     # Allows user to undo changes
     def undo
-      model = self.auditable_type.constantize
-      if action == 'create'
+      case action
+      when 'create'
         # destroys a newly created record
-        model.find(auditable_id).destroy!
-      elsif action == 'destroy'
+        auditable.destroy!
+      when 'destroy'
         # creates a new record with the destroyed record attributes
-        model.create(audited_changes)
-      else
+        auditable_type.constantize.create!(audited_changes)
+      when 'update'
         # changes back attributes
-        audited_object = model.find(auditable_id)
-        self.audited_changes.each do |k, v|
-          audited_object[k] = v[0]
-        end
-        audited_object.save
+        auditable.update!(audited_changes.transform_values(&:first))
+      else
+        raise StandardError, "invalid action given #{action}"
       end
     end
 
@@ -132,21 +134,20 @@ module Audited
     # All audits made during the block called will be recorded as made
     # by +user+. This method is hopefully threadsafe, making it ideal
     # for background operations that require audit information.
-    def self.as_user(user, &block)
+    def self.as_user(user)
+      last_audited_user = ::Audited.store[:audited_user]
       ::Audited.store[:audited_user] = user
       yield
     ensure
-      ::Audited.store[:audited_user] = nil
+      ::Audited.store[:audited_user] = last_audited_user
     end
 
     # @private
     def self.reconstruct_attributes(audits)
-      attributes = {}
-      result = audits.collect do |audit|
-        attributes.merge!(audit.new_attributes)[:version] = audit.version
-        yield attributes if block_given?
-      end
-      block_given? ? result : attributes
+      audits.each_with_object({}) do |audit, all|
+        all.merge!(audit.new_attributes)
+        all[:audit_version] = audit.version
+     end
     end
 
     # @private
@@ -164,15 +165,20 @@ module Audited
     end
 
     # use created_at as timestamp cache key
-    def self.collection_cache_key(collection = all, timestamp_column = :created_at)
+    def self.collection_cache_key(collection = all, *)
       super(collection, :created_at)
     end
 
     private
 
     def set_version_number
-      max = self.class.auditable_finder(auditable_id, auditable_type).descending.first.try(:version) || 0
-      self.version = max + 1
+      if action == 'create'
+        self.version = 1
+      else
+        collection = Rails::VERSION::MAJOR == 6 ? self.class.unscoped : self.class
+        max = collection.auditable_finder(auditable_id, auditable_type).maximum(:version) || 0
+        self.version = max + 1
+      end
     end
 
     def set_audit_user

data/lib/audited/auditor.rb

@@ -33,6 +33,28 @@ module Audited
       #
       # * +require_comment+ - Ensures that audit_comment is supplied before
       #   any create, update or destroy operation.
+      # * +max_audits+ - Limits the number of stored audits.
+
+      # * +redacted+ - Changes to these fields will be logged, but the values
+      #   will not. This is useful, for example, if you wish to audit when a
+      #   password is changed, without saving the actual password in the log.
+      #   To store values as something other than '[REDACTED]', pass an argument
+      #   to the redaction_value option.
+      #
+      #     class User < ActiveRecord::Base
+      #       audited redacted: :password, redaction_value: SecureRandom.uuid
+      #     end
+      #
+      # * +if+ - Only audit the model when the given function returns true
+      # * +unless+ - Only audit the model when the given function returns false
+      #
+      #     class User < ActiveRecord::Base
+      #       audited :if => :active?
+      #
+      #       def active?
+      #         self.status == 'active'
+      #       end
+      #     end
       #
       def audited(options = {})
         # don't allow multiple calls
@@ -41,9 +63,9 @@ module Audited
         extend Audited::Auditor::AuditedClassMethods
         include Audited::Auditor::AuditedInstanceMethods
 
-        class_attribute :audit_associated_with,   instance_writer: false
+        class_attribute :audit_associated_with, instance_writer: false
         class_attribute :audited_options,       instance_writer: false
-        attr_accessor :version, :audit_comment
+        attr_accessor :audit_version, :audit_comment
 
         self.audited_options = options
         normalize_audited_options
@@ -51,11 +73,11 @@ module Audited
         self.audit_associated_with = audited_options[:associated_with]
 
         if audited_options[:comment_required]
-          validates_presence_of :audit_comment, if: :auditing_enabled
-          before_destroy :require_comment
+          validate :presence_of_audit_comment
+          before_destroy :require_comment if audited_options[:on].include?(:destroy)
         end
 
-        has_many :audits, -> { order(version: :asc) }, as: :auditable, class_name: Audited.audit_class.name
+        has_many :audits, -> { order(version: :asc) }, as: :auditable, class_name: Audited.audit_class.name, inverse_of: :auditable
         Audited.audit_class.audited_class_names << to_s
 
         after_create :audit_create    if audited_options[:on].include?(:create)
@@ -78,6 +100,8 @@ module Audited
     end
 
     module AuditedInstanceMethods
+      REDACTED = '[REDACTED]'
+      
       # Temporarily turns off auditing while saving.
       def save_without_auditing
         without_auditing { save }
@@ -93,6 +117,21 @@ module Audited
         self.class.without_auditing(&block)
       end
 
+      # Temporarily turns on auditing while saving.
+      def save_with_auditing
+        with_auditing { save }
+      end
+
+      # Executes the block with the auditing callbacks enabled.
+      #
+      #   @foo.with_auditing do
+      #     @foo.save
+      #   end
+      #
+      def with_auditing(&block)
+        self.class.with_auditing(&block)
+      end
+
       # Gets an array of the revisions available
       #
       #   user.revisions.each do |revision|
@@ -101,9 +140,17 @@ module Audited
       #   end
       #
       def revisions(from_version = 1)
-        audits = self.audits.from_version(from_version)
-        return [] if audits.empty?
-        audits.map(&:revision)
+        return [] unless audits.from_version(from_version).exists?
+
+        all_audits = audits.select([:audited_changes, :version]).to_a
+        targeted_audits = all_audits.select { |audit| audit.version >= from_version }
+
+        previous_attributes = reconstruct_attributes(all_audits - targeted_audits)
+
+        targeted_audits.map do |audit|
+          previous_attributes.merge!(audit.new_attributes)
+          revision_with(previous_attributes.merge!(version: audit.version))
+        end
       end
 
       # Get a specific revision specified by the version number, or +:previous+
@@ -122,23 +169,35 @@ module Audited
 
       # List of attributes that are audited.
       def audited_attributes
-        attributes.except(*non_audited_columns)
+        audited_attributes = attributes.except(*self.class.non_audited_columns)
+        normalize_enum_changes(audited_attributes)
       end
 
-      protected
-
-      def non_audited_columns
-        self.class.non_audited_columns
+      # Returns a list combined of record audits and associated audits.
+      def own_and_associated_audits
+        Audited.audit_class.unscoped
+        .where('(auditable_type = :type AND auditable_id = :id) OR (associated_type = :type AND associated_id = :id)',
+          type: self.class.name, id: id)
+        .order(created_at: :desc)
       end
 
-      def audited_columns
-        self.class.audited_columns
+      # Combine multiple audits into one.
+      def combine_audits(audits_to_combine)
+        combine_target = audits_to_combine.last
+        combine_target.audited_changes = audits_to_combine.pluck(:audited_changes).reduce(&:merge)
+        combine_target.comment = "#{combine_target.comment}\nThis audit is the result of multiple audits being combined."
+
+        transaction do
+          combine_target.save!
+          audits_to_combine.unscope(:limit).where("version < ?", combine_target.version).delete_all
+        end
       end
 
+      protected
+
       def revision_with(attributes)
         dup.tap do |revision|
           revision.id = id
-          revision.send :instance_variable_set, '@attributes', self.attributes if rails_below?('4.2.0')
           revision.send :instance_variable_set, '@new_record', destroyed?
           revision.send :instance_variable_set, '@persisted', !destroyed?
           revision.send :instance_variable_set, '@readonly', false
@@ -161,25 +220,62 @@ module Audited
         end
       end
 
-      def rails_below?(rails_version)
-        Gem::Version.new(Rails::VERSION::STRING) < Gem::Version.new(rails_version)
-      end
-
       private
 
       def audited_changes
         all_changes = respond_to?(:changes_to_save) ? changes_to_save : changes
-        if audited_options[:only].present?
-          all_changes.slice(*audited_columns)
-        else
-          all_changes.except(*non_audited_columns)
+        filtered_changes = \
+          if audited_options[:only].present?
+            all_changes.slice(*self.class.audited_columns)
+          else
+            all_changes.except(*self.class.non_audited_columns)
+          end
+
+        filtered_changes = redact_values(filtered_changes)
+        filtered_changes = normalize_enum_changes(filtered_changes)
+        filtered_changes.to_hash
+      end
+
+      def normalize_enum_changes(changes)
+        self.class.defined_enums.each do |name, values|
+          if changes.has_key?(name)
+            changes[name] = \
+              if changes[name].is_a?(Array)
+                changes[name].map { |v| values[v] }
+              elsif rails_below?('5.0')
+                changes[name]
+              else
+                values[changes[name]]
+              end
+          end
         end
+        changes
+      end
+
+      def redact_values(filtered_changes)
+        [audited_options[:redacted]].flatten.compact.each do |option|
+          changes = filtered_changes[option.to_s]
+          new_value = audited_options[:redaction_value] || REDACTED
+          if changes.is_a? Array
+            values = changes.map { new_value }
+          else
+            values = new_value
+          end
+          hash = Hash[option.to_s, values]
+          filtered_changes.merge!(hash)
+        end
+
+        filtered_changes
+      end
+
+      def rails_below?(rails_version)
+        Gem::Version.new(Rails::VERSION::STRING) < Gem::Version.new(rails_version)
       end
 
       def audits_to(version = nil)
         if version == :previous
-          version = if self.version
-                      self.version - 1
+          version = if self.audit_version
+                      self.audit_version - 1
                     else
                       previous = audits.descending.offset(1).first
                       previous ? previous.version : 1
@@ -194,7 +290,7 @@ module Audited
       end
 
       def audit_update
-        unless (changes = audited_changes).empty? && audit_comment.blank?
+        unless (changes = audited_changes).empty? && (audit_comment.blank? || audited_options[:update_with_comment_only] == false)
           write_audit(action: 'update', audited_changes: changes,
                       comment: audit_comment)
         end
@@ -208,14 +304,41 @@ module Audited
       def write_audit(attrs)
         attrs[:associated] = send(audit_associated_with) unless audit_associated_with.nil?
         self.audit_comment = nil
-        run_callbacks(:audit)  { audits.create(attrs) } if auditing_enabled
+
+        if auditing_enabled
+          run_callbacks(:audit) {
+            audit = audits.create(attrs)
+            combine_audits_if_needed if attrs[:action] != 'create'
+            audit
+          }
+        end
+      end
+
+      def presence_of_audit_comment
+        if comment_required_state?
+          errors.add(:audit_comment, "Comment can't be blank!") unless audit_comment.present?
+        end
+      end
+
+      def comment_required_state?
+        auditing_enabled &&
+          ((audited_options[:on].include?(:create) && self.new_record?) ||
+          (audited_options[:on].include?(:update) && self.persisted? && self.changed?))
+      end
+
+      def combine_audits_if_needed
+        max_audits = audited_options[:max_audits]
+        if max_audits && (extra_count = audits.count - max_audits) > 0
+          audits_to_combine = audits.limit(extra_count + 1)
+          combine_audits(audits_to_combine)
+        end
       end
 
       def require_comment
         if auditing_enabled && audit_comment.blank?
-          errors.add(:audit_comment, "Comment required before destruction")
+          errors.add(:audit_comment, "Comment can't be blank!")
           return false if Rails.version.start_with?('4.')
-          throw :abort
+          throw(:abort)
         end
       end
 
@@ -224,11 +347,23 @@ module Audited
       end
 
       def auditing_enabled
-        self.class.auditing_enabled
+        return run_conditional_check(audited_options[:if]) &&
+          run_conditional_check(audited_options[:unless], matching: false) &&
+          self.class.auditing_enabled
       end
 
-      def auditing_enabled=(val)
-        self.class.auditing_enabled = val
+      def run_conditional_check(condition, matching: true)
+        return true if condition.blank?
+        return condition.call(self) == matching if condition.respond_to?(:call)
+        return send(condition) == matching if respond_to?(condition.to_sym, true)
+
+        true
+      end
+
+      def reconstruct_attributes(audits)
+        attributes = {}
+        audits.each { |audit| attributes.merge!(audit.new_attributes) }
+        attributes
       end
     end # InstanceMethods
 
@@ -240,9 +375,7 @@ module Audited
 
       # We have to calculate this here since column_names may not be available when `audited` is called
       def non_audited_columns
-        @non_audited_columns ||= audited_options[:only].present? ?
-                                 column_names - audited_options[:only] :
-                                 default_ignored_attributes | audited_options[:except]
+        @non_audited_columns ||= calculate_non_audited_columns
       end
 
       def non_audited_columns=(columns)
@@ -264,6 +397,20 @@ module Audited
         enable_auditing if auditing_was_enabled
       end
 
+      # Executes the block with auditing enabled.
+      #
+      #   Foo.with_auditing do
+      #     @foo.save
+      #   end
+      #
+      def with_auditing
+        auditing_was_enabled = auditing_enabled
+        enable_auditing
+        yield
+      ensure
+        disable_auditing unless auditing_was_enabled
+      end
+
       def disable_auditing
         self.auditing_enabled = false
       end
@@ -281,23 +428,36 @@ module Audited
       end
 
       def auditing_enabled
-        Audited.store.fetch("#{table_name}_auditing_enabled", true)
+        Audited.store.fetch("#{table_name}_auditing_enabled", true) && Audited.auditing_enabled
       end
 
       def auditing_enabled=(val)
         Audited.store["#{table_name}_auditing_enabled"] = val
       end
 
-      protected
       def default_ignored_attributes
-        [primary_key, inheritance_column] + Audited.ignored_attributes
+        [primary_key, inheritance_column] | Audited.ignored_attributes
       end
 
+      protected
+
       def normalize_audited_options
         audited_options[:on] = Array.wrap(audited_options[:on])
         audited_options[:on] = [:create, :update, :destroy] if audited_options[:on].empty?
         audited_options[:only] = Array.wrap(audited_options[:only]).map(&:to_s)
         audited_options[:except] = Array.wrap(audited_options[:except]).map(&:to_s)
+        max_audits = audited_options[:max_audits] || Audited.max_audits
+        audited_options[:max_audits] = Integer(max_audits).abs if max_audits
+      end
+
+      def calculate_non_audited_columns
+        if audited_options[:only].present?
+          (column_names | default_ignored_attributes) - audited_options[:only]
+        elsif audited_options[:except].present?
+          default_ignored_attributes | audited_options[:except]
+        else
+          default_ignored_attributes
+        end
       end
     end
   end