audited 4.7.1 → 5.0.1

data/Rakefile

@@ -1,17 +1,17 @@
 #!/usr/bin/env rake
 
-require 'bundler/gem_helper'
-require 'rspec/core/rake_task'
-require 'rake/testtask'
-require 'appraisal'
+require "bundler/gem_helper"
+require "rspec/core/rake_task"
+require "rake/testtask"
+require "appraisal"
 
-Bundler::GemHelper.install_tasks(name: 'audited')
+Bundler::GemHelper.install_tasks(name: "audited")
 
 RSpec::Core::RakeTask.new(:spec)
 
 Rake::TestTask.new do |t|
   t.libs << "test"
-  t.test_files = FileList['test/**/*_test.rb']
+  t.test_files = FileList["test/**/*_test.rb"]
   t.verbose = true
 end
 

data/gemfiles/rails50.gemfile

@@ -3,5 +3,8 @@
 source "https://rubygems.org"
 
 gem "rails", "~> 5.0.0"
+gem "mysql2", ">= 0.3.18", "< 0.6.0"
+gem "pg", ">= 0.18", "< 2.0"
+gem "sqlite3", "~> 1.3.6"
 
 gemspec name: "audited", path: "../"

data/gemfiles/rails51.gemfile

@@ -3,5 +3,8 @@
 source "https://rubygems.org"
 
 gem "rails", "~> 5.1.4"
+gem "mysql2", ">= 0.3.18", "< 0.6.0"
+gem "pg", ">= 0.18", "< 2.0"
+gem "sqlite3", "~> 1.3.6"
 
 gemspec name: "audited", path: "../"

data/gemfiles/rails52.gemfile

@@ -3,6 +3,8 @@
 source "https://rubygems.org"
 
 gem "rails", ">= 5.2.0", "< 5.3"
-gem "mysql2", "~> 0.4.4"
+gem "mysql2", ">= 0.4.4", "< 0.6.0"
+gem "pg", ">= 0.18", "< 2.0"
+gem "sqlite3", "~> 1.3.6"
 
 gemspec name: "audited", path: "../"

data/gemfiles/rails60.gemfile

@@ -0,0 +1,10 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", ">= 6.0.0", "< 6.1"
+gem "mysql2", ">= 0.4.4"
+gem "pg", ">= 0.18", "< 2.0"
+gem "sqlite3", "~> 1.4"
+
+gemspec name: "audited", path: "../"

data/gemfiles/rails61.gemfile

@@ -0,0 +1,10 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", ">= 6.1.0", "< 6.2"
+gem "mysql2", ">= 0.4.4"
+gem "pg", ">= 1.1", "< 2.0"
+gem "sqlite3", "~> 1.4"
+
+gemspec name: "audited", path: "../"

data/lib/audited-rspec.rb

@@ -1,4 +1,6 @@
-require 'audited/rspec_matchers'
+# frozen_string_literal: true
+
+require "audited/rspec_matchers"
 module RSpec::Matchers
   include Audited::RspecMatchers
 end

data/lib/audited.rb

@@ -1,8 +1,15 @@
-require 'active_record'
+# frozen_string_literal: true
+
+require "active_record"
 
 module Audited
   class << self
-    attr_accessor :ignored_attributes, :current_user_method, :max_audits
+    attr_accessor \
+      :auditing_enabled,
+      :current_user_method,
+      :ignored_attributes,
+      :max_audits,
+      :store_synthesized_enums
     attr_writer :audit_class
 
     def audit_class
@@ -10,7 +17,13 @@ module Audited
     end
 
     def store
-      Thread.current[:audited_store] ||= {}
+      current_store_value = Thread.current.thread_variable_get(:audited_store)
+
+      if current_store_value.nil?
+        Thread.current.thread_variable_set(:audited_store, {})
+      else
+        current_store_value
+      end
     end
 
     def config
@@ -18,14 +31,19 @@ module Audited
     end
   end
 
-  @ignored_attributes = %w(lock_version created_at updated_at created_on updated_on)
+  @ignored_attributes = %w[lock_version created_at updated_at created_on updated_on]
 
   @current_user_method = :current_user
+  @auditing_enabled = true
+  @store_synthesized_enums = false
 end
 
-require 'audited/auditor'
-require 'audited/audit'
+require "audited/auditor"
+require "audited/audit"
 
-::ActiveRecord::Base.send :include, Audited::Auditor
+ActiveSupport.on_load :active_record do
+  include Audited::Auditor
+end
 
-require 'audited/sweeper'
+require "audited/sweeper"
+require "audited/railtie"

data/lib/audited/audit.rb

@@ -1,4 +1,6 @@
-require 'set'
+# frozen_string_literal: true
+
+require "set"
 
 module Audited
   # Audit saves the changes to ActiveRecord models.  It has the following attributes:
@@ -16,7 +18,7 @@ module Audited
   class YAMLIfTextColumnType
     class << self
       def load(obj)
-        if Audited.audit_class.columns_hash["audited_changes"].type.to_s == "text"
+        if text_column?
           ActiveRecord::Coders::YAMLColumn.new(Object).load(obj)
         else
           obj
@@ -24,18 +26,22 @@ module Audited
       end
 
       def dump(obj)
-        if Audited.audit_class.columns_hash["audited_changes"].type.to_s == "text"
+        if text_column?
           ActiveRecord::Coders::YAMLColumn.new(Object).dump(obj)
         else
           obj
         end
       end
+
+      def text_column?
+        Audited.audit_class.columns_hash["audited_changes"].type.to_s == "text"
+      end
     end
   end
 
   class Audit < ::ActiveRecord::Base
-    belongs_to :auditable,  polymorphic: true
-    belongs_to :user,       polymorphic: true
+    belongs_to :auditable, polymorphic: true
+    belongs_to :user, polymorphic: true
     belongs_to :associated, polymorphic: true
 
     before_create :set_version_number, :set_audit_user, :set_request_uuid, :set_remote_address
@@ -45,16 +51,16 @@ module Audited
 
     serialize :audited_changes, YAMLIfTextColumnType
 
-    scope :ascending,     ->{ reorder(version: :asc) }
-    scope :descending,    ->{ reorder(version: :desc)}
-    scope :creates,       ->{ where(action: 'create')}
-    scope :updates,       ->{ where(action: 'update')}
-    scope :destroys,      ->{ where(action: 'destroy')}
+    scope :ascending, -> { reorder(version: :asc) }
+    scope :descending, -> { reorder(version: :desc) }
+    scope :creates, -> { where(action: "create") }
+    scope :updates, -> { where(action: "update") }
+    scope :destroys, -> { where(action: "destroy") }
 
-    scope :up_until,      ->(date_or_time){ where("created_at <= ?", date_or_time) }
-    scope :from_version,  ->(version){ where('version >= ?', version) }
-    scope :to_version,    ->(version){ where('version <= ?', version) }
-    scope :auditable_finder, ->(auditable_id, auditable_type){ where(auditable_id: auditable_id, auditable_type: auditable_type)}
+    scope :up_until, ->(date_or_time) { where("created_at <= ?", date_or_time) }
+    scope :from_version, ->(version) { where("version >= ?", version) }
+    scope :to_version, ->(version) { where("version <= ?", version) }
+    scope :auditable_finder, ->(auditable_id, auditable_type) { where(auditable_id: auditable_id, auditable_type: auditable_type) }
     # Return all audits older than the current one.
     def ancestors
       self.class.ascending.auditable_finder(auditable_id, auditable_type).to_version(version)
@@ -65,43 +71,38 @@ module Audited
     def revision
       clazz = auditable_type.constantize
       (clazz.find_by_id(auditable_id) || clazz.new).tap do |m|
-        self.class.assign_revision_attributes(m, self.class.reconstruct_attributes(ancestors).merge(version: version))
+        self.class.assign_revision_attributes(m, self.class.reconstruct_attributes(ancestors).merge(audit_version: version))
       end
     end
 
     # Returns a hash of the changed attributes with the new values
     def new_attributes
-      (audited_changes || {}).inject({}.with_indifferent_access) do |attrs, (attr, values)|
-        attrs[attr] = values.is_a?(Array) ? values.last : values
-        attrs
+      (audited_changes || {}).each_with_object({}.with_indifferent_access) do |(attr, values), attrs|
+        attrs[attr] = (action == "update" ? values.last : values)
       end
     end
 
     # Returns a hash of the changed attributes with the old values
     def old_attributes
-      (audited_changes || {}).inject({}.with_indifferent_access) do |attrs, (attr, values)|
-        attrs[attr] = Array(values).first
-
-        attrs
+      (audited_changes || {}).each_with_object({}.with_indifferent_access) do |(attr, values), attrs|
+        attrs[attr] = (action == "update" ? values.first : values)
       end
     end
 
     # Allows user to undo changes
     def undo
-      model = self.auditable_type.constantize
-      if action == 'create'
+      case action
+      when "create"
         # destroys a newly created record
-        model.find(auditable_id).destroy!
-      elsif action == 'destroy'
+        auditable.destroy!
+      when "destroy"
         # creates a new record with the destroyed record attributes
-        model.create(audited_changes)
-      else
+        auditable_type.constantize.create!(audited_changes)
+      when "update"
         # changes back attributes
-        audited_object = model.find(auditable_id)
-        self.audited_changes.each do |k, v|
-          audited_object[k] = v[0]
-        end
-        audited_object.save
+        auditable.update!(audited_changes.transform_values(&:first))
+      else
+        raise StandardError, "invalid action given #{action}"
       end
     end
 
@@ -132,21 +133,20 @@ module Audited
     # All audits made during the block called will be recorded as made
     # by +user+. This method is hopefully threadsafe, making it ideal
     # for background operations that require audit information.
-    def self.as_user(user, &block)
+    def self.as_user(user)
+      last_audited_user = ::Audited.store[:audited_user]
       ::Audited.store[:audited_user] = user
       yield
     ensure
-      ::Audited.store[:audited_user] = nil
+      ::Audited.store[:audited_user] = last_audited_user
     end
 
     # @private
     def self.reconstruct_attributes(audits)
-      attributes = {}
-      result = audits.collect do |audit|
-        attributes.merge!(audit.new_attributes)[:version] = audit.version
-        yield attributes if block_given?
+      audits.each_with_object({}) do |audit, all|
+        all.merge!(audit.new_attributes)
+        all[:audit_version] = audit.version
       end
-      block_given? ? result : attributes
     end
 
     # @private
@@ -164,15 +164,20 @@ module Audited
     end
 
     # use created_at as timestamp cache key
-    def self.collection_cache_key(collection = all, timestamp_column = :created_at)
+    def self.collection_cache_key(collection = all, *)
       super(collection, :created_at)
     end
 
     private
 
     def set_version_number
-      max = self.class.auditable_finder(auditable_id, auditable_type).descending.first.try(:version) || 0
-      self.version = max + 1
+      if action == "create"
+        self.version = 1
+      else
+        collection = Rails::VERSION::MAJOR >= 6 ? self.class.unscoped : self.class
+        max = collection.auditable_finder(auditable_id, auditable_type).maximum(:version) || 0
+        self.version = max + 1
+      end
     end
 
     def set_audit_user

data/lib/audited/auditor.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Audited
   # Specify this act if you want changes to your model to be saved in an
   # audit table.  This assumes there is an audits table ready.
@@ -34,6 +36,16 @@ module Audited
       # * +require_comment+ - Ensures that audit_comment is supplied before
       #   any create, update or destroy operation.
       # * +max_audits+ - Limits the number of stored audits.
+
+      # * +redacted+ - Changes to these fields will be logged, but the values
+      #   will not. This is useful, for example, if you wish to audit when a
+      #   password is changed, without saving the actual password in the log.
+      #   To store values as something other than '[REDACTED]', pass an argument
+      #   to the redaction_value option.
+      #
+      #     class User < ActiveRecord::Base
+      #       audited redacted: :password, redaction_value: SecureRandom.uuid
+      #     end
       #
       # * +if+ - Only audit the model when the given function returns true
       # * +unless+ - Only audit the model when the given function returns false
@@ -54,8 +66,8 @@ module Audited
         include Audited::Auditor::AuditedInstanceMethods
 
         class_attribute :audit_associated_with, instance_writer: false
-        class_attribute :audited_options,       instance_writer: false
-        attr_accessor :version, :audit_comment
+        class_attribute :audited_options, instance_writer: false
+        attr_accessor :audit_version, :audit_comment
 
         self.audited_options = options
         normalize_audited_options
@@ -70,8 +82,8 @@ module Audited
         has_many :audits, -> { order(version: :asc) }, as: :auditable, class_name: Audited.audit_class.name, inverse_of: :auditable
         Audited.audit_class.audited_class_names << to_s
 
-        after_create :audit_create    if audited_options[:on].include?(:create)
-        before_update :audit_update   if audited_options[:on].include?(:update)
+        after_create :audit_create if audited_options[:on].include?(:create)
+        before_update :audit_update if audited_options[:on].include?(:update)
         before_destroy :audit_destroy if audited_options[:on].include?(:destroy)
 
         # Define and set after_audit and around_audit callbacks. This might be useful if you want
@@ -90,6 +102,8 @@ module Audited
     end
 
     module AuditedInstanceMethods
+      REDACTED = "[REDACTED]"
+
       # Temporarily turns off auditing while saving.
       def save_without_auditing
         without_auditing { save }
@@ -105,6 +119,21 @@ module Audited
         self.class.without_auditing(&block)
       end
 
+      # Temporarily turns on auditing while saving.
+      def save_with_auditing
+        with_auditing { save }
+      end
+
+      # Executes the block with the auditing callbacks enabled.
+      #
+      #   @foo.with_auditing do
+      #     @foo.save
+      #   end
+      #
+      def with_auditing(&block)
+        self.class.with_auditing(&block)
+      end
+
       # Gets an array of the revisions available
       #
       #   user.revisions.each do |revision|
@@ -115,7 +144,7 @@ module Audited
       def revisions(from_version = 1)
         return [] unless audits.from_version(from_version).exists?
 
-        all_audits = audits.select([:audited_changes, :version]).to_a
+        all_audits = audits.select([:audited_changes, :version, :action]).to_a
         targeted_audits = all_audits.select { |audit| audit.version >= from_version }
 
         previous_attributes = reconstruct_attributes(all_audits - targeted_audits)
@@ -129,7 +158,7 @@ module Audited
       # Get a specific revision specified by the version number, or +:previous+
       # Returns nil for versions greater than revisions count
       def revision(version)
-        if version == :previous || self.audits.last.version >= version
+        if version == :previous || audits.last.version >= version
           revision_with Audited.audit_class.reconstruct_attributes(audits_to(version))
         end
       end
@@ -142,7 +171,16 @@ module Audited
 
       # List of attributes that are audited.
       def audited_attributes
-        attributes.except(*non_audited_columns)
+        audited_attributes = attributes.except(*self.class.non_audited_columns)
+        normalize_enum_changes(audited_attributes)
+      end
+
+      # Returns a list combined of record audits and associated audits.
+      def own_and_associated_audits
+        Audited.audit_class.unscoped
+          .where("(auditable_type = :type AND auditable_id = :id) OR (associated_type = :type AND associated_id = :id)",
+            type: self.class.base_class.name, id: id)
+          .order(created_at: :desc)
       end
 
       # Combine multiple audits into one.
@@ -159,24 +197,15 @@ module Audited
 
       protected
 
-      def non_audited_columns
-        self.class.non_audited_columns
-      end
-
-      def audited_columns
-        self.class.audited_columns
-      end
-
       def revision_with(attributes)
         dup.tap do |revision|
           revision.id = id
-          revision.send :instance_variable_set, '@attributes', self.attributes if rails_below?('4.2.0')
-          revision.send :instance_variable_set, '@new_record', destroyed?
-          revision.send :instance_variable_set, '@persisted', !destroyed?
-          revision.send :instance_variable_set, '@readonly', false
-          revision.send :instance_variable_set, '@destroyed', false
-          revision.send :instance_variable_set, '@_destroyed', false
-          revision.send :instance_variable_set, '@marked_for_destruction', false
+          revision.send :instance_variable_set, "@new_record", destroyed?
+          revision.send :instance_variable_set, "@persisted", !destroyed?
+          revision.send :instance_variable_set, "@readonly", false
+          revision.send :instance_variable_set, "@destroyed", false
+          revision.send :instance_variable_set, "@_destroyed", false
+          revision.send :instance_variable_set, "@marked_for_destruction", false
           Audited.audit_class.assign_revision_attributes(revision, attributes)
 
           # Remove any association proxies so that they will be recreated
@@ -193,58 +222,100 @@ module Audited
         end
       end
 
-      def rails_below?(rails_version)
-        Gem::Version.new(Rails::VERSION::STRING) < Gem::Version.new(rails_version)
-      end
-
       private
 
       def audited_changes
         all_changes = respond_to?(:changes_to_save) ? changes_to_save : changes
-        if audited_options[:only].present?
-          all_changes.slice(*audited_columns)
-        else
-          all_changes.except(*non_audited_columns)
+        filtered_changes = \
+          if audited_options[:only].present?
+            all_changes.slice(*self.class.audited_columns)
+          else
+            all_changes.except(*self.class.non_audited_columns)
+          end
+
+        filtered_changes = redact_values(filtered_changes)
+        filtered_changes = normalize_enum_changes(filtered_changes)
+        filtered_changes.to_hash
+      end
+
+      def normalize_enum_changes(changes)
+        return changes if Audited.store_synthesized_enums
+
+        self.class.defined_enums.each do |name, values|
+          if changes.has_key?(name)
+            changes[name] = \
+              if changes[name].is_a?(Array)
+                changes[name].map { |v| values[v] }
+              elsif rails_below?("5.0")
+                changes[name]
+              else
+                values[changes[name]]
+              end
+          end
+        end
+        changes
+      end
+
+      def redact_values(filtered_changes)
+        [audited_options[:redacted]].flatten.compact.each do |option|
+          changes = filtered_changes[option.to_s]
+          new_value = audited_options[:redaction_value] || REDACTED
+          values = if changes.is_a? Array
+            changes.map { new_value }
+          else
+            new_value
+          end
+          hash = {option.to_s => values}
+          filtered_changes.merge!(hash)
         end
+
+        filtered_changes
+      end
+
+      def rails_below?(rails_version)
+        Gem::Version.new(Rails::VERSION::STRING) < Gem::Version.new(rails_version)
       end
 
       def audits_to(version = nil)
         if version == :previous
-          version = if self.version
-                      self.version - 1
-                    else
-                      previous = audits.descending.offset(1).first
-                      previous ? previous.version : 1
-                    end
+          version = if audit_version
+            audit_version - 1
+          else
+            previous = audits.descending.offset(1).first
+            previous ? previous.version : 1
+          end
         end
         audits.to_version(version)
       end
 
       def audit_create
-        write_audit(action: 'create', audited_changes: audited_attributes,
+        write_audit(action: "create", audited_changes: audited_attributes,
                     comment: audit_comment)
       end
 
       def audit_update
-        unless (changes = audited_changes).empty? && audit_comment.blank?
-          write_audit(action: 'update', audited_changes: changes,
+        unless (changes = audited_changes).empty? && (audit_comment.blank? || audited_options[:update_with_comment_only] == false)
+          write_audit(action: "update", audited_changes: changes,
                       comment: audit_comment)
         end
       end
 
       def audit_destroy
-        write_audit(action: 'destroy', audited_changes: audited_attributes,
-                    comment: audit_comment) unless new_record?
+        unless new_record?
+          write_audit(action: "destroy", audited_changes: audited_attributes,
+                      comment: audit_comment)
+        end
       end
 
       def write_audit(attrs)
-        attrs[:associated] = send(audit_associated_with) unless audit_associated_with.nil?
         self.audit_comment = nil
 
         if auditing_enabled
+          attrs[:associated] = send(audit_associated_with) unless audit_associated_with.nil?
+
           run_callbacks(:audit) {
             audit = audits.create(attrs)
-            combine_audits_if_needed if attrs[:action] != 'create'
+            combine_audits_if_needed if attrs[:action] != "create"
             audit
           }
         end
@@ -252,14 +323,15 @@ module Audited
 
       def presence_of_audit_comment
         if comment_required_state?
-          errors.add(:audit_comment, "Comment can't be blank!") unless audit_comment.present?
+          errors.add(:audit_comment, :blank) unless audit_comment.present?
         end
       end
 
       def comment_required_state?
         auditing_enabled &&
-          ((audited_options[:on].include?(:create) && self.new_record?) ||
-          (audited_options[:on].include?(:update) && self.persisted? && self.changed?))
+          audited_changes.present? &&
+          ((audited_options[:on].include?(:create) && new_record?) ||
+          (audited_options[:on].include?(:update) && persisted? && changed?))
       end
 
       def combine_audits_if_needed
@@ -272,8 +344,7 @@ module Audited
 
       def require_comment
         if auditing_enabled && audit_comment.blank?
-          errors.add(:audit_comment, "Comment can't be blank!")
-          return false if Rails.version.start_with?('4.')
+          errors.add(:audit_comment, :blank)
           throw(:abort)
         end
       end
@@ -283,30 +354,25 @@ module Audited
       end
 
       def auditing_enabled
-        return run_conditional_check(audited_options[:if]) &&
+        run_conditional_check(audited_options[:if]) &&
           run_conditional_check(audited_options[:unless], matching: false) &&
           self.class.auditing_enabled
       end
 
       def run_conditional_check(condition, matching: true)
         return true if condition.blank?
-
         return condition.call(self) == matching if condition.respond_to?(:call)
-        return send(condition) == matching if respond_to?(condition.to_sym)
+        return send(condition) == matching if respond_to?(condition.to_sym, true)
 
         true
       end
 
-      def auditing_enabled=(val)
-        self.class.auditing_enabled = val
-      end
-
       def reconstruct_attributes(audits)
         attributes = {}
         audits.each { |audit| attributes.merge!(audit.new_attributes) }
         attributes
       end
-    end # InstanceMethods
+    end
 
     module AuditedClassMethods
       # Returns an array of columns that are audited. See non_audited_columns
@@ -338,6 +404,20 @@ module Audited
         enable_auditing if auditing_was_enabled
       end
 
+      # Executes the block with auditing enabled.
+      #
+      #   Foo.with_auditing do
+      #     @foo.save
+      #   end
+      #
+      def with_auditing
+        auditing_was_enabled = auditing_enabled
+        enable_auditing
+        yield
+      ensure
+        disable_auditing unless auditing_was_enabled
+      end
+
       def disable_auditing
         self.auditing_enabled = false
       end
@@ -355,7 +435,7 @@ module Audited
       end
 
       def auditing_enabled
-        Audited.store.fetch("#{table_name}_auditing_enabled", true)
+        Audited.store.fetch("#{table_name}_auditing_enabled", true) && Audited.auditing_enabled
       end
 
       def auditing_enabled=(val)