audited 4.9.0 → 5.0.2

data/lib/audited/audit.rb

@@ -1,4 +1,6 @@
-require 'set'
+# frozen_string_literal: true
+
+require "set"
 
 module Audited
   # Audit saves the changes to ActiveRecord models.  It has the following attributes:
@@ -16,7 +18,7 @@ module Audited
   class YAMLIfTextColumnType
     class << self
       def load(obj)
-        if Audited.audit_class.columns_hash["audited_changes"].type.to_s == "text"
+        if text_column?
           ActiveRecord::Coders::YAMLColumn.new(Object).load(obj)
         else
           obj
@@ -24,18 +26,22 @@ module Audited
       end
 
       def dump(obj)
-        if Audited.audit_class.columns_hash["audited_changes"].type.to_s == "text"
+        if text_column?
           ActiveRecord::Coders::YAMLColumn.new(Object).dump(obj)
         else
           obj
         end
       end
+
+      def text_column?
+        Audited.audit_class.columns_hash["audited_changes"].type.to_s == "text"
+      end
     end
   end
 
   class Audit < ::ActiveRecord::Base
-    belongs_to :auditable,  polymorphic: true
-    belongs_to :user,       polymorphic: true
+    belongs_to :auditable, polymorphic: true
+    belongs_to :user, polymorphic: true
     belongs_to :associated, polymorphic: true
 
     before_create :set_version_number, :set_audit_user, :set_request_uuid, :set_remote_address
@@ -45,16 +51,16 @@ module Audited
 
     serialize :audited_changes, YAMLIfTextColumnType
 
-    scope :ascending,     ->{ reorder(version: :asc) }
-    scope :descending,    ->{ reorder(version: :desc)}
-    scope :creates,       ->{ where(action: 'create')}
-    scope :updates,       ->{ where(action: 'update')}
-    scope :destroys,      ->{ where(action: 'destroy')}
+    scope :ascending, -> { reorder(version: :asc) }
+    scope :descending, -> { reorder(version: :desc) }
+    scope :creates, -> { where(action: "create") }
+    scope :updates, -> { where(action: "update") }
+    scope :destroys, -> { where(action: "destroy") }
 
-    scope :up_until,      ->(date_or_time){ where("created_at <= ?", date_or_time) }
-    scope :from_version,  ->(version){ where('version >= ?', version) }
-    scope :to_version,    ->(version){ where('version <= ?', version) }
-    scope :auditable_finder, ->(auditable_id, auditable_type){ where(auditable_id: auditable_id, auditable_type: auditable_type)}
+    scope :up_until, ->(date_or_time) { where("created_at <= ?", date_or_time) }
+    scope :from_version, ->(version) { where("version >= ?", version) }
+    scope :to_version, ->(version) { where("version <= ?", version) }
+    scope :auditable_finder, ->(auditable_id, auditable_type) { where(auditable_id: auditable_id, auditable_type: auditable_type) }
     # Return all audits older than the current one.
     def ancestors
       self.class.ascending.auditable_finder(auditable_id, auditable_type).to_version(version)
@@ -71,31 +77,28 @@ module Audited
 
     # Returns a hash of the changed attributes with the new values
     def new_attributes
-      (audited_changes || {}).inject({}.with_indifferent_access) do |attrs, (attr, values)|
-        attrs[attr] = values.is_a?(Array) ? values.last : values
-        attrs
+      (audited_changes || {}).each_with_object({}.with_indifferent_access) do |(attr, values), attrs|
+        attrs[attr] = (action == "update" ? values.last : values)
       end
     end
 
     # Returns a hash of the changed attributes with the old values
     def old_attributes
-      (audited_changes || {}).inject({}.with_indifferent_access) do |attrs, (attr, values)|
-        attrs[attr] = Array(values).first
-
-        attrs
+      (audited_changes || {}).each_with_object({}.with_indifferent_access) do |(attr, values), attrs|
+        attrs[attr] = (action == "update" ? values.first : values)
       end
     end
 
     # Allows user to undo changes
     def undo
       case action
-      when 'create'
+      when "create"
         # destroys a newly created record
         auditable.destroy!
-      when 'destroy'
+      when "destroy"
         # creates a new record with the destroyed record attributes
         auditable_type.constantize.create!(audited_changes)
-      when 'update'
+      when "update"
         # changes back attributes
         auditable.update!(audited_changes.transform_values(&:first))
       else
@@ -131,7 +134,7 @@ module Audited
     # by +user+. This method is hopefully threadsafe, making it ideal
     # for background operations that require audit information.
     def self.as_user(user)
-      last_audited_user = ::Audited.store[:audited_user] 
+      last_audited_user = ::Audited.store[:audited_user]
       ::Audited.store[:audited_user] = user
       yield
     ensure
@@ -143,7 +146,7 @@ module Audited
       audits.each_with_object({}) do |audit, all|
         all.merge!(audit.new_attributes)
         all[:audit_version] = audit.version
-     end
+      end
     end
 
     # @private
@@ -168,8 +171,13 @@ module Audited
     private
 
     def set_version_number
-      max = self.class.auditable_finder(auditable_id, auditable_type).maximum(:version) || 0
-      self.version = max + 1
+      if action == "create"
+        self.version = 1
+      else
+        collection = Rails::VERSION::MAJOR >= 6 ? self.class.unscoped : self.class
+        max = collection.auditable_finder(auditable_id, auditable_type).maximum(:version) || 0
+        self.version = max + 1
+      end
     end
 
     def set_audit_user

data/lib/audited/auditor.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Audited
   # Specify this act if you want changes to your model to be saved in an
   # audit table.  This assumes there is an audits table ready.
@@ -34,6 +36,16 @@ module Audited
       # * +require_comment+ - Ensures that audit_comment is supplied before
       #   any create, update or destroy operation.
       # * +max_audits+ - Limits the number of stored audits.
+
+      # * +redacted+ - Changes to these fields will be logged, but the values
+      #   will not. This is useful, for example, if you wish to audit when a
+      #   password is changed, without saving the actual password in the log.
+      #   To store values as something other than '[REDACTED]', pass an argument
+      #   to the redaction_value option.
+      #
+      #     class User < ActiveRecord::Base
+      #       audited redacted: :password, redaction_value: SecureRandom.uuid
+      #     end
       #
       # * +if+ - Only audit the model when the given function returns true
       # * +unless+ - Only audit the model when the given function returns false
@@ -54,7 +66,7 @@ module Audited
         include Audited::Auditor::AuditedInstanceMethods
 
         class_attribute :audit_associated_with, instance_writer: false
-        class_attribute :audited_options,       instance_writer: false
+        class_attribute :audited_options, instance_writer: false
         attr_accessor :audit_version, :audit_comment
 
         self.audited_options = options
@@ -70,8 +82,8 @@ module Audited
         has_many :audits, -> { order(version: :asc) }, as: :auditable, class_name: Audited.audit_class.name, inverse_of: :auditable
         Audited.audit_class.audited_class_names << to_s
 
-        after_create :audit_create    if audited_options[:on].include?(:create)
-        before_update :audit_update   if audited_options[:on].include?(:update)
+        after_create :audit_create if audited_options[:on].include?(:create)
+        before_update :audit_update if audited_options[:on].include?(:update)
         before_destroy :audit_destroy if audited_options[:on].include?(:destroy)
 
         # Define and set after_audit and around_audit callbacks. This might be useful if you want
@@ -90,15 +102,7 @@ module Audited
     end
 
     module AuditedInstanceMethods
-      # Deprecate version attribute in favor of audit_version attribute – preparing for eventual removal.
-      def method_missing(method_name, *args, &block)
-        if method_name == :version
-          ActiveSupport::Deprecation.warn("`version` attribute has been changed to `audit_version`. This attribute will be removed.")
-          audit_version
-        else
-          super
-        end
-      end
+      REDACTED = "[REDACTED]"
 
       # Temporarily turns off auditing while saving.
       def save_without_auditing
@@ -140,7 +144,7 @@ module Audited
       def revisions(from_version = 1)
         return [] unless audits.from_version(from_version).exists?
 
-        all_audits = audits.select([:audited_changes, :version]).to_a
+        all_audits = audits.select([:audited_changes, :version, :action]).to_a
         targeted_audits = all_audits.select { |audit| audit.version >= from_version }
 
         previous_attributes = reconstruct_attributes(all_audits - targeted_audits)
@@ -154,7 +158,7 @@ module Audited
       # Get a specific revision specified by the version number, or +:previous+
       # Returns nil for versions greater than revisions count
       def revision(version)
-        if version == :previous || self.audits.last.version >= version
+        if version == :previous || audits.last.version >= version
           revision_with Audited.audit_class.reconstruct_attributes(audits_to(version))
         end
       end
@@ -174,9 +178,9 @@ module Audited
       # Returns a list combined of record audits and associated audits.
       def own_and_associated_audits
         Audited.audit_class.unscoped
-        .where('(auditable_type = :type AND auditable_id = :id) OR (associated_type = :type AND associated_id = :id)',
-          type: self.class.name, id: id)
-        .order(created_at: :desc)
+          .where("(auditable_type = :type AND auditable_id = :id) OR (associated_type = :type AND associated_id = :id)",
+            type: self.class.base_class.name, id: id)
+          .order(created_at: :desc)
       end
 
       # Combine multiple audits into one.
@@ -196,12 +200,12 @@ module Audited
       def revision_with(attributes)
         dup.tap do |revision|
           revision.id = id
-          revision.send :instance_variable_set, '@new_record', destroyed?
-          revision.send :instance_variable_set, '@persisted', !destroyed?
-          revision.send :instance_variable_set, '@readonly', false
-          revision.send :instance_variable_set, '@destroyed', false
-          revision.send :instance_variable_set, '@_destroyed', false
-          revision.send :instance_variable_set, '@marked_for_destruction', false
+          revision.send :instance_variable_set, "@new_record", destroyed?
+          revision.send :instance_variable_set, "@persisted", !destroyed?
+          revision.send :instance_variable_set, "@readonly", false
+          revision.send :instance_variable_set, "@destroyed", false
+          revision.send :instance_variable_set, "@_destroyed", false
+          revision.send :instance_variable_set, "@marked_for_destruction", false
           Audited.audit_class.assign_revision_attributes(revision, attributes)
 
           # Remove any association proxies so that they will be recreated
@@ -229,17 +233,20 @@ module Audited
             all_changes.except(*self.class.non_audited_columns)
           end
 
+        filtered_changes = redact_values(filtered_changes)
         filtered_changes = normalize_enum_changes(filtered_changes)
         filtered_changes.to_hash
       end
 
       def normalize_enum_changes(changes)
+        return changes if Audited.store_synthesized_enums
+
         self.class.defined_enums.each do |name, values|
           if changes.has_key?(name)
             changes[name] = \
               if changes[name].is_a?(Array)
                 changes[name].map { |v| values[v] }
-              elsif rails_below?('5.0')
+              elsif rails_below?("5.0")
                 changes[name]
               else
                 values[changes[name]]
@@ -249,47 +256,66 @@ module Audited
         changes
       end
 
+      def redact_values(filtered_changes)
+        [audited_options[:redacted]].flatten.compact.each do |option|
+          changes = filtered_changes[option.to_s]
+          new_value = audited_options[:redaction_value] || REDACTED
+          values = if changes.is_a? Array
+            changes.map { new_value }
+          else
+            new_value
+          end
+          hash = {option.to_s => values}
+          filtered_changes.merge!(hash)
+        end
+
+        filtered_changes
+      end
+
       def rails_below?(rails_version)
         Gem::Version.new(Rails::VERSION::STRING) < Gem::Version.new(rails_version)
       end
 
       def audits_to(version = nil)
         if version == :previous
-          version = if self.audit_version
-                      self.audit_version - 1
-                    else
-                      previous = audits.descending.offset(1).first
-                      previous ? previous.version : 1
-                    end
+          version = if audit_version
+            audit_version - 1
+          else
+            previous = audits.descending.offset(1).first
+            previous ? previous.version : 1
+          end
         end
         audits.to_version(version)
       end
 
       def audit_create
-        write_audit(action: 'create', audited_changes: audited_attributes,
+        write_audit(action: "create", audited_changes: audited_attributes,
                     comment: audit_comment)
       end
 
       def audit_update
         unless (changes = audited_changes).empty? && (audit_comment.blank? || audited_options[:update_with_comment_only] == false)
-          write_audit(action: 'update', audited_changes: changes,
+          write_audit(action: "update", audited_changes: changes,
                       comment: audit_comment)
         end
       end
 
       def audit_destroy
-        write_audit(action: 'destroy', audited_changes: audited_attributes,
-                    comment: audit_comment) unless new_record?
+        unless new_record?
+          write_audit(action: "destroy", audited_changes: audited_attributes,
+                      comment: audit_comment)
+        end
       end
 
       def write_audit(attrs)
-        attrs[:associated] = send(audit_associated_with) unless audit_associated_with.nil?
         self.audit_comment = nil
 
         if auditing_enabled
+          attrs[:associated] = send(audit_associated_with) unless audit_associated_with.nil?
+
           run_callbacks(:audit) {
             audit = audits.create(attrs)
-            combine_audits_if_needed if attrs[:action] != 'create'
+            combine_audits_if_needed if attrs[:action] != "create"
             audit
           }
         end
@@ -297,14 +323,15 @@ module Audited
 
       def presence_of_audit_comment
         if comment_required_state?
-          errors.add(:audit_comment, "Comment can't be blank!") unless audit_comment.present?
+          errors.add(:audit_comment, :blank) unless audit_comment.present?
         end
       end
 
       def comment_required_state?
         auditing_enabled &&
-          ((audited_options[:on].include?(:create) && self.new_record?) ||
-          (audited_options[:on].include?(:update) && self.persisted? && self.changed?))
+          audited_changes.present? &&
+          ((audited_options[:on].include?(:create) && new_record?) ||
+          (audited_options[:on].include?(:update) && persisted? && changed?))
       end
 
       def combine_audits_if_needed
@@ -317,8 +344,7 @@ module Audited
 
       def require_comment
         if auditing_enabled && audit_comment.blank?
-          errors.add(:audit_comment, "Comment can't be blank!")
-          return false if Rails.version.start_with?('4.')
+          errors.add(:audit_comment, :blank)
           throw(:abort)
         end
       end
@@ -328,7 +354,7 @@ module Audited
       end
 
       def auditing_enabled
-        return run_conditional_check(audited_options[:if]) &&
+        run_conditional_check(audited_options[:if]) &&
           run_conditional_check(audited_options[:unless], matching: false) &&
           self.class.auditing_enabled
       end
@@ -346,7 +372,7 @@ module Audited
         audits.each { |audit| attributes.merge!(audit.new_attributes) }
         attributes
       end
-    end # InstanceMethods
+    end
 
     module AuditedClassMethods
       # Returns an array of columns that are audited. See non_audited_columns

data/lib/audited/railtie.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Audited
+  class Railtie < Rails::Railtie
+    initializer "audited.sweeper" do
+      ActiveSupport.on_load(:action_controller) do
+        if defined?(ActionController::Base)
+          ActionController::Base.around_action Audited::Sweeper.new
+        end
+        if defined?(ActionController::API)
+          ActionController::API.around_action Audited::Sweeper.new
+        end
+      end
+    end
+  end
+end

data/lib/audited/rspec_matchers.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Audited
   module RspecMatchers
     # Ensure that the model is audited.
@@ -78,9 +80,9 @@ module Audited
       def description
         description = "audited"
         description += " associated with #{@options[:associated_with]}" if @options.key?(:associated_with)
-        description += " only => #{@options[:only].join ', '}"          if @options.key?(:only)
-        description += " except => #{@options[:except].join(', ')}"     if @options.key?(:except)
-        description += " requires audit_comment"                        if @options.key?(:comment_required)
+        description += " only => #{@options[:only].join ", "}" if @options.key?(:only)
+        description += " except => #{@options[:except].join(", ")}" if @options.key?(:except)
+        description += " requires audit_comment" if @options.key?(:comment_required)
 
         description
       end

data/lib/audited/sweeper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Audited
   class Sweeper
     STORED_DATA = {
@@ -10,7 +12,7 @@ module Audited
 
     def around(controller)
       self.controller = controller
-      STORED_DATA.each { |k,m| store[k] = send(m) }
+      STORED_DATA.each { |k, m| store[k] = send(m) }
       yield
     ensure
       self.controller = nil
@@ -38,12 +40,3 @@ module Audited
     end
   end
 end
-
-ActiveSupport.on_load(:action_controller) do
-  if defined?(ActionController::Base)
-    ActionController::Base.around_action Audited::Sweeper.new
-  end
-  if defined?(ActionController::API)
-    ActionController::API.around_action Audited::Sweeper.new
-  end
-end