audited 5.2.0 → 5.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 86131fd51439ffb0e1e16fd0b3bdd770c0cdf6de5bc8df5f234377d9ef0aeddb
-  data.tar.gz: 4729941ef95dc9e6e542eb705ac12ff4876999c61f210a50d8ef460a02d71078
+  metadata.gz: 051f76b7a9cfbc91222643f2e0ddaa7738d2e446c00ec079dcf0b5d64d7146d3
+  data.tar.gz: 70ef8ed6c1473ca9d2ac21dc444ae66c0b8d42280e5a3c6bf4d1fe46c07f0e60
 SHA512:
-  metadata.gz: 27d6c2bd685eaca06093e7b8352aa942b83163a09be96fade16cc39ac46502697ca264a54f7a99a4390afe6cc07fbca0d345cb4ad35d7a11d98fa8da9aa262dd
-  data.tar.gz: 615ffae5d0fe3a44ffde034ddd60a2074cdff6679b1a8d59b23adfa2fed557023ffd786516997627aaf3de7916c39666d85abd24b38b1562976678472bbc85a9
+  metadata.gz: e085b0764b5feb96dc88cb5db4361f07148550368bde350a45fe21aba47ed80bfa38bb5683437bf3ad7cd983d7dbfe5f4980a80a7da0f1bf76dabea037323b58
+  data.tar.gz: d55bbe1f1f139efd63ac97281d954bfac440b091e292ad57b23668a456f4e389f4401c9a6e6e4ebb9627d4556a9460cb94d2d71c0f0f2f5174b0e62cb2c10968

data/.github/workflows/ci.yml

@@ -1,10 +1,8 @@
 name: CI
 
 on:
-  pull_request:
-  push:
-    branches:
-    - main
+  - pull_request
+  - push
 
 jobs:
   build:
@@ -12,7 +10,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby: [2.3, 2.4, 2.5, 2.6, 2.7, 3.0, 3.1]
+        ruby: [2.3, 2.4, 2.5, 2.6, 2.7, 3.0, 3.1, 3.2]
         appraisal:
           - rails50
           - rails51
@@ -43,6 +41,8 @@ jobs:
             ruby: 3.0
           - appraisal: rails50
             ruby: 3.1
+          - appraisal: rails50
+            ruby: 3.2
 
           # Rails 5.1 supports Ruby 2.2-2.5
           - appraisal: rails51
@@ -53,6 +53,8 @@ jobs:
             ruby: 3.0
           - appraisal: rails51
             ruby: 3.1
+          - appraisal: rails51
+            ruby: 3.2
 
           # Rails 5.2 supports Ruby 2.2-2.5
           - appraisal: rails52
@@ -63,6 +65,8 @@ jobs:
             ruby: 3.0
           - appraisal: rails52
             ruby: 3.1
+          - appraisal: rails52
+            ruby: 3.2
 
           # Rails 6.0 supports Ruby 2.5-2.7
           - appraisal: rails60
@@ -73,6 +77,8 @@ jobs:
             ruby: 3.0
           - appraisal: rails60
             ruby: 3.1
+          - appraisal: rails60
+            ruby: 3.2
 
           # Rails 6.1 supports Ruby 2.5+
           - appraisal: rails61

data/CHANGELOG.md

@@ -1,5 +1,24 @@
 # Audited ChangeLog
 
+## 5.3.1 (2023-02-21)
+
+- Ensure touch support doesn't cause double audits - @mcyoung
+  [#660](https://github.com/collectiveidea/audited/pull/660)
+- Testing Improvements - @vlad-psh
+  [#628](https://github.com/collectiveidea/audited/pull/628)
+- Testing Improvements - @mcyoung
+  [#658](https://github.com/collectiveidea/audited/pull/658)
+
+## 5.3.0 (2023-02-14)
+
+- Audit touch calls - @mcyoung
+  [#657](https://github.com/collectiveidea/audited/pull/657)
+- Allow using with Padrino and other non-Rails projects - @nicduke38degrees
+  [#655](https://github.com/collectiveidea/audited/pull/655)
+- Testing updates - @jdufresne
+  [#652](https://github.com/collectiveidea/audited/pull/652)
+  [#653](https://github.com/collectiveidea/audited/pull/653)
+
 ## 5.2.0 (2023-01-23)
 
 Improved

data/README.md

@@ -24,6 +24,7 @@ Audited supports and is [tested against](https://github.com/collectiveidea/audit
 * 2.7
 * 3.0
 * 3.1
+* 3.2
 
 Audited may work just fine with a Ruby version not listed above, but we can't guarantee that it will. If you'd like to maintain a Ruby that isn't listed, please let us know with a [pull request](https://github.com/collectiveidea/audited/pulls).
 

data/lib/audited/audit.rb

@@ -174,7 +174,7 @@ module Audited
       if action == "create"
         self.version = 1
       else
-        collection = (Rails::VERSION::MAJOR >= 6) ? self.class.unscoped : self.class
+        collection = (ActiveRecord::VERSION::MAJOR >= 6) ? self.class.unscoped : self.class
         max = collection.auditable_finder(auditable_id, auditable_type).maximum(:version) || 0
         self.version = max + 1
       end

data/lib/audited/auditor.rb

@@ -84,6 +84,7 @@ module Audited
 
         after_create :audit_create if audited_options[:on].include?(:create)
         before_update :audit_update if audited_options[:on].include?(:update)
+        after_touch :audit_touch if audited_options[:on].include?(:touch) && ::ActiveRecord::VERSION::MAJOR >= 6
         before_destroy :audit_destroy if audited_options[:on].include?(:destroy)
 
         # Define and set after_audit and around_audit callbacks. This might be useful if you want
@@ -230,8 +231,15 @@ module Audited
 
       private
 
-      def audited_changes
-        all_changes = respond_to?(:changes_to_save) ? changes_to_save : changes
+      def audited_changes(for_touch: false)
+        all_changes = if for_touch
+                        previous_changes
+                      elsif respond_to?(:changes_to_save)
+                        changes_to_save
+                      else
+                        changes
+                      end
+
         filtered_changes = \
           if audited_options[:only].present?
             all_changes.slice(*self.class.audited_columns)
@@ -239,6 +247,13 @@ module Audited
             all_changes.except(*self.class.non_audited_columns)
           end
 
+        if for_touch
+          filtered_changes.reject! do |k, v|
+            audits.last.audited_changes[k].to_json == v.to_json ||
+            audits.last.audited_changes[k].to_json == v[1].to_json
+          end
+        end
+
         filtered_changes = redact_values(filtered_changes)
         filtered_changes = filter_encrypted_attrs(filtered_changes)
         filtered_changes = normalize_enum_changes(filtered_changes)
@@ -324,6 +339,13 @@ module Audited
         end
       end
 
+      def audit_touch
+        unless (changes = audited_changes(for_touch: true)).empty?
+          write_audit(action: "update", audited_changes: changes,
+            comment: audit_comment)
+        end
+      end
+
       def audit_destroy
         unless new_record?
           write_audit(action: "destroy", audited_changes: audited_attributes,
@@ -474,7 +496,7 @@ module Audited
 
       def normalize_audited_options
         audited_options[:on] = Array.wrap(audited_options[:on])
-        audited_options[:on] = [:create, :update, :destroy] if audited_options[:on].empty?
+        audited_options[:on] = [:create, :update, :touch, :destroy] if audited_options[:on].empty?
         audited_options[:only] = Array.wrap(audited_options[:only]).map(&:to_s)
         audited_options[:except] = Array.wrap(audited_options[:except]).map(&:to_s)
         max_audits = audited_options[:max_audits] || Audited.max_audits

data/lib/audited/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Audited
-  VERSION = "5.2.0"
+  VERSION = "5.3.1"
 end

data/spec/audited/auditor_spec.rb

@@ -1,6 +1,9 @@
 require "spec_helper"
 
-SingleCov.covered! uncovered: 9 # not testing proxy_respond_to? hack / 2 methods / deprecation of `version`
+# not testing proxy_respond_to? hack / 2 methods / deprecation of `version`
+# also, an additional 5 around `after_touch` for Versions before 6.
+uncovered = ActiveRecord::VERSION::MAJOR < 6 ? 14 : 9
+SingleCov.covered! uncovered: uncovered
 
 class ConditionalPrivateCompany < ::ActiveRecord::Base
   self.table_name = "companies"
@@ -143,7 +146,7 @@ describe Audited::Auditor do
     end
 
     it "should be configurable which attributes are not audited via ignored_attributes" do
-      Audited.ignored_attributes = ["delta", "top_secret", "created_at"]
+      Audited.ignored_attributes = ["delta", "top_secret", "created_at", "updated_at"]
 
       expect(Secret.non_audited_columns).to include("delta", "top_secret", "created_at")
     end
@@ -215,17 +218,25 @@ describe Audited::Auditor do
       redacted = Audited::Auditor::AuditedInstanceMethods::REDACTED
       user =
         Models::ActiveRecord::UserMultipleRedactedAttributes.create(
-          password: "password",
-          ssn: 123456789
+          password: "password"
         )
       user.save!
       expect(user.audits.last.audited_changes["password"]).to eq(redacted)
+      # Saving '[REDACTED]' value for 'ssn' even if value wasn't set explicitly when record was created
       expect(user.audits.last.audited_changes["ssn"]).to eq(redacted)
+
       user.password = "new_password"
       user.ssn = 987654321
       user.save!
       expect(user.audits.last.audited_changes["password"]).to eq([redacted, redacted])
       expect(user.audits.last.audited_changes["ssn"]).to eq([redacted, redacted])
+
+      # If we haven't changed any attrs from 'redacted' list, audit should not contain these keys
+      user.name = "new name"
+      user.save!
+      expect(user.audits.last.audited_changes).to have_key('name')
+      expect(user.audits.last.audited_changes).not_to have_key('password')
+      expect(user.audits.last.audited_changes).not_to have_key('ssn')
     end
 
     it "should redact columns in 'redacted' column with custom option" do
@@ -414,6 +425,83 @@ describe Audited::Auditor do
     end
   end
 
+  if ::ActiveRecord::VERSION::MAJOR >= 6
+    describe "on touch" do
+      before do
+        @user = create_user(name: "Brandon", status: :active)
+      end
+
+      it "should save an audit" do
+        expect { @user.touch(:suspended_at) }.to change(Audited::Audit, :count).by(1)
+      end
+
+      it "should set the action to 'update'" do
+        @user.touch(:suspended_at)
+        expect(@user.audits.last.action).to eq("update")
+        expect(Audited::Audit.updates.order(:id).last).to eq(@user.audits.last)
+        expect(@user.audits.updates.last).to eq(@user.audits.last)
+      end
+
+      it "should store the changed attributes" do
+        @user.touch(:suspended_at)
+        expect(@user.audits.last.audited_changes["suspended_at"][0]).to be_nil
+        expect(Time.parse(@user.audits.last.audited_changes["suspended_at"][1].to_s)).to be_within(2.seconds).of(Time.current)
+      end
+
+      it "should store audit comment" do
+        @user.audit_comment = "Here exists a touch comment"
+        @user.touch(:suspended_at)
+        expect(@user.audits.last.action).to eq("update")
+        expect(@user.audits.last.comment).to eq("Here exists a touch comment")
+      end
+
+      it "should not save an audit if only specified on create/destroy" do
+        on_create_destroy = Models::ActiveRecord::OnCreateDestroyUser.create(name: "Bart")
+        expect {
+          on_create_destroy.touch(:suspended_at)
+        }.to_not change(Audited::Audit, :count)
+      end
+
+      context "don't double audit" do
+        let(:user) { Models::ActiveRecord::Owner.create(name: "OwnerUser", suspended_at: 1.month.ago, companies_attributes: [{ name: "OwnedCompany" }]) }
+        let(:company) { user.companies.first }
+
+        it "should only create 1 (create) audit for object" do
+          expect(user.audits.count).to eq(1)
+          expect(user.audits.first.action).to eq("create")
+        end
+
+        it "should only create 1 (create) audit for nested resource" do
+          expect(company.audits.count).to eq(1)
+          expect(company.audits.first.action).to eq("create")
+        end
+
+        context "after creating" do
+          it "updating / touching nested resource shouldn't save touch audit on parent object" do
+            expect { company.touch(:type) }.not_to change(user.audits, :count)
+            expect { company.update(type: "test") }.not_to change(user.audits, :count)
+          end
+
+          it "updating / touching parent object shouldn't save previous data" do
+            expect { user.touch(:suspended_at) }.to change(user.audits, :count).from(1).to(2)
+            expect(user.audits.last.action).to eq("update")
+            expect(user.audits.last.audited_changes.keys).to eq(%w[suspended_at])
+          end
+        end
+
+        context "after updating" do
+          it "changing nested resource shouldn't audit owner" do
+            expect { user.update(username: "test") }.to change(user.audits, :count).from(1).to(2)
+            expect { company.update(type: "test") }.not_to change(user.audits, :count)
+
+            expect { user.touch(:suspended_at) }.to change(user.audits, :count).from(2).to(3)
+            expect { company.update(type: "another_test") }.not_to change(user.audits, :count)
+          end
+        end
+      end
+    end
+  end
+
   describe "on destroy" do
     before do
       @user = create_user(status: :active)

data/spec/support/active_record/models.rb

@@ -124,11 +124,12 @@ module Models
       audited
       has_associated_audits
       has_many :companies, class_name: "OwnedCompany", dependent: :destroy
+      accepts_nested_attributes_for :companies
     end
 
     class OwnedCompany < ::ActiveRecord::Base
       self.table_name = "companies"
-      belongs_to :owner, class_name: "Owner"
+      belongs_to :owner, class_name: "Owner", touch: true
       attr_accessible :name, :owner if respond_to?(:attr_accessible) # declare attr_accessible before calling aaa
       audited associated_with: :owner
     end
@@ -146,6 +147,11 @@ module Models
       audited on: [:create, :destroy]
     end
 
+    class OnCreateDestroyUser < ::ActiveRecord::Base
+      self.table_name = "users"
+      audited on: [:create, :destroy]
+    end
+
     class OnCreateDestroyExceptName < ::ActiveRecord::Base
       self.table_name = "companies"
       audited except: :name, on: [:create, :destroy]

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: audited
 version: !ruby/object:Gem::Version
-  version: 5.2.0
+  version: 5.3.1
 platform: ruby
 authors:
 - Brandon Keepers
@@ -13,7 +13,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-23 00:00:00.000000000 Z
+date: 2023-02-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -252,7 +252,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.4.6
 signing_key:
 specification_version: 4
 summary: Log all changes to your models