audited 5.4.2 → 5.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c2f155f1c224559a215a6098e8dad58c4a807e87d38cb99e9b09b21e570db0ac
-  data.tar.gz: 572d605d910cf1d0a6c9a3904ba9ccc95979b189fabf3912a66adb590fc40bf7
+  metadata.gz: 4d9407750d2b70edd5e934c0b0544ba52230a3e3ac4955194029b6b7370c8fe7
+  data.tar.gz: 863fc4f2e8d1cc188664f4a346db886f7dfdd4bf6c6b56f3371eacb4d75497dd
 SHA512:
-  metadata.gz: 22f44786ceff2b8dd4f22f97ad2b874b5fe8e9fb99d97519a47e68e272ca0409ec20ed042ed38e706defffc6ffb9bb2e12f95ee9d508dcd2ff731e9e24a598b3
-  data.tar.gz: dd24d3d0f51e90f683003f831d9907403e369aad7db2146f56dc8169d7feb5d83e6ff408693eef12e620e7b759a5bc7929c04d41d0ec5f3f36f79f953b6bc341
+  metadata.gz: cb853e42fb4e6ff1493f3864a0c5833e730b27e90f14d8b8529ad11c3dd66052c8bd3739433e4c08decd84ecb5525a244ab8a831bf70a7a21654c398e220b8c7
+  data.tar.gz: 36d1acab56d4011d8766f0a3f0126ecae8fff5a7469a3ac00a43d6ccc3e1f09eee5c8e8054d30367dbdf69caab3f49135020861ca16d10a76e5f44349e14a57f

data/.github/workflows/publish_gem.yml

@@ -0,0 +1,28 @@
+name: Publish Gem
+
+on:
+  push:
+    tags:
+      - v*
+
+jobs:
+  push:
+    if: github.repository == 'collectiveidea/audited'
+    runs-on: ubuntu-latest
+    environment: publishing
+
+    permissions:
+      contents: write
+      id-token: write
+
+    steps:
+      # Set up
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+          ruby-version: ruby
+
+      # Release
+      - uses: rubygems/release-gem@v1

data/CHANGELOG.md

@@ -1,5 +1,20 @@
 # Audited ChangeLog
 
+### 5.5.0 (2024-04-02)
+
+- Removed support for Rails 5.0 and 5.1.
+- Replace RequestStore with ActiveSupport::CurrentAttributes - @punkisdead
+  [#702](https://github.com/collectiveidea/audited/pull/702)
+
+### 5.4.3 (2024-01-11)
+
+- Ignore readonly columns in audit - @sriddbs
+  [#692](https://github.com/collectiveidea/audited/pull/692)
+- Robustify Rails version checks - @blaet
+  [#689](https://github.com/collectiveidea/audited/pull/689)
+-  Ignore callbacks if not specifed on the model
+  [#679](https://github.com/collectiveidea/audited/pull/679)
+
 ## 5.4.2 (2023-11-30)
 
 - Revert replacing RequetStore with ActiveSupport::CurrentAttributes until it is fully tested.

data/README.md

@@ -8,8 +8,9 @@ Audited
 **Audited** (previously acts_as_audited) is an ORM extension that logs all changes to your models. Audited can also record who made those changes, save comments and associate models related to the changes.
 
 
-Audited currently (5.x) works with Rails 7.1, 7.0, 6.1, 6.0, 5.2, 5.1, and 5.0.
+Audited currently (5.5) works with Rails 7.1, 7.0, 6.1, 6.0, 5.2.
 
+For Rails 5.0 & 5.1, use gem version 5.4.3
 For Rails 4, use gem version 4.x
 For Rails 3, use gem version 3.0 or see the [3.0-stable branch](https://github.com/collectiveidea/audited/tree/3.0-stable).
 
@@ -133,18 +134,24 @@ end
 
 ### Specifying callbacks
 
-By default, a new audit is created for any Create, Update or Destroy action. You can, however, limit the actions audited.
+By default, a new audit is created for any Create, Update, Touch (Rails 6+) or Destroy action. You can, however, limit the actions audited.
 
 ```ruby
 class User < ActiveRecord::Base
   # All fields and actions
   # audited
 
-  # Single field, only audit Update and Destroy (not Create)
+  # Single field, only audit Update and Destroy (not Create or Touch)
   # audited only: :name, on: [:update, :destroy]
 end
 ```
 
+You can ignore the default callbacks globally unless the callback action is specified in your model using the `:on` option. To configure default callback exclusion, put the following in an initializer file (`config/initializers/audited.rb`):
+
+```ruby
+Audited.ignored_default_callbacks = [:create, :update] # ignore callbacks create and update
+```
+
 ### Comments
 
 You can attach comments to each audit using an `audit_comment` attribute on your model.

data/Rakefile

@@ -1,12 +1,10 @@
 #!/usr/bin/env rake
 
-require "bundler/gem_helper"
+require "bundler/gem_tasks"
 require "rspec/core/rake_task"
 require "rake/testtask"
 require "appraisal"
 
-Bundler::GemHelper.install_tasks(name: "audited")
-
 RSpec::Core::RakeTask.new(:spec)
 
 Rake::TestTask.new do |t|

data/lib/audited/audit.rb

@@ -49,7 +49,7 @@ module Audited
     cattr_accessor :audited_class_names
     self.audited_class_names = Set.new
 
-    if Rails.version >= "7.1"
+    if Rails.gem_version >= Gem::Version.new("7.1")
       serialize :audited_changes, coder: YAMLIfTextColumnType
     else
       serialize :audited_changes, YAMLIfTextColumnType

data/lib/audited/auditor.rb

@@ -231,7 +231,7 @@ module Audited
 
       private
 
-      def audited_changes(for_touch: false)
+      def audited_changes(for_touch: false, exclude_readonly_attrs: false)
         all_changes = if for_touch
           previous_changes
         elsif respond_to?(:changes_to_save)
@@ -240,6 +240,8 @@ module Audited
           changes
         end
 
+        all_changes = all_changes.except(*self.class.readonly_attributes.to_a) if exclude_readonly_attrs
+
         filtered_changes = \
           if audited_options[:only].present?
             all_changes.slice(*self.class.audited_columns)
@@ -247,6 +249,8 @@ module Audited
             all_changes.except(*self.class.non_audited_columns)
           end
 
+        filtered_changes = normalize_enum_changes(filtered_changes)
+
         if for_touch && (last_audit = audits.last&.audited_changes)
           filtered_changes.reject! do |k, v|
             last_audit[k].to_json == v.to_json ||
@@ -256,7 +260,6 @@ module Audited
 
         filtered_changes = redact_values(filtered_changes)
         filtered_changes = filter_encrypted_attrs(filtered_changes)
-        filtered_changes = normalize_enum_changes(filtered_changes)
         filtered_changes.to_hash
       end
 
@@ -333,14 +336,14 @@ module Audited
       end
 
       def audit_update
-        unless (changes = audited_changes).empty? && (audit_comment.blank? || audited_options[:update_with_comment_only] == false)
+        unless (changes = audited_changes(exclude_readonly_attrs: true)).empty? && (audit_comment.blank? || audited_options[:update_with_comment_only] == false)
           write_audit(action: "update", audited_changes: changes,
             comment: audit_comment)
         end
       end
 
       def audit_touch
-        unless (changes = audited_changes(for_touch: true)).empty?
+        unless (changes = audited_changes(for_touch: true, exclude_readonly_attrs: true)).empty?
           write_audit(action: "update", audited_changes: changes,
             comment: audit_comment)
         end
@@ -496,7 +499,7 @@ module Audited
 
       def normalize_audited_options
         audited_options[:on] = Array.wrap(audited_options[:on])
-        audited_options[:on] = [:create, :update, :touch, :destroy] if audited_options[:on].empty?
+        audited_options[:on] = ([:create, :update, :touch, :destroy] - Audited.ignored_default_callbacks) if audited_options[:on].empty?
         audited_options[:only] = Array.wrap(audited_options[:only]).map(&:to_s)
         audited_options[:except] = Array.wrap(audited_options[:except]).map(&:to_s)
         max_audits = audited_options[:max_audits] || Audited.max_audits

data/lib/audited/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Audited
-  VERSION = "5.4.2"
+  VERSION = "5.5.0"
 end

data/lib/audited.rb

@@ -9,6 +9,7 @@ module Audited
       :auditing_enabled,
       :current_user_method,
       :ignored_attributes,
+      :ignored_default_callbacks,
       :max_audits,
       :store_synthesized_enums
     attr_writer :audit_class
@@ -35,6 +36,7 @@ module Audited
   end
 
   @ignored_attributes = %w[lock_version created_at updated_at created_on updated_on]
+  @ignored_default_callbacks = []
 
   @current_user_method = :current_user
   @auditing_enabled = true

data/lib/generators/audited/migration.rb

@@ -16,7 +16,7 @@ module Audited
       private
 
       def timestamped_migrations?
-        (Rails.version >= "7.0") ?
+        (Rails.gem_version >= Gem::Version.new("7.0")) ?
           ::ActiveRecord.timestamped_migrations :
           ::ActiveRecord::Base.timestamped_migrations
       end

data/spec/audited/auditor_spec.rb

@@ -245,6 +245,27 @@ describe Audited::Auditor do
       expect(user.audits.last.audited_changes["password"]).to eq(["My", "Custom", "Value", 7])
     end
 
+    context "when ignored_default_callbacks is set" do
+      before { Audited.ignored_default_callbacks = [:create] }
+      after { Audited.ignored_default_callbacks = [] }
+
+      it "should remove create callback" do
+        class DefaultCallback < ::ActiveRecord::Base
+          audited
+        end
+
+        expect(DefaultCallback.audited_options[:on]).to eq([:update, :touch, :destroy])
+      end
+
+      it "should keep create callback if specified" do
+        class CallbacksSpecified < ::ActiveRecord::Base
+          audited on: [:create, :update, :destroy]
+        end
+
+        expect(CallbacksSpecified.audited_options[:on]).to eq([:create, :update, :destroy])
+      end
+    end
+
     if ::ActiveRecord::VERSION::MAJOR >= 7
       it "should filter encrypted attributes" do
         user = Models::ActiveRecord::UserWithEncryptedPassword.create(password: "password")
@@ -358,6 +379,12 @@ describe Audited::Auditor do
         Models::ActiveRecord::OnUpdateDestroy.create!(name: "Bart")
       }.to_not change(Audited::Audit, :count)
     end
+
+    it "should save readonly columns" do
+      expect {
+        Models::ActiveRecord::UserWithReadOnlyAttrs.create!(name: "Bart")
+      }.to change(Audited::Audit, :count)
+    end
   end
 
   describe "on update" do
@@ -409,6 +436,16 @@ describe Audited::Auditor do
       expect { @user.update_attribute :activated, "1" }.to_not change(Audited::Audit, :count)
     end
 
+    context "with readonly attributes" do
+      before do
+        @user = create_user_with_readonly_attrs(status: "active")
+      end
+
+      it "should not save readonly columns" do
+        expect { @user.update! status: "banned" }.to_not change(Audited::Audit, :count)
+      end
+    end
+
     describe "with no dirty changes" do
       it "does not create an audit if the record is not changed" do
         expect {
@@ -503,6 +540,14 @@ describe Audited::Auditor do
             expect(user.audits.last.action).to eq("update")
             expect(user.audits.last.audited_changes.keys).to eq(%w[suspended_at])
           end
+
+          it "updating nested resource through parent while changing an enum on parent shouldn't double audit" do
+            user.status = :reliable
+            user.companies_attributes = [{name: "test"}]
+            expect { user.save }.to change(user.audits, :count).from(1).to(2)
+            expect(user.audits.last.action).to eq("update")
+            expect(user.audits.last.audited_changes.keys).to eq(%w[status])
+          end
         end
 
         context "after updating" do

data/spec/audited_spec_helpers.rb

@@ -3,6 +3,10 @@ module AuditedSpecHelpers
     Models::ActiveRecord::User.create({name: "Brandon", username: "brandon", password: "password", favourite_device: "Android Phone"}.merge(attrs))
   end
 
+  def create_user_with_readonly_attrs(attrs = {})
+    Models::ActiveRecord::UserWithReadOnlyAttrs.create({name: "Brandon", username: "brandon", password: "password", favourite_device: "Android Phone"}.merge(attrs))
+  end
+
   def build_user(attrs = {})
     Models::ActiveRecord::User.new({name: "darth", username: "darth", password: "noooooooo"}.merge(attrs))
   end

data/spec/rails_app/config/application.rb

@@ -30,7 +30,7 @@ module RailsApp
           ActiveSupport::TimeWithZone ActiveSupport::TimeZone ActiveSupport::HashWithIndifferentAccess]
     end
 
-    if Rails.version >= "7.1"
+    if Rails.gem_version >= Gem::Version.new("7.1")
       config.active_support.cache_format_version = 7.1
     end
   end

data/spec/support/active_record/models.rb

@@ -5,11 +5,11 @@ module Models
   module ActiveRecord
     class User < ::ActiveRecord::Base
       audited except: :password
-      attribute :non_column_attr if Rails.version >= "5.1"
+      attribute :non_column_attr if Rails.gem_version >= Gem::Version.new("5.1")
       attr_protected :logins if respond_to?(:attr_protected)
       enum status: {active: 0, reliable: 1, banned: 2}
 
-      if Rails.version >= "7.1"
+      if Rails.gem_version >= Gem::Version.new("7.1")
         serialize :phone_numbers, type: Array
       else
         serialize :phone_numbers, Array
@@ -27,7 +27,7 @@ module Models
 
     class UserOnlyPassword < ::ActiveRecord::Base
       self.table_name = :users
-      attribute :non_column_attr if Rails.version >= "5.1"
+      attribute :non_column_attr if Rails.gem_version >= Gem::Version.new("5.1")
       audited only: :password
     end
 
@@ -54,6 +54,12 @@ module Models
       end
     end
 
+    class UserWithReadOnlyAttrs < ::ActiveRecord::Base
+      self.table_name = :users
+      audited
+      attr_readonly :status
+    end
+
     class CommentRequiredUser < ::ActiveRecord::Base
       self.table_name = :users
       audited except: :password, comment_required: true
@@ -130,6 +136,7 @@ module Models
       has_associated_audits
       has_many :companies, class_name: "OwnedCompany", dependent: :destroy
       accepts_nested_attributes_for :companies
+      enum status: {active: 0, reliable: 1, banned: 2}
     end
 
     class OwnedCompany < ::ActiveRecord::Base

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: audited
 version: !ruby/object:Gem::Version
-  version: 5.4.2
+  version: 5.5.0
 platform: ruby
 authors:
 - Brandon Keepers
@@ -10,10 +10,10 @@ authors:
 - Brian Ryckbost
 - Steve Richert
 - Ryan Glover
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-11-08 00:00:00.000000000 Z
+date: 2024-04-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -181,6 +181,7 @@ extra_rdoc_files: []
 files:
 - ".github/workflows/buildlight.yml"
 - ".github/workflows/ci.yml"
+- ".github/workflows/publish_gem.yml"
 - ".gitignore"
 - ".standard.yml"
 - ".yardopts"
@@ -252,7 +253,7 @@ homepage: https://github.com/collectiveidea/audited
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -267,8 +268,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.7
-signing_key:
+rubygems_version: 3.5.3
+signing_key: 
 specification_version: 4
 summary: Log all changes to your models
 test_files: []