audited 4.2.2 → 4.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b493b49e84fe7edd29005249133f20334596e2e8
-  data.tar.gz: 84c47a86e7fb39785ae343825abde3319f1b1fff
+  metadata.gz: b04e8c93cc4b6351654924948b663708433e8a01
+  data.tar.gz: ce147cca64fde0e62e06bd7235851a907ec4ccb5
 SHA512:
-  metadata.gz: 838eae030f0694a67ffaa526ada7b090e9a6d2e424aa1a12e72b43d8135870f43454a28bbe5d529feb40921112ea841f0e72e5763e537479768314c9c0386d2e
-  data.tar.gz: 1b74fcc9292dc3a85064ad6ad13a4689bbb79186e57fbbafe4a45ffaf1ceb8ab625a364abb60735f6177c3d0c53354156a5b960e2f8cab7ac3a70f42e5ef6f8b
+  metadata.gz: f9fc970bef11b25088cc77123857efad07fb319b84a82696e6f195cce0b9cb1c90cac1a3b0330e57143a61b8a38d9973b13a9618421adeebae030f8f483a9f42
+  data.tar.gz: a7841493a1889185d35c323287d98fd9ca332a91fa18f5d751fcff77508baafb5a2e1a5056eeeb1d6e5fd8efe3d9f13aa407403c85038303642dbd631c7817f9

data/.travis.yml

@@ -1,28 +1,29 @@
 language: ruby
-services: mongodb
+cache: bundler
 rvm:
-  - 2.0
   - 2.1
-  - 2.2
-  - jruby-head
+  - 2.2.4
+  - 2.3.1
+  - ruby-head
 env:
   - DB=SQLITE
   - DB=POSTGRES
   - DB=MYSQL
-before_script:
-  - mysql -e 'create database audited_test;'
-  - psql -c 'create database audited_test;' -U postgres
 gemfile:
   - gemfiles/rails40.gemfile
   - gemfiles/rails41.gemfile
   - gemfiles/rails42.gemfile
+  - gemfiles/rails50.gemfile
 matrix:
   allow_failures:
-    - rvm: jruby-head
+    - rvm: ruby-head
+  exclude:
+    - rvm: 2.1
+      gemfile: gemfiles/rails50.gemfile
+  fast_finish: true
 branches:
   only:
   - master
-  - 4.2-stable
 sudo: false
 notifications:
   webhooks:

data/Appraisals

@@ -1,18 +1,22 @@
 appraise 'rails40' do
   gem 'rails', '~> 4.0.0'
-  gem 'rails-observers'
+  gem 'protected_attributes'
   gem 'test-unit'
-  gem 'mysql2', '~> 0.3.0'
 end
 
 appraise 'rails41' do
   gem 'rails', '~> 4.1.0'
-  gem 'rails-observers'
-  gem 'mysql2', '~> 0.3.0'
+  gem 'protected_attributes'
 end
 
 appraise 'rails42' do
   gem 'rails', '~> 4.2.0'
-  gem 'rails-observers'
-  gem 'mysql2', '~> 0.4.0'
+  gem 'protected_attributes'
+end
+
+appraise 'rails50' do
+  gem 'rails', '~> 5.0.0'
+
+  # The following needs to point to Github until the release of 0.1.3
+  gem 'rails-observers', github: 'rails/rails-observers', branch: 'master'
 end

data/Gemfile

@@ -1,15 +1,3 @@
 source 'https://rubygems.org'
 
-gemspec :name => 'audited'
-# JRuby support for the test ENV
-unless defined?(JRUBY_VERSION)
-  gem 'sqlite3', '~> 1.2'
-  gem 'mysql2', '~> 0.3'
-  gem 'pg', '~> 0.17'
-  gem 'bson_ext', '~> 1.6'
-else
-  gem 'activerecord-jdbcsqlite3-adapter', '~> 1.3'
-  gem 'activerecord-jdbcpostgresql-adapter', '~> 1.3'
-  gem 'activerecord-jdbcmysql-adapter', '~> 1.3'
-  gem 'bson', '~> 1.6'
-end
+gemspec name: "audited"

data/README.md

@@ -1,37 +1,37 @@
-Audited [![Build Status](https://secure.travis-ci.org/collectiveidea/audited.png)](http://travis-ci.org/collectiveidea/audited) [![Dependency Status](https://gemnasium.com/collectiveidea/audited.png)](https://gemnasium.com/collectiveidea/audited)[![Code Climate](https://codeclimate.com/github/collectiveidea/audited.png)](https://codeclimate.com/github/collectiveidea/audited)
+Audited [![Build Status](https://secure.travis-ci.org/collectiveidea/audited.svg)](http://travis-ci.org/collectiveidea/audited) [![Dependency Status](https://gemnasium.com/collectiveidea/audited.svg)](https://gemnasium.com/collectiveidea/audited)[![Code Climate](https://codeclimate.com/github/collectiveidea/audited.svg)](https://codeclimate.com/github/collectiveidea/audited) [![Security](https://hakiri.io/github/collectiveidea/audited/master.svg)](https://hakiri.io/github/collectiveidea/audited/master)
 =======
 
-**Audited** (previously acts_as_audited) is an ORM extension that logs all changes to your models. Audited also allows you to record who made those changes, save comments and associate models related to the changes.
+**Audited** (previously acts_as_audited) is an ORM extension that logs all changes to your models. Audited can also record who made those changes, save comments and associate models related to the changes.
 
-Audited currently (4.x) works with Rails 4.2. For Rails 3, use gem version 3.0 or see the [3.0-stable branch](https://github.com/collectiveidea/audited/tree/3.0-stable).
+Audited currently (4.x) works with Rails 5.0 and 4.2. It may work with 4.1 and 4.0, but this is not guaranteed.
+
+For Rails 3, use gem version 3.0 or see the [3.0-stable branch](https://github.com/collectiveidea/audited/tree/3.0-stable).
 
 ## Supported Rubies
 
 Audited supports and is [tested against](http://travis-ci.org/collectiveidea/audited) the following Ruby versions:
 
-* 2.0.0
 * 2.1.5
-* 2.2.0
+* 2.2.4
+* 2.3.1
 
 Audited may work just fine with a Ruby version not listed above, but we can't guarantee that it will. If you'd like to maintain a Ruby that isn't listed, please let us know with a [pull request](https://github.com/collectiveidea/audited/pulls).
 
 ## Supported ORMs
 
-In a previous life, Audited was ActiveRecord-only. Audited will now audit models for the following backends:
-
-* ActiveRecord
-* MongoMapper
+Audited is currently ActiveRecord-only. In a previous life, Audited worked with MongoMapper. Use the [4.2-stable branch](https://github.com/collectiveidea/audited/tree/4.2-stable) if you need MongoMapper.
 
 ## Installation
 
-The installation process depends on what ORM your app is using.
-
-### ActiveRecord
+Add the gem to your Gemfile:
 
-Add the appropriate gem to your Gemfile:
+```ruby
+gem "audited", "~> 4.3"
+```
 
+If you are using rails 5.0, you would also need the following line in your Gemfile.
 ```ruby
-gem "audited-activerecord", "~> 4.0"
+gem "rails-observers", github: 'rails/rails-observers'
 ```
 
 Then, from your Rails app directory, create the `audits` table:
@@ -52,11 +52,6 @@ $ rake db:migrate
 
 Upgrading will only make changes if changes are needed.
 
-### MongoMapper
-
-```ruby
-gem "audited-mongo_mapper", "~> 4.0"
-```
 
 ## Usage
 
@@ -88,6 +83,15 @@ audit.action # => "update"
 audit.audited_changes # => {"name"=>["Steve", "Ryan"]}
 ```
 
+You can get previous versions of a record by index or date, or list all
+revisions.
+
+```ruby
+user.revisions
+user.revision(1)
+user.revision_at(Date.parse("2016-01-01"))
+```
+
 ### Specifying columns
 
 By default, a new audit is created for any attribute changes. You can, however, limit the columns to be considered.
@@ -143,7 +147,7 @@ end
 
 If you're using Audited in a Rails application, all audited changes made within a request will automatically be attributed to the current user. By default, Audited uses the `current_user` method in your controller.
 
-```
+```ruby
 class PostsController < ApplicationController
   def create
     current_user # => #<User name: "Steve">
@@ -162,12 +166,28 @@ Audited.current_user_method = :authenticated_user
 Outside of a request, Audited can still record the user with the `as_user` method:
 
 ```ruby
-Audited.audit_class.as_user(User.find(1)) do
+Audited::Audit.as_user(User.find(1)) do
   post.update_attribute!(title: "Hello, world!")
 end
 post.audits.last.user # => #<User id: 1>
 ```
 
+#### Custom Auditor
+
+You might need to use a custom auditor from time to time. It can be done by simply passing in a string:
+
+```ruby
+class ApplicationController < ActionController::Base
+  def authenticated_user
+    if current_user
+      current_user
+    else
+      'Elon Musk'
+    end
+  end
+end
+```
+
 ### Associated Audits
 
 Sometimes it's useful to associate an audit with a model other than the one being changed. For instance, given the following models:
@@ -240,15 +260,12 @@ User.auditing_enabled = false
 
 ## Gotchas
 
-### Using attr_protected or strong_parameters
+### Using attr_protected with Rails 4.x
 
-Audited assumes you are using `attr_accessible`. If you're using
-`attr_protected` or `strong_parameters`, you'll have to take an extra step or
-two.
+If you're using the `protected_attributes` gem with Rails 4.0, 4.1 or 4.2 (the gem isn't supported in Rails 5.0 or higher), you'll have to take an extra couple of steps to get `audited` working.
 
-
-If you're using `strong_parameters` with Rails 3.x, be sure to add `allow_mass_assignment: true` to your `audited` call; otherwise Audited will
-interfere with `strong_parameters` and none of your `save` calls will work.
+First be sure to add `allow_mass_assignment: true` to your `audited` call; otherwise Audited will
+interfere with `protected_attributes` and none of your `save` calls will work.
 
 ```ruby
 class User < ActiveRecord::Base
@@ -256,7 +273,7 @@ class User < ActiveRecord::Base
 end
 ```
 
-If using `attr_protected`, add `allow_mass_assignment: true`, and also be sure to add `audit_ids` to the list of protected attributes to prevent data loss.
+Second, be sure to add `audit_ids` to the list of protected attributes to prevent data loss.
 
 ```ruby
 class User < ActiveRecord::Base
@@ -265,10 +282,6 @@ class User < ActiveRecord::Base
 end
 ```
 
-### MongoMapper Embedded Documents
-
-Currently, Audited does not track changes on embedded documents. Audited works by tracking a model's [dirty changes](http://api.rubyonrails.org/classes/ActiveModel/Dirty.html) but changes to embedded documents don't appear in dirty tracking.
-
 ## Support
 
 You can find documentation at: http://rdoc.info/github/collectiveidea/audited

data/Rakefile

@@ -5,24 +5,9 @@ require 'rspec/core/rake_task'
 require 'rake/testtask'
 require 'appraisal'
 
-Bundler::GemHelper.install_tasks(:name => 'audited')
-Bundler::GemHelper.install_tasks(:name => 'audited-activerecord')
-Bundler::GemHelper.install_tasks(:name => 'audited-mongo_mapper')
+Bundler::GemHelper.install_tasks(name: 'audited')
 
-ADAPTERS = %w(active_record mongo_mapper)
-
-ADAPTERS.each do |adapter|
-  desc "Run RSpec code examples for #{adapter} adapter"
-  RSpec::Core::RakeTask.new(adapter) do |t|
-    t.pattern = "spec/audited/adapters/#{adapter}/**/*_spec.rb"
-  end
-end
-
-task :spec do
-  ADAPTERS.each do |adapter|
-    Rake::Task[adapter].invoke
-  end
-end
+RSpec::Core::RakeTask.new(:spec)
 
 Rake::TestTask.new do |t|
   t.libs << "test"
@@ -30,4 +15,4 @@ Rake::TestTask.new do |t|
   t.verbose = true
 end
 
-task :default => [:spec, :test]
+task default: [:spec, :test]

data/gemfiles/rails40.gemfile

@@ -2,12 +2,8 @@
 
 source "https://rubygems.org"
 
-gem "sqlite3", "~> 1.2"
-gem "mysql2", "~> 0.3.0"
-gem "pg", "~> 0.17"
-gem "bson_ext", "~> 1.6"
 gem "rails", "~> 4.0.0"
-gem "rails-observers"
+gem "protected_attributes"
 gem "test-unit"
 
 gemspec :name => "audited", :path => "../"

data/gemfiles/rails41.gemfile

@@ -2,11 +2,7 @@
 
 source "https://rubygems.org"
 
-gem "sqlite3", "~> 1.2"
-gem "mysql2", "~> 0.3.0"
-gem "pg", "~> 0.17"
-gem "bson_ext", "~> 1.6"
 gem "rails", "~> 4.1.0"
-gem "rails-observers"
+gem "protected_attributes"
 
 gemspec :name => "audited", :path => "../"

data/gemfiles/rails42.gemfile

@@ -2,11 +2,7 @@
 
 source "https://rubygems.org"
 
-gem "sqlite3", "~> 1.2"
-gem "mysql2", "~> 0.4.0"
-gem "pg", "~> 0.17"
-gem "bson_ext", "~> 1.6"
 gem "rails", "~> 4.2.0"
-gem "rails-observers"
+gem "protected_attributes"
 
 gemspec :name => "audited", :path => "../"

data/gemfiles/rails50.gemfile

@@ -0,0 +1,8 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 5.0.0"
+gem "rails-observers", :github => "rails/rails-observers", :branch => "master"
+
+gemspec :name => "audited", :path => "../"

data/lib/audited-rspec.rb

@@ -0,0 +1,4 @@
+require 'audited/rspec_matchers'
+module RSpec::Matchers
+  include Audited::RspecMatchers
+end

data/lib/audited.rb

@@ -1,9 +1,15 @@
 require 'rails/observers/active_model/active_model'
-
+require 'active_record'
 
 module Audited
   class << self
-    attr_accessor :ignored_attributes, :current_user_method, :audit_class
+    attr_accessor :ignored_attributes, :current_user_method
+
+    # Deprecate audit_class accessors in preperation of their removal
+    def audit_class
+      Audited::Audit
+    end
+    deprecate audit_class: "Audited.audit_class is now always Audited::Audit. This method will be removed."
 
     def store
       Thread.current[:audited_store] ||= {}
@@ -14,3 +20,10 @@ module Audited
 
   @current_user_method = :current_user
 end
+
+require 'audited/auditor'
+require 'audited/audit'
+
+::ActiveRecord::Base.send :include, Audited::Auditor
+
+require 'audited/sweeper'

data/lib/audited/audit.rb

@@ -1,60 +1,44 @@
-module Audited
-  module Audit
-    def self.included(klass)
-      klass.extend(ClassMethods)
-      klass.setup_audit
-    end
+require 'set'
 
-    module ClassMethods
-      def setup_audit
-        belongs_to :auditable,  :polymorphic => true
-        belongs_to :user,       :polymorphic => true
-        belongs_to :associated, :polymorphic => true
+module Audited
+  # Audit saves the changes to ActiveRecord models.  It has the following attributes:
+  #
+  # * <tt>auditable</tt>: the ActiveRecord model that was changed
+  # * <tt>user</tt>: the user that performed the change; a string or an ActiveRecord model
+  # * <tt>action</tt>: one of create, update, or delete
+  # * <tt>audited_changes</tt>: a serialized hash of all the changes
+  # * <tt>comment</tt>: a comment set with the audit
+  # * <tt>version</tt>: the version of the model
+  # * <tt>request_uuid</tt>: a uuid based that allows audits from the same controller request
+  # * <tt>created_at</tt>: Time that the change was performed
+  #
+  class Audit < ::ActiveRecord::Base
+    include ActiveModel::Observing
 
-        before_create :set_version_number, :set_audit_user, :set_request_uuid
+    belongs_to :auditable,  polymorphic: true
+    belongs_to :user,       polymorphic: true
+    belongs_to :associated, polymorphic: true
 
-        cattr_accessor :audited_class_names
-        self.audited_class_names = Set.new
-      end
+    before_create :set_version_number, :set_audit_user, :set_request_uuid
 
-      # Returns the list of classes that are being audited
-      def audited_classes
-        audited_class_names.map(&:constantize)
-      end
-
-      # All audits made during the block called will be recorded as made
-      # by +user+. This method is hopefully threadsafe, making it ideal
-      # for background operations that require audit information.
-      def as_user(user, &block)
-        Thread.current[:audited_user] = user
-        yield
-      ensure
-        Thread.current[:audited_user] = nil
-      end
+    cattr_accessor :audited_class_names
+    self.audited_class_names = Set.new
 
-      # @private
-      def reconstruct_attributes(audits)
-        attributes = {}
-        result = audits.collect do |audit|
-          attributes.merge!(audit.new_attributes).merge!(:version => audit.version)
-          yield attributes if block_given?
-        end
-        block_given? ? result : attributes
-      end
+    serialize :audited_changes
 
-      # @private
-      def assign_revision_attributes(record, attributes)
-        attributes.each do |attr, val|
-          record = record.dup if record.frozen?
+    scope :ascending,     ->{ reorder(version: :asc) }
+    scope :descending,    ->{ reorder(version: :desc)}
+    scope :creates,       ->{ where(action: 'create')}
+    scope :updates,       ->{ where(action: 'update')}
+    scope :destroys,      ->{ where(action: 'destroy')}
 
-          if record.respond_to?("#{attr}=")
-            record.attributes.has_key?(attr.to_s) ?
-              record[attr] = val :
-              record.send("#{attr}=", val)
-          end
-        end
-        record
-      end
+    scope :up_until,      ->(date_or_time){ where("created_at <= ?", date_or_time) }
+    scope :from_version,  ->(version){ where('version >= ?', version) }
+    scope :to_version,    ->(version){ where('version <= ?', version) }
+    scope :auditable_finder, ->(auditable_id, auditable_type){ where(auditable_id: auditable_id, auditable_type: auditable_type)}
+    # Return all audits older than the current one.
+    def ancestors
+      self.class.ascending.auditable_finder(auditable_id, auditable_type).to_version(version)
     end
 
     # Return an instance of what the object looked like at this revision. If
@@ -62,13 +46,13 @@ module Audited
     def revision
       clazz = auditable_type.constantize
       (clazz.find_by_id(auditable_id) || clazz.new).tap do |m|
-        self.class.assign_revision_attributes(m, self.class.reconstruct_attributes(ancestors).merge({ :version => version }))
+        self.class.assign_revision_attributes(m, self.class.reconstruct_attributes(ancestors).merge(version: version))
       end
     end
 
     # Returns a hash of the changed attributes with the new values
     def new_attributes
-      (audited_changes || {}).inject({}.with_indifferent_access) do |attrs,(attr,values)|
+      (audited_changes || {}).inject({}.with_indifferent_access) do |attrs, (attr, values)|
         attrs[attr] = values.is_a?(Array) ? values.last : values
         attrs
       end
@@ -76,19 +60,75 @@ module Audited
 
     # Returns a hash of the changed attributes with the old values
     def old_attributes
-      (audited_changes || {}).inject({}.with_indifferent_access) do |attrs,(attr,values)|
+      (audited_changes || {}).inject({}.with_indifferent_access) do |attrs, (attr, values)|
         attrs[attr] = Array(values).first
 
         attrs
       end
     end
 
+    # Allows user to be set to either a string or an ActiveRecord object
+    # @private
+    def user_as_string=(user)
+      # reset both either way
+      self.user_as_model = self.username = nil
+      user.is_a?(::ActiveRecord::Base) ?
+        self.user_as_model = user :
+        self.username = user
+    end
+    alias_method :user_as_model=, :user=
+    alias_method :user=, :user_as_string=
+
+    # @private
+    def user_as_string
+      user_as_model || username
+    end
+    alias_method :user_as_model, :user
+    alias_method :user, :user_as_string
+
+    # Returns the list of classes that are being audited
+    def self.audited_classes
+      audited_class_names.map(&:constantize)
+    end
+
+    # All audits made during the block called will be recorded as made
+    # by +user+. This method is hopefully threadsafe, making it ideal
+    # for background operations that require audit information.
+    def self.as_user(user, &block)
+      Thread.current[:audited_user] = user
+      yield
+    ensure
+      Thread.current[:audited_user] = nil
+    end
+
+    # @private
+    def self.reconstruct_attributes(audits)
+      attributes = {}
+      result = audits.collect do |audit|
+        attributes.merge!(audit.new_attributes)[:version] = audit.version
+        yield attributes if block_given?
+      end
+      block_given? ? result : attributes
+    end
+
+    # @private
+    def self.assign_revision_attributes(record, attributes)
+      attributes.each do |attr, val|
+        record = record.dup if record.frozen?
+
+        if record.respond_to?("#{attr}=")
+          record.attributes.key?(attr.to_s) ?
+            record[attr] = val :
+            record.send("#{attr}=", val)
+        end
+      end
+      record
+    end
+
     private
+
     def set_version_number
-      max = self.class.where(
-        :auditable_id => auditable_id,
-        :auditable_type => auditable_type
-      ).order(:version.desc).first.try(:version) || 0
+      max = self.class.auditable_finder(auditable_id, auditable_type).descending.first.try(:version) || 0
       self.version = max + 1
     end