RubyGems - consul - Versions diffs - 1.0.0 → 1.1.0 - Mend

consul 1.0.0 → 1.1.0

Files changed (24) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d8813ddd163ea3311ae0e4c9e950cf8e137dda6895716b9b6310f8a5a473f878
-  data.tar.gz: 21b2326f340de4b564cd21bb85fbb119cc7725117ffbe89e35b16b0cfd14710f
+  metadata.gz: b4353c2826677ae7283e623e01d8ec94c938a1e10345f2e1183018addce57280
+  data.tar.gz: 30ea39cc54aca7d6af2ec4078860c7fd76c6e7e2470dca4c9b960069e96f4afd
 SHA512:
-  metadata.gz: 55901b69063d2f73f1b592e2cc23ec5265554190271c2c36b622d203531191a17b7c2a97023cff855da2004c37d956a354f97bf62753dce83c9ec2c731c17159
-  data.tar.gz: 45678b4b38406f39124d1f18ec9d7b76fdfc268113d10565fa0b41d4cfc4d43d6f0c923fc834ee850fbc2e96035e03939cf56c39b3921590f860dc19df9a2bd7
+  metadata.gz: 979b71686ab38dea13b71e943e87749b1dcf481499f46ffa443c0ea0a24d13dc05d1b86ecbb64fa42a40dc83ed8d15f13eaedf8d458747f79f7c7115aacee10d
+  data.tar.gz: f35d55647a4edc20c19b383356e08aa92c7256d9e12cd50059cee282f8d98ffe71cbe5df3f2c9df9571dcc0ab929e5951150678929ed28f9a90ab7924e17ed51

data/.github/workflows/test.yml ADDED Viewed

@@ -0,0 +1,38 @@
+---
+name: Tests
+on:
+  push:
+    branches:
+    - master
+  pull_request:
+    branches:
+    - master
+jobs:
+  test:
+    runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - ruby: 2.5.3
+          gemfile: Gemfile.5-2
+        - ruby: 2.5.3
+          gemfile: Gemfile.6-1
+        - ruby: 2.7.3
+          gemfile: Gemfile.6-1
+        - ruby: 3.0.1
+          gemfile: Gemfile.6-1
+    env:
+      BUNDLE_GEMFILE: "${{ matrix.gemfile }}"
+    steps:
+    - uses: actions/checkout@v2
+    - name: Install ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: "${{ matrix.ruby }}"
+    - name: Bundle
+      run: |
+        gem install bundler:1.17.3
+        bundle install --no-deployment
+    - name: Run tests
+      run: bundle exec rspec

data/.gitignore CHANGED Viewed

@@ -6,4 +6,4 @@ pkg
 *.log
 .bundle
 spec/support/database.yml
+.byebug_history

data/.ruby-version CHANGED Viewed

	@@ -1 +1 @@
1	- 2.3.8
1	+ 2.5.3

data/CHANGELOG.md CHANGED Viewed

@@ -7,11 +7,64 @@ This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html
 ### Breaking changes
--
+### Compatible changes
+## 1.1.0 - 2021-09-28
+### Breaking changes
+- remove no longer supported ruby versions (2.3.8, 2.4.5)
+- Consul no longer depends on the whole rails framework
+### Compatible changes
+- add Ruby 3 compatibility
+## 1.0.3 - 2019-09-23
+### Security fix
+This releases fix a security issue where in a controller with multiple `power` directives, the `:only` and `:except` options of the last directive was applied to all directives.
+Affected code looks like this:
+```ruby
+class UsersController < ApplicationController
+  power :foo
+  power :bar, only: :index
+  ...
+end
+```
+In this example both the powers `:foo` and `:bar` were only checked for the `#index` action. Other actions were left unprotected by powers checks.
+Controllers with a single `power` directive are unaffected.
+Contollers where neither `power` uses `:only` or `:except` options are unaffected.
+This vulnerability has been assigned the CVE identifier CVE-2019-16377.
+### Compatible changes
+- The RSpec matcher `check_power` now also sees powers inherited by a parent controller.
+## 1.0.2 - 2019-05-22
+### Compatible changes
+- The `#arity` of power methods with optional arguments is now preserved.
+## 1.0.1 - 2019-02-27
 ### Compatible changes
--
+- Methods defined with `power` now preserve the [arity](https://apidock.com/ruby/Method/arity) of their block.
 ## 1.0.0 - 2019-02-15
@@ -65,4 +118,3 @@ Thanks to derekprior.
 ## Older releases
 Please check commits.

data/Gemfile CHANGED Viewed

	@@ -1 +1 @@
1	- ./Gemfile.5-2
1	+ ./Gemfile.6-1

data/Gemfile.5-2 CHANGED Viewed

@@ -1,7 +1,7 @@
 source 'https://rubygems.org'
 # Runtime dependencies
-gem 'rails', '~> 5.2.0'
+gem 'railties', '>= 3.2'
 gem 'assignable_values'
 # Development dependencies
@@ -12,6 +12,7 @@ gem 'shoulda-matchers'
 gem 'sqlite3'
 gem 'database_cleaner'
 gem 'gemika'
+gem 'byebug'
 # Gem under test
 gem 'consul', :path => '.'

data/Gemfile.5-2.lock CHANGED Viewed

@@ -1,24 +1,16 @@
 PATH
   remote: .
   specs:
-    consul (1.0.0)
+    consul (1.1.0)
+      activerecord (>= 3.2)
+      activesupport (>= 3.2)
       edge_rider (>= 0.3.0)
-      memoizer
-      rails (>= 3.2)
+      memoized (>= 1.0.2)
+      railties (>= 3.2)
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (5.2.2)
-      actionpack (= 5.2.2)
-      nio4r (~> 2.0)
-      websocket-driver (>= 0.6.1)
-    actionmailer (5.2.2)
-      actionpack (= 5.2.2)
-      actionview (= 5.2.2)
-      activejob (= 5.2.2)
-      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 2.0)
     actionpack (5.2.2)
       actionview (= 5.2.2)
       activesupport (= 5.2.2)
@@ -32,19 +24,12 @@ GEM
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.2)
-      activesupport (= 5.2.2)
-      globalid (>= 0.3.6)
     activemodel (5.2.2)
       activesupport (= 5.2.2)
     activerecord (5.2.2)
       activemodel (= 5.2.2)
       activesupport (= 5.2.2)
       arel (>= 9.0)
-    activestorage (5.2.2)
-      actionpack (= 5.2.2)
-      activerecord (= 5.2.2)
-      marcel (~> 0.3.1)
     activesupport (5.2.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
@@ -54,50 +39,29 @@ GEM
     assignable_values (0.12.1)
       activerecord (>= 2.3)
     builder (3.2.3)
+    byebug (11.0.1)
     concurrent-ruby (1.1.4)
     crass (1.0.4)
     database_cleaner (1.7.0)
     diff-lcs (1.3)
-    edge_rider (0.3.3)
-      activerecord
+    edge_rider (2.0.0)
+      activerecord (>= 3.2)
     erubi (1.8.0)
-    gemika (0.3.4)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
+    gemika (0.5.0)
     i18n (1.5.3)
       concurrent-ruby (~> 1.0)
     loofah (2.2.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    mail (2.7.1)
-      mini_mime (>= 0.1.1)
-    marcel (0.3.3)
-      mimemagic (~> 0.3.2)
-    memoizer (1.0.3)
+    memoized (1.0.2)
     method_source (0.9.2)
-    mimemagic (0.3.3)
-    mini_mime (1.0.1)
     mini_portile2 (2.4.0)
     minitest (5.11.3)
-    nio4r (2.3.1)
     nokogiri (1.10.1)
       mini_portile2 (~> 2.4.0)
     rack (2.0.6)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (5.2.2)
-      actioncable (= 5.2.2)
-      actionmailer (= 5.2.2)
-      actionpack (= 5.2.2)
-      actionview (= 5.2.2)
-      activejob (= 5.2.2)
-      activemodel (= 5.2.2)
-      activerecord (= 5.2.2)
-      activestorage (= 5.2.2)
-      activesupport (= 5.2.2)
-      bundler (>= 1.3.0)
-      railties (= 5.2.2)
-      sprockets-rails (>= 2.0.0)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
@@ -138,31 +102,22 @@ GEM
       activesupport (>= 4.0.0)
     sneaky-save (0.1.2)
       activerecord (>= 3.2.0)
-    sprockets (3.7.2)
-      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.1)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
     sqlite3 (1.3.13)
     thor (0.20.3)
     thread_safe (0.3.6)
     tzinfo (1.2.5)
       thread_safe (~> 0.1)
-    websocket-driver (0.7.0)
-      websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.3)
 PLATFORMS
   ruby
 DEPENDENCIES
   assignable_values
+  byebug
   consul!
   database_cleaner
   gemika
-  rails (~> 5.2.0)
+  railties (>= 3.2)
   rspec
   rspec-rails
   rspec_candy
@@ -170,4 +125,4 @@ DEPENDENCIES
   sqlite3
 BUNDLED WITH
-   1.16.3
+   1.17.3

data/{Gemfile.4-2 → Gemfile.6-1} RENAMED Viewed

@@ -1,7 +1,7 @@
 source 'https://rubygems.org'
 # Runtime dependencies
-gem 'rails', '~> 4.2.7'
+gem 'railties', '>= 3.2'
 gem 'assignable_values'
 # Development dependencies

data/Gemfile.6-1.lock ADDED Viewed

@@ -0,0 +1,127 @@
+PATH
+  remote: .
+  specs:
+    consul (1.1.0)
+      activerecord (>= 3.2)
+      activesupport (>= 3.2)
+      edge_rider (>= 0.3.0)
+      memoized (>= 1.0.2)
+      railties (>= 3.2)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionpack (6.1.3)
+      actionview (= 6.1.3)
+      activesupport (= 6.1.3)
+      rack (~> 2.0, >= 2.0.9)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actionview (6.1.3)
+      activesupport (= 6.1.3)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activemodel (6.1.3)
+      activesupport (= 6.1.3)
+    activerecord (6.1.3)
+      activemodel (= 6.1.3)
+      activesupport (= 6.1.3)
+    activesupport (6.1.3)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
+    assignable_values (0.16.1)
+      activerecord (>= 2.3)
+    builder (3.2.4)
+    concurrent-ruby (1.1.8)
+    crass (1.0.6)
+    database_cleaner (1.7.0)
+    diff-lcs (1.3)
+    edge_rider (1.1.0)
+      activerecord (>= 3.2)
+    erubi (1.10.0)
+    gemika (0.6.1)
+    i18n (1.8.9)
+      concurrent-ruby (~> 1.0)
+    loofah (2.9.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    memoized (1.0.2)
+    method_source (1.0.0)
+    mini_portile2 (2.5.0)
+    minitest (5.14.4)
+    nokogiri (1.11.2)
+      mini_portile2 (~> 2.5.0)
+      racc (~> 1.4)
+    racc (1.5.2)
+    rack (2.2.3)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    railties (6.1.3)
+      actionpack (= 6.1.3)
+      activesupport (= 6.1.3)
+      method_source
+      rake (>= 0.8.7)
+      thor (~> 1.0)
+    rake (13.0.3)
+    rspec (3.6.0)
+      rspec-core (~> 3.6.0)
+      rspec-expectations (~> 3.6.0)
+      rspec-mocks (~> 3.6.0)
+    rspec-core (3.6.0)
+      rspec-support (~> 3.6.0)
+    rspec-expectations (3.6.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.6.0)
+    rspec-mocks (3.6.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.6.0)
+    rspec-rails (3.6.0)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 3.6.0)
+      rspec-expectations (~> 3.6.0)
+      rspec-mocks (~> 3.6.0)
+      rspec-support (~> 3.6.0)
+    rspec-support (3.6.0)
+    rspec_candy (0.4.1)
+      rspec
+      sneaky-save
+    shoulda-matchers (3.1.1)
+      activesupport (>= 4.0.0)
+    sneaky-save (0.1.2)
+      activerecord (>= 3.2.0)
+    sqlite3 (1.4.2)
+    thor (1.1.0)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    zeitwerk (2.4.2)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  assignable_values
+  consul!
+  database_cleaner
+  gemika
+  railties (>= 3.2)
+  rspec
+  rspec-rails
+  rspec_candy
+  shoulda-matchers
+  sqlite3
+BUNDLED WITH
+   2.2.15

data/Gemfile.lock CHANGED Viewed

	@@ -1 +1 @@
1	- ./Gemfile.5-2.lock
1	+ ./Gemfile.6-1.lock

data/README.md CHANGED Viewed

@@ -1,14 +1,15 @@
 Consul — A next gen authorization solution
 ==========================================
-[![Build Status](https://secure.travis-ci.org/makandra/consul.png?branch=master)](https://travis-ci.org/makandra/consul) [![Code Climate](https://codeclimate.com/github/makandra/consul.png)](https://codeclimate.com/github/makandra/consul)
+[![Tests](https://github.com/makandra/consul/workflows/Tests/badge.svg)](https://github.com/makandra/consul/actions) [![Code Climate](https://codeclimate.com/github/makandra/consul.png)](https://codeclimate.com/github/makandra/consul)
 Consul is an authorization solution for Ruby on Rails where you describe *sets of accessible things* to control what a user can see or edit.
 We have used Consul in combination with [assignable_values](https://github.com/makandra/assignable_values) to solve a variety of authorization requirements ranging from boring to bizarre.
 Also see our crash course video: [Solving bizare authorization requirements with Rails](http://bizarre-authorization.talks.makandra.com/).
-Consul is tested with Rails 3.2, 4.2, and 5.2 on Ruby 1.8.7, 2.1, and 2.4 (only if supported, for each Ruby/Rails combination). If you need support for Rails 3.2, please use [v0.13.2](https://github.com/makandra/consul/tree/v0.13.2).
+Consul is tested with Rails 5.2 and 6.0 on Ruby 2.5, 2.7 and 3.0 (only if supported, for each Ruby/Rails combination). If you need support for Rails 3.2, please use [v0.13.2](https://github.com/makandra/consul/tree/v0.13.2).
 Describing access to your application
@@ -46,7 +47,7 @@ class Power
 end
 ```
-There are no restrictions on the name or constructor arguments of your this class.
+There are no restrictions on the name or constructor arguments of this class.
 You can deposit all kinds of objects in your power. See the sections below for details.
@@ -90,7 +91,7 @@ Or you can ask if the power is given (meaning it's not `nil`):
 power.notes? # => returns true if Power#notes returns a scope and not nil
 ```
-Or you can raise an error unless a power its given, e.g. to guard access into a controller action:
+Or you can raise an error unless a power is given, e.g. to guard access into a controller action:
 ```rb
 power.notes! # => raises Consul::Powerless unless Power#notes returns a scope (even if it's empty)
@@ -497,7 +498,7 @@ And the following power definitions:
 class Power
   ...
-  power :clients do |client|
+  power :clients do
     Client.active if signed_in?
   end
@@ -547,7 +548,9 @@ class ApplicationController < ActionController::Base
 end
 ```
-Should you for some obscure reason want to forego the power check:
+Note that this check is satisfied by *any* `.power` directive in the controller class or its ancestors, even if that `.power` directive has `:only` or `:except` options that do not apply to the current action.
+Should you want to forego the power check (e.g. to remove authorization checks from an entirely public controller):
 ```rb
 class ApiController < ApplicationController
@@ -763,6 +766,16 @@ This section Some hints for testing authorization with Consul.
 ### Test that a controller checks against a power
+Include the Consul Matcher `spec/support/consul_matchers.rb`:
+```
+require 'consul/spec/matchers'
+RSpec.configure do |c|
+  c.include Consul::Spec::Matchers
+end
+```
 You can say this in any controller spec:
 ```rb
@@ -834,12 +847,16 @@ Now run `bundle install` to lock the gem into your project.
 Development
 -----------
-Test applications for various Rails versions lives in `spec`. You can run specs from the project root by saying:
+We currently develop using Ruby 2.5.3 (see `.ruby-version`) since that version works for current versions of ActiveRecord that we support. GitHub Actions will test additional Ruby versions (2.3.8, 2.4.5, and 3.0.1).
-```
-rake all:bundle
-rake all:spec
-```
+There are tests in `spec`. We only accept PRs with tests. To run tests:
+- Install Ruby 2.5.3
+- run `bundle install`
+- Put your database credentials into `spec/support/database.yml`. There's a `database.sample.yml` you can use as a template.
+- There are gem bundles in the project root for each rails version that we support.
+- You can bundle all test applications by saying `bundle exec rake matrix:install`
+- You can run specs from the project root by saying `bundle exec rake matrix:spec`. This will run all gemfiles compatible with your current Ruby.
 If you would like to contribute:
@@ -847,6 +864,8 @@ If you would like to contribute:
 - Push your changes **with specs**.
 - Send me a pull request.
+Note that we have configured GitHub Actions to automatically run tests in all supported Ruby versions and dependency sets after each push. We will only merge pull requests after a green GitHub Actions run.
 I'm very eager to keep this gem leightweight and on topic. If you're unsure whether a change would make it into the gem, [talk to me beforehand](mailto:henning.koch@makandra.de).

data/consul.gemspec CHANGED Viewed

@@ -23,7 +23,9 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
-  s.add_dependency('memoizer')
-  s.add_dependency('rails', '>=3.2')
+  s.add_dependency('memoized', '>=1.0.2')
+  s.add_dependency('activerecord', '>= 3.2')
+  s.add_dependency('activesupport', '>= 3.2')
+  s.add_dependency('railties', '>= 3.2')
   s.add_dependency('edge_rider', '>= 0.3.0')
 end

data/lib/consul/controller.rb CHANGED Viewed

@@ -5,11 +5,7 @@ module Consul
       base.send :include, InstanceMethods
       base.send :extend, ClassMethods
       if ensure_power_initializer_present?
-        if Rails.version.to_i < 4
-          base.before_filter :ensure_power_initializer_present
-        else
-          base.before_action :ensure_power_initializer_present
-        end
+        Util.before_action(base, :ensure_power_initializer_present)
       end
     end
@@ -32,68 +28,35 @@ module Consul
       private
       def require_power_check(options = {})
-        if Rails.version.to_i < 4
-          before_filter :unchecked_power, options
-        else
-          before_action :unchecked_power, options
-        end
+        Util.before_action(self, :unchecked_power, options)
       end
       # This is badly named, since it doesn't actually skip the :check_power filter
       def skip_power_check(options = {})
-        if Rails.version.to_i < 4
-          skip_before_filter :unchecked_power, options
-        elsif Rails.version.to_i < 5
-          skip_before_action :unchecked_power, options
-        else
-          # Every `power` in a controller will skip the power check filter. After the 1st time, Rails 5+ will raise
-          # an error because there is no `unchecked_power` action to skip any more.
-          # To avoid this, we add the following extra option. Note that it must not be added in Rails 4 to avoid errors.
-          # See http://api.rubyonrails.org/classes/ActiveSupport/Callbacks/ClassMethods.html#method-i-skip_callback
-          skip_before_action :unchecked_power, { :raise => false }.merge!(options)
-        end
+        Util.skip_before_action(self, :unchecked_power, options)
       end
       def current_power(&initializer)
         self.current_power_initializer = initializer
-        if Rails.version.to_i < 4
-          around_filter :with_current_power
-        else
-          around_action :with_current_power
-        end
+        Util.around_action(self, :with_current_power)
         if respond_to?(:helper_method)
           helper_method :current_power
         end
       end
-      attr_writer :consul_guards
-      def consul_guards
-        unless @consul_guards_initialized
-          if superclass && superclass.respond_to?(:consul_guards, true)
-            @consul_guards = superclass.send(:consul_guards).dup
-          else
-            @consul_guards = []
-          end
-          @consul_guards_initialized = true
-        end
-        @consul_guards
-      end
       def power(*args)
         guard = Consul::Guard.new(*args)
-        consul_guards << guard
-        skip_power_check guard.filter_options
+        # One .power directive will skip the check for all actions, even
+        # if that .power directive has :only or :except options.
+        skip_power_check
         # Store arguments for testing
-        (@consul_power_args ||= []) << args
+        consul_power_args << args
-        if Rails.version.to_i < 4
-          before_filter :check_power, guard.filter_options
-        else
-          before_action :check_power, guard.filter_options
+        Util.before_action(self, guard.filter_options) do |controller|
+          guard.ensure!(controller, controller.action_name)
         end
         if guard.direct_access_method
@@ -105,18 +68,26 @@ module Consul
       end
+      # On first access we inherit .consul_power_args from our ancestor classes.
+      # We also copy inherited args so we don't change our parent's .consul_power_args
+      def consul_power_args
+        unless @consul_power_args_initialized
+          if superclass && superclass.respond_to?(:consul_power_args, true)
+            @consul_power_args = superclass.send(:consul_power_args).dup
+          else
+            @consul_power_args = []
+          end
+          @consul_power_args_initialized = true
+        end
+        @consul_power_args
+      end
     end
     module InstanceMethods
       private
-      define_method :check_power do
-        self.class.send(:consul_guards).each do |guard|
-          guard.ensure!(self, action_name)
-        end
-      end
       def unchecked_power
         raise Consul::UncheckedPower, "This controller does not check against a power"
       end

data/lib/consul/power.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Consul
     def self.included(base)
       base.extend ClassMethods
-      base.send :include, Memoizer
+      base.send :include, Memoized
     end
     private
@@ -173,7 +173,7 @@ module Consul
         name = name.to_s
         singularized = name.singularize
         if singularized == name
-          raise Consul::PowerNotSingularizable, "Power name can not have an singular form: #{name}"
+          raise Consul::PowerNotSingularizable, "Power name can not have a singular form: #{name}"
         else
           singularized
         end

data/lib/consul/spec/matchers.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module Consul
         def matches?(controller)
           @controller_class = controller.class
-          @actual_args = @controller_class.instance_variable_get('@consul_power_args')
+          @actual_args = @controller_class.send(:consul_power_args)
           @actual_args.present? && @actual_args.include?(@expected_args)
         end

data/lib/consul/util.rb CHANGED Viewed

@@ -31,9 +31,9 @@ module Consul
           options = lambda.call(*args)
           klass.scoped(options.slice *EdgeRider::Scoped::VALID_FIND_OPTIONS)
         }
-      end
+      end
     end
     # This method does not support dynamic default scopes via lambdas
     # (as does #define_scope), because it is currently not required.
     def define_default_scope(klass, conditions)
@@ -57,6 +57,36 @@ module Consul
       [adjective, record]
     end
+    def skip_before_action(controller_class, name, options)
+      if Rails.version.to_i < 4
+        controller_class.skip_before_filter name, options
+      elsif Rails.version.to_i < 5
+        controller_class.skip_before_action name, options
+      else
+        # Every `power` in a controller will skip the power check filter. After the 1st time, Rails 5+ will raise
+        # an error because there is no `unchecked_power` action to skip any more.
+        # To avoid this, we add the following extra option. Note that it must not be added in Rails 4 to avoid errors.
+        # See http://api.rubyonrails.org/classes/ActiveSupport/Callbacks/ClassMethods.html#method-i-skip_callback
+        controller_class.skip_before_action name, { :raise => false }.merge!(options)
+      end
+    end
+    def before_action(controller_class, *args, &block)
+      if Rails.version.to_i < 4
+        controller_class.before_filter *args, &block
+      else
+        controller_class.before_action *args, &block
+      end
+    end
+    def around_action(controller_class, *args, &block)
+      if Rails.version.to_i < 4
+        controller_class.around_filter *args, &block
+      else
+        controller_class.around_action *args, &block
+      end
+    end
   end
 end

data/lib/consul/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Consul
-  VERSION = '1.0.0'
+  VERSION = '1.1.0'
 end

data/lib/consul.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require 'memoizer'
+require 'memoized'
 require 'edge_rider'
 require 'consul/util'
 require 'consul/power/dynamic_access'

metadata CHANGED Viewed

@@ -1,31 +1,59 @@
 --- !ruby/object:Gem::Specification
 name: consul
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Henning Koch
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-02-15 00:00:00.000000000 Z
+date: 2021-11-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: memoizer
+  name: memoized
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.0.2
 - !ruby/object:Gem::Dependency
-  name: rails
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: railties
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -58,17 +86,15 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/test.yml"
 - ".gitignore"
 - ".ruby-version"
-- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
-- Gemfile.3-2
-- Gemfile.3-2.lock
-- Gemfile.4-2
-- Gemfile.4-2.lock
 - Gemfile.5-2
 - Gemfile.5-2.lock
+- Gemfile.6-1
+- Gemfile.6-1.lock
 - Gemfile.lock
 - LICENSE
 - README.md
@@ -105,8 +131,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.7
+rubygems_version: 3.0.8
 signing_key:
 specification_version: 4
 summary: A scope-based authorization solution for Ruby on Rails.

data/.travis.yml DELETED Viewed

@@ -1,35 +0,0 @@
-language: ruby
-sudo: false
-cache: bundler
-rvm:
-  - 2.3.8
-  - 2.4.5
-  - 2.5.3
-gemfile:
-  - Gemfile.3-2
-  - Gemfile.4-2
-  - Gemfile.5-2
-matrix:
-  exclude:
-    - gemfile: Gemfile.3-2
-      rvm: 2.4.5
-    - gemfile: Gemfile.3-2
-      rvm: 2.5.3
-    - gemfile: Gemfile.4-2
-      rvm: 2.5.3
-install:
-  # Replace default Travis CI bundler script with a version that doesn't
-  # explode when lockfile doesn't match recently bumped version
-  - bundle install --no-deployment --jobs=3 --retry=3 --path=${BUNDLE_PATH:-vendor/bundle}
-script: bundle exec rake current_rspec
-notifications:
-  email:
-    - fail@makandra.de

data/Gemfile.3-2 DELETED Viewed

@@ -1,20 +0,0 @@
-source 'https://rubygems.org'
-# Runtime dependencies
-gem 'assignable_values'
-gem 'rails', '~> 3.2.22.5'
-gem 'rake', '~>10.5.0'
-gem 'rack-cache', '~>1.2.0'
-# Development dependencies
-gem 'rspec', '~>3.4'
-gem 'rspec-rails'
-gem 'test-unit', '~> 3.0'
-gem 'shoulda-matchers', '<2'
-gem 'sqlite3'
-gem 'rspec_candy'
-gem 'database_cleaner', '~>1.4.1'
-gem 'gemika'
-# Gem under test
-gem 'consul', :path => '.'

data/Gemfile.3-2.lock DELETED Viewed

@@ -1,156 +0,0 @@
-PATH
-  remote: .
-  specs:
-    consul (1.0.0)
-      edge_rider (>= 0.3.0)
-      memoizer
-      rails (>= 3.2)
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actionmailer (3.2.22.5)
-      actionpack (= 3.2.22.5)
-      mail (~> 2.5.4)
-    actionpack (3.2.22.5)
-      activemodel (= 3.2.22.5)
-      activesupport (= 3.2.22.5)
-      builder (~> 3.0.0)
-      erubis (~> 2.7.0)
-      journey (~> 1.0.4)
-      rack (~> 1.4.5)
-      rack-cache (~> 1.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.2.1)
-    activemodel (3.2.22.5)
-      activesupport (= 3.2.22.5)
-      builder (~> 3.0.0)
-    activerecord (3.2.22.5)
-      activemodel (= 3.2.22.5)
-      activesupport (= 3.2.22.5)
-      arel (~> 3.0.2)
-      tzinfo (~> 0.3.29)
-    activeresource (3.2.22.5)
-      activemodel (= 3.2.22.5)
-      activesupport (= 3.2.22.5)
-    activesupport (3.2.22.5)
-      i18n (~> 0.6, >= 0.6.4)
-      multi_json (~> 1.0)
-    arel (3.0.3)
-    assignable_values (0.7.1)
-      activerecord
-    bourne (1.4.0)
-      mocha (~> 0.13.2)
-    builder (3.0.4)
-    concurrent-ruby (1.1.4)
-    database_cleaner (1.4.1)
-    diff-lcs (1.3)
-    edge_rider (0.3.3)
-      activerecord
-    erubis (2.7.0)
-    gemika (0.3.4)
-    hike (1.2.3)
-    i18n (0.9.5)
-      concurrent-ruby (~> 1.0)
-    journey (1.0.4)
-    json (1.8.6)
-    mail (2.5.5)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    memoizer (1.0.3)
-    metaclass (0.0.1)
-    mime-types (1.25.1)
-    mocha (0.13.3)
-      metaclass (~> 0.0.1)
-    multi_json (1.13.1)
-    polyglot (0.3.5)
-    power_assert (1.1.3)
-    rack (1.4.7)
-    rack-cache (1.2)
-      rack (>= 0.4)
-    rack-ssl (1.3.4)
-      rack
-    rack-test (0.6.3)
-      rack (>= 1.0)
-    rails (3.2.22.5)
-      actionmailer (= 3.2.22.5)
-      actionpack (= 3.2.22.5)
-      activerecord (= 3.2.22.5)
-      activeresource (= 3.2.22.5)
-      activesupport (= 3.2.22.5)
-      bundler (~> 1.0)
-      railties (= 3.2.22.5)
-    railties (3.2.22.5)
-      actionpack (= 3.2.22.5)
-      activesupport (= 3.2.22.5)
-      rack-ssl (~> 1.3.2)
-      rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (>= 0.14.6, < 2.0)
-    rake (10.5.0)
-    rdoc (3.12.2)
-      json (~> 1.4)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.0)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.1)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-rails (3.8.0)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      railties (>= 3.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.0)
-    rspec_candy (0.2.9)
-      rspec
-      sneaky-save
-    shoulda-matchers (1.5.6)
-      activesupport (>= 3.0.0)
-      bourne (~> 1.3)
-    sneaky-save (0.0.4)
-      activerecord (>= 3.2.0)
-    sprockets (2.2.3)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sqlite3 (1.3.13)
-    test-unit (3.3.0)
-      power_assert
-    thor (0.20.3)
-    tilt (1.4.1)
-    treetop (1.4.15)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.55)
-PLATFORMS
-  ruby
-DEPENDENCIES
-  assignable_values
-  consul!
-  database_cleaner (~> 1.4.1)
-  gemika
-  rack-cache (~> 1.2.0)
-  rails (~> 3.2.22.5)
-  rake (~> 10.5.0)
-  rspec (~> 3.4)
-  rspec-rails
-  rspec_candy
-  shoulda-matchers (< 2)
-  sqlite3
-  test-unit (~> 3.0)
-BUNDLED WITH
-   1.16.3

data/Gemfile.4-2.lock DELETED Viewed

@@ -1,158 +0,0 @@
-PATH
-  remote: .
-  specs:
-    consul (1.0.0)
-      edge_rider (>= 0.3.0)
-      memoizer
-      rails (>= 3.2)
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actionmailer (4.2.11)
-      actionpack (= 4.2.11)
-      actionview (= 4.2.11)
-      activejob (= 4.2.11)
-      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.11)
-      actionview (= 4.2.11)
-      activesupport (= 4.2.11)
-      rack (~> 1.6)
-      rack-test (~> 0.6.2)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.11)
-      activesupport (= 4.2.11)
-      builder (~> 3.1)
-      erubis (~> 2.7.0)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (4.2.11)
-      activesupport (= 4.2.11)
-      globalid (>= 0.3.0)
-    activemodel (4.2.11)
-      activesupport (= 4.2.11)
-      builder (~> 3.1)
-    activerecord (4.2.11)
-      activemodel (= 4.2.11)
-      activesupport (= 4.2.11)
-      arel (~> 6.0)
-    activesupport (4.2.11)
-      i18n (~> 0.7)
-      minitest (~> 5.1)
-      thread_safe (~> 0.3, >= 0.3.4)
-      tzinfo (~> 1.1)
-    arel (6.0.4)
-    assignable_values (0.12.1)
-      activerecord (>= 2.3)
-    builder (3.2.3)
-    concurrent-ruby (1.1.4)
-    crass (1.0.4)
-    database_cleaner (1.7.0)
-    diff-lcs (1.2.5)
-    edge_rider (0.3.3)
-      activerecord
-    erubis (2.7.0)
-    gemika (0.3.4)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    i18n (0.9.5)
-      concurrent-ruby (~> 1.0)
-    loofah (2.2.3)
-      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    mail (2.7.1)
-      mini_mime (>= 0.1.1)
-    memoizer (1.0.3)
-    mini_mime (1.0.1)
-    mini_portile2 (2.4.0)
-    minitest (5.11.3)
-    nokogiri (1.10.1)
-      mini_portile2 (~> 2.4.0)
-    rack (1.6.11)
-    rack-test (0.6.3)
-      rack (>= 1.0)
-    rails (4.2.11)
-      actionmailer (= 4.2.11)
-      actionpack (= 4.2.11)
-      actionview (= 4.2.11)
-      activejob (= 4.2.11)
-      activemodel (= 4.2.11)
-      activerecord (= 4.2.11)
-      activesupport (= 4.2.11)
-      bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.11)
-      sprockets-rails
-    rails-deprecated_sanitizer (1.0.3)
-      activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.9)
-      activesupport (>= 4.2.0, < 5.0)
-      nokogiri (~> 1.6)
-      rails-deprecated_sanitizer (>= 1.0.1)
-    rails-html-sanitizer (1.0.4)
-      loofah (~> 2.2, >= 2.2.2)
-    railties (4.2.11)
-      actionpack (= 4.2.11)
-      activesupport (= 4.2.11)
-      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-    rake (12.3.2)
-    rspec (3.5.0)
-      rspec-core (~> 3.5.0)
-      rspec-expectations (~> 3.5.0)
-      rspec-mocks (~> 3.5.0)
-    rspec-core (3.5.4)
-      rspec-support (~> 3.5.0)
-    rspec-expectations (3.5.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-mocks (3.5.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-rails (3.5.2)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      railties (>= 3.0)
-      rspec-core (~> 3.5.0)
-      rspec-expectations (~> 3.5.0)
-      rspec-mocks (~> 3.5.0)
-      rspec-support (~> 3.5.0)
-    rspec-support (3.5.0)
-    rspec_candy (0.4.1)
-      rspec
-      sneaky-save
-    shoulda-matchers (3.1.1)
-      activesupport (>= 4.0.0)
-    sneaky-save (0.1.2)
-      activerecord (>= 3.2.0)
-    sprockets (3.7.2)
-      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.1)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
-    sqlite3 (1.3.12)
-    thor (0.20.3)
-    thread_safe (0.3.6)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-PLATFORMS
-  ruby
-DEPENDENCIES
-  assignable_values
-  consul!
-  database_cleaner
-  gemika
-  rails (~> 4.2.7)
-  rspec
-  rspec-rails
-  rspec_candy
-  shoulda-matchers
-  sqlite3
-BUNDLED WITH
-   1.16.3