pundit 0.2.2 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6dc0e920a5482e8b695a1cc1afd205fdc7752ad2
-  data.tar.gz: 1354dab74c79e3673cc034ccccea04688e4cb07a
+  metadata.gz: 7cddd41b1da668bb3ff0c192972c1e69a590a66a
+  data.tar.gz: 3d21909c8ce034f4e5253045e10407b1a275bd01
 SHA512:
-  metadata.gz: 0b745c98f6c3aa8376e97f3270ae6f3358339f13eb2fdd57c8adfc0e47f2dee073138866b7df986317d3bd19f6d23c80f7ffb6311a99b97c4f2fe46cb6924e93
-  data.tar.gz: bad3e8cb1c9c8888abf4b93521100ae0122eeebb19dbaaf1790e6beb20189dac55a7e60c017bf525ea5b7091ff9c2a07b3126bd928e6f8d22ded5b0b1f3e9ab2
+  metadata.gz: 7498ab09942c960b5acc81c7ab9b081e7013007621ed53968d52815abd33e9a67310ac46810b1f3ae754755df01b40d90936b99d247854bcebef16b4b4976e9c
+  data.tar.gz: de605bb11eed39677a26ec2426347205e134e1cad09044870705ca73dadf26a152328750387cce44b721add47a8992a700020a0bf4b63f940406e5dfa99a0d2d

data/.travis.yml

@@ -4,4 +4,4 @@ rvm:
   - 2.0.0
   - 2.1.0
   - jruby-19mode
-  - rbx-2.2.3
+  - rbx

data/CHANGELOG.md

@@ -0,0 +1,9 @@
+# Pundit
+
+## 0.2.3 (unreleased)
+
+- Add CHANGELOG (#107)
+
+## 0.2.2 (2014-02-07)
+
+- Add [`pundit_user`](https://github.com/elabs/pundit#customize-pundit-user) (#42)

data/README.md

@@ -2,6 +2,7 @@
 
 [![Build Status](https://secure.travis-ci.org/elabs/pundit.png?branch=master)](https://travis-ci.org/elabs/pundit)
 [![Code Climate](https://codeclimate.com/github/elabs/pundit.png)](https://codeclimate.com/github/elabs/pundit)
+[![Inline docs](http://inch-pages.github.io/github/elabs/pundit.png)](http://inch-pages.github.io/github/elabs/pundit)
 
 Pundit provides a set of helpers which guide you in leveraging regular Ruby
 classes and object oriented design patterns to build a simple, robust and
@@ -57,13 +58,16 @@ As you can see, this is just a plain Ruby class. As a convenience, we can inheri
 from Struct or use Struct.new to define the policy class:
 
 ``` ruby
-PostPolicy = Struct.new(:user, :post) do
+class PostPolicy < Struct.new(:user, :post)
   def update?
     user.admin? or not post.published?
   end
 end
 ```
 
+You could also use the convenient
+[attr_extras](https://github.com/barsoom/attr_extras) gem.
+
 Pundit makes the following assumptions about this class:
 
 - The class has the same name as some kind of model class, only suffixed
@@ -157,8 +161,8 @@ particular user has access to. When using Pundit, you are expected to
 define a class called a policy scope. It can look something like this:
 
 ``` ruby
-PostPolicy = Struct.new(:user, :post) do
-  self::Scope = Struct.new(:user, :scope) do
+class PostPolicy < Struct.new(:user, :post)
+  class Scope < Struct.new(:user, :scope)
     def resolve
       if user.admin?
         scope.all
@@ -271,7 +275,10 @@ end
 
 ## Rescuing a denied Authorization in Rails
 
-Pundit raises a `Pundit::NotAuthorizedError` you can [rescue_from](http://guides.rubyonrails.org/action_controller_overview.html#rescue-from) in your `ApplicationController`. You can customize the `user_not_authorized` method in every controller.
+Pundit raises a `Pundit::NotAuthorizedError` you can
+[rescue_from](http://guides.rubyonrails.org/action_controller_overview.html#rescue-from)
+in your `ApplicationController`. You can customize the `user_not_authorized`
+method in every controller.
 
 ```ruby
 class ApplicationController < ActionController::Base
@@ -284,11 +291,48 @@ class ApplicationController < ActionController::Base
 
   def user_not_authorized
     flash[:error] = "You are not authorized to perform this action."
-    redirect_to request.headers["Referer"] || root_path
+    redirect_to(request.referrer || root_path)
   end
 end
 ```
 
+### Creating custom error messages
+
+`NotAuthorizedError`s provide information on what query (e.g. `:create?`), what
+record (e.g. an instance of `Post`), and what policy (e.g. an instance of
+`PostPolicy`) caused the error to be raised.
+
+One way to use these `query`, `record`, and `policy` properties is to connect
+them with `I18n` to generate error messages. Here's how you might go about doing
+that.
+
+```ruby
+class ApplicationController < ActionController::Base
+ rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
+
+ private
+
+ def user_not_authorized(exception)
+   policy_name = exception.policy.class.to_s.underscore
+
+   flash[:error] = I18n.t "pundit.#{policy_name}.#{exception.query}",
+     default: 'You cannot perform this action.'
+   redirect_to(request.referrer || root_path)
+ end
+end
+```
+
+```yaml
+en:
+ pundit:
+   post_policy:
+     update?: 'You cannot edit this post!'
+     create?: 'You cannot create posts!'
+```
+
+Of course, this is just an example. Pundit is agnostic as to how you implement
+your error messaging.
+
 ## Manually retrieving policies and scopes
 
 Sometimes you want to retrieve a policy for a record outside the controller or
@@ -422,6 +466,7 @@ based on what is or is not authorized.
 
 # External Resources
 
+- [RailsApps Example Application: Pundit and Devise](https://github.com/RailsApps/rails-devise-pundit)
 - [Migrating to Pundit from CanCan](http://blog.carbonfive.com/2013/10/21/migrating-to-pundit-from-cancan/)
 - [Testing Pundit Policies with RSpec](http://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/)
 

data/lib/pundit.rb

@@ -5,7 +5,10 @@ require "active_support/core_ext/string/inflections"
 require "active_support/core_ext/object/blank"
 
 module Pundit
-  class NotAuthorizedError < StandardError; end
+  class NotAuthorizedError < StandardError
+    attr_accessor :query, :record, :policy
+  end
+  class AuthorizationNotPerformedError < StandardError; end
   class NotDefinedError < StandardError; end
 
   extend ActiveSupport::Concern
@@ -37,6 +40,10 @@ module Pundit
       helper_method :pundit_user
     end
     if respond_to?(:hide_action)
+      hide_action :policy_scope
+      hide_action :policy_scope=
+      hide_action :policy
+      hide_action :policy=
       hide_action :authorize
       hide_action :verify_authorized
       hide_action :verify_policy_scoped
@@ -45,19 +52,25 @@ module Pundit
   end
 
   def verify_authorized
-    raise NotAuthorizedError unless @_policy_authorized
+    raise AuthorizationNotPerformedError unless @_policy_authorized
   end
 
   def verify_policy_scoped
-    raise NotAuthorizedError unless @_policy_scoped
+    raise AuthorizationNotPerformedError unless @_policy_scoped
   end
 
   def authorize(record, query=nil)
     query ||= params[:action].to_s + "?"
     @_policy_authorized = true
-    unless policy(record).public_send(query)
-      raise NotAuthorizedError, "not allowed to #{query} this #{record}"
+
+    policy = policy(record)
+    unless policy.public_send(query)
+      error = NotAuthorizedError.new("not allowed to #{query} this #{record}")
+      error.query, error.record, error.policy = query, record, policy
+
+      raise error
     end
+
     true
   end
 

data/lib/pundit/rspec.rb

@@ -21,7 +21,8 @@ module Pundit
         end
 
         def permissions
-          example.metadata[:permissions]
+          current_example = ::RSpec.respond_to?(:current_example) ? ::RSpec.current_example : example
+          current_example.metadata[:permissions]
         end
       end
     end

data/lib/pundit/version.rb

@@ -1,3 +1,3 @@
 module Pundit
-  VERSION = "0.2.2"
+  VERSION = "0.2.3"
 end

data/pundit.gemspec

@@ -21,7 +21,7 @@ Gem::Specification.new do |gem|
   gem.add_dependency "activesupport", ">= 3.0.0"
   gem.add_development_dependency "activerecord", ">= 3.0.0"
   gem.add_development_dependency "bundler", "~> 1.3"
-  gem.add_development_dependency "rspec", "~>2.0"
+  gem.add_development_dependency "rspec", "~>3.0.0.beta1"
   gem.add_development_dependency "pry"
   gem.add_development_dependency "rake"
   gem.add_development_dependency "yard"

data/spec/pundit_spec.rb

@@ -66,25 +66,25 @@ describe Pundit do
 
   describe ".policy_scope" do
     it "returns an instantiated policy scope given a plain model class" do
-      Pundit.policy_scope(user, Post).should == :published
+      expect(Pundit.policy_scope(user, Post)).to eq :published
     end
 
     it "returns an instantiated policy scope given an active model class" do
-      Pundit.policy_scope(user, Comment).should == Comment
+      expect(Pundit.policy_scope(user, Comment)).to eq Comment
     end
 
     it "returns nil if the given policy scope can't be found" do
-      Pundit.policy_scope(user, Article).should be_nil
+      expect(Pundit.policy_scope(user, Article)).to be_nil
     end
   end
 
   describe ".policy_scope!" do
     it "returns an instantiated policy scope given a plain model class" do
-      Pundit.policy_scope!(user, Post).should == :published
+      expect(Pundit.policy_scope!(user, Post)).to eq :published
     end
 
     it "returns an instantiated policy scope given an active model class" do
-      Pundit.policy_scope!(user, Comment).should == Comment
+      expect(Pundit.policy_scope!(user, Comment)).to eq Comment
     end
 
     it "throws an exception if the given policy scope can't be found" do
@@ -99,56 +99,56 @@ describe Pundit do
   describe ".policy" do
     it "returns an instantiated policy given a plain model instance" do
       policy = Pundit.policy(user, post)
-      policy.user.should == user
-      policy.post.should == post
+      expect(policy.user).to eq user
+      expect(policy.post).to eq post
     end
 
     it "returns an instantiated policy given an active model instance" do
       policy = Pundit.policy(user, comment)
-      policy.user.should == user
-      policy.comment.should == comment
+      expect(policy.user).to eq user
+      expect(policy.comment).to eq comment
     end
 
     it "returns an instantiated policy given a plain model class" do
       policy = Pundit.policy(user, Post)
-      policy.user.should == user
-      policy.post.should == Post
+      expect(policy.user).to eq user
+      expect(policy.post).to eq Post
     end
 
     it "returns an instantiated policy given an active model class" do
       policy = Pundit.policy(user, Comment)
-      policy.user.should == user
-      policy.comment.should == Comment
+      expect(policy.user).to eq user
+      expect(policy.comment).to eq Comment
     end
 
     it "returns nil if the given policy can't be found" do
-      Pundit.policy(user, article).should be_nil
-      Pundit.policy(user, Article).should be_nil
+      expect(Pundit.policy(user, article)).to be_nil
+      expect(Pundit.policy(user, Article)).to be_nil
     end
 
     describe "with .policy_class set on the model" do
       it "returns an instantiated policy given a plain model instance" do
         policy = Pundit.policy(user, artificial_blog)
-        policy.user.should == user
-        policy.blog.should == artificial_blog
+        expect(policy.user).to eq user
+        expect(policy.blog).to eq artificial_blog
       end
 
       it "returns an instantiated policy given a plain model class" do
         policy = Pundit.policy(user, ArtificialBlog)
-        policy.user.should == user
-        policy.blog.should == ArtificialBlog
+        expect(policy.user).to eq user
+        expect(policy.blog).to eq ArtificialBlog
       end
 
       it "returns an instantiated policy given a plain model instance providing an anonymous class" do
         policy = Pundit.policy(user, article_tag)
-        policy.user.should == user
-        policy.tag.should == article_tag
+        expect(policy.user).to eq user
+        expect(policy.tag).to eq article_tag
       end
 
       it "returns an instantiated policy given a plain model class providing an anonymous class" do
         policy = Pundit.policy(user, ArticleTag)
-        policy.user.should == user
-        policy.tag.should == ArticleTag
+        expect(policy.user).to eq user
+        expect(policy.tag).to eq ArticleTag
       end
     end
   end
@@ -156,26 +156,26 @@ describe Pundit do
   describe ".policy!" do
     it "returns an instantiated policy given a plain model instance" do
       policy = Pundit.policy!(user, post)
-      policy.user.should == user
-      policy.post.should == post
+      expect(policy.user).to eq user
+      expect(policy.post).to eq post
     end
 
     it "returns an instantiated policy given an active model instance" do
       policy = Pundit.policy!(user, comment)
-      policy.user.should == user
-      policy.comment.should == comment
+      expect(policy.user).to eq user
+      expect(policy.comment).to eq comment
     end
 
     it "returns an instantiated policy given a plain model class" do
       policy = Pundit.policy!(user, Post)
-      policy.user.should == user
-      policy.post.should == Post
+      expect(policy.user).to eq user
+      expect(policy.post).to eq Post
     end
 
     it "returns an instantiated policy given an active model class" do
       policy = Pundit.policy!(user, Comment)
-      policy.user.should == user
-      policy.comment.should == Comment
+      expect(policy.user).to eq user
+      expect(policy.comment).to eq Comment
     end
 
     it "throws an exception if the given policy can't be found" do
@@ -191,7 +191,7 @@ describe Pundit do
     end
 
     it "raises an exception when not authorized" do
-      expect { controller.verify_authorized }.to raise_error(Pundit::NotAuthorizedError)
+      expect { controller.verify_authorized }.to raise_error(Pundit::AuthorizationNotPerformedError)
     end
   end
 
@@ -202,41 +202,49 @@ describe Pundit do
     end
 
     it "raises an exception when policy_scope is not used" do
-      expect { controller.verify_policy_scoped }.to raise_error(Pundit::NotAuthorizedError)
+      expect { controller.verify_policy_scoped }.to raise_error(Pundit::AuthorizationNotPerformedError)
     end
   end
 
   describe "#authorize" do
     it "infers the policy name and authorized based on it" do
-      controller.authorize(post).should be_true
+      expect(controller.authorize(post)).to be_truthy
     end
 
     it "can be given a different permission to check" do
-      controller.authorize(post, :show?).should be_true
+      expect(controller.authorize(post, :show?)).to be_truthy
       expect { controller.authorize(post, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
     end
 
     it "works with anonymous class policies" do
-      controller.authorize(article_tag, :show?).should be_true
+      expect(controller.authorize(article_tag, :show?)).to be_truthy
       expect { controller.authorize(article_tag, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
     end
 
     it "raises an error when the permission check fails" do
       expect { controller.authorize(Post.new) }.to raise_error(Pundit::NotAuthorizedError)
     end
+
+    it "raises an error with a query and action" do
+      expect { controller.authorize(post, :destroy?) }.to raise_error do |error|
+        expect(error.query).to eq :destroy?
+        expect(error.record).to eq post
+        expect(error.policy).to eq controller.policy(post)
+      end
+    end
   end
 
   describe "#pundit_user" do
     it 'returns the same thing as current_user' do
-      controller.pundit_user.should eq controller.current_user
+      expect(controller.pundit_user).to eq controller.current_user
     end
   end
 
   describe ".policy" do
     it "returns an instantiated policy" do
       policy = controller.policy(post)
-      policy.user.should == user
-      policy.post.should == post
+      expect(policy.user).to eq user
+      expect(policy.post).to eq post
     end
 
     it "throws an exception if the given policy can't be found" do
@@ -247,13 +255,13 @@ describe Pundit do
       new_policy = OpenStruct.new
       controller.policy = new_policy
 
-      controller.policy(post).should == new_policy
+      expect(controller.policy(post)).to eq new_policy
     end
   end
 
   describe ".policy_scope" do
     it "returns an instantiated policy scope" do
-      controller.policy_scope(Post).should == :published
+      expect(controller.policy_scope(Post)).to eq :published
     end
 
     it "throws an exception if the given policy can't be found" do
@@ -264,7 +272,7 @@ describe Pundit do
       new_scope = OpenStruct.new
       controller.policy_scope = new_scope
 
-      controller.policy_scope(post).should == new_scope
+      expect(controller.policy_scope(post)).to eq new_scope
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pundit
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.2.3
 platform: ruby
 authors:
 - Jonas Nicklas
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-02-07 00:00:00.000000000 Z
+date: 2014-04-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -59,14 +59,14 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: 3.0.0.beta1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: 3.0.0.beta1
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -119,6 +119,7 @@ extra_rdoc_files: []
 files:
 - .gitignore
 - .travis.yml
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md