pundit 1.1.0 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitignore +1 -0
- data/.rubocop.yml +29 -52
- data/.travis.yml +25 -10
- data/CHANGELOG.md +82 -0
- data/Gemfile +4 -1
- data/LICENSE.txt +1 -1
- data/README.md +288 -81
- data/Rakefile +2 -1
- data/lib/generators/pundit/install/install_generator.rb +4 -2
- data/lib/generators/pundit/install/templates/application_policy.rb +8 -8
- data/lib/generators/pundit/policy/policy_generator.rb +4 -2
- data/lib/generators/pundit/policy/templates/policy.rb +4 -3
- data/lib/generators/rspec/policy_generator.rb +4 -2
- data/lib/generators/rspec/templates/policy_spec.rb +1 -2
- data/lib/generators/test_unit/policy_generator.rb +4 -2
- data/lib/generators/test_unit/templates/policy_test.rb +0 -1
- data/lib/pundit/authorization.rb +168 -0
- data/lib/pundit/policy_finder.rb +28 -32
- data/lib/pundit/rspec.rb +13 -17
- data/lib/pundit/version.rb +3 -1
- data/lib/pundit.rb +76 -190
- data/pundit.gemspec +12 -9
- data/spec/authorization_spec.rb +258 -0
- data/spec/generators_spec.rb +43 -0
- data/spec/policies/post_policy_spec.rb +3 -1
- data/spec/policy_finder_spec.rb +187 -0
- data/spec/pundit_spec.rb +147 -196
- data/spec/spec_helper.rb +110 -30
- metadata +58 -25
data/spec/spec_helper.rb
CHANGED
@@ -1,3 +1,10 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "simplecov"
|
4
|
+
SimpleCov.start do
|
5
|
+
add_filter "/spec/"
|
6
|
+
end
|
7
|
+
|
1
8
|
require "pundit"
|
2
9
|
require "pundit/rspec"
|
3
10
|
|
@@ -9,22 +16,6 @@ require "active_support/core_ext"
|
|
9
16
|
require "active_model/naming"
|
10
17
|
require "action_controller/metal/strong_parameters"
|
11
18
|
|
12
|
-
I18n.enforce_available_locales = false
|
13
|
-
|
14
|
-
module PunditSpecHelper
|
15
|
-
extend RSpec::Matchers::DSL
|
16
|
-
|
17
|
-
matcher :be_truthy do
|
18
|
-
match do |actual|
|
19
|
-
actual
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
23
|
-
|
24
|
-
RSpec.configure do |config|
|
25
|
-
config.include PunditSpecHelper
|
26
|
-
end
|
27
|
-
|
28
19
|
class PostPolicy < Struct.new(:user, :post)
|
29
20
|
class Scope < Struct.new(:user, :scope)
|
30
21
|
def resolve
|
@@ -46,7 +37,7 @@ class PostPolicy < Struct.new(:user, :post)
|
|
46
37
|
|
47
38
|
def permitted_attributes
|
48
39
|
if post.user == user
|
49
|
-
[
|
40
|
+
%i[title votes]
|
50
41
|
else
|
51
42
|
[:votes]
|
52
43
|
end
|
@@ -62,6 +53,10 @@ class Post < Struct.new(:user)
|
|
62
53
|
:published
|
63
54
|
end
|
64
55
|
|
56
|
+
def self.read
|
57
|
+
:read
|
58
|
+
end
|
59
|
+
|
65
60
|
def to_s
|
66
61
|
"Post"
|
67
62
|
end
|
@@ -77,26 +72,50 @@ module Customer
|
|
77
72
|
OpenStruct.new(param_key: "customer_post")
|
78
73
|
end
|
79
74
|
|
80
|
-
def policy_class
|
75
|
+
def self.policy_class
|
81
76
|
PostPolicy
|
82
77
|
end
|
83
78
|
end
|
84
79
|
end
|
85
80
|
|
81
|
+
class CommentScope
|
82
|
+
attr_reader :original_object
|
83
|
+
|
84
|
+
def initialize(original_object)
|
85
|
+
@original_object = original_object
|
86
|
+
end
|
87
|
+
|
88
|
+
def ==(other)
|
89
|
+
original_object == other.original_object
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
86
93
|
class CommentPolicy < Struct.new(:user, :comment)
|
87
94
|
class Scope < Struct.new(:user, :scope)
|
88
95
|
def resolve
|
89
|
-
scope
|
96
|
+
CommentScope.new(scope)
|
90
97
|
end
|
91
98
|
end
|
92
99
|
end
|
93
100
|
|
101
|
+
class PublicationPolicy < Struct.new(:user, :publication)
|
102
|
+
class Scope < Struct.new(:user, :scope)
|
103
|
+
def resolve
|
104
|
+
scope.published
|
105
|
+
end
|
106
|
+
end
|
107
|
+
|
108
|
+
def create?
|
109
|
+
true
|
110
|
+
end
|
111
|
+
end
|
112
|
+
|
94
113
|
class Comment
|
95
114
|
extend ActiveModel::Naming
|
96
115
|
end
|
97
116
|
|
98
117
|
class CommentsRelation
|
99
|
-
def initialize(empty
|
118
|
+
def initialize(empty: false)
|
100
119
|
@empty = empty
|
101
120
|
end
|
102
121
|
|
@@ -104,7 +123,7 @@ class CommentsRelation
|
|
104
123
|
@empty
|
105
124
|
end
|
106
125
|
|
107
|
-
def model_name
|
126
|
+
def self.model_name
|
108
127
|
Comment.model_name
|
109
128
|
end
|
110
129
|
end
|
@@ -140,9 +159,39 @@ end
|
|
140
159
|
class CriteriaPolicy < Struct.new(:user, :criteria); end
|
141
160
|
|
142
161
|
module Project
|
143
|
-
class CommentPolicy < Struct.new(:user, :
|
162
|
+
class CommentPolicy < Struct.new(:user, :comment)
|
163
|
+
def update?
|
164
|
+
true
|
165
|
+
end
|
166
|
+
|
167
|
+
class Scope < Struct.new(:user, :scope)
|
168
|
+
def resolve
|
169
|
+
scope
|
170
|
+
end
|
171
|
+
end
|
172
|
+
end
|
173
|
+
|
144
174
|
class CriteriaPolicy < Struct.new(:user, :criteria); end
|
145
|
-
|
175
|
+
|
176
|
+
class PostPolicy < Struct.new(:user, :post)
|
177
|
+
class Scope < Struct.new(:user, :scope)
|
178
|
+
def resolve
|
179
|
+
scope.read
|
180
|
+
end
|
181
|
+
end
|
182
|
+
end
|
183
|
+
|
184
|
+
module Admin
|
185
|
+
class CommentPolicy < Struct.new(:user, :comment)
|
186
|
+
def update?
|
187
|
+
true
|
188
|
+
end
|
189
|
+
|
190
|
+
def destroy?
|
191
|
+
false
|
192
|
+
end
|
193
|
+
end
|
194
|
+
end
|
146
195
|
end
|
147
196
|
|
148
197
|
class DenierPolicy < Struct.new(:user, :record)
|
@@ -152,25 +201,56 @@ class DenierPolicy < Struct.new(:user, :record)
|
|
152
201
|
end
|
153
202
|
|
154
203
|
class Controller
|
155
|
-
include Pundit
|
204
|
+
include Pundit::Authorization
|
205
|
+
# Mark protected methods public so they may be called in test
|
206
|
+
# rubocop:disable Style/AccessModifierDeclarations
|
207
|
+
public(*Pundit::Authorization.protected_instance_methods)
|
208
|
+
# rubocop:enable Style/AccessModifierDeclarations
|
156
209
|
|
157
|
-
attr_reader :current_user, :params
|
210
|
+
attr_reader :current_user, :action_name, :params
|
158
211
|
|
159
|
-
def initialize(current_user, params)
|
212
|
+
def initialize(current_user, action_name, params)
|
160
213
|
@current_user = current_user
|
214
|
+
@action_name = action_name
|
161
215
|
@params = params
|
162
216
|
end
|
163
217
|
end
|
164
218
|
|
165
|
-
class NilClassPolicy
|
219
|
+
class NilClassPolicy < Struct.new(:user, :record)
|
166
220
|
class Scope
|
167
221
|
def initialize(*)
|
168
|
-
raise "
|
222
|
+
raise Pundit::NotDefinedError, "Cannot scope NilClass"
|
169
223
|
end
|
170
224
|
end
|
171
225
|
|
172
|
-
def
|
173
|
-
|
226
|
+
def show?
|
227
|
+
false
|
228
|
+
end
|
229
|
+
|
230
|
+
def destroy?
|
231
|
+
false
|
232
|
+
end
|
233
|
+
end
|
234
|
+
|
235
|
+
class Wiki; end
|
236
|
+
|
237
|
+
class WikiPolicy
|
238
|
+
class Scope
|
239
|
+
# deliberate typo method
|
240
|
+
def initalize; end
|
241
|
+
end
|
242
|
+
end
|
243
|
+
|
244
|
+
class Thread
|
245
|
+
def self.all; end
|
246
|
+
end
|
247
|
+
|
248
|
+
class ThreadPolicy < Struct.new(:user, :thread)
|
249
|
+
class Scope < Struct.new(:user, :scope)
|
250
|
+
def resolve
|
251
|
+
# deliberate wrong useage of the method
|
252
|
+
scope.all(:unvalid, :parameters)
|
253
|
+
end
|
174
254
|
end
|
175
255
|
end
|
176
256
|
|
metadata
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pundit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jonas Nicklas
|
8
|
-
-
|
9
|
-
autorequire:
|
8
|
+
- Varvet AB
|
9
|
+
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2022-02-11 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activesupport
|
@@ -26,7 +26,7 @@ dependencies:
|
|
26
26
|
- !ruby/object:Gem::Version
|
27
27
|
version: 3.0.0
|
28
28
|
- !ruby/object:Gem::Dependency
|
29
|
-
name:
|
29
|
+
name: actionpack
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
31
31
|
requirements:
|
32
32
|
- - ">="
|
@@ -40,7 +40,7 @@ dependencies:
|
|
40
40
|
- !ruby/object:Gem::Version
|
41
41
|
version: 3.0.0
|
42
42
|
- !ruby/object:Gem::Dependency
|
43
|
-
name:
|
43
|
+
name: activemodel
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
45
45
|
requirements:
|
46
46
|
- - ">="
|
@@ -57,44 +57,44 @@ dependencies:
|
|
57
57
|
name: bundler
|
58
58
|
requirement: !ruby/object:Gem::Requirement
|
59
59
|
requirements:
|
60
|
-
- - "
|
60
|
+
- - ">="
|
61
61
|
- !ruby/object:Gem::Version
|
62
|
-
version: '
|
62
|
+
version: '0'
|
63
63
|
type: :development
|
64
64
|
prerelease: false
|
65
65
|
version_requirements: !ruby/object:Gem::Requirement
|
66
66
|
requirements:
|
67
|
-
- - "
|
67
|
+
- - ">="
|
68
68
|
- !ruby/object:Gem::Version
|
69
|
-
version: '
|
69
|
+
version: '0'
|
70
70
|
- !ruby/object:Gem::Dependency
|
71
|
-
name:
|
71
|
+
name: pry
|
72
72
|
requirement: !ruby/object:Gem::Requirement
|
73
73
|
requirements:
|
74
74
|
- - ">="
|
75
75
|
- !ruby/object:Gem::Version
|
76
|
-
version:
|
76
|
+
version: '0'
|
77
77
|
type: :development
|
78
78
|
prerelease: false
|
79
79
|
version_requirements: !ruby/object:Gem::Requirement
|
80
80
|
requirements:
|
81
81
|
- - ">="
|
82
82
|
- !ruby/object:Gem::Version
|
83
|
-
version:
|
83
|
+
version: '0'
|
84
84
|
- !ruby/object:Gem::Dependency
|
85
|
-
name:
|
85
|
+
name: railties
|
86
86
|
requirement: !ruby/object:Gem::Requirement
|
87
87
|
requirements:
|
88
88
|
- - ">="
|
89
89
|
- !ruby/object:Gem::Version
|
90
|
-
version:
|
90
|
+
version: 3.0.0
|
91
91
|
type: :development
|
92
92
|
prerelease: false
|
93
93
|
version_requirements: !ruby/object:Gem::Requirement
|
94
94
|
requirements:
|
95
95
|
- - ">="
|
96
96
|
- !ruby/object:Gem::Version
|
97
|
-
version:
|
97
|
+
version: 3.0.0
|
98
98
|
- !ruby/object:Gem::Dependency
|
99
99
|
name: rake
|
100
100
|
requirement: !ruby/object:Gem::Requirement
|
@@ -110,21 +110,49 @@ dependencies:
|
|
110
110
|
- !ruby/object:Gem::Version
|
111
111
|
version: '0'
|
112
112
|
- !ruby/object:Gem::Dependency
|
113
|
-
name:
|
113
|
+
name: rspec
|
114
114
|
requirement: !ruby/object:Gem::Requirement
|
115
115
|
requirements:
|
116
116
|
- - ">="
|
117
117
|
- !ruby/object:Gem::Version
|
118
|
-
version:
|
118
|
+
version: 3.0.0
|
119
119
|
type: :development
|
120
120
|
prerelease: false
|
121
121
|
version_requirements: !ruby/object:Gem::Requirement
|
122
122
|
requirements:
|
123
123
|
- - ">="
|
124
124
|
- !ruby/object:Gem::Version
|
125
|
-
version:
|
125
|
+
version: 3.0.0
|
126
126
|
- !ruby/object:Gem::Dependency
|
127
127
|
name: rubocop
|
128
|
+
requirement: !ruby/object:Gem::Requirement
|
129
|
+
requirements:
|
130
|
+
- - '='
|
131
|
+
- !ruby/object:Gem::Version
|
132
|
+
version: 1.24.0
|
133
|
+
type: :development
|
134
|
+
prerelease: false
|
135
|
+
version_requirements: !ruby/object:Gem::Requirement
|
136
|
+
requirements:
|
137
|
+
- - '='
|
138
|
+
- !ruby/object:Gem::Version
|
139
|
+
version: 1.24.0
|
140
|
+
- !ruby/object:Gem::Dependency
|
141
|
+
name: simplecov
|
142
|
+
requirement: !ruby/object:Gem::Requirement
|
143
|
+
requirements:
|
144
|
+
- - ">="
|
145
|
+
- !ruby/object:Gem::Version
|
146
|
+
version: 0.17.0
|
147
|
+
type: :development
|
148
|
+
prerelease: false
|
149
|
+
version_requirements: !ruby/object:Gem::Requirement
|
150
|
+
requirements:
|
151
|
+
- - ">="
|
152
|
+
- !ruby/object:Gem::Version
|
153
|
+
version: 0.17.0
|
154
|
+
- !ruby/object:Gem::Dependency
|
155
|
+
name: yard
|
128
156
|
requirement: !ruby/object:Gem::Requirement
|
129
157
|
requirements:
|
130
158
|
- - ">="
|
@@ -167,18 +195,22 @@ files:
|
|
167
195
|
- lib/generators/test_unit/policy_generator.rb
|
168
196
|
- lib/generators/test_unit/templates/policy_test.rb
|
169
197
|
- lib/pundit.rb
|
198
|
+
- lib/pundit/authorization.rb
|
170
199
|
- lib/pundit/policy_finder.rb
|
171
200
|
- lib/pundit/rspec.rb
|
172
201
|
- lib/pundit/version.rb
|
173
202
|
- pundit.gemspec
|
203
|
+
- spec/authorization_spec.rb
|
204
|
+
- spec/generators_spec.rb
|
174
205
|
- spec/policies/post_policy_spec.rb
|
206
|
+
- spec/policy_finder_spec.rb
|
175
207
|
- spec/pundit_spec.rb
|
176
208
|
- spec/spec_helper.rb
|
177
|
-
homepage: https://github.com/
|
209
|
+
homepage: https://github.com/varvet/pundit
|
178
210
|
licenses:
|
179
211
|
- MIT
|
180
212
|
metadata: {}
|
181
|
-
post_install_message:
|
213
|
+
post_install_message:
|
182
214
|
rdoc_options: []
|
183
215
|
require_paths:
|
184
216
|
- lib
|
@@ -193,13 +225,14 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
193
225
|
- !ruby/object:Gem::Version
|
194
226
|
version: '0'
|
195
227
|
requirements: []
|
196
|
-
|
197
|
-
|
198
|
-
signing_key:
|
228
|
+
rubygems_version: 3.2.32
|
229
|
+
signing_key:
|
199
230
|
specification_version: 4
|
200
231
|
summary: OO authorization for Rails
|
201
232
|
test_files:
|
233
|
+
- spec/authorization_spec.rb
|
234
|
+
- spec/generators_spec.rb
|
202
235
|
- spec/policies/post_policy_spec.rb
|
236
|
+
- spec/policy_finder_spec.rb
|
203
237
|
- spec/pundit_spec.rb
|
204
238
|
- spec/spec_helper.rb
|
205
|
-
has_rdoc:
|