pundit 1.1.0 → 2.3.0

data/lib/pundit.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "pundit/version"
 require "pundit/policy_finder"
 require "active_support/concern"
@@ -5,6 +7,12 @@ require "active_support/core_ext/string/inflections"
 require "active_support/core_ext/object/blank"
 require "active_support/core_ext/module/introspection"
 require "active_support/dependencies/autoload"
+require "pundit/authorization"
+
+# @api private
+# To avoid name clashes with common Error naming when mixing in Pundit,
+# keep it here with compact class style definition.
+class Pundit::Error < StandardError; end # rubocop:disable Style/ClassAndModuleChildren
 
 # @api public
 module Pundit
@@ -13,10 +21,7 @@ module Pundit
   # @api private
   module Generators; end
 
-  # @api private
-  class Error < StandardError; end
-
-  # Error that will be raiser when authorization has failed
+  # Error that will be raised when authorization has failed
   class NotAuthorizedError < Error
     attr_reader :query, :record, :policy
 
@@ -28,13 +33,16 @@ module Pundit
         @record = options[:record]
         @policy = options[:policy]
 
-        message = options.fetch(:message) { "not allowed to #{query} this #{record.inspect}" }
+        message = options.fetch(:message) { "not allowed to #{query} this #{record.class}" }
       end
 
       super(message)
     end
   end
 
+  # Error that will be raised if a policy or policy scope constructor is not called correctly.
+  class InvalidConstructorError < Error; end
+
   # Error that will be raised if a controller action has not called the
   # `authorize` or `skip_authorization` methods.
   class AuthorizationNotPerformedError < Error; end
@@ -46,7 +54,12 @@ module Pundit
   # Error that will be raised if a policy or policy scope is not defined.
   class NotDefinedError < Error; end
 
-  extend ActiveSupport::Concern
+  def self.included(base)
+    ActiveSupport::Deprecation.warn <<~WARNING
+      'include Pundit' is deprecated. Please use 'include Pundit::Authorization' instead.
+    WARNING
+    base.include Authorization
+  end
 
   class << self
     # Retrieves the policy for the given record, initializing it with the
@@ -54,62 +67,99 @@ module Pundit
     # authorized to perform the given action.
     #
     # @param user [Object] the user that initiated the action
-    # @param record [Object] the object we're checking permissions of
-    # @param record [Symbol] the query method to check on the policy (e.g. `:show?`)
+    # @param possibly_namespaced_record [Object, Array] the object we're checking permissions of
+    # @param query [Symbol, String] the predicate method to check on the policy (e.g. `:show?`)
+    # @param policy_class [Class] the policy class we want to force use of
+    # @param cache [#[], #[]=] a Hash-like object to cache the found policy instance in
     # @raise [NotAuthorizedError] if the given query method returned false
-    # @return [true] Always returns true
-    def authorize(user, record, query)
-      policy = policy!(user, record)
-
-      unless policy.public_send(query)
-        raise NotAuthorizedError, query: query, record: record, policy: policy
+    # @return [Object] Always returns the passed object record
+    def authorize(user, possibly_namespaced_record, query, policy_class: nil, cache: {})
+      record = pundit_model(possibly_namespaced_record)
+      policy = if policy_class
+        policy_class.new(user, record)
+      else
+        cache[possibly_namespaced_record] ||= policy!(user, possibly_namespaced_record)
       end
 
-      true
+      raise NotAuthorizedError, query: query, record: record, policy: policy unless policy.public_send(query)
+
+      record
     end
 
     # Retrieves the policy scope for the given record.
     #
-    # @see https://github.com/elabs/pundit#scopes
+    # @see https://github.com/varvet/pundit#scopes
     # @param user [Object] the user that initiated the action
-    # @param record [Object] the object we're retrieving the policy scope for
+    # @param scope [Object] the object we're retrieving the policy scope for
+    # @raise [InvalidConstructorError] if the policy constructor called incorrectly
     # @return [Scope{#resolve}, nil] instance of scope class which can resolve to a scope
     def policy_scope(user, scope)
-      policy_scope = PolicyFinder.new(scope).scope
-      policy_scope.new(user, scope).resolve if policy_scope
+      policy_scope_class = PolicyFinder.new(scope).scope
+      return unless policy_scope_class
+
+      begin
+        policy_scope = policy_scope_class.new(user, pundit_model(scope))
+      rescue ArgumentError
+        raise InvalidConstructorError, "Invalid #<#{policy_scope_class}> constructor is called"
+      end
+
+      policy_scope.resolve
     end
 
     # Retrieves the policy scope for the given record.
     #
-    # @see https://github.com/elabs/pundit#scopes
+    # @see https://github.com/varvet/pundit#scopes
     # @param user [Object] the user that initiated the action
-    # @param record [Object] the object we're retrieving the policy scope for
+    # @param scope [Object] the object we're retrieving the policy scope for
     # @raise [NotDefinedError] if the policy scope cannot be found
+    # @raise [InvalidConstructorError] if the policy constructor called incorrectly
     # @return [Scope{#resolve}] instance of scope class which can resolve to a scope
     def policy_scope!(user, scope)
-      PolicyFinder.new(scope).scope!.new(user, scope).resolve
+      policy_scope_class = PolicyFinder.new(scope).scope!
+      return unless policy_scope_class
+
+      begin
+        policy_scope = policy_scope_class.new(user, pundit_model(scope))
+      rescue ArgumentError
+        raise InvalidConstructorError, "Invalid #<#{policy_scope_class}> constructor is called"
+      end
+
+      policy_scope.resolve
     end
 
     # Retrieves the policy for the given record.
     #
-    # @see https://github.com/elabs/pundit#policies
+    # @see https://github.com/varvet/pundit#policies
     # @param user [Object] the user that initiated the action
     # @param record [Object] the object we're retrieving the policy for
+    # @raise [InvalidConstructorError] if the policy constructor called incorrectly
     # @return [Object, nil] instance of policy class with query methods
     def policy(user, record)
       policy = PolicyFinder.new(record).policy
-      policy.new(user, record) if policy
+      policy&.new(user, pundit_model(record))
+    rescue ArgumentError
+      raise InvalidConstructorError, "Invalid #<#{policy}> constructor is called"
     end
 
     # Retrieves the policy for the given record.
     #
-    # @see https://github.com/elabs/pundit#policies
+    # @see https://github.com/varvet/pundit#policies
     # @param user [Object] the user that initiated the action
     # @param record [Object] the object we're retrieving the policy for
     # @raise [NotDefinedError] if the policy cannot be found
+    # @raise [InvalidConstructorError] if the policy constructor called incorrectly
     # @return [Object] instance of policy class with query methods
     def policy!(user, record)
-      PolicyFinder.new(record).policy!.new(user, record)
+      policy = PolicyFinder.new(record).policy!
+      policy.new(user, pundit_model(record))
+    rescue ArgumentError
+      raise InvalidConstructorError, "Invalid #<#{policy}> constructor is called"
+    end
+
+    private
+
+    def pundit_model(record)
+      record.is_a?(Array) ? record.last : record
     end
   end
 
@@ -119,168 +169,4 @@ module Pundit
       pundit_policy_scope(scope)
     end
   end
-
-  included do
-    helper Helper if respond_to?(:helper)
-    if respond_to?(:helper_method)
-      helper_method :policy
-      helper_method :pundit_policy_scope
-      helper_method :pundit_user
-    end
-    if respond_to?(:hide_action)
-      hide_action :policy
-      hide_action :policy_scope
-      hide_action :policies
-      hide_action :policy_scopes
-      hide_action :authorize
-      hide_action :verify_authorized
-      hide_action :verify_policy_scoped
-      hide_action :permitted_attributes
-      hide_action :pundit_user
-      hide_action :skip_authorization
-      hide_action :skip_policy_scope
-      hide_action :pundit_policy_authorized?
-      hide_action :pundit_policy_scoped?
-    end
-  end
-
-  # @return [Boolean] whether authorization has been performed, i.e. whether
-  #                   one {#authorize} or {#skip_authorization} has been called
-  def pundit_policy_authorized?
-    !!@_pundit_policy_authorized
-  end
-
-  # @return [Boolean] whether policy scoping has been performed, i.e. whether
-  #                   one {#policy_scope} or {#skip_policy_scope} has been called
-  def pundit_policy_scoped?
-    !!@_pundit_policy_scoped
-  end
-
-  # Raises an error if authorization has not been performed, usually used as an
-  # `after_action` filter to prevent programmer error in forgetting to call
-  # {#authorize} or {#skip_authorization}.
-  #
-  # @see https://github.com/elabs/pundit#ensuring-policies-are-used
-  # @raise [AuthorizationNotPerformedError] if authorization has not been performed
-  # @return [void]
-  def verify_authorized
-    raise AuthorizationNotPerformedError, self.class unless pundit_policy_authorized?
-  end
-
-  # Raises an error if policy scoping has not been performed, usually used as an
-  # `after_action` filter to prevent programmer error in forgetting to call
-  # {#policy_scope} or {#skip_policy_scope} in index actions.
-  #
-  # @see https://github.com/elabs/pundit#ensuring-policies-are-used
-  # @raise [AuthorizationNotPerformedError] if policy scoping has not been performed
-  # @return [void]
-  def verify_policy_scoped
-    raise PolicyScopingNotPerformedError, self.class unless pundit_policy_scoped?
-  end
-
-  # Retrieves the policy for the given record, initializing it with the record
-  # and current user and finally throwing an error if the user is not
-  # authorized to perform the given action.
-  #
-  # @param record [Object] the object we're checking permissions of
-  # @param record [Symbol, nil] the query method to check on the policy (e.g. `:show?`)
-  # @raise [NotAuthorizedError] if the given query method returned false
-  # @return [true] Always returns true
-  def authorize(record, query = nil)
-    query ||= params[:action].to_s + "?"
-
-    @_pundit_policy_authorized = true
-
-    policy = policy(record)
-
-    unless policy.public_send(query)
-      raise NotAuthorizedError, query: query, record: record, policy: policy
-    end
-
-    true
-  end
-
-  # Allow this action not to perform authorization.
-  #
-  # @see https://github.com/elabs/pundit#ensuring-policies-are-used
-  # @return [void]
-  def skip_authorization
-    @_pundit_policy_authorized = true
-  end
-
-  # Allow this action not to perform policy scoping.
-  #
-  # @see https://github.com/elabs/pundit#ensuring-policies-are-used
-  # @return [void]
-  def skip_policy_scope
-    @_pundit_policy_scoped = true
-  end
-
-  # Retrieves the policy scope for the given record.
-  #
-  # @see https://github.com/elabs/pundit#scopes
-  # @param record [Object] the object we're retrieving the policy scope for
-  # @return [Scope{#resolve}, nil] instance of scope class which can resolve to a scope
-  def policy_scope(scope)
-    @_pundit_policy_scoped = true
-    pundit_policy_scope(scope)
-  end
-
-  # Retrieves the policy for the given record.
-  #
-  # @see https://github.com/elabs/pundit#policies
-  # @param record [Object] the object we're retrieving the policy for
-  # @return [Object, nil] instance of policy class with query methods
-  def policy(record)
-    policies[record] ||= Pundit.policy!(pundit_user, record)
-  end
-
-  # Retrieves a set of permitted attributes from the policy by instantiating
-  # the policy class for the given record and calling `permitted_attributes` on
-  # it, or `permitted_attributes_for_{action}` if it is defined. It then infers
-  # what key the record should have in the params hash and retrieves the
-  # permitted attributes from the params hash under that key.
-  #
-  # @see https://github.com/elabs/pundit#strong-parameters
-  # @param record [Object] the object we're retrieving permitted attributes for
-  # @return [Hash{String => Object}] the permitted attributes
-  def permitted_attributes(record, action = params[:action])
-    param_key = PolicyFinder.new(record).param_key
-    policy = policy(record)
-    method_name = if policy.respond_to?("permitted_attributes_for_#{action}")
-      "permitted_attributes_for_#{action}"
-    else
-      "permitted_attributes"
-    end
-    params.require(param_key).permit(policy.public_send(method_name))
-  end
-
-  # Cache of policies. You should not rely on this method.
-  #
-  # @api private
-  def policies
-    @_pundit_policies ||= {}
-  end
-
-  # Cache of policy scope. You should not rely on this method.
-  #
-  # @api private
-  def policy_scopes
-    @_pundit_policy_scopes ||= {}
-  end
-
-  # Hook method which allows customizing which user is passed to policies and
-  # scopes initialized by {#authorize}, {#policy} and {#policy_scope}.
-  #
-  # @see https://github.com/elabs/pundit#customize-pundit-user
-  # @return [Object] the user object to be used with pundit
-  def pundit_user
-    current_user
-  end
-
-private
-
-  def pundit_policy_scope(scope)
-    policy_scopes[scope] ||= Pundit.policy_scope!(pundit_user, scope)
-  end
 end

data/pundit.gemspec

@@ -1,30 +1,33 @@
-# -*- encoding: utf-8 -*-
-lib = File.expand_path("../lib", __FILE__)
+# frozen_string_literal: true
+
+lib = File.expand_path("lib", __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require "pundit/version"
 
 Gem::Specification.new do |gem|
   gem.name          = "pundit"
   gem.version       = Pundit::VERSION
-  gem.authors       = ["Jonas Nicklas", "Elabs AB"]
+  gem.authors       = ["Jonas Nicklas", "Varvet AB"]
   gem.email         = ["jonas.nicklas@gmail.com", "dev@elabs.se"]
   gem.description   = "Object oriented authorization for Rails applications"
   gem.summary       = "OO authorization for Rails"
-  gem.homepage      = "https://github.com/elabs/pundit"
+  gem.homepage      = "https://github.com/varvet/pundit"
   gem.license       = "MIT"
 
-  gem.files         = `git ls-files`.split($/)
+  gem.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
   gem.executables   = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.require_paths = ["lib"]
 
   gem.add_dependency "activesupport", ">= 3.0.0"
-  gem.add_development_dependency "activemodel", ">= 3.0.0"
   gem.add_development_dependency "actionpack", ">= 3.0.0"
-  gem.add_development_dependency "bundler", "~> 1.3"
-  gem.add_development_dependency "rspec", ">=2.0.0"
+  gem.add_development_dependency "activemodel", ">= 3.0.0"
+  gem.add_development_dependency "bundler"
   gem.add_development_dependency "pry"
+  gem.add_development_dependency "railties", ">= 3.0.0"
   gem.add_development_dependency "rake"
+  gem.add_development_dependency "rspec", ">= 3.0.0"
+  gem.add_development_dependency "rubocop", "1.24.0"
+  gem.add_development_dependency "simplecov", ">= 0.17.0"
   gem.add_development_dependency "yard"
-  gem.add_development_dependency "rubocop"
 end

data/spec/authorization_spec.rb

@@ -0,0 +1,258 @@
+# frozen_string_literal: true
+
+require "spec_helper"
+
+describe Pundit::Authorization do
+  let(:controller) { Controller.new(user, "update", {}) }
+  let(:user) { double }
+  let(:post) { Post.new(user) }
+  let(:customer_post) { Customer::Post.new(user) }
+  let(:comment) { Comment.new }
+  let(:article) { Article.new }
+  let(:article_tag) { ArticleTag.new }
+  let(:wiki) { Wiki.new }
+
+  describe "#verify_authorized" do
+    it "does nothing when authorized" do
+      controller.authorize(post)
+      controller.verify_authorized
+    end
+
+    it "raises an exception when not authorized" do
+      expect { controller.verify_authorized }.to raise_error(Pundit::AuthorizationNotPerformedError)
+    end
+  end
+
+  describe "#verify_policy_scoped" do
+    it "does nothing when policy_scope is used" do
+      controller.policy_scope(Post)
+      controller.verify_policy_scoped
+    end
+
+    it "raises an exception when policy_scope is not used" do
+      expect { controller.verify_policy_scoped }.to raise_error(Pundit::PolicyScopingNotPerformedError)
+    end
+  end
+
+  describe "#pundit_policy_authorized?" do
+    it "is true when authorized" do
+      controller.authorize(post)
+      expect(controller.pundit_policy_authorized?).to be true
+    end
+
+    it "is false when not authorized" do
+      expect(controller.pundit_policy_authorized?).to be false
+    end
+  end
+
+  describe "#pundit_policy_scoped?" do
+    it "is true when policy_scope is used" do
+      controller.policy_scope(Post)
+      expect(controller.pundit_policy_scoped?).to be true
+    end
+
+    it "is false when policy scope is not used" do
+      expect(controller.pundit_policy_scoped?).to be false
+    end
+  end
+
+  describe "#authorize" do
+    it "infers the policy name and authorizes based on it" do
+      expect(controller.authorize(post)).to be_truthy
+    end
+
+    it "returns the record on successful authorization" do
+      expect(controller.authorize(post)).to eq(post)
+    end
+
+    it "returns the record when passed record with namespace " do
+      expect(controller.authorize([:project, comment], :update?)).to eq(comment)
+    end
+
+    it "returns the record when passed record with nested namespace " do
+      expect(controller.authorize([:project, :admin, comment], :update?)).to eq(comment)
+    end
+
+    it "returns the policy name symbol when passed record with headless policy" do
+      expect(controller.authorize(:publication, :create?)).to eq(:publication)
+    end
+
+    it "returns the class when passed record not a particular instance" do
+      expect(controller.authorize(Post, :show?)).to eq(Post)
+    end
+
+    it "can be given a different permission to check" do
+      expect(controller.authorize(post, :show?)).to be_truthy
+      expect { controller.authorize(post, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
+    end
+
+    it "can be given a different policy class" do
+      expect(controller.authorize(post, :create?, policy_class: PublicationPolicy)).to be_truthy
+    end
+
+    it "works with anonymous class policies" do
+      expect(controller.authorize(article_tag, :show?)).to be_truthy
+      expect { controller.authorize(article_tag, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
+    end
+
+    it "throws an exception when the permission check fails" do
+      expect { controller.authorize(Post.new) }.to raise_error(Pundit::NotAuthorizedError)
+    end
+
+    it "throws an exception when a policy cannot be found" do
+      expect { controller.authorize(Article) }.to raise_error(Pundit::NotDefinedError)
+    end
+
+    it "caches the policy" do
+      expect(controller.policies[post]).to be_nil
+      controller.authorize(post)
+      expect(controller.policies[post]).not_to be_nil
+    end
+
+    it "raises an error when the given record is nil" do
+      expect { controller.authorize(nil, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
+    end
+
+    it "raises an error with a invalid policy constructor" do
+      expect { controller.authorize(wiki, :destroy?) }.to raise_error(Pundit::InvalidConstructorError)
+    end
+  end
+
+  describe "#skip_authorization" do
+    it "disables authorization verification" do
+      controller.skip_authorization
+      expect { controller.verify_authorized }.not_to raise_error
+    end
+  end
+
+  describe "#skip_policy_scope" do
+    it "disables policy scope verification" do
+      controller.skip_policy_scope
+      expect { controller.verify_policy_scoped }.not_to raise_error
+    end
+  end
+
+  describe "#pundit_user" do
+    it "returns the same thing as current_user" do
+      expect(controller.pundit_user).to eq controller.current_user
+    end
+  end
+
+  describe "#policy" do
+    it "returns an instantiated policy" do
+      policy = controller.policy(post)
+      expect(policy.user).to eq user
+      expect(policy.post).to eq post
+    end
+
+    it "throws an exception if the given policy can't be found" do
+      expect { controller.policy(article) }.to raise_error(Pundit::NotDefinedError)
+    end
+
+    it "raises an error with a invalid policy constructor" do
+      expect { controller.policy(wiki) }.to raise_error(Pundit::InvalidConstructorError)
+    end
+
+    it "allows policy to be injected" do
+      new_policy = OpenStruct.new
+      controller.policies[post] = new_policy
+
+      expect(controller.policy(post)).to eq new_policy
+    end
+  end
+
+  describe "#policy_scope" do
+    it "returns an instantiated policy scope" do
+      expect(controller.policy_scope(Post)).to eq :published
+    end
+
+    it "allows policy scope class to be overriden" do
+      expect(controller.policy_scope(Post, policy_scope_class: PublicationPolicy::Scope)).to eq :published
+    end
+
+    it "throws an exception if the given policy can't be found" do
+      expect { controller.policy_scope(Article) }.to raise_error(Pundit::NotDefinedError)
+    end
+
+    it "raises an error with a invalid policy scope constructor" do
+      expect { controller.policy_scope(Wiki) }.to raise_error(Pundit::InvalidConstructorError)
+    end
+
+    it "allows policy_scope to be injected" do
+      new_scope = OpenStruct.new
+      controller.policy_scopes[Post] = new_scope
+
+      expect(controller.policy_scope(Post)).to eq new_scope
+    end
+  end
+
+  describe "#permitted_attributes" do
+    it "checks policy for permitted attributes" do
+      params = ActionController::Parameters.new(
+        post: {
+          title: "Hello",
+          votes: 5,
+          admin: true
+        }
+      )
+
+      action = "update"
+
+      expect(Controller.new(user, action, params).permitted_attributes(post).to_h).to eq(
+        "title" => "Hello",
+        "votes" => 5
+      )
+      expect(Controller.new(double, action, params).permitted_attributes(post).to_h).to eq("votes" => 5)
+    end
+
+    it "checks policy for permitted attributes for record of a ActiveModel type" do
+      params = ActionController::Parameters.new(
+        customer_post: {
+          title: "Hello",
+          votes: 5,
+          admin: true
+        }
+      )
+
+      action = "update"
+
+      expect(Controller.new(user, action, params).permitted_attributes(customer_post).to_h).to eq(
+        "title" => "Hello",
+        "votes" => 5
+      )
+      expect(Controller.new(double, action, params).permitted_attributes(customer_post).to_h).to eq(
+        "votes" => 5
+      )
+    end
+  end
+
+  describe "#permitted_attributes_for_action" do
+    it "is checked if it is defined in the policy" do
+      params = ActionController::Parameters.new(
+        post: {
+          title: "Hello",
+          body: "blah",
+          votes: 5,
+          admin: true
+        }
+      )
+
+      action = "revise"
+      expect(Controller.new(user, action, params).permitted_attributes(post).to_h).to eq("body" => "blah")
+    end
+
+    it "can be explicitly set" do
+      params = ActionController::Parameters.new(
+        post: {
+          title: "Hello",
+          body: "blah",
+          votes: 5,
+          admin: true
+        }
+      )
+
+      action = "update"
+      expect(Controller.new(user, action, params).permitted_attributes(post, :revise).to_h).to eq("body" => "blah")
+    end
+  end
+end

data/spec/generators_spec.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require "spec_helper"
+require "tmpdir"
+
+require "rails/generators"
+require "generators/pundit/install/install_generator"
+require "generators/pundit/policy/policy_generator"
+
+RSpec.describe "generators" do
+  before(:all) do
+    @tmpdir = Dir.mktmpdir
+
+    Dir.chdir(@tmpdir) do
+      Pundit::Generators::InstallGenerator.new([], { quiet: true }).invoke_all
+      Pundit::Generators::PolicyGenerator.new(%w[Widget], { quiet: true }).invoke_all
+
+      require "./app/policies/application_policy"
+      require "./app/policies/widget_policy"
+    end
+  end
+
+  after(:all) do
+    FileUtils.remove_entry(@tmpdir)
+  end
+
+  describe "WidgetPolicy", type: :policy do
+    permissions :index?, :show?, :create?, :new?, :update?, :edit?, :destroy? do
+      it "has safe defaults" do
+        expect(WidgetPolicy).not_to permit(double("User"), double("Widget"))
+      end
+    end
+
+    describe "WidgetPolicy::Scope" do
+      describe "#resolve" do
+        it "raises a descriptive error" do
+          scope = WidgetPolicy::Scope.new(double("User"), double("User.all"))
+          expect { scope.resolve }.to raise_error(NotImplementedError, /WidgetPolicy::Scope/)
+        end
+      end
+    end
+  end
+end