pundit 2.0.0 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6b973703e2b1653c804d138fb24c204807e41885a81f5b172656d032d7c2a75a
-  data.tar.gz: 01211cab222a4c16f274e041c074b2d2a1763a4943ab26b6dba938272297a48d
+  metadata.gz: 371516754ff155f90b2093a0ce80aacf097ab555027b19ea22b7c823de72a66a
+  data.tar.gz: 41e69a7d6a317b46ad35d1d1485d2119b443b8a430e5c78e62935ec502c7d08f
 SHA512:
-  metadata.gz: 812528978ec4e8d3322af071c3ebd5b31f4123be449d3fe9bfea1e1fd2845704e0fee308d4cdd6e787636987b1d7a03527f8eae5fe5968483a1f4c5f751b40ef
-  data.tar.gz: c433160a559102336b9a268ec1311a47e8f54e427ad8618b048634435259612a92d9b9187fefb6d7cc4a1ce5576a37f3e51b7adad1e3773d21c2bb6e9827c26f
+  metadata.gz: c77a792bec5d87f487fd3ee419d00745dcab754bd1bd38504d9987b71d80be3bd32fb1aab8419a8e63ef3c3718e1bd8a255ff0117be8f8a5c743c221d87fccdd
+  data.tar.gz: 3086b4036cdbafb499f462f22405f185c83d12c8d8175136531dd053733320574b3d5d05c8379895940d854d54d7abb59d6a0958a9d0e6fdfc03f7691883c3ab

data/.rubocop.yml

@@ -1,6 +1,6 @@
 AllCops:
   DisplayCopNames: true
-  TargetRubyVersion: 2.1
+  TargetRubyVersion: 2.2
   Exclude:
     - "gemfiles/**/*"
     - "vendor/**/*"
@@ -30,33 +30,9 @@ Metrics/CyclomaticComplexity:
 Metrics/PerceivedComplexity:
   Enabled: false
 
-Style/StructInheritance:
-  Enabled: false
-
 Layout/AlignParameters:
   EnforcedStyle: with_fixed_indentation
 
-Style/StringLiterals:
-  EnforcedStyle: double_quotes
-
-Style/StringLiteralsInInterpolation:
-  EnforcedStyle: double_quotes
-
-Layout/ClosingParenthesisIndentation:
-  Enabled: false
-
-Style/OneLineConditional:
-  Enabled: false
-
-Style/AndOr:
-  Enabled: false
-
-Style/Not:
-  Enabled: false
-
-Documentation:
-  Enabled: false # TODO: Enable again once we have more docs
-
 Layout/CaseIndentation:
   EnforcedStyle: case
   SupportedStyles:
@@ -64,40 +40,37 @@ Layout/CaseIndentation:
     - end
   IndentOneStep: true
 
-Style/PercentLiteralDelimiters:
-  PreferredDelimiters:
-    '%w': "[]"
-    '%W': "[]"
-
 Layout/AccessModifierIndentation:
   EnforcedStyle: outdent
 
-Style/SignalException:
-  Enabled: false
-
-Layout/IndentationWidth:
-  Enabled: false
-
-Style/TrivialAccessors:
-  ExactNameMatch: true
-
 Layout/EndAlignment:
   EnforcedStyleAlignWith: variable
 
-Layout/DefEndAlignment:
-  Enabled: false
+Style/FrozenStringLiteralComment:
+  Enabled: true
 
-Lint/HandleExceptions:
-  Enabled: false
+Style/PercentLiteralDelimiters:
+  PreferredDelimiters:
+    '%w': "[]"
+    '%W': "[]"
 
-Style/SpecialGlobalVars:
+Style/StringLiterals:
+  EnforcedStyle: double_quotes
+
+Style/StringLiteralsInInterpolation:
+  EnforcedStyle: double_quotes
+
+Style/StructInheritance:
   Enabled: false
 
-Style/TrivialAccessors:
+Style/AndOr:
   Enabled: false
 
-Layout/IndentHash:
+Style/Not:
   Enabled: false
 
 Style/DoubleNegation:
   Enabled: false
+
+Documentation:
+  Enabled: false # TODO: Enable again once we have more docs

data/.travis.yml

@@ -1,21 +1,21 @@
 language: ruby
-sudo: false
 before_install:
-  - gem update --system
-  - gem install bundler
+  - gem install bundler -v 1.17.3
 
 matrix:
   include:
-    - rvm: 2.5.1
+    - rvm: 2.5.1 # Pre-installed Ruby version
       script: bundle exec rake rubocop # ONLY lint once, first
     - rvm: 2.1
-    - rvm: 2.2.8
+    - rvm: 2.2
     - rvm: 2.3.5
-    - rvm: 2.4.2
-    - rvm: 2.5.1
+    - rvm: 2.4.6
+    - rvm: 2.5.5
+    - rvm: 2.6.3
     - rvm: jruby-9.1.8.0
       env:
         - JRUBY_OPTS="--debug"
-    - rvm: jruby-9.2.0.0
+      jdk: openjdk8
+    - rvm: jruby-9.2.8.0
       env:
         - JRUBY_OPTS="--debug"

data/CHANGELOG.md

@@ -1,21 +1,46 @@
 # Pundit
 
+### Fixed
+
+- Avoid name clashes with the Error class. (#590)
+
+### Changed
+
+- Return a safer default NotAuthorizedError message. (#583)
+
+## 2.0.1 (2019-01-18)
+
+### Breaking changes
+
+None
+
+### Other changes
+
+- Improve exception handling for `#policy_scope` and `#policy_scope!`. (#550)
+- Add `:policy` metadata to RSpec template. (#566)
+
 ## 2.0.0 (2018-07-21)
 
 No changes since beta1
 
 ## 2.0.0.beta1 (2018-07-04)
 
+### Breaking changes
+
+- Only pass last element of "namespace array" to policy and scope. (#529)
+- Raise `InvalidConstructorError` if a policy or policy scope with an invalid constructor is called. (#462)
+- Return passed object from `#authorize` method to make chaining possible. (#385)
+
+### Other changes
+
 - Add `policy_class` option to `authorize` to be able to override the policy. (#441)
 - Add `policy_scope_class` option to `authorize` to be able to override the policy scope. (#441)
 - Fix `param_key` issue when passed an array. (#529)
-- Only pass last element of "namespace array" to policy and scope. (#529)
 - Allow specification of a `NilClassPolicy`. (#525)
 - Make sure `policy_class` override is called when passed an array. (#475)
-- Raise `InvalidConstructorError` if a policy or policy scope with an invalid constructor is called. (#462)
+
 - Use `action_name` instead of `params[:action]`. (#419)
 - Add `pundit_params_for` method to make it easy to customize params fetching. (#502)
-- Return passed object from `#authorize` method to make chaining possible. (#385)
 
 ## 1.1.0 (2016-01-14)
 

data/Gemfile

@@ -1,16 +1,7 @@
+# frozen_string_literal: true
+
 source "https://rubygems.org"
 
 ruby RUBY_VERSION
 
 gemspec
-
-group :development, :test do
-  gem "actionpack"
-  gem "activemodel"
-  gem "bundler"
-  gem "pry"
-  gem "rake"
-  gem "rspec"
-  gem "rubocop"
-  gem "yard"
-end

data/LICENSE.txt

@@ -1,4 +1,4 @@
-Copyright (c) 2012 Jonas Nicklas, Elabs AB
+Copyright (c) 2019 Jonas Nicklas, Varvet AB
 
 MIT License
 

data/README.md

@@ -195,6 +195,10 @@ class DashboardPolicy < Struct.new(:user, :dashboard)
 end
 ```
 
+Note that the headless policy still needs to accept two arguments. The
+second argument will just be the symbol `:dashboard` in this case which
+is what is passed as the record to `authorize` below.
+
 ```ruby
 # In controllers
 authorize :dashboard, :show?
@@ -781,6 +785,10 @@ Pundit does not provide a DSL for testing scopes. Just test it like a regular Ru
 - [Using Pundit outside of a Rails controller](https://github.com/varvet/pundit/pull/136)
 - [Straightforward Rails Authorization with Pundit](http://www.sitepoint.com/straightforward-rails-authorization-with-pundit/)
 
+## Other implementations
+
+- [Flask-Pundit](https://github.com/anurag90x/flask-pundit) (Python) is a [Flask](http://flask.pocoo.org/) extension "heavily inspired by" Pundit
+
 # License
 
 Licensed under the MIT license, see the separate LICENSE.txt file.

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "rubygems"
 require "bundler/gem_tasks"
 require "rspec/core/rake_task"

data/lib/generators/rspec/templates/policy_spec.rb

@@ -1,6 +1,6 @@
 require '<%= File.exists?('spec/rails_helper.rb') ? 'rails_helper' : 'spec_helper' %>'
 
-RSpec.describe <%= class_name %>Policy do
+RSpec.describe <%= class_name %>Policy, type: :policy do
   let(:user) { User.new }
 
   subject { described_class }

data/lib/pundit/policy_finder.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Pundit
   # Finds policy and scope classes for given object.
   # @api public

data/lib/pundit/rspec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "active_support/core_ext/array/conversions"
 
 module Pundit

data/lib/pundit/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Pundit
-  VERSION = "2.0.0".freeze
+  VERSION = "2.1.0".freeze
 end

data/lib/pundit.rb

@@ -8,6 +8,11 @@ require "active_support/core_ext/object/blank"
 require "active_support/core_ext/module/introspection"
 require "active_support/dependencies/autoload"
 
+# @api private
+# To avoid name clashes with common Error naming when mixing in Pundit,
+# keep it here with compact class style definition.
+class Pundit::Error < StandardError; end # rubocop:disable Style/ClassAndModuleChildren
+
 # @api public
 module Pundit
   SUFFIX = "Policy".freeze
@@ -15,9 +20,6 @@ module Pundit
   # @api private
   module Generators; end
 
-  # @api private
-  class Error < StandardError; end
-
   # Error that will be raised when authorization has failed
   class NotAuthorizedError < Error
     attr_reader :query, :record, :policy
@@ -30,7 +32,7 @@ module Pundit
         @record = options[:record]
         @policy = options[:policy]
 
-        message = options.fetch(:message) { "not allowed to #{query} this #{record.inspect}" }
+        message = options.fetch(:message) { "not allowed to #{query} this #{record.class}" }
       end
 
       super(message)
@@ -80,10 +82,16 @@ module Pundit
     # @raise [InvalidConstructorError] if the policy constructor called incorrectly
     # @return [Scope{#resolve}, nil] instance of scope class which can resolve to a scope
     def policy_scope(user, scope)
-      policy_scope = PolicyFinder.new(scope).scope
-      policy_scope.new(user, pundit_model(scope)).resolve if policy_scope
-    rescue ArgumentError
-      raise InvalidConstructorError, "Invalid #<#{policy_scope}> constructor is called"
+      policy_scope_class = PolicyFinder.new(scope).scope
+      return unless policy_scope_class
+
+      begin
+        policy_scope = policy_scope_class.new(user, pundit_model(scope))
+      rescue ArgumentError
+        raise InvalidConstructorError, "Invalid #<#{policy_scope_class}> constructor is called"
+      end
+
+      policy_scope.resolve
     end
 
     # Retrieves the policy scope for the given record.
@@ -95,10 +103,16 @@ module Pundit
     # @raise [InvalidConstructorError] if the policy constructor called incorrectly
     # @return [Scope{#resolve}] instance of scope class which can resolve to a scope
     def policy_scope!(user, scope)
-      policy_scope = PolicyFinder.new(scope).scope!
-      policy_scope.new(user, pundit_model(scope)).resolve
-    rescue ArgumentError
-      raise InvalidConstructorError, "Invalid #<#{policy_scope}> constructor is called"
+      policy_scope_class = PolicyFinder.new(scope).scope!
+      return unless policy_scope_class
+
+      begin
+        policy_scope = policy_scope_class.new(user, pundit_model(scope))
+      rescue ArgumentError
+        raise InvalidConstructorError, "Invalid #<#{policy_scope_class}> constructor is called"
+      end
+
+      policy_scope.resolve
     end
 
     # Retrieves the policy for the given record.

data/pundit.gemspec

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 lib = File.expand_path("lib", __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require "pundit/version"
@@ -5,17 +7,25 @@ require "pundit/version"
 Gem::Specification.new do |gem|
   gem.name          = "pundit"
   gem.version       = Pundit::VERSION
-  gem.authors       = ["Jonas Nicklas", "Elabs AB"]
+  gem.authors       = ["Jonas Nicklas", "Varvet AB"]
   gem.email         = ["jonas.nicklas@gmail.com", "dev@elabs.se"]
   gem.description   = "Object oriented authorization for Rails applications"
   gem.summary       = "OO authorization for Rails"
   gem.homepage      = "https://github.com/varvet/pundit"
   gem.license       = "MIT"
 
-  gem.files         = `git ls-files`.split($/)
+  gem.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
   gem.executables   = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.require_paths = ["lib"]
 
   gem.add_dependency "activesupport", ">= 3.0.0"
+  gem.add_development_dependency "actionpack", ">= 3.0.0"
+  gem.add_development_dependency "activemodel", ">= 3.0.0"
+  gem.add_development_dependency "bundler"
+  gem.add_development_dependency "pry"
+  gem.add_development_dependency "rake"
+  gem.add_development_dependency "rspec", ">= 2.0.0"
+  gem.add_development_dependency "rubocop", "0.57.2"
+  gem.add_development_dependency "yard"
 end

data/spec/policies/post_policy_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "spec_helper"
 
 describe PostPolicy do

data/spec/policy_finder_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "spec_helper"
 
 describe Pundit::PolicyFinder do

data/spec/pundit_spec.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "spec_helper"
 
 describe Pundit do
@@ -16,6 +18,7 @@ describe Pundit do
   let(:tag_four_five_six) { ProjectOneTwoThree::TagFourFiveSix.new(user) }
   let(:avatar_four_five_six) { ProjectOneTwoThree::AvatarFourFiveSix.new }
   let(:wiki) { Wiki.new }
+  let(:thread) { Thread.new }
 
   describe ".authorize" do
     it "infers the policy and authorizes based on it" do
@@ -35,7 +38,7 @@ describe Pundit do
       # rubocop:disable Style/MultilineBlockChain
       expect do
         Pundit.authorize(user, post, :destroy?)
-      end.to raise_error(Pundit::NotAuthorizedError, "not allowed to destroy? this #<Post>") do |error|
+      end.to raise_error(Pundit::NotAuthorizedError, "not allowed to destroy? this Post") do |error|
         expect(error.query).to eq :destroy?
         expect(error.record).to eq post
         expect(error.policy).to eq Pundit.policy(user, post)
@@ -88,6 +91,12 @@ describe Pundit do
         Pundit.policy_scope(user, Wiki)
       end.to raise_error(Pundit::InvalidConstructorError, "Invalid #<WikiPolicy::Scope> constructor is called")
     end
+
+    it "raises an original error with a policy scope that contains error" do
+      expect do
+        Pundit.policy_scope(user, Thread)
+      end.to raise_error(ArgumentError)
+    end
   end
 
   describe ".policy_scope!" do
@@ -511,11 +520,13 @@ describe Pundit do
 
   describe "#permitted_attributes" do
     it "checks policy for permitted attributes" do
-      params = ActionController::Parameters.new(post: {
-        title: "Hello",
-        votes: 5,
-        admin: true
-      })
+      params = ActionController::Parameters.new(
+        post: {
+          title: "Hello",
+          votes: 5,
+          admin: true
+        }
+      )
 
       action = "update"
 
@@ -527,11 +538,13 @@ describe Pundit do
     end
 
     it "checks policy for permitted attributes for record of a ActiveModel type" do
-      params = ActionController::Parameters.new(customer_post: {
-        title: "Hello",
-        votes: 5,
-        admin: true
-      })
+      params = ActionController::Parameters.new(
+        customer_post: {
+          title: "Hello",
+          votes: 5,
+          admin: true
+        }
+      )
 
       action = "update"
 
@@ -547,24 +560,28 @@ describe Pundit do
 
   describe "#permitted_attributes_for_action" do
     it "is checked if it is defined in the policy" do
-      params = ActionController::Parameters.new(post: {
-        title: "Hello",
-        body: "blah",
-        votes: 5,
-        admin: true
-      })
+      params = ActionController::Parameters.new(
+        post: {
+          title: "Hello",
+          body: "blah",
+          votes: 5,
+          admin: true
+        }
+      )
 
       action = "revise"
       expect(Controller.new(user, action, params).permitted_attributes(post).to_h).to eq("body" => "blah")
     end
 
     it "can be explicitly set" do
-      params = ActionController::Parameters.new(post: {
-        title: "Hello",
-        body: "blah",
-        votes: 5,
-        admin: true
-      })
+      params = ActionController::Parameters.new(
+        post: {
+          title: "Hello",
+          body: "blah",
+          votes: 5,
+          admin: true
+        }
+      )
 
       action = "update"
       expect(Controller.new(user, action, params).permitted_attributes(post, :revise).to_h).to eq("body" => "blah")

data/spec/spec_helper.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "pundit"
 require "pundit/rspec"
 
@@ -236,6 +238,18 @@ class WikiPolicy
   end
 end
 
+class Thread
+  def self.all; end
+end
+class ThreadPolicy < Struct.new(:user, :thread)
+  class Scope < Struct.new(:user, :scope)
+    def resolve
+      # deliberate wrong useage of the method
+      scope.all(:unvalid, :parameters)
+    end
+  end
+end
+
 class PostFourFiveSix < Struct.new(:user); end
 
 class CommentFourFiveSix; extend ActiveModel::Naming; end

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: pundit
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.0
 platform: ruby
 authors:
 - Jonas Nicklas
-- Elabs AB
+- Varvet AB
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-07-21 00:00:00.000000000 Z
+date: 2019-08-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -25,6 +25,118 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.57.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.57.2
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Object oriented authorization for Rails applications
 email:
 - jonas.nicklas@gmail.com
@@ -82,8 +194,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: OO authorization for Rails