pundit 2.0.1 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.rubocop.yml +18 -45
- data/.travis.yml +6 -5
- data/CHANGELOG.md +8 -0
- data/Gemfile +2 -11
- data/LICENSE.txt +1 -1
- data/README.md +4 -0
- data/Rakefile +2 -0
- data/lib/pundit.rb +6 -4
- data/lib/pundit/policy_finder.rb +2 -0
- data/lib/pundit/rspec.rb +2 -0
- data/lib/pundit/version.rb +1 -1
- data/pundit.gemspec +11 -1
- data/spec/policies/post_policy_spec.rb +2 -0
- data/spec/policy_finder_spec.rb +2 -0
- data/spec/pundit_spec.rb +33 -23
- data/spec/spec_helper.rb +2 -0
- metadata +115 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 371516754ff155f90b2093a0ce80aacf097ab555027b19ea22b7c823de72a66a
|
4
|
+
data.tar.gz: 41e69a7d6a317b46ad35d1d1485d2119b443b8a430e5c78e62935ec502c7d08f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c77a792bec5d87f487fd3ee419d00745dcab754bd1bd38504d9987b71d80be3bd32fb1aab8419a8e63ef3c3718e1bd8a255ff0117be8f8a5c743c221d87fccdd
|
7
|
+
data.tar.gz: 3086b4036cdbafb499f462f22405f185c83d12c8d8175136531dd053733320574b3d5d05c8379895940d854d54d7abb59d6a0958a9d0e6fdfc03f7691883c3ab
|
data/.rubocop.yml
CHANGED
@@ -30,33 +30,9 @@ Metrics/CyclomaticComplexity:
|
|
30
30
|
Metrics/PerceivedComplexity:
|
31
31
|
Enabled: false
|
32
32
|
|
33
|
-
Style/StructInheritance:
|
34
|
-
Enabled: false
|
35
|
-
|
36
33
|
Layout/AlignParameters:
|
37
34
|
EnforcedStyle: with_fixed_indentation
|
38
35
|
|
39
|
-
Style/StringLiterals:
|
40
|
-
EnforcedStyle: double_quotes
|
41
|
-
|
42
|
-
Style/StringLiteralsInInterpolation:
|
43
|
-
EnforcedStyle: double_quotes
|
44
|
-
|
45
|
-
Layout/ClosingParenthesisIndentation:
|
46
|
-
Enabled: false
|
47
|
-
|
48
|
-
Style/OneLineConditional:
|
49
|
-
Enabled: false
|
50
|
-
|
51
|
-
Style/AndOr:
|
52
|
-
Enabled: false
|
53
|
-
|
54
|
-
Style/Not:
|
55
|
-
Enabled: false
|
56
|
-
|
57
|
-
Documentation:
|
58
|
-
Enabled: false # TODO: Enable again once we have more docs
|
59
|
-
|
60
36
|
Layout/CaseIndentation:
|
61
37
|
EnforcedStyle: case
|
62
38
|
SupportedStyles:
|
@@ -64,40 +40,37 @@ Layout/CaseIndentation:
|
|
64
40
|
- end
|
65
41
|
IndentOneStep: true
|
66
42
|
|
67
|
-
Style/PercentLiteralDelimiters:
|
68
|
-
PreferredDelimiters:
|
69
|
-
'%w': "[]"
|
70
|
-
'%W': "[]"
|
71
|
-
|
72
43
|
Layout/AccessModifierIndentation:
|
73
44
|
EnforcedStyle: outdent
|
74
45
|
|
75
|
-
Style/SignalException:
|
76
|
-
Enabled: false
|
77
|
-
|
78
|
-
Layout/IndentationWidth:
|
79
|
-
Enabled: false
|
80
|
-
|
81
|
-
Style/TrivialAccessors:
|
82
|
-
ExactNameMatch: true
|
83
|
-
|
84
46
|
Layout/EndAlignment:
|
85
47
|
EnforcedStyleAlignWith: variable
|
86
48
|
|
87
|
-
|
88
|
-
Enabled:
|
49
|
+
Style/FrozenStringLiteralComment:
|
50
|
+
Enabled: true
|
89
51
|
|
90
|
-
|
91
|
-
|
52
|
+
Style/PercentLiteralDelimiters:
|
53
|
+
PreferredDelimiters:
|
54
|
+
'%w': "[]"
|
55
|
+
'%W': "[]"
|
92
56
|
|
93
|
-
Style/
|
57
|
+
Style/StringLiterals:
|
58
|
+
EnforcedStyle: double_quotes
|
59
|
+
|
60
|
+
Style/StringLiteralsInInterpolation:
|
61
|
+
EnforcedStyle: double_quotes
|
62
|
+
|
63
|
+
Style/StructInheritance:
|
94
64
|
Enabled: false
|
95
65
|
|
96
|
-
Style/
|
66
|
+
Style/AndOr:
|
97
67
|
Enabled: false
|
98
68
|
|
99
|
-
|
69
|
+
Style/Not:
|
100
70
|
Enabled: false
|
101
71
|
|
102
72
|
Style/DoubleNegation:
|
103
73
|
Enabled: false
|
74
|
+
|
75
|
+
Documentation:
|
76
|
+
Enabled: false # TODO: Enable again once we have more docs
|
data/.travis.yml
CHANGED
@@ -4,17 +4,18 @@ before_install:
|
|
4
4
|
|
5
5
|
matrix:
|
6
6
|
include:
|
7
|
-
- rvm: 2.5.1
|
7
|
+
- rvm: 2.5.1 # Pre-installed Ruby version
|
8
8
|
script: bundle exec rake rubocop # ONLY lint once, first
|
9
9
|
- rvm: 2.1
|
10
10
|
- rvm: 2.2
|
11
11
|
- rvm: 2.3.5
|
12
|
-
- rvm: 2.4.
|
13
|
-
- rvm: 2.5.
|
14
|
-
- rvm: 2.6.
|
12
|
+
- rvm: 2.4.6
|
13
|
+
- rvm: 2.5.5
|
14
|
+
- rvm: 2.6.3
|
15
15
|
- rvm: jruby-9.1.8.0
|
16
16
|
env:
|
17
17
|
- JRUBY_OPTS="--debug"
|
18
|
-
|
18
|
+
jdk: openjdk8
|
19
|
+
- rvm: jruby-9.2.8.0
|
19
20
|
env:
|
20
21
|
- JRUBY_OPTS="--debug"
|
data/CHANGELOG.md
CHANGED
data/Gemfile
CHANGED
@@ -1,16 +1,7 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
source "https://rubygems.org"
|
2
4
|
|
3
5
|
ruby RUBY_VERSION
|
4
6
|
|
5
7
|
gemspec
|
6
|
-
|
7
|
-
group :development, :test do
|
8
|
-
gem "actionpack"
|
9
|
-
gem "activemodel"
|
10
|
-
gem "bundler"
|
11
|
-
gem "pry"
|
12
|
-
gem "rake"
|
13
|
-
gem "rspec"
|
14
|
-
gem "rubocop"
|
15
|
-
gem "yard"
|
16
|
-
end
|
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
@@ -785,6 +785,10 @@ Pundit does not provide a DSL for testing scopes. Just test it like a regular Ru
|
|
785
785
|
- [Using Pundit outside of a Rails controller](https://github.com/varvet/pundit/pull/136)
|
786
786
|
- [Straightforward Rails Authorization with Pundit](http://www.sitepoint.com/straightforward-rails-authorization-with-pundit/)
|
787
787
|
|
788
|
+
## Other implementations
|
789
|
+
|
790
|
+
- [Flask-Pundit](https://github.com/anurag90x/flask-pundit) (Python) is a [Flask](http://flask.pocoo.org/) extension "heavily inspired by" Pundit
|
791
|
+
|
788
792
|
# License
|
789
793
|
|
790
794
|
Licensed under the MIT license, see the separate LICENSE.txt file.
|
data/Rakefile
CHANGED
data/lib/pundit.rb
CHANGED
@@ -8,6 +8,11 @@ require "active_support/core_ext/object/blank"
|
|
8
8
|
require "active_support/core_ext/module/introspection"
|
9
9
|
require "active_support/dependencies/autoload"
|
10
10
|
|
11
|
+
# @api private
|
12
|
+
# To avoid name clashes with common Error naming when mixing in Pundit,
|
13
|
+
# keep it here with compact class style definition.
|
14
|
+
class Pundit::Error < StandardError; end # rubocop:disable Style/ClassAndModuleChildren
|
15
|
+
|
11
16
|
# @api public
|
12
17
|
module Pundit
|
13
18
|
SUFFIX = "Policy".freeze
|
@@ -15,9 +20,6 @@ module Pundit
|
|
15
20
|
# @api private
|
16
21
|
module Generators; end
|
17
22
|
|
18
|
-
# @api private
|
19
|
-
class Error < StandardError; end
|
20
|
-
|
21
23
|
# Error that will be raised when authorization has failed
|
22
24
|
class NotAuthorizedError < Error
|
23
25
|
attr_reader :query, :record, :policy
|
@@ -30,7 +32,7 @@ module Pundit
|
|
30
32
|
@record = options[:record]
|
31
33
|
@policy = options[:policy]
|
32
34
|
|
33
|
-
message = options.fetch(:message) { "not allowed to #{query} this #{record.
|
35
|
+
message = options.fetch(:message) { "not allowed to #{query} this #{record.class}" }
|
34
36
|
end
|
35
37
|
|
36
38
|
super(message)
|
data/lib/pundit/policy_finder.rb
CHANGED
data/lib/pundit/rspec.rb
CHANGED
data/lib/pundit/version.rb
CHANGED
data/pundit.gemspec
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
lib = File.expand_path("lib", __dir__)
|
2
4
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
5
|
require "pundit/version"
|
@@ -12,10 +14,18 @@ Gem::Specification.new do |gem|
|
|
12
14
|
gem.homepage = "https://github.com/varvet/pundit"
|
13
15
|
gem.license = "MIT"
|
14
16
|
|
15
|
-
gem.files = `git ls-files`.split(
|
17
|
+
gem.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
|
16
18
|
gem.executables = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
|
17
19
|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
18
20
|
gem.require_paths = ["lib"]
|
19
21
|
|
20
22
|
gem.add_dependency "activesupport", ">= 3.0.0"
|
23
|
+
gem.add_development_dependency "actionpack", ">= 3.0.0"
|
24
|
+
gem.add_development_dependency "activemodel", ">= 3.0.0"
|
25
|
+
gem.add_development_dependency "bundler"
|
26
|
+
gem.add_development_dependency "pry"
|
27
|
+
gem.add_development_dependency "rake"
|
28
|
+
gem.add_development_dependency "rspec", ">= 2.0.0"
|
29
|
+
gem.add_development_dependency "rubocop", "0.57.2"
|
30
|
+
gem.add_development_dependency "yard"
|
21
31
|
end
|
data/spec/policy_finder_spec.rb
CHANGED
data/spec/pundit_spec.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require "spec_helper"
|
2
4
|
|
3
5
|
describe Pundit do
|
@@ -36,7 +38,7 @@ describe Pundit do
|
|
36
38
|
# rubocop:disable Style/MultilineBlockChain
|
37
39
|
expect do
|
38
40
|
Pundit.authorize(user, post, :destroy?)
|
39
|
-
end.to raise_error(Pundit::NotAuthorizedError, "not allowed to destroy? this
|
41
|
+
end.to raise_error(Pundit::NotAuthorizedError, "not allowed to destroy? this Post") do |error|
|
40
42
|
expect(error.query).to eq :destroy?
|
41
43
|
expect(error.record).to eq post
|
42
44
|
expect(error.policy).to eq Pundit.policy(user, post)
|
@@ -518,11 +520,13 @@ describe Pundit do
|
|
518
520
|
|
519
521
|
describe "#permitted_attributes" do
|
520
522
|
it "checks policy for permitted attributes" do
|
521
|
-
params = ActionController::Parameters.new(
|
522
|
-
|
523
|
-
|
524
|
-
|
525
|
-
|
523
|
+
params = ActionController::Parameters.new(
|
524
|
+
post: {
|
525
|
+
title: "Hello",
|
526
|
+
votes: 5,
|
527
|
+
admin: true
|
528
|
+
}
|
529
|
+
)
|
526
530
|
|
527
531
|
action = "update"
|
528
532
|
|
@@ -534,11 +538,13 @@ describe Pundit do
|
|
534
538
|
end
|
535
539
|
|
536
540
|
it "checks policy for permitted attributes for record of a ActiveModel type" do
|
537
|
-
params = ActionController::Parameters.new(
|
538
|
-
|
539
|
-
|
540
|
-
|
541
|
-
|
541
|
+
params = ActionController::Parameters.new(
|
542
|
+
customer_post: {
|
543
|
+
title: "Hello",
|
544
|
+
votes: 5,
|
545
|
+
admin: true
|
546
|
+
}
|
547
|
+
)
|
542
548
|
|
543
549
|
action = "update"
|
544
550
|
|
@@ -554,24 +560,28 @@ describe Pundit do
|
|
554
560
|
|
555
561
|
describe "#permitted_attributes_for_action" do
|
556
562
|
it "is checked if it is defined in the policy" do
|
557
|
-
params = ActionController::Parameters.new(
|
558
|
-
|
559
|
-
|
560
|
-
|
561
|
-
|
562
|
-
|
563
|
+
params = ActionController::Parameters.new(
|
564
|
+
post: {
|
565
|
+
title: "Hello",
|
566
|
+
body: "blah",
|
567
|
+
votes: 5,
|
568
|
+
admin: true
|
569
|
+
}
|
570
|
+
)
|
563
571
|
|
564
572
|
action = "revise"
|
565
573
|
expect(Controller.new(user, action, params).permitted_attributes(post).to_h).to eq("body" => "blah")
|
566
574
|
end
|
567
575
|
|
568
576
|
it "can be explicitly set" do
|
569
|
-
params = ActionController::Parameters.new(
|
570
|
-
|
571
|
-
|
572
|
-
|
573
|
-
|
574
|
-
|
577
|
+
params = ActionController::Parameters.new(
|
578
|
+
post: {
|
579
|
+
title: "Hello",
|
580
|
+
body: "blah",
|
581
|
+
votes: 5,
|
582
|
+
admin: true
|
583
|
+
}
|
584
|
+
)
|
575
585
|
|
576
586
|
action = "update"
|
577
587
|
expect(Controller.new(user, action, params).permitted_attributes(post, :revise).to_h).to eq("body" => "blah")
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pundit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0
|
4
|
+
version: 2.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jonas Nicklas
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2019-
|
12
|
+
date: 2019-08-14 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activesupport
|
@@ -25,6 +25,118 @@ dependencies:
|
|
25
25
|
- - ">="
|
26
26
|
- !ruby/object:Gem::Version
|
27
27
|
version: 3.0.0
|
28
|
+
- !ruby/object:Gem::Dependency
|
29
|
+
name: actionpack
|
30
|
+
requirement: !ruby/object:Gem::Requirement
|
31
|
+
requirements:
|
32
|
+
- - ">="
|
33
|
+
- !ruby/object:Gem::Version
|
34
|
+
version: 3.0.0
|
35
|
+
type: :development
|
36
|
+
prerelease: false
|
37
|
+
version_requirements: !ruby/object:Gem::Requirement
|
38
|
+
requirements:
|
39
|
+
- - ">="
|
40
|
+
- !ruby/object:Gem::Version
|
41
|
+
version: 3.0.0
|
42
|
+
- !ruby/object:Gem::Dependency
|
43
|
+
name: activemodel
|
44
|
+
requirement: !ruby/object:Gem::Requirement
|
45
|
+
requirements:
|
46
|
+
- - ">="
|
47
|
+
- !ruby/object:Gem::Version
|
48
|
+
version: 3.0.0
|
49
|
+
type: :development
|
50
|
+
prerelease: false
|
51
|
+
version_requirements: !ruby/object:Gem::Requirement
|
52
|
+
requirements:
|
53
|
+
- - ">="
|
54
|
+
- !ruby/object:Gem::Version
|
55
|
+
version: 3.0.0
|
56
|
+
- !ruby/object:Gem::Dependency
|
57
|
+
name: bundler
|
58
|
+
requirement: !ruby/object:Gem::Requirement
|
59
|
+
requirements:
|
60
|
+
- - ">="
|
61
|
+
- !ruby/object:Gem::Version
|
62
|
+
version: '0'
|
63
|
+
type: :development
|
64
|
+
prerelease: false
|
65
|
+
version_requirements: !ruby/object:Gem::Requirement
|
66
|
+
requirements:
|
67
|
+
- - ">="
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '0'
|
70
|
+
- !ruby/object:Gem::Dependency
|
71
|
+
name: pry
|
72
|
+
requirement: !ruby/object:Gem::Requirement
|
73
|
+
requirements:
|
74
|
+
- - ">="
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: '0'
|
77
|
+
type: :development
|
78
|
+
prerelease: false
|
79
|
+
version_requirements: !ruby/object:Gem::Requirement
|
80
|
+
requirements:
|
81
|
+
- - ">="
|
82
|
+
- !ruby/object:Gem::Version
|
83
|
+
version: '0'
|
84
|
+
- !ruby/object:Gem::Dependency
|
85
|
+
name: rake
|
86
|
+
requirement: !ruby/object:Gem::Requirement
|
87
|
+
requirements:
|
88
|
+
- - ">="
|
89
|
+
- !ruby/object:Gem::Version
|
90
|
+
version: '0'
|
91
|
+
type: :development
|
92
|
+
prerelease: false
|
93
|
+
version_requirements: !ruby/object:Gem::Requirement
|
94
|
+
requirements:
|
95
|
+
- - ">="
|
96
|
+
- !ruby/object:Gem::Version
|
97
|
+
version: '0'
|
98
|
+
- !ruby/object:Gem::Dependency
|
99
|
+
name: rspec
|
100
|
+
requirement: !ruby/object:Gem::Requirement
|
101
|
+
requirements:
|
102
|
+
- - ">="
|
103
|
+
- !ruby/object:Gem::Version
|
104
|
+
version: 2.0.0
|
105
|
+
type: :development
|
106
|
+
prerelease: false
|
107
|
+
version_requirements: !ruby/object:Gem::Requirement
|
108
|
+
requirements:
|
109
|
+
- - ">="
|
110
|
+
- !ruby/object:Gem::Version
|
111
|
+
version: 2.0.0
|
112
|
+
- !ruby/object:Gem::Dependency
|
113
|
+
name: rubocop
|
114
|
+
requirement: !ruby/object:Gem::Requirement
|
115
|
+
requirements:
|
116
|
+
- - '='
|
117
|
+
- !ruby/object:Gem::Version
|
118
|
+
version: 0.57.2
|
119
|
+
type: :development
|
120
|
+
prerelease: false
|
121
|
+
version_requirements: !ruby/object:Gem::Requirement
|
122
|
+
requirements:
|
123
|
+
- - '='
|
124
|
+
- !ruby/object:Gem::Version
|
125
|
+
version: 0.57.2
|
126
|
+
- !ruby/object:Gem::Dependency
|
127
|
+
name: yard
|
128
|
+
requirement: !ruby/object:Gem::Requirement
|
129
|
+
requirements:
|
130
|
+
- - ">="
|
131
|
+
- !ruby/object:Gem::Version
|
132
|
+
version: '0'
|
133
|
+
type: :development
|
134
|
+
prerelease: false
|
135
|
+
version_requirements: !ruby/object:Gem::Requirement
|
136
|
+
requirements:
|
137
|
+
- - ">="
|
138
|
+
- !ruby/object:Gem::Version
|
139
|
+
version: '0'
|
28
140
|
description: Object oriented authorization for Rails applications
|
29
141
|
email:
|
30
142
|
- jonas.nicklas@gmail.com
|
@@ -82,8 +194,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
82
194
|
- !ruby/object:Gem::Version
|
83
195
|
version: '0'
|
84
196
|
requirements: []
|
85
|
-
|
86
|
-
rubygems_version: 2.5.2
|
197
|
+
rubygems_version: 3.0.3
|
87
198
|
signing_key:
|
88
199
|
specification_version: 4
|
89
200
|
summary: OO authorization for Rails
|