pundit 2.1.0 → 2.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 371516754ff155f90b2093a0ce80aacf097ab555027b19ea22b7c823de72a66a
-  data.tar.gz: 41e69a7d6a317b46ad35d1d1485d2119b443b8a430e5c78e62935ec502c7d08f
+  metadata.gz: 2e34d4263a4c386c0078ddfed804532e292357926fefb505b62bcea9c6e3d08d
+  data.tar.gz: 67c3471d5354cba97b650185770f81bdcc79699f8cbc4d8e60c99b57639a6cee
 SHA512:
-  metadata.gz: c77a792bec5d87f487fd3ee419d00745dcab754bd1bd38504d9987b71d80be3bd32fb1aab8419a8e63ef3c3718e1bd8a255ff0117be8f8a5c743c221d87fccdd
-  data.tar.gz: 3086b4036cdbafb499f462f22405f185c83d12c8d8175136531dd053733320574b3d5d05c8379895940d854d54d7abb59d6a0958a9d0e6fdfc03f7691883c3ab
+  metadata.gz: e67f07116623c8fd505ed254a165136be512ea36f7635ca2e6062fd59bf73a23eb1a4bf5790a390ff6b4e014e3baf0f7f8e7b649e6e50a8985fcff2e6c27cecd
+  data.tar.gz: 65f7d1132b00f9bdcb8b717e08c402a5f6a9a90de5fa07e017b831cbb3ac7b9c11f8869466e3112fea4acddd1699dc495fe30b3234fab06c213ea65dd459c1fd

data/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,20 @@
+---
+name: Bug report
+about: Create a bug report to report a problem
+title: ''
+labels: problem
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps or runnable code to reproduce the problem.
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Additional context**
+Add any other context about the problem here.

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,26 @@
+---
+name: Feature request
+about: Suggest an idea
+title: ''
+labels: ['feature request']
+assignees: ''
+---
+
+**Please consider**
+- Could this feature break backwards-compatibility?
+- Could this feature benefit the many who use Pundit?
+- Could this feature be useful in _most_ projects that use Pundit?
+- Would this feature require Rails?
+- Am I open to creating a Pull Request with the necessary changes?
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of how you'd like to approach solving the problem.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context. Ex. if you've solved this problem in your own projects already, how that worked, and why the feature should be moved and maintained in Pundit instead.

data/.github/PULL_REQUEST_TEMPLATE/gem_release_template.md

@@ -0,0 +1,8 @@
+## To do
+
+- [ ] Make changes:
+  - [ ] Bump `Pundit::VERSION` in `lib/pundit/version.rb`.
+  - [ ] Update `CHANGELOG.md`.
+- [ ] Open pull request 🚀 and merge it.
+- [ ] Run [push gem](https://github.com/varvet/pundit/actions/workflows/push_gem.yml) GitHub Action.
+- [ ] Make an announcement in [Pundit discussions](https://github.com/varvet/pundit/discussions/categories/announcements)

data/.github/pull_request_template.md

@@ -0,0 +1,9 @@
+## To do
+
+- [ ] I have read the [contributing guidelines](https://github.com/varvet/pundit/contribute).
+- [ ] I have added relevant tests.
+- [ ] I have adjusted relevant documentation.
+- [ ] I have made sure the individual commits are meaningful.
+- [ ] I have added relevant lines to the CHANGELOG.
+
+PS: Thank you for contributing to Pundit ❤️

data/.github/workflows/main.yml

@@ -0,0 +1,147 @@
+name: Main
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+env:
+  CC_TEST_REPORTER_ID: "ac477089fe20ab4fc7e0d304cab75f72d73d58a7596d366935d18fcc7d51f8f9"
+
+  # `github.ref` points to the *merge commit* when running tests on a pull request, which will be a commit
+  # that doesn't exists in our code base. Since this workflow triggers from a PR, we use the HEAD SHA instead.
+  #
+  # NOTE: These are both used by Code Climate (cc-test-reporter).
+  GIT_COMMIT_SHA: ${{ github.event.pull_request.head.sha }}
+  GIT_BRANCH: ${{ github.head_ref }}
+
+jobs:
+  matrix-test:
+    runs-on: ubuntu-latest
+    continue-on-error: ${{ matrix.allow-failure || false }}
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby-version:
+          - "3.1"
+          - "3.2"
+          - "3.3"
+          - "jruby-9.3.15"
+          - "jruby"
+        include: # HEAD-versions
+          - ruby-version: "head"
+            allow-failure: true
+          - ruby-version: "jruby-head"
+            allow-failure: true
+          - ruby-version: "truffleruby-head"
+            allow-failure: true
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          rubygems: latest
+          ruby-version: ${{ matrix.ruby-version }}
+          bundler-cache: true
+      - name: Run tests
+        run: bundle exec rspec
+
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          rubygems: latest
+          ruby-version: "ruby"
+          bundler-cache: true
+      - name: "Download cc-test-reporter from codeclimate.com"
+        run: |
+          curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
+          chmod +x ./cc-test-reporter
+      - name: "Report to Code Climate that we will send a coverage report."
+        run: ./cc-test-reporter before-build
+      - name: Run tests
+        run: bundle exec rspec
+        env:
+          COVERAGE: 1
+      - name: Upload coverage results
+        uses: actions/upload-artifact@v4
+        with:
+          include-hidden-files: true
+          name: coverage-results
+          path: coverage
+          retention-days: 1
+      - name: Upload code coverage to Code Climate
+        run: |
+          ./cc-test-reporter after-build \
+            --coverage-input-type simplecov \
+            ./coverage/.resultset.json
+
+  coverage-check:
+    permissions:
+      contents: read
+      checks: write
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Download coverage results
+        uses: actions/download-artifact@v4
+        with:
+          name: coverage-results
+          path: coverage
+      - uses: joshmfrankel/simplecov-check-action@be89e11889202cc59efb14aab2a7091622fa9aad
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          minimum_suite_coverage: 100
+          minimum_file_coverage: 100
+          coverage_json_path: coverage/simplecov-check-action.json
+
+  rubocop:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          rubygems: default
+          ruby-version: "ruby"
+          bundler-cache: false
+      - run: bundle install
+      - name: Run RuboCop
+        run: bundle exec rubocop
+
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          rubygems: default
+          ruby-version: "ruby"
+          bundler-cache: false
+      - run: bundle install
+      - run: rake yard
+
+  required-checks:
+    runs-on: ubuntu-latest
+    if: ${{ always() }}
+    needs:
+      - test
+      - matrix-test
+      - docs
+      - rubocop
+    steps:
+      - name: failure
+        if: ${{ failure() || contains(needs.*.result, 'failure') }}
+        run: exit 1
+      - name: success
+        run: exit 0

data/.github/workflows/push_gem.yml

@@ -0,0 +1,33 @@
+name: Push Gem
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  push:
+    if: github.repository == 'varvet/pundit'
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+      id-token: write
+
+    steps:
+      # Set up
+      - name: Harden Runner
+        uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
+        with:
+          bundler-cache: true
+          ruby-version: ruby
+
+      # Release
+      - uses: rubygems/release-gem@612653d273a73bdae1df8453e090060bb4db5f31 # v1+ unreleased

data/.gitignore

@@ -2,6 +2,7 @@
 *.rbc
 .bundle
 .config
+.coverage
 .yardoc
 Gemfile.lock
 InstalledFiles

data/.rubocop.yml

@@ -1,14 +1,20 @@
+inherit_from: .rubocop_ignore_git.yml
+
 AllCops:
-  DisplayCopNames: true
-  TargetRubyVersion: 2.2
-  Exclude:
-    - "gemfiles/**/*"
-    - "vendor/**/*"
-    - "lib/generators/**/*"
+  TargetRubyVersion: 3.1
+  SuggestExtensions: false
+  NewCops: disable
+
+Gemspec/DeprecatedAttributeAssignment:
+  Enabled: true
+
+Gemspec/DevelopmentDependencies:
+  Enabled: true
 
 Metrics/BlockLength:
   Exclude:
     - "**/*_spec.rb"
+    - pundit.gemspec
 
 Metrics/MethodLength:
   Max: 40
@@ -18,19 +24,13 @@ Metrics/ModuleLength:
   Exclude:
     - "**/*_spec.rb"
 
-Metrics/LineLength:
+Layout/LineLength:
   Max: 120
 
-Metrics/AbcSize:
-  Enabled: false
-
-Metrics/CyclomaticComplexity:
-  Enabled: false
-
-Metrics/PerceivedComplexity:
+Gemspec/RequiredRubyVersion:
   Enabled: false
 
-Layout/AlignParameters:
+Layout/ParameterAlignment:
   EnforcedStyle: with_fixed_indentation
 
 Layout/CaseIndentation:
@@ -40,19 +40,19 @@ Layout/CaseIndentation:
     - end
   IndentOneStep: true
 
-Layout/AccessModifierIndentation:
-  EnforcedStyle: outdent
+Layout/FirstArrayElementIndentation:
+  EnforcedStyle: consistent
+
+Layout/FirstHashElementIndentation:
+  EnforcedStyle: consistent
 
 Layout/EndAlignment:
   EnforcedStyleAlignWith: variable
 
-Style/FrozenStringLiteralComment:
-  Enabled: true
-
 Style/PercentLiteralDelimiters:
   PreferredDelimiters:
-    '%w': "[]"
-    '%W': "[]"
+    "%w": "[]"
+    "%W": "[]"
 
 Style/StringLiterals:
   EnforcedStyle: double_quotes
@@ -63,14 +63,11 @@ Style/StringLiteralsInInterpolation:
 Style/StructInheritance:
   Enabled: false
 
-Style/AndOr:
-  Enabled: false
-
-Style/Not:
-  Enabled: false
-
 Style/DoubleNegation:
   Enabled: false
 
-Documentation:
+Style/Documentation:
   Enabled: false # TODO: Enable again once we have more docs
+
+Style/HashSyntax:
+  EnforcedShorthandSyntax: never

data/.rubocop_ignore_git.yml

@@ -0,0 +1,7 @@
+# This is here so we can keep YAML syntax highlight in the main file.
+AllCops:
+  Exclude:
+    - "lib/generators/**/templates/**/*"
+    <% `git status --ignored --porcelain`.lines.grep(/^!! /).each do |path| %>
+    - <%= path.sub(/^!! /, '').sub(/\/$/, '/**/*') %>
+    <% end %>

data/.yardopts

@@ -1 +1 @@
---api public --hide-void-return --markup markdown
+--no-private --private --protected --hide-void-return --markup markdown --fail-on-warning

data/CHANGELOG.md

@@ -1,12 +1,111 @@
 # Pundit
 
+## Unreleased
+
+## 2.5.0 (2025-03-03)
+
+### Added
+
+- Add `Pundit::Authorization#pundit_reset!` hook to reset the policy and policy scope cache. [#830](https://github.com/varvet/pundit/issues/830)
+- Add links to gemspec. [#845](https://github.com/varvet/pundit/issues/845)
+- Register policies directories for Rails 8 code statistics [#833](https://github.com/varvet/pundit/issues/833)
+- Added an example for how to use pundit with Rails 8 authentication generator [#850](https://github.com/varvet/pundit/issues/850)
+
+### Changed
+
+- Deprecated `Pundit::SUFFIX`, moved it to `Pundit::PolicyFinder::SUFFIX` [#835](https://github.com/varvet/pundit/issues/835)
+- Explicitly require less of `active_support` [#837](https://github.com/varvet/pundit/issues/837)
+- Using `permit` matcher without a surrouding `permissions` block now raises a useful error. [#836](https://github.com/varvet/pundit/issues/836)
+
+### Fixed
+
+- Using a hash as custom cache in `Pundit.authorize` now works as documented. [#838](https://github.com/varvet/pundit/issues/838)
+
+## 2.4.0 (2024-08-26)
+
+### Changed
+
+- Improve the `NotAuthorizedError` message to include the policy class.
+  Furthermore, in the case where the record passed is a class instead of an instance, the class name is given. [#812](https://github.com/varvet/pundit/issues/812)
+
+### Added
+
+- Add customizable permit matcher description [#806](https://github.com/varvet/pundit/issues/806)
+- Add support for filter_run_when_matching :focus with permissions helper. [#820](https://github.com/varvet/pundit/issues/820)
+
+## 2.3.2 (2024-05-08)
+
+- Refactor: First pass of Pundit::Context [#797](https://github.com/varvet/pundit/issues/797)
+
+### Changed
+
+- Update `ApplicationPolicy` generator to qualify the `Scope` class name [#792](https://github.com/varvet/pundit/issues/792)
+- Policy generator uses `NoMethodError` to indicate `#resolve` is not implemented [#776](https://github.com/varvet/pundit/issues/776)
+
+## Deprecated
+
+- Dropped support for Ruby 3.0 [#796](https://github.com/varvet/pundit/issues/796)
+
+## 2.3.1 (2023-07-17)
+
+### Fixed
+
+- Use `Kernel.warn` instead of `ActiveSupport::Deprecation.warn` for deprecations [#764](https://github.com/varvet/pundit/issues/764)
+- Policy generator now works on Ruby 3.2 [#754](https://github.com/varvet/pundit/issues/754)
+
+## 2.3.0 (2022-12-19)
+
+### Added
+
+- add support for rubocop-rspec syntax extensions [#745](https://github.com/varvet/pundit/issues/745)
+
+## 2.2.0 (2022-02-11)
+
+### Fixed
+
+- Using `policy_class` and a namespaced record now passes only the record when instantiating the policy. (#697, #689, #694, #666)
+
+### Changed
+
+- Require users to explicitly define Scope#resolve in generated policies (#711, #722)
+
+### Deprecated
+
+- Deprecate `include Pundit` in favor of `include Pundit::Authorization` [#621](https://github.com/varvet/pundit/issues/621)
+
+## 2.1.1 (2021-08-13)
+
+Friday 13th-release!
+
+Careful! The bugfix below [#626](https://github.com/varvet/pundit/issues/626) could break existing code. If you rely on the
+return value for `authorize` and namespaced policies you might need to do some
+changes.
+
+### Fixed
+
+- `.authorize` and `#authorize` return the instance, even for namespaced
+  policies [#626](https://github.com/varvet/pundit/issues/626)
+
+### Changed
+
+- Generate application scope with `protected` attr_readers. [#616](https://github.com/varvet/pundit/issues/616)
+
+### Removed
+
+- Dropped support for Ruby end-of-life versions: 2.1 and 2.2. [#604](https://github.com/varvet/pundit/issues/604)
+- Dropped support for Ruby end-of-life versions: 2.3 [#633](https://github.com/varvet/pundit/issues/633)
+- Dropped support for Ruby end-of-life versions: 2.4, 2.5 and JRuby 9.1 [#676](https://github.com/varvet/pundit/issues/676)
+- Dropped support for RSpec 2 [#615](https://github.com/varvet/pundit/issues/615)
+
+## 2.1.0 (2019-08-14)
+
 ### Fixed
 
-- Avoid name clashes with the Error class. (#590)
+- Avoid name clashes with the Error class. [#590](https://github.com/varvet/pundit/issues/590)
 
 ### Changed
 
-- Return a safer default NotAuthorizedError message. (#583)
+- Return a safer default NotAuthorizedError message. [#583](https://github.com/varvet/pundit/issues/583)
 
 ## 2.0.1 (2019-01-18)
 
@@ -16,8 +115,8 @@ None
 
 ### Other changes
 
-- Improve exception handling for `#policy_scope` and `#policy_scope!`. (#550)
-- Add `:policy` metadata to RSpec template. (#566)
+- Improve exception handling for `#policy_scope` and `#policy_scope!`. [#550](https://github.com/varvet/pundit/issues/550)
+- Add `:policy` metadata to RSpec template. [#566](https://github.com/varvet/pundit/issues/566)
 
 ## 2.0.0 (2018-07-21)
 
@@ -27,20 +126,20 @@ No changes since beta1
 
 ### Breaking changes
 
-- Only pass last element of "namespace array" to policy and scope. (#529)
-- Raise `InvalidConstructorError` if a policy or policy scope with an invalid constructor is called. (#462)
-- Return passed object from `#authorize` method to make chaining possible. (#385)
+- Only pass last element of "namespace array" to policy and scope. [#529](https://github.com/varvet/pundit/issues/529)
+- Raise `InvalidConstructorError` if a policy or policy scope with an invalid constructor is called. [#462](https://github.com/varvet/pundit/issues/462)
+- Return passed object from `#authorize` method to make chaining possible. [#385](https://github.com/varvet/pundit/issues/385)
 
 ### Other changes
 
-- Add `policy_class` option to `authorize` to be able to override the policy. (#441)
-- Add `policy_scope_class` option to `authorize` to be able to override the policy scope. (#441)
-- Fix `param_key` issue when passed an array. (#529)
-- Allow specification of a `NilClassPolicy`. (#525)
-- Make sure `policy_class` override is called when passed an array. (#475)
+- Add `policy_class` option to `authorize` to be able to override the policy. [#441](https://github.com/varvet/pundit/issues/441)
+- Add `policy_scope_class` option to `authorize` to be able to override the policy scope. [#441](https://github.com/varvet/pundit/issues/441)
+- Fix `param_key` issue when passed an array. [#529](https://github.com/varvet/pundit/issues/529)
+- Allow specification of a `NilClassPolicy`. [#525](https://github.com/varvet/pundit/issues/525)
+- Make sure `policy_class` override is called when passed an array. [#475](https://github.com/varvet/pundit/issues/475)
 
-- Use `action_name` instead of `params[:action]`. (#419)
-- Add `pundit_params_for` method to make it easy to customize params fetching. (#502)
+- Use `action_name` instead of `params[:action]`. [#419](https://github.com/varvet/pundit/issues/419)
+- Add `pundit_params_for` method to make it easy to customize params fetching. [#502](https://github.com/varvet/pundit/issues/502)
 
 ## 1.1.0 (2016-01-14)
 
@@ -72,16 +171,16 @@ No changes since beta1
 
 ## 0.3.0 (2014-08-22)
 
-- Extend the default `ApplicationPolicy` with an `ApplicationPolicy::Scope` (#120)
-- Fix RSpec 3 deprecation warnings for built-in matchers (#162)
-- Generate blank policy spec/test files for Rspec/MiniTest/Test::Unit in Rails (#138)
+- Extend the default `ApplicationPolicy` with an `ApplicationPolicy::Scope` [#120](https://github.com/varvet/pundit/issues/120)
+- Fix RSpec 3 deprecation warnings for built-in matchers [#162](https://github.com/varvet/pundit/issues/162)
+- Generate blank policy spec/test files for Rspec/MiniTest/Test::Unit in Rails [#138](https://github.com/varvet/pundit/issues/138)
 
 ## 0.2.3 (2014-04-06)
 
-- Customizable error messages: `#query`, `#record` and `#policy` methods on `Pundit::NotAuthorizedError` (#114)
-- Raise a different `Pundit::AuthorizationNotPerformedError` when `authorize` call is expected in controller action but missing (#109)
-- Update Rspec matchers for Rspec 3 (#124)
+- Customizable error messages: `#query`, `#record` and `#policy` methods on `Pundit::NotAuthorizedError` [#114](https://github.com/varvet/pundit/issues/114)
+- Raise a different `Pundit::AuthorizationNotPerformedError` when `authorize` call is expected in controller action but missing [#109](https://github.com/varvet/pundit/issues/109)
+- Update Rspec matchers for Rspec 3 [#124](https://github.com/varvet/pundit/issues/124)
 
 ## 0.2.2 (2014-02-07)
 
-- Customize the user to be passed into policies: `pundit_user` (#42)
+- Customize the user to be passed into policies: `pundit_user` [#42](https://github.com/varvet/pundit/issues/42)

data/CODE_OF_CONDUCT.md

@@ -25,4 +25,4 @@ maintainers.
 
 This Code of Conduct is adapted from the [Contributor
 Covenant](http:contributor-covenant.org), version 1.0.0, available at
-[http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)
+[https://contributor-covenant.org/version/1/0/0/](https://contributor-covenant.org/version/1/0/0/)

data/CONTRIBUTING.md

@@ -1,9 +1,6 @@
 ## Security issues
 
-If you have found a security related issue, please do not file an issue on
-GitHub or send a PR addressing the issue. Contact
-[Jonas](mailto:jonas.nicklas@gmail.com) directly. You will be given public
-credit for your disclosure.
+If you have found a security related issue, please do not file an issue on GitHub or send a PR addressing the issue. Refer to [SECURITY.md](./SECURITY.md) for instructions.
 
 ## Reporting issues
 
@@ -23,7 +20,7 @@ Pundit version, OS version and any stack traces you have are very valuable.
 - **Document any change in behaviour**. Make sure the README and any other
   relevant documentation are kept up-to-date.
 
-- **Create topic branches**. Please don't ask us to pull from your master branch.
+- **Create topic branches**. Please don't ask us to pull from your main branch.
 
 - **One pull request per feature**. If you want to do more than one thing, send
   multiple pull requests.
@@ -31,3 +28,4 @@ Pundit version, OS version and any stack traces you have are very valuable.
 - **Send coherent history**. Make sure each individual commit in your pull
   request is meaningful. If you had to make multiple intermediate commits while
   developing, please squash them before sending them to us.
+- **Update the CHANGELOG.** Don't forget to add your new changes to the CHANGELOG.

data/Gemfile

@@ -2,6 +2,27 @@
 
 source "https://rubygems.org"
 
-ruby RUBY_VERSION
-
 gemspec
+
+# Rails-related - for testing purposes
+gem "actionpack", ">= 3.0.0" # Used to test strong parameters
+gem "activemodel", ">= 3.0.0" # Used to test ActiveModel::Naming
+gem "railties", ">= 3.0.0" # Used to test generators
+
+# Testing
+gem "rspec", ">= 3.0.0"
+gem "simplecov", ">= 0.17.0"
+
+# Development tools
+gem "bundler"
+gem "rake"
+gem "rubocop"
+gem "rubocop-performance"
+gem "rubocop-rspec"
+gem "yard"
+gem "zeitwerk"
+
+# Affects us on JRuby 9.3.15.
+#
+# @see https://github.com/rails/rails/issues/54260
+gem "logger"