pundit 2.2.0 → 2.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/pull_request_template.md +9 -0
- data/.travis.yml +2 -1
- data/CHANGELOG.md +17 -0
- data/CONTRIBUTING.md +1 -4
- data/README.md +33 -33
- data/SECURITY.md +19 -0
- data/config/rubocop-rspec.yml +5 -0
- data/lib/generators/rspec/templates/policy_spec.rb +1 -1
- data/lib/pundit/version.rb +1 -1
- data/lib/pundit.rb +3 -1
- data/pundit.gemspec +3 -1
- data/spec/pundit_spec.rb +4 -8
- metadata +9 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b5c9e118c59bc3a683734817ac6fb9036a2b909df7abce2dbbdc00fc16aebdf7
|
4
|
+
data.tar.gz: 843cc1b7652e88d598a37a28f93bf13c41710bf3dddefeb96acf74e659279581
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f2430ece33471f7a321a124aeafab7dbc3be4688fbda581b758d90649f4ae06d0cbaf86df768e881d0a2f1c0ab55581cb5dc0f1d3012ab7611b2fd81b8a0f321
|
7
|
+
data.tar.gz: 3432cc545ca5139cfcd7e1fc26a17d0882c11de71a3c6949c1d1da232183eba495de18aa06b64462c1233b820099788b43feeb0e9b439911bc9761dc7bd1e141
|
@@ -0,0 +1,9 @@
|
|
1
|
+
## To do
|
2
|
+
|
3
|
+
- [ ] I have read the [contributing guidelines](https://github.com/varvet/pundit/contribute).
|
4
|
+
- [ ] I have added relevant tests.
|
5
|
+
- [ ] I have adjusted relevant documentation.
|
6
|
+
- [ ] I have made sure the individual commits are meaningful.
|
7
|
+
- [ ] I have added relevant lines to the CHANGELOG.
|
8
|
+
|
9
|
+
PS: Thank you for contributing to Pundit ❤️
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,22 @@
|
|
1
1
|
# Pundit
|
2
2
|
|
3
|
+
## Unreleased
|
4
|
+
|
5
|
+
Nothing.
|
6
|
+
|
7
|
+
## 2.3.1 (2023-07-17)
|
8
|
+
|
9
|
+
### Fixed
|
10
|
+
|
11
|
+
- Use `Kernel.warn` instead of `ActiveSupport::Deprecation.warn` for deprecations (#764)
|
12
|
+
- Policy generator now works on Ruby 3.2 (#754)
|
13
|
+
|
14
|
+
## 2.3.0 (2022-12-19)
|
15
|
+
|
16
|
+
### Added
|
17
|
+
|
18
|
+
- add support for rubocop-rspec syntax extensions (#745)
|
19
|
+
|
3
20
|
## 2.2.0 (2022-02-11)
|
4
21
|
|
5
22
|
### Fixed
|
data/CONTRIBUTING.md
CHANGED
@@ -1,9 +1,6 @@
|
|
1
1
|
## Security issues
|
2
2
|
|
3
|
-
If you have found a security related issue, please do not file an issue on
|
4
|
-
GitHub or send a PR addressing the issue. Contact
|
5
|
-
[Jonas](mailto:jonas.nicklas@gmail.com) directly. You will be given public
|
6
|
-
credit for your disclosure.
|
3
|
+
If you have found a security related issue, please do not file an issue on GitHub or send a PR addressing the issue. Refer to [SECURITY.md](./SECURITY.md) for instructions.
|
7
4
|
|
8
5
|
## Reporting issues
|
9
6
|
|
data/README.md
CHANGED
@@ -1,12 +1,12 @@
|
|
1
1
|
# Pundit
|
2
2
|
|
3
|
-
[![Build Status](https://
|
3
|
+
[![Build Status](https://app.travis-ci.com/varvet/pundit.svg?branch=main)](https://app.travis-ci.com/varvet/pundit)
|
4
4
|
[![Code Climate](https://codeclimate.com/github/varvet/pundit.svg)](https://codeclimate.com/github/varvet/pundit)
|
5
5
|
[![Inline docs](http://inch-ci.org/github/varvet/pundit.svg?branch=master)](http://inch-ci.org/github/varvet/pundit)
|
6
6
|
[![Gem Version](https://badge.fury.io/rb/pundit.svg)](http://badge.fury.io/rb/pundit)
|
7
7
|
|
8
8
|
Pundit provides a set of helpers which guide you in leveraging regular Ruby
|
9
|
-
classes and object oriented design patterns to build a
|
9
|
+
classes and object oriented design patterns to build a straightforward, robust, and
|
10
10
|
scalable authorization system.
|
11
11
|
|
12
12
|
Links:
|
@@ -24,8 +24,8 @@ Sponsored by:
|
|
24
24
|
|
25
25
|
> **Please note** that the README on GitHub is accurate with the _latest code on GitHub_. You are most likely using a released version of Pundit, so please refer to the [documentation for the latest released version of Pundit](https://www.rubydoc.info/gems/pundit).
|
26
26
|
|
27
|
-
```
|
28
|
-
|
27
|
+
``` sh
|
28
|
+
bundle add pundit
|
29
29
|
```
|
30
30
|
|
31
31
|
Include `Pundit::Authorization` in your application controller:
|
@@ -49,8 +49,8 @@ can pick up any classes in the new `app/policies/` directory.
|
|
49
49
|
## Policies
|
50
50
|
|
51
51
|
Pundit is focused around the notion of policy classes. We suggest that you put
|
52
|
-
these classes in `app/policies`. This is
|
53
|
-
|
52
|
+
these classes in `app/policies`. This is an example that allows updating a post
|
53
|
+
if the user is an admin, or if the post is unpublished:
|
54
54
|
|
55
55
|
``` ruby
|
56
56
|
class PostPolicy
|
@@ -67,7 +67,7 @@ class PostPolicy
|
|
67
67
|
end
|
68
68
|
```
|
69
69
|
|
70
|
-
As you can see, this is
|
70
|
+
As you can see, this is a plain Ruby class. Pundit makes the following
|
71
71
|
assumptions about this class:
|
72
72
|
|
73
73
|
- The class has the same name as some kind of model class, only suffixed
|
@@ -199,7 +199,7 @@ you can retrieve it by passing a symbol.
|
|
199
199
|
class DashboardPolicy
|
200
200
|
attr_reader :user
|
201
201
|
|
202
|
-
# _record in this example will
|
202
|
+
# `_record` in this example will be :dashboard
|
203
203
|
def initialize(user, _record)
|
204
204
|
@user = user
|
205
205
|
end
|
@@ -211,7 +211,7 @@ end
|
|
211
211
|
```
|
212
212
|
|
213
213
|
Note that the headless policy still needs to accept two arguments. The
|
214
|
-
second argument will
|
214
|
+
second argument will be the symbol `:dashboard` in this case, which
|
215
215
|
is what is passed as the record to `authorize` below.
|
216
216
|
|
217
217
|
```ruby
|
@@ -374,7 +374,7 @@ these filters without affecting how your app works in any way.**
|
|
374
374
|
|
375
375
|
Some people have found this feature confusing, while many others
|
376
376
|
find it extremely helpful. If you fall into the category of people who find it
|
377
|
-
confusing then you do not need to use it. Pundit will work
|
377
|
+
confusing then you do not need to use it. Pundit will work fine without
|
378
378
|
using `verify_authorized` and `verify_policy_scoped`.
|
379
379
|
|
380
380
|
### Conditional verification
|
@@ -419,20 +419,13 @@ class Post
|
|
419
419
|
end
|
420
420
|
```
|
421
421
|
|
422
|
-
##
|
422
|
+
## Plain old Ruby
|
423
423
|
|
424
|
-
|
425
|
-
yourself. It's a very small library, it just provides a few neat helpers.
|
426
|
-
Together these give you the power of building a well structured, fully working
|
427
|
-
authorization system without using any special DSLs or funky syntax or
|
428
|
-
anything.
|
424
|
+
Pundit is a very small library on purpose, and it doesn't do anything you can't do yourself. There's no secret sauce here. It does as little as possible, and then gets out of your way.
|
429
425
|
|
430
|
-
|
431
|
-
|
432
|
-
Encapsulate a set of permissions into a module and include them in multiple
|
433
|
-
policies. Use `alias_method` to make some permissions behave the same as
|
434
|
-
others. Inherit from a base set of permissions. Use metaprogramming if you
|
435
|
-
really have to.
|
426
|
+
With the few but powerful helpers available in Pundit, you have the power to build a well structured, fully working authorization system without using any special DSLs or funky syntax.
|
427
|
+
|
428
|
+
Remember that all of the policy and scope classes are plain Ruby classes, which means you can use the same mechanisms you always use to DRY things up. Encapsulate a set of permissions into a module and include them in multiple policies. Use `alias_method` to make some permissions behave the same as others. Inherit from a base set of permissions. Use metaprogramming if you really have to.
|
436
429
|
|
437
430
|
## Generator
|
438
431
|
|
@@ -512,7 +505,7 @@ class ApplicationController < ActionController::Base
|
|
512
505
|
|
513
506
|
def user_not_authorized
|
514
507
|
flash[:alert] = "You are not authorized to perform this action."
|
515
|
-
|
508
|
+
redirect_back(fallback_location: root_path)
|
516
509
|
end
|
517
510
|
end
|
518
511
|
```
|
@@ -541,7 +534,7 @@ class ApplicationController < ActionController::Base
|
|
541
534
|
policy_name = exception.policy.class.to_s.underscore
|
542
535
|
|
543
536
|
flash[:error] = t "#{policy_name}.#{exception.query}", scope: "pundit", default: :default
|
544
|
-
|
537
|
+
redirect_back(fallback_location: root_path)
|
545
538
|
end
|
546
539
|
end
|
547
540
|
```
|
@@ -555,8 +548,7 @@ en:
|
|
555
548
|
create?: 'You cannot create posts!'
|
556
549
|
```
|
557
550
|
|
558
|
-
|
559
|
-
your error messaging.
|
551
|
+
This is an example. Pundit is agnostic as to how you implement your error messaging.
|
560
552
|
|
561
553
|
## Manually retrieving policies and scopes
|
562
554
|
|
@@ -578,9 +570,7 @@ those without the bang will return nil.
|
|
578
570
|
|
579
571
|
## Customize Pundit user
|
580
572
|
|
581
|
-
|
582
|
-
`current_user` is not the method that should be invoked by Pundit. Simply
|
583
|
-
define a method in your controller called `pundit_user`.
|
573
|
+
On occasion, your controller may be unable to access `current_user`, or the method that should be invoked by Pundit may not be `current_user`. To address this, you can define a method in your controller named `pundit_user`.
|
584
574
|
|
585
575
|
```ruby
|
586
576
|
def pundit_user
|
@@ -692,7 +682,7 @@ You can now retrieve these attributes from the policy:
|
|
692
682
|
class PostsController < ApplicationController
|
693
683
|
def update
|
694
684
|
@post = Post.find(params[:id])
|
695
|
-
if @post.
|
685
|
+
if @post.update(post_params)
|
696
686
|
redirect_to @post
|
697
687
|
else
|
698
688
|
render :edit
|
@@ -714,7 +704,7 @@ However, this is a bit cumbersome, so Pundit provides a convenient helper method
|
|
714
704
|
class PostsController < ApplicationController
|
715
705
|
def update
|
716
706
|
@post = Post.find(params[:id])
|
717
|
-
if @post.
|
707
|
+
if @post.update(permitted_attributes(@post))
|
718
708
|
redirect_to @post
|
719
709
|
else
|
720
710
|
render :edit
|
@@ -796,11 +786,21 @@ end
|
|
796
786
|
```
|
797
787
|
|
798
788
|
An alternative approach to Pundit policy specs is scoping them to a user context as outlined in this
|
799
|
-
[excellent post](http://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/) and implemented in the third party [pundit-matchers](https://github.com/
|
789
|
+
[excellent post](http://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/) and implemented in the third party [pundit-matchers](https://github.com/punditcommunity/pundit-matchers) gem.
|
800
790
|
|
801
791
|
### Scope Specs
|
802
792
|
|
803
|
-
Pundit does not provide a DSL for testing scopes.
|
793
|
+
Pundit does not provide a DSL for testing scopes. Test them like you would a regular Ruby class!
|
794
|
+
|
795
|
+
### Linting with RuboCop RSpec
|
796
|
+
|
797
|
+
When you lint your RSpec spec files with `rubocop-rspec`, it will fail to properly detect RSpec constructs that Pundit defines, `permissions`.
|
798
|
+
Make sure to use `rubocop-rspec` 2.0 or newer and add the following to your `.rubocop.yml`:
|
799
|
+
|
800
|
+
```yaml
|
801
|
+
inherit_gem:
|
802
|
+
pundit: config/rubocop-rspec.yml
|
803
|
+
```
|
804
804
|
|
805
805
|
# External Resources
|
806
806
|
|
data/SECURITY.md
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
# Security Policy
|
2
|
+
|
3
|
+
Please do not file an issue on GitHub, or send a PR addressing the issue.
|
4
|
+
|
5
|
+
## Supported versions
|
6
|
+
|
7
|
+
Most recent major version only.
|
8
|
+
|
9
|
+
## Reporting a vulnerability
|
10
|
+
|
11
|
+
Contact one of the maintainers directly:
|
12
|
+
|
13
|
+
* [@Burgestrand](https://github.com/Burgestrand)
|
14
|
+
* [@dgmstuart](https://github.com/dgmstuart)
|
15
|
+
* [@varvet](https://github.com/varvet)
|
16
|
+
|
17
|
+
You can report vulnerabilities on GitHub too: https://github.com/varvet/pundit/security
|
18
|
+
|
19
|
+
Thank you!
|
data/lib/pundit/version.rb
CHANGED
data/lib/pundit.rb
CHANGED
@@ -55,8 +55,10 @@ module Pundit
|
|
55
55
|
class NotDefinedError < Error; end
|
56
56
|
|
57
57
|
def self.included(base)
|
58
|
-
|
58
|
+
location = caller_locations(1, 1).first
|
59
|
+
warn <<~WARNING
|
59
60
|
'include Pundit' is deprecated. Please use 'include Pundit::Authorization' instead.
|
61
|
+
(called from #{location.label} at #{location.path}:#{location.lineno})
|
60
62
|
WARNING
|
61
63
|
base.include Authorization
|
62
64
|
end
|
data/pundit.gemspec
CHANGED
@@ -8,7 +8,7 @@ Gem::Specification.new do |gem|
|
|
8
8
|
gem.name = "pundit"
|
9
9
|
gem.version = Pundit::VERSION
|
10
10
|
gem.authors = ["Jonas Nicklas", "Varvet AB"]
|
11
|
-
gem.email = ["jonas.nicklas@gmail.com", "
|
11
|
+
gem.email = ["jonas.nicklas@gmail.com", "info@varvet.com"]
|
12
12
|
gem.description = "Object oriented authorization for Rails applications"
|
13
13
|
gem.summary = "OO authorization for Rails"
|
14
14
|
gem.homepage = "https://github.com/varvet/pundit"
|
@@ -19,6 +19,8 @@ Gem::Specification.new do |gem|
|
|
19
19
|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
20
20
|
gem.require_paths = ["lib"]
|
21
21
|
|
22
|
+
gem.metadata = { "rubygems_mfa_required" => "true" }
|
23
|
+
|
22
24
|
gem.add_dependency "activesupport", ">= 3.0.0"
|
23
25
|
gem.add_development_dependency "actionpack", ">= 3.0.0"
|
24
26
|
gem.add_development_dependency "activemodel", ">= 3.0.0"
|
data/spec/pundit_spec.rb
CHANGED
@@ -399,22 +399,18 @@ RSpec.describe Pundit do
|
|
399
399
|
it "includes Authorization module" do
|
400
400
|
klass = Class.new
|
401
401
|
|
402
|
-
|
402
|
+
expect do
|
403
403
|
klass.include Pundit
|
404
|
-
end
|
404
|
+
end.to output.to_stderr
|
405
405
|
|
406
406
|
expect(klass).to include Pundit::Authorization
|
407
407
|
end
|
408
408
|
|
409
409
|
it "warns about deprecation" do
|
410
410
|
klass = Class.new
|
411
|
-
|
412
|
-
|
413
|
-
ActiveSupport::Deprecation.silence do
|
411
|
+
expect do
|
414
412
|
klass.include Pundit
|
415
|
-
end
|
416
|
-
|
417
|
-
expect(ActiveSupport::Deprecation).to have_received(:warn).with start_with("'include Pundit' is deprecated")
|
413
|
+
end.to output(a_string_starting_with("'include Pundit' is deprecated")).to_stderr
|
418
414
|
end
|
419
415
|
end
|
420
416
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pundit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jonas Nicklas
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2023-07-17 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activesupport
|
@@ -168,11 +168,12 @@ dependencies:
|
|
168
168
|
description: Object oriented authorization for Rails applications
|
169
169
|
email:
|
170
170
|
- jonas.nicklas@gmail.com
|
171
|
-
-
|
171
|
+
- info@varvet.com
|
172
172
|
executables: []
|
173
173
|
extensions: []
|
174
174
|
extra_rdoc_files: []
|
175
175
|
files:
|
176
|
+
- ".github/pull_request_template.md"
|
176
177
|
- ".gitignore"
|
177
178
|
- ".rubocop.yml"
|
178
179
|
- ".travis.yml"
|
@@ -184,6 +185,8 @@ files:
|
|
184
185
|
- LICENSE.txt
|
185
186
|
- README.md
|
186
187
|
- Rakefile
|
188
|
+
- SECURITY.md
|
189
|
+
- config/rubocop-rspec.yml
|
187
190
|
- lib/generators/pundit/install/USAGE
|
188
191
|
- lib/generators/pundit/install/install_generator.rb
|
189
192
|
- lib/generators/pundit/install/templates/application_policy.rb
|
@@ -209,7 +212,8 @@ files:
|
|
209
212
|
homepage: https://github.com/varvet/pundit
|
210
213
|
licenses:
|
211
214
|
- MIT
|
212
|
-
metadata:
|
215
|
+
metadata:
|
216
|
+
rubygems_mfa_required: 'true'
|
213
217
|
post_install_message:
|
214
218
|
rdoc_options: []
|
215
219
|
require_paths:
|
@@ -225,7 +229,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
225
229
|
- !ruby/object:Gem::Version
|
226
230
|
version: '0'
|
227
231
|
requirements: []
|
228
|
-
rubygems_version: 3.
|
232
|
+
rubygems_version: 3.4.10
|
229
233
|
signing_key:
|
230
234
|
specification_version: 4
|
231
235
|
summary: OO authorization for Rails
|