pundit 2.3.0 → 2.3.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/PULL_REQUEST_TEMPLATE/gem_release_template.md +8 -0
- data/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md +9 -0
- data/.github/workflows/main.yml +107 -0
- data/.github/workflows/push_gem.yml +33 -0
- data/.rubocop.yml +7 -16
- data/CHANGELOG.md +22 -0
- data/CONTRIBUTING.md +2 -5
- data/Gemfile +3 -2
- data/README.md +26 -38
- data/SECURITY.md +19 -0
- data/lib/generators/pundit/install/templates/application_policy.rb +1 -1
- data/lib/generators/pundit/policy/templates/policy.rb +7 -1
- data/lib/generators/rspec/templates/policy_spec.rb +1 -1
- data/lib/pundit/authorization.rb +12 -4
- data/lib/pundit/cache_store/legacy_store.rb +17 -0
- data/lib/pundit/cache_store/null_store.rb +18 -0
- data/lib/pundit/context.rb +127 -0
- data/lib/pundit/policy_finder.rb +1 -1
- data/lib/pundit/version.rb +1 -1
- data/lib/pundit.rb +24 -88
- data/pundit.gemspec +4 -2
- data/spec/authorization_spec.rb +22 -6
- data/spec/generators_spec.rb +1 -1
- data/spec/pundit_spec.rb +14 -10
- data/spec/spec_helper.rb +112 -35
- metadata +21 -13
- data/.travis.yml +0 -26
data/spec/spec_helper.rb
CHANGED
@@ -1,8 +1,10 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
3
|
+
if ENV["COVERAGE"]
|
4
|
+
require "simplecov"
|
5
|
+
SimpleCov.start do
|
6
|
+
add_filter "/spec/"
|
7
|
+
end
|
6
8
|
end
|
7
9
|
|
8
10
|
require "pundit"
|
@@ -16,13 +18,56 @@ require "active_support/core_ext"
|
|
16
18
|
require "active_model/naming"
|
17
19
|
require "action_controller/metal/strong_parameters"
|
18
20
|
|
19
|
-
|
20
|
-
|
21
|
+
module InstanceTracking
|
22
|
+
module ClassMethods
|
23
|
+
def instances
|
24
|
+
@instances || 0
|
25
|
+
end
|
26
|
+
|
27
|
+
attr_writer :instances
|
28
|
+
end
|
29
|
+
|
30
|
+
def self.prepended(other)
|
31
|
+
other.extend(ClassMethods)
|
32
|
+
end
|
33
|
+
|
34
|
+
def initialize(*args, **kwargs, &block)
|
35
|
+
self.class.instances += 1
|
36
|
+
super(*args, **kwargs, &block)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
class BasePolicy
|
41
|
+
prepend InstanceTracking
|
42
|
+
|
43
|
+
class BaseScope
|
44
|
+
prepend InstanceTracking
|
45
|
+
|
46
|
+
def initialize(user, scope)
|
47
|
+
@user = user
|
48
|
+
@scope = scope
|
49
|
+
end
|
50
|
+
|
51
|
+
attr_reader :user, :scope
|
52
|
+
end
|
53
|
+
|
54
|
+
def initialize(user, record)
|
55
|
+
@user = user
|
56
|
+
@record = record
|
57
|
+
end
|
58
|
+
|
59
|
+
attr_reader :user, :record
|
60
|
+
end
|
61
|
+
|
62
|
+
class PostPolicy < BasePolicy
|
63
|
+
class Scope < BaseScope
|
21
64
|
def resolve
|
22
65
|
scope.published
|
23
66
|
end
|
24
67
|
end
|
25
68
|
|
69
|
+
alias post record
|
70
|
+
|
26
71
|
def update?
|
27
72
|
post.user == user
|
28
73
|
end
|
@@ -48,7 +93,13 @@ class PostPolicy < Struct.new(:user, :post)
|
|
48
93
|
end
|
49
94
|
end
|
50
95
|
|
51
|
-
class Post
|
96
|
+
class Post
|
97
|
+
def initialize(user = nil)
|
98
|
+
@user = user
|
99
|
+
end
|
100
|
+
|
101
|
+
attr_reader :user
|
102
|
+
|
52
103
|
def self.published
|
53
104
|
:published
|
54
105
|
end
|
@@ -67,7 +118,7 @@ class Post < Struct.new(:user)
|
|
67
118
|
end
|
68
119
|
|
69
120
|
module Customer
|
70
|
-
class Post < Post
|
121
|
+
class Post < ::Post
|
71
122
|
def model_name
|
72
123
|
OpenStruct.new(param_key: "customer_post")
|
73
124
|
end
|
@@ -90,16 +141,18 @@ class CommentScope
|
|
90
141
|
end
|
91
142
|
end
|
92
143
|
|
93
|
-
class CommentPolicy <
|
94
|
-
class Scope <
|
144
|
+
class CommentPolicy < BasePolicy
|
145
|
+
class Scope < BaseScope
|
95
146
|
def resolve
|
96
147
|
CommentScope.new(scope)
|
97
148
|
end
|
98
149
|
end
|
150
|
+
|
151
|
+
alias comment record
|
99
152
|
end
|
100
153
|
|
101
|
-
class PublicationPolicy <
|
102
|
-
class Scope <
|
154
|
+
class PublicationPolicy < BasePolicy
|
155
|
+
class Scope < BaseScope
|
103
156
|
def resolve
|
104
157
|
scope.published
|
105
158
|
end
|
@@ -130,7 +183,9 @@ end
|
|
130
183
|
|
131
184
|
class Article; end
|
132
185
|
|
133
|
-
class BlogPolicy <
|
186
|
+
class BlogPolicy < BasePolicy
|
187
|
+
alias blog record
|
188
|
+
end
|
134
189
|
|
135
190
|
class Blog; end
|
136
191
|
|
@@ -140,7 +195,7 @@ class ArtificialBlog < Blog
|
|
140
195
|
end
|
141
196
|
end
|
142
197
|
|
143
|
-
class ArticleTagOtherNamePolicy <
|
198
|
+
class ArticleTagOtherNamePolicy < BasePolicy
|
144
199
|
def show?
|
145
200
|
true
|
146
201
|
end
|
@@ -148,6 +203,8 @@ class ArticleTagOtherNamePolicy < Struct.new(:user, :tag)
|
|
148
203
|
def destroy?
|
149
204
|
false
|
150
205
|
end
|
206
|
+
|
207
|
+
alias tag record
|
151
208
|
end
|
152
209
|
|
153
210
|
class ArticleTag
|
@@ -156,33 +213,41 @@ class ArticleTag
|
|
156
213
|
end
|
157
214
|
end
|
158
215
|
|
159
|
-
class CriteriaPolicy <
|
216
|
+
class CriteriaPolicy < BasePolicy
|
217
|
+
alias criteria record
|
218
|
+
end
|
160
219
|
|
161
220
|
module Project
|
162
|
-
class CommentPolicy <
|
163
|
-
|
164
|
-
true
|
165
|
-
end
|
166
|
-
|
167
|
-
class Scope < Struct.new(:user, :scope)
|
221
|
+
class CommentPolicy < BasePolicy
|
222
|
+
class Scope < BaseScope
|
168
223
|
def resolve
|
169
224
|
scope
|
170
225
|
end
|
171
226
|
end
|
227
|
+
|
228
|
+
def update?
|
229
|
+
true
|
230
|
+
end
|
231
|
+
|
232
|
+
alias comment record
|
172
233
|
end
|
173
234
|
|
174
|
-
class CriteriaPolicy <
|
235
|
+
class CriteriaPolicy < BasePolicy
|
236
|
+
alias criteria record
|
237
|
+
end
|
175
238
|
|
176
|
-
class PostPolicy <
|
177
|
-
class Scope <
|
239
|
+
class PostPolicy < BasePolicy
|
240
|
+
class Scope < BaseScope
|
178
241
|
def resolve
|
179
242
|
scope.read
|
180
243
|
end
|
181
244
|
end
|
245
|
+
|
246
|
+
alias post record
|
182
247
|
end
|
183
248
|
|
184
249
|
module Admin
|
185
|
-
class CommentPolicy <
|
250
|
+
class CommentPolicy < BasePolicy
|
186
251
|
def update?
|
187
252
|
true
|
188
253
|
end
|
@@ -194,7 +259,7 @@ module Project
|
|
194
259
|
end
|
195
260
|
end
|
196
261
|
|
197
|
-
class DenierPolicy <
|
262
|
+
class DenierPolicy < BasePolicy
|
198
263
|
def update?
|
199
264
|
false
|
200
265
|
end
|
@@ -216,7 +281,7 @@ class Controller
|
|
216
281
|
end
|
217
282
|
end
|
218
283
|
|
219
|
-
class NilClassPolicy <
|
284
|
+
class NilClassPolicy < BasePolicy
|
220
285
|
class Scope
|
221
286
|
def initialize(*)
|
222
287
|
raise Pundit::NotDefinedError, "Cannot scope NilClass"
|
@@ -245,8 +310,8 @@ class Thread
|
|
245
310
|
def self.all; end
|
246
311
|
end
|
247
312
|
|
248
|
-
class ThreadPolicy <
|
249
|
-
class Scope <
|
313
|
+
class ThreadPolicy < BasePolicy
|
314
|
+
class Scope < BaseScope
|
250
315
|
def resolve
|
251
316
|
# deliberate wrong useage of the method
|
252
317
|
scope.all(:unvalid, :parameters)
|
@@ -254,22 +319,34 @@ class ThreadPolicy < Struct.new(:user, :thread)
|
|
254
319
|
end
|
255
320
|
end
|
256
321
|
|
257
|
-
class PostFourFiveSix
|
322
|
+
class PostFourFiveSix
|
323
|
+
def initialize(user)
|
324
|
+
@user = user
|
325
|
+
end
|
326
|
+
|
327
|
+
attr_reader(:user)
|
328
|
+
end
|
258
329
|
|
259
330
|
class CommentFourFiveSix; extend ActiveModel::Naming; end
|
260
331
|
|
261
332
|
module ProjectOneTwoThree
|
262
|
-
class CommentFourFiveSixPolicy <
|
333
|
+
class CommentFourFiveSixPolicy < BasePolicy; end
|
263
334
|
|
264
|
-
class CriteriaFourFiveSixPolicy <
|
335
|
+
class CriteriaFourFiveSixPolicy < BasePolicy; end
|
265
336
|
|
266
|
-
class PostFourFiveSixPolicy <
|
337
|
+
class PostFourFiveSixPolicy < BasePolicy; end
|
267
338
|
|
268
|
-
class TagFourFiveSix
|
339
|
+
class TagFourFiveSix
|
340
|
+
def initialize(user)
|
341
|
+
@user = user
|
342
|
+
end
|
343
|
+
|
344
|
+
attr_reader(:user)
|
345
|
+
end
|
269
346
|
|
270
|
-
class TagFourFiveSixPolicy <
|
347
|
+
class TagFourFiveSixPolicy < BasePolicy; end
|
271
348
|
|
272
349
|
class AvatarFourFiveSix; extend ActiveModel::Naming; end
|
273
350
|
|
274
|
-
class AvatarFourFiveSixPolicy <
|
351
|
+
class AvatarFourFiveSixPolicy < BasePolicy; end
|
275
352
|
end
|
metadata
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pundit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.3.
|
4
|
+
version: 2.3.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jonas Nicklas
|
8
8
|
- Varvet AB
|
9
|
-
autorequire:
|
9
|
+
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2024-05-08 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activesupport
|
@@ -127,16 +127,16 @@ dependencies:
|
|
127
127
|
name: rubocop
|
128
128
|
requirement: !ruby/object:Gem::Requirement
|
129
129
|
requirements:
|
130
|
-
- -
|
130
|
+
- - ">="
|
131
131
|
- !ruby/object:Gem::Version
|
132
|
-
version:
|
132
|
+
version: '0'
|
133
133
|
type: :development
|
134
134
|
prerelease: false
|
135
135
|
version_requirements: !ruby/object:Gem::Requirement
|
136
136
|
requirements:
|
137
|
-
- -
|
137
|
+
- - ">="
|
138
138
|
- !ruby/object:Gem::Version
|
139
|
-
version:
|
139
|
+
version: '0'
|
140
140
|
- !ruby/object:Gem::Dependency
|
141
141
|
name: simplecov
|
142
142
|
requirement: !ruby/object:Gem::Requirement
|
@@ -168,14 +168,17 @@ dependencies:
|
|
168
168
|
description: Object oriented authorization for Rails applications
|
169
169
|
email:
|
170
170
|
- jonas.nicklas@gmail.com
|
171
|
-
-
|
171
|
+
- info@varvet.com
|
172
172
|
executables: []
|
173
173
|
extensions: []
|
174
174
|
extra_rdoc_files: []
|
175
175
|
files:
|
176
|
+
- ".github/PULL_REQUEST_TEMPLATE/gem_release_template.md"
|
177
|
+
- ".github/PULL_REQUEST_TEMPLATE/pull_request_template.md"
|
178
|
+
- ".github/workflows/main.yml"
|
179
|
+
- ".github/workflows/push_gem.yml"
|
176
180
|
- ".gitignore"
|
177
181
|
- ".rubocop.yml"
|
178
|
-
- ".travis.yml"
|
179
182
|
- ".yardopts"
|
180
183
|
- CHANGELOG.md
|
181
184
|
- CODE_OF_CONDUCT.md
|
@@ -184,6 +187,7 @@ files:
|
|
184
187
|
- LICENSE.txt
|
185
188
|
- README.md
|
186
189
|
- Rakefile
|
190
|
+
- SECURITY.md
|
187
191
|
- config/rubocop-rspec.yml
|
188
192
|
- lib/generators/pundit/install/USAGE
|
189
193
|
- lib/generators/pundit/install/install_generator.rb
|
@@ -197,6 +201,9 @@ files:
|
|
197
201
|
- lib/generators/test_unit/templates/policy_test.rb
|
198
202
|
- lib/pundit.rb
|
199
203
|
- lib/pundit/authorization.rb
|
204
|
+
- lib/pundit/cache_store/legacy_store.rb
|
205
|
+
- lib/pundit/cache_store/null_store.rb
|
206
|
+
- lib/pundit/context.rb
|
200
207
|
- lib/pundit/policy_finder.rb
|
201
208
|
- lib/pundit/rspec.rb
|
202
209
|
- lib/pundit/version.rb
|
@@ -210,8 +217,9 @@ files:
|
|
210
217
|
homepage: https://github.com/varvet/pundit
|
211
218
|
licenses:
|
212
219
|
- MIT
|
213
|
-
metadata:
|
214
|
-
|
220
|
+
metadata:
|
221
|
+
rubygems_mfa_required: 'true'
|
222
|
+
post_install_message:
|
215
223
|
rdoc_options: []
|
216
224
|
require_paths:
|
217
225
|
- lib
|
@@ -226,8 +234,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
226
234
|
- !ruby/object:Gem::Version
|
227
235
|
version: '0'
|
228
236
|
requirements: []
|
229
|
-
rubygems_version: 3.
|
230
|
-
signing_key:
|
237
|
+
rubygems_version: 3.5.9
|
238
|
+
signing_key:
|
231
239
|
specification_version: 4
|
232
240
|
summary: OO authorization for Rails
|
233
241
|
test_files:
|
data/.travis.yml
DELETED
@@ -1,26 +0,0 @@
|
|
1
|
-
language: ruby
|
2
|
-
dist: focal
|
3
|
-
|
4
|
-
matrix:
|
5
|
-
include:
|
6
|
-
- name: "RuboCop lint on pre-installed Ruby version"
|
7
|
-
rvm: 2.7.1 # Pre-installed Ruby version
|
8
|
-
before_install:
|
9
|
-
- gem install bundler
|
10
|
-
script: bundle exec rake rubocop # ONLY lint once, first
|
11
|
-
- rvm: 2.6.7
|
12
|
-
before_script:
|
13
|
-
- curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
|
14
|
-
- chmod +x ./cc-test-reporter
|
15
|
-
- ./cc-test-reporter before-build
|
16
|
-
after_script:
|
17
|
-
- ./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT
|
18
|
-
- rvm: 2.7.3
|
19
|
-
- rvm: 3.0.1
|
20
|
-
- rvm: 3.1.0
|
21
|
-
- rvm: jruby-9.2.17.0
|
22
|
-
env:
|
23
|
-
- JRUBY_OPTS="--debug"
|
24
|
-
- rvm: truffleruby-head
|
25
|
-
allow_failures:
|
26
|
-
- rvm: truffleruby-head
|