pundit 2.3.2 → 2.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aa554bffd828649aeac4e79a802070d4e68948beacbc9c991fddab7141a965c9
-  data.tar.gz: edf9be8366e5dfcb541eff929e99a04c2bfb23b800214bc39d68c790b32d7365
+  metadata.gz: 2e34d4263a4c386c0078ddfed804532e292357926fefb505b62bcea9c6e3d08d
+  data.tar.gz: 67c3471d5354cba97b650185770f81bdcc79699f8cbc4d8e60c99b57639a6cee
 SHA512:
-  metadata.gz: 555ccc09f0cc62c3e1da52a7eafb2c3e4805a303c884da39c2ed1c8fc13583727d3e060381ed761f5dd06fdcc71cc3f98c4c991e64db8ac3ff5ff5a460f64aac
-  data.tar.gz: be290f6d6253367e0911525969fc8bb8972db670626bd9803ccd6e7fc1a1504afd1c921a5aac506ee9cfe559a9863bfb469dca3a656909b7ffa1d74aa4c6ea36
+  metadata.gz: e67f07116623c8fd505ed254a165136be512ea36f7635ca2e6062fd59bf73a23eb1a4bf5790a390ff6b4e014e3baf0f7f8e7b649e6e50a8985fcff2e6c27cecd
+  data.tar.gz: 65f7d1132b00f9bdcb8b717e08c402a5f6a9a90de5fa07e017b831cbb3ac7b9c11f8869466e3112fea4acddd1699dc495fe30b3234fab06c213ea65dd459c1fd

data/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,20 @@
+---
+name: Bug report
+about: Create a bug report to report a problem
+title: ''
+labels: problem
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps or runnable code to reproduce the problem.
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Additional context**
+Add any other context about the problem here.

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,26 @@
+---
+name: Feature request
+about: Suggest an idea
+title: ''
+labels: ['feature request']
+assignees: ''
+---
+
+**Please consider**
+- Could this feature break backwards-compatibility?
+- Could this feature benefit the many who use Pundit?
+- Could this feature be useful in _most_ projects that use Pundit?
+- Would this feature require Rails?
+- Am I open to creating a Pull Request with the necessary changes?
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of how you'd like to approach solving the problem.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context. Ex. if you've solved this problem in your own projects already, how that worked, and why the feature should be moved and maintained in Pundit instead.

data/.github/PULL_REQUEST_TEMPLATE/gem_release_template.md

@@ -1,8 +1,8 @@
 ## To do
 
-- [ ] Commit changes:
+- [ ] Make changes:
   - [ ] Bump `Pundit::VERSION` in `lib/pundit/version.rb`.
   - [ ] Update `CHANGELOG.md`.
-- [ ] Run `rake release`.
-- [ ] Open pull request 🚀
-- [ ] Make an announcement in [Pundit discussions](https://github.com/varvet/pundit/discussions/categories/announcements).
+- [ ] Open pull request 🚀 and merge it.
+- [ ] Run [push gem](https://github.com/varvet/pundit/actions/workflows/push_gem.yml) GitHub Action.
+- [ ] Make an announcement in [Pundit discussions](https://github.com/varvet/pundit/discussions/categories/announcements)

data/.github/workflows/main.yml

@@ -2,9 +2,8 @@ name: Main
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ["main"]
   pull_request:
-    branches: [ "main" ]
   workflow_dispatch:
 
 permissions:
@@ -28,69 +27,109 @@ jobs:
       fail-fast: false
       matrix:
         ruby-version:
-          - '3.1'
-          - '3.2'
-          - '3.3'
-          - 'jruby-9.3.10' # oldest supported jruby
-          - 'jruby'
+          - "3.1"
+          - "3.2"
+          - "3.3"
+          - "jruby-9.3.15"
+          - "jruby"
         include: # HEAD-versions
-          - ruby-version: 'head'
+          - ruby-version: "head"
             allow-failure: true
-          - ruby-version: 'jruby-head'
+          - ruby-version: "jruby-head"
             allow-failure: true
-          - ruby-version: 'truffleruby-head'
+          - ruby-version: "truffleruby-head"
             allow-failure: true
 
     steps:
-    - uses: actions/checkout@v3
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        rubygems: latest
-        ruby-version: ${{ matrix.ruby-version }}
-        bundler-cache: true
-    - name: Run tests
-      run: bundle exec rspec
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          rubygems: latest
+          ruby-version: ${{ matrix.ruby-version }}
+          bundler-cache: true
+      - name: Run tests
+        run: bundle exec rspec
 
   test:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        rubygems: latest
-        ruby-version: 'ruby'
-        bundler-cache: true
-    - name: "Download cc-test-reporter from codeclimate.com"
-      run: |
-        curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
-        chmod +x ./cc-test-reporter
-    - name: "Report to Code Climate that we will send a coverage report."
-      run: ./cc-test-reporter before-build
-    - name: Run tests
-      run: bundle exec rspec
-      env:
-        COVERAGE: 1
-    - name: Upload code coverage to Code Climate
-      run: |
-        ./cc-test-reporter after-build \
-          --coverage-input-type simplecov \
-          ./coverage/.resultset.json
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          rubygems: latest
+          ruby-version: "ruby"
+          bundler-cache: true
+      - name: "Download cc-test-reporter from codeclimate.com"
+        run: |
+          curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
+          chmod +x ./cc-test-reporter
+      - name: "Report to Code Climate that we will send a coverage report."
+        run: ./cc-test-reporter before-build
+      - name: Run tests
+        run: bundle exec rspec
+        env:
+          COVERAGE: 1
+      - name: Upload coverage results
+        uses: actions/upload-artifact@v4
+        with:
+          include-hidden-files: true
+          name: coverage-results
+          path: coverage
+          retention-days: 1
+      - name: Upload code coverage to Code Climate
+        run: |
+          ./cc-test-reporter after-build \
+            --coverage-input-type simplecov \
+            ./coverage/.resultset.json
+
+  coverage-check:
+    permissions:
+      contents: read
+      checks: write
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Download coverage results
+        uses: actions/download-artifact@v4
+        with:
+          name: coverage-results
+          path: coverage
+      - uses: joshmfrankel/simplecov-check-action@be89e11889202cc59efb14aab2a7091622fa9aad
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          minimum_suite_coverage: 100
+          minimum_file_coverage: 100
+          coverage_json_path: coverage/simplecov-check-action.json
 
   rubocop:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        rubygems: default
-        ruby-version: 'ruby'
-        bundler-cache: false
-    - run: bundle install
-    - name: Run RuboCop
-      run: bundle exec rubocop
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          rubygems: default
+          ruby-version: "ruby"
+          bundler-cache: false
+      - run: bundle install
+      - name: Run RuboCop
+        run: bundle exec rubocop
+
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          rubygems: default
+          ruby-version: "ruby"
+          bundler-cache: false
+      - run: bundle install
+      - run: rake yard
 
   required-checks:
     runs-on: ubuntu-latest
@@ -98,10 +137,11 @@ jobs:
     needs:
       - test
       - matrix-test
+      - docs
       - rubocop
     steps:
       - name: failure
         if: ${{ failure() || contains(needs.*.result, 'failure') }}
         run: exit 1
       - name: success
-        run: exit 0
+        run: exit 0

data/.github/workflows/push_gem.yml

@@ -18,16 +18,16 @@ jobs:
     steps:
       # Set up
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up Ruby
-        uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0
+        uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
         with:
           bundler-cache: true
           ruby-version: ruby
 
       # Release
-      - uses: rubygems/release-gem@612653d273a73bdae1df8453e090060bb4db5f31 # v1
+      - uses: rubygems/release-gem@612653d273a73bdae1df8453e090060bb4db5f31 # v1+ unreleased

data/.rubocop.yml

@@ -1,16 +1,20 @@
+inherit_from: .rubocop_ignore_git.yml
+
 AllCops:
   TargetRubyVersion: 3.1
-  Exclude:
-    - "lib/generators/**/templates/**/*"
-    <% `git status --ignored --porcelain`.lines.grep(/^!! /).each do |path| %>
-    - <%= path.sub(/^!! /, '').sub(/\/$/, '/**/*') %>
-    <% end %>
   SuggestExtensions: false
   NewCops: disable
 
+Gemspec/DeprecatedAttributeAssignment:
+  Enabled: true
+
+Gemspec/DevelopmentDependencies:
+  Enabled: true
+
 Metrics/BlockLength:
   Exclude:
     - "**/*_spec.rb"
+    - pundit.gemspec
 
 Metrics/MethodLength:
   Max: 40
@@ -24,7 +28,7 @@ Layout/LineLength:
   Max: 120
 
 Gemspec/RequiredRubyVersion:
- Enabled: false
+  Enabled: false
 
 Layout/ParameterAlignment:
   EnforcedStyle: with_fixed_indentation
@@ -36,13 +40,19 @@ Layout/CaseIndentation:
     - end
   IndentOneStep: true
 
+Layout/FirstArrayElementIndentation:
+  EnforcedStyle: consistent
+
+Layout/FirstHashElementIndentation:
+  EnforcedStyle: consistent
+
 Layout/EndAlignment:
   EnforcedStyleAlignWith: variable
 
 Style/PercentLiteralDelimiters:
   PreferredDelimiters:
-    '%w': "[]"
-    '%W': "[]"
+    "%w": "[]"
+    "%W": "[]"
 
 Style/StringLiterals:
   EnforcedStyle: double_quotes

data/.rubocop_ignore_git.yml

@@ -0,0 +1,7 @@
+# This is here so we can keep YAML syntax highlight in the main file.
+AllCops:
+  Exclude:
+    - "lib/generators/**/templates/**/*"
+    <% `git status --ignored --porcelain`.lines.grep(/^!! /).each do |path| %>
+    - <%= path.sub(/^!! /, '').sub(/\/$/, '/**/*') %>
+    <% end %>

data/.yardopts

@@ -1 +1 @@
---api public --hide-void-return --markup markdown
+--no-private --private --protected --hide-void-return --markup markdown --fail-on-warning

data/CHANGELOG.md

@@ -2,31 +2,62 @@
 
 ## Unreleased
 
+## 2.5.0 (2025-03-03)
+
+### Added
+
+- Add `Pundit::Authorization#pundit_reset!` hook to reset the policy and policy scope cache. [#830](https://github.com/varvet/pundit/issues/830)
+- Add links to gemspec. [#845](https://github.com/varvet/pundit/issues/845)
+- Register policies directories for Rails 8 code statistics [#833](https://github.com/varvet/pundit/issues/833)
+- Added an example for how to use pundit with Rails 8 authentication generator [#850](https://github.com/varvet/pundit/issues/850)
+
+### Changed
+
+- Deprecated `Pundit::SUFFIX`, moved it to `Pundit::PolicyFinder::SUFFIX` [#835](https://github.com/varvet/pundit/issues/835)
+- Explicitly require less of `active_support` [#837](https://github.com/varvet/pundit/issues/837)
+- Using `permit` matcher without a surrouding `permissions` block now raises a useful error. [#836](https://github.com/varvet/pundit/issues/836)
+
+### Fixed
+
+- Using a hash as custom cache in `Pundit.authorize` now works as documented. [#838](https://github.com/varvet/pundit/issues/838)
+
+## 2.4.0 (2024-08-26)
+
+### Changed
+
+- Improve the `NotAuthorizedError` message to include the policy class.
+  Furthermore, in the case where the record passed is a class instead of an instance, the class name is given. [#812](https://github.com/varvet/pundit/issues/812)
+
+### Added
+
+- Add customizable permit matcher description [#806](https://github.com/varvet/pundit/issues/806)
+- Add support for filter_run_when_matching :focus with permissions helper. [#820](https://github.com/varvet/pundit/issues/820)
+
 ## 2.3.2 (2024-05-08)
 
-- Refactor: First pass of Pundit::Context (#797)
+- Refactor: First pass of Pundit::Context [#797](https://github.com/varvet/pundit/issues/797)
 
-## Changed
+### Changed
 
-- Update `ApplicationPolicy` generator to qualify the `Scope` class name (#792)
-- Policy generator uses `NoMethodError` to indicate `#resolve` is not implemented (#776)
+- Update `ApplicationPolicy` generator to qualify the `Scope` class name [#792](https://github.com/varvet/pundit/issues/792)
+- Policy generator uses `NoMethodError` to indicate `#resolve` is not implemented [#776](https://github.com/varvet/pundit/issues/776)
 
 ## Deprecated
 
-- Dropped support for Ruby 3.0 (#796)
+- Dropped support for Ruby 3.0 [#796](https://github.com/varvet/pundit/issues/796)
 
 ## 2.3.1 (2023-07-17)
 
 ### Fixed
 
-- Use `Kernel.warn` instead of `ActiveSupport::Deprecation.warn` for deprecations (#764)
-- Policy generator now works on Ruby 3.2 (#754)
+- Use `Kernel.warn` instead of `ActiveSupport::Deprecation.warn` for deprecations [#764](https://github.com/varvet/pundit/issues/764)
+- Policy generator now works on Ruby 3.2 [#754](https://github.com/varvet/pundit/issues/754)
 
 ## 2.3.0 (2022-12-19)
 
 ### Added
 
-- add support for rubocop-rspec syntax extensions (#745)
+- add support for rubocop-rspec syntax extensions [#745](https://github.com/varvet/pundit/issues/745)
 
 ## 2.2.0 (2022-02-11)
 
@@ -40,41 +71,41 @@
 
 ### Deprecated
 
-- Deprecate `include Pundit` in favor of `include Pundit::Authorization` (#621)
+- Deprecate `include Pundit` in favor of `include Pundit::Authorization` [#621](https://github.com/varvet/pundit/issues/621)
 
 ## 2.1.1 (2021-08-13)
 
 Friday 13th-release!
 
-Careful! The bugfix below (#626) could break existing code. If you rely on the
+Careful! The bugfix below [#626](https://github.com/varvet/pundit/issues/626) could break existing code. If you rely on the
 return value for `authorize` and namespaced policies you might need to do some
 changes.
 
 ### Fixed
 
 - `.authorize` and `#authorize` return the instance, even for namespaced
-  policies (#626)
+  policies [#626](https://github.com/varvet/pundit/issues/626)
 
 ### Changed
 
-- Generate application scope with `protected` attr_readers. (#616)
+- Generate application scope with `protected` attr_readers. [#616](https://github.com/varvet/pundit/issues/616)
 
 ### Removed
 
-- Dropped support for Ruby end-of-life versions: 2.1 and 2.2. (#604)
-- Dropped support for Ruby end-of-life versions: 2.3 (#633)
-- Dropped support for Ruby end-of-life versions: 2.4, 2.5 and JRuby 9.1 (#676)
-- Dropped support for RSpec 2 (#615)
+- Dropped support for Ruby end-of-life versions: 2.1 and 2.2. [#604](https://github.com/varvet/pundit/issues/604)
+- Dropped support for Ruby end-of-life versions: 2.3 [#633](https://github.com/varvet/pundit/issues/633)
+- Dropped support for Ruby end-of-life versions: 2.4, 2.5 and JRuby 9.1 [#676](https://github.com/varvet/pundit/issues/676)
+- Dropped support for RSpec 2 [#615](https://github.com/varvet/pundit/issues/615)
 
 ## 2.1.0 (2019-08-14)
 
 ### Fixed
 
-- Avoid name clashes with the Error class. (#590)
+- Avoid name clashes with the Error class. [#590](https://github.com/varvet/pundit/issues/590)
 
 ### Changed
 
-- Return a safer default NotAuthorizedError message. (#583)
+- Return a safer default NotAuthorizedError message. [#583](https://github.com/varvet/pundit/issues/583)
 
 ## 2.0.1 (2019-01-18)
 
@@ -84,8 +115,8 @@ None
 
 ### Other changes
 
-- Improve exception handling for `#policy_scope` and `#policy_scope!`. (#550)
-- Add `:policy` metadata to RSpec template. (#566)
+- Improve exception handling for `#policy_scope` and `#policy_scope!`. [#550](https://github.com/varvet/pundit/issues/550)
+- Add `:policy` metadata to RSpec template. [#566](https://github.com/varvet/pundit/issues/566)
 
 ## 2.0.0 (2018-07-21)
 
@@ -95,20 +126,20 @@ No changes since beta1
 
 ### Breaking changes
 
-- Only pass last element of "namespace array" to policy and scope. (#529)
-- Raise `InvalidConstructorError` if a policy or policy scope with an invalid constructor is called. (#462)
-- Return passed object from `#authorize` method to make chaining possible. (#385)
+- Only pass last element of "namespace array" to policy and scope. [#529](https://github.com/varvet/pundit/issues/529)
+- Raise `InvalidConstructorError` if a policy or policy scope with an invalid constructor is called. [#462](https://github.com/varvet/pundit/issues/462)
+- Return passed object from `#authorize` method to make chaining possible. [#385](https://github.com/varvet/pundit/issues/385)
 
 ### Other changes
 
-- Add `policy_class` option to `authorize` to be able to override the policy. (#441)
-- Add `policy_scope_class` option to `authorize` to be able to override the policy scope. (#441)
-- Fix `param_key` issue when passed an array. (#529)
-- Allow specification of a `NilClassPolicy`. (#525)
-- Make sure `policy_class` override is called when passed an array. (#475)
+- Add `policy_class` option to `authorize` to be able to override the policy. [#441](https://github.com/varvet/pundit/issues/441)
+- Add `policy_scope_class` option to `authorize` to be able to override the policy scope. [#441](https://github.com/varvet/pundit/issues/441)
+- Fix `param_key` issue when passed an array. [#529](https://github.com/varvet/pundit/issues/529)
+- Allow specification of a `NilClassPolicy`. [#525](https://github.com/varvet/pundit/issues/525)
+- Make sure `policy_class` override is called when passed an array. [#475](https://github.com/varvet/pundit/issues/475)
 
-- Use `action_name` instead of `params[:action]`. (#419)
-- Add `pundit_params_for` method to make it easy to customize params fetching. (#502)
+- Use `action_name` instead of `params[:action]`. [#419](https://github.com/varvet/pundit/issues/419)
+- Add `pundit_params_for` method to make it easy to customize params fetching. [#502](https://github.com/varvet/pundit/issues/502)
 
 ## 1.1.0 (2016-01-14)
 
@@ -140,16 +171,16 @@ No changes since beta1
 
 ## 0.3.0 (2014-08-22)
 
-- Extend the default `ApplicationPolicy` with an `ApplicationPolicy::Scope` (#120)
-- Fix RSpec 3 deprecation warnings for built-in matchers (#162)
-- Generate blank policy spec/test files for Rspec/MiniTest/Test::Unit in Rails (#138)
+- Extend the default `ApplicationPolicy` with an `ApplicationPolicy::Scope` [#120](https://github.com/varvet/pundit/issues/120)
+- Fix RSpec 3 deprecation warnings for built-in matchers [#162](https://github.com/varvet/pundit/issues/162)
+- Generate blank policy spec/test files for Rspec/MiniTest/Test::Unit in Rails [#138](https://github.com/varvet/pundit/issues/138)
 
 ## 0.2.3 (2014-04-06)
 
-- Customizable error messages: `#query`, `#record` and `#policy` methods on `Pundit::NotAuthorizedError` (#114)
-- Raise a different `Pundit::AuthorizationNotPerformedError` when `authorize` call is expected in controller action but missing (#109)
-- Update Rspec matchers for Rspec 3 (#124)
+- Customizable error messages: `#query`, `#record` and `#policy` methods on `Pundit::NotAuthorizedError` [#114](https://github.com/varvet/pundit/issues/114)
+- Raise a different `Pundit::AuthorizationNotPerformedError` when `authorize` call is expected in controller action but missing [#109](https://github.com/varvet/pundit/issues/109)
+- Update Rspec matchers for Rspec 3 [#124](https://github.com/varvet/pundit/issues/124)
 
 ## 0.2.2 (2014-02-07)
 
-- Customize the user to be passed into policies: `pundit_user` (#42)
+- Customize the user to be passed into policies: `pundit_user` [#42](https://github.com/varvet/pundit/issues/42)

data/CODE_OF_CONDUCT.md

@@ -25,4 +25,4 @@ maintainers.
 
 This Code of Conduct is adapted from the [Contributor
 Covenant](http:contributor-covenant.org), version 1.0.0, available at
-[http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)
+[https://contributor-covenant.org/version/1/0/0/](https://contributor-covenant.org/version/1/0/0/)

data/CONTRIBUTING.md

@@ -28,3 +28,4 @@ Pundit version, OS version and any stack traces you have are very valuable.
 - **Send coherent history**. Make sure each individual commit in your pull
   request is meaningful. If you had to make multiple intermediate commits while
   developing, please squash them before sending them to us.
+- **Update the CHANGELOG.** Don't forget to add your new changes to the CHANGELOG.

data/Gemfile

@@ -4,5 +4,25 @@ source "https://rubygems.org"
 
 gemspec
 
-# https://github.com/ruby/psych/issues/655
-gem "psych", "!= 5.1.1", platforms: %i[jruby]
+# Rails-related - for testing purposes
+gem "actionpack", ">= 3.0.0" # Used to test strong parameters
+gem "activemodel", ">= 3.0.0" # Used to test ActiveModel::Naming
+gem "railties", ">= 3.0.0" # Used to test generators
+
+# Testing
+gem "rspec", ">= 3.0.0"
+gem "simplecov", ">= 0.17.0"
+
+# Development tools
+gem "bundler"
+gem "rake"
+gem "rubocop"
+gem "rubocop-performance"
+gem "rubocop-rspec"
+gem "yard"
+gem "zeitwerk"
+
+# Affects us on JRuby 9.3.15.
+#
+# @see https://github.com/rails/rails/issues/54260
+gem "logger"