pundit 2.4.0 → 2.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1cc7a931867875af2c1a7cd5c4225da689b33e101f76bb7a471afb967323e615
-  data.tar.gz: 8ca35ba01f65b52b1b8bbb2061858bdc61cd0034b01818b07dbbba4b7ddd3a69
+  metadata.gz: 2e34d4263a4c386c0078ddfed804532e292357926fefb505b62bcea9c6e3d08d
+  data.tar.gz: 67c3471d5354cba97b650185770f81bdcc79699f8cbc4d8e60c99b57639a6cee
 SHA512:
-  metadata.gz: 0f495747f61c744c04dffa7811d3a86fc818812807a971591d71542d798d5a7aa4438333534082e755bbead592b4b1b5465e23030e535b03420c643e088bcaf1
-  data.tar.gz: 951ec8a8c02c081bc6b412bb0b5d1d6ffcc33543fa71f66fef9c4f4a6f391ea53a057e20b94bdef5faf4c8f2ef0deffd09357c9580ef6a739575c94a70d9d950
+  metadata.gz: e67f07116623c8fd505ed254a165136be512ea36f7635ca2e6062fd59bf73a23eb1a4bf5790a390ff6b4e014e3baf0f7f8e7b649e6e50a8985fcff2e6c27cecd
+  data.tar.gz: 65f7d1132b00f9bdcb8b717e08c402a5f6a9a90de5fa07e017b831cbb3ac7b9c11f8869466e3112fea4acddd1699dc495fe30b3234fab06c213ea65dd459c1fd

data/.github/workflows/main.yml

@@ -2,9 +2,8 @@ name: Main
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ["main"]
   pull_request:
-    branches: [ "main" ]
   workflow_dispatch:
 
 permissions:
@@ -28,74 +27,109 @@ jobs:
       fail-fast: false
       matrix:
         ruby-version:
-          - '3.1'
-          - '3.2'
-          - '3.3'
-          - 'jruby-9.3.10' # oldest supported jruby
-          - 'jruby'
+          - "3.1"
+          - "3.2"
+          - "3.3"
+          - "jruby-9.3.15"
+          - "jruby"
         include: # HEAD-versions
-          - ruby-version: 'head'
+          - ruby-version: "head"
             allow-failure: true
-          - ruby-version: 'jruby-head'
+          - ruby-version: "jruby-head"
             allow-failure: true
-          - ruby-version: 'truffleruby-head'
+          - ruby-version: "truffleruby-head"
             allow-failure: true
 
     steps:
-    - uses: actions/checkout@v4
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        rubygems: latest
-        ruby-version: ${{ matrix.ruby-version }}
-        bundler-cache: ${{ !startsWith(matrix.ruby-version, 'jruby') }}
-    - name: Bundler install (JRuby workaround)
-      if: ${{ startsWith(matrix.ruby-version, 'jruby') }}
-      run: |
-        gem install psych
-        bundle install
-    - name: Run tests
-      run: bundle exec rspec
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          rubygems: latest
+          ruby-version: ${{ matrix.ruby-version }}
+          bundler-cache: true
+      - name: Run tests
+        run: bundle exec rspec
 
   test:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        rubygems: latest
-        ruby-version: 'ruby'
-        bundler-cache: true
-    - name: "Download cc-test-reporter from codeclimate.com"
-      run: |
-        curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
-        chmod +x ./cc-test-reporter
-    - name: "Report to Code Climate that we will send a coverage report."
-      run: ./cc-test-reporter before-build
-    - name: Run tests
-      run: bundle exec rspec
-      env:
-        COVERAGE: 1
-    - name: Upload code coverage to Code Climate
-      run: |
-        ./cc-test-reporter after-build \
-          --coverage-input-type simplecov \
-          ./coverage/.resultset.json
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          rubygems: latest
+          ruby-version: "ruby"
+          bundler-cache: true
+      - name: "Download cc-test-reporter from codeclimate.com"
+        run: |
+          curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
+          chmod +x ./cc-test-reporter
+      - name: "Report to Code Climate that we will send a coverage report."
+        run: ./cc-test-reporter before-build
+      - name: Run tests
+        run: bundle exec rspec
+        env:
+          COVERAGE: 1
+      - name: Upload coverage results
+        uses: actions/upload-artifact@v4
+        with:
+          include-hidden-files: true
+          name: coverage-results
+          path: coverage
+          retention-days: 1
+      - name: Upload code coverage to Code Climate
+        run: |
+          ./cc-test-reporter after-build \
+            --coverage-input-type simplecov \
+            ./coverage/.resultset.json
+
+  coverage-check:
+    permissions:
+      contents: read
+      checks: write
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Download coverage results
+        uses: actions/download-artifact@v4
+        with:
+          name: coverage-results
+          path: coverage
+      - uses: joshmfrankel/simplecov-check-action@be89e11889202cc59efb14aab2a7091622fa9aad
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          minimum_suite_coverage: 100
+          minimum_file_coverage: 100
+          coverage_json_path: coverage/simplecov-check-action.json
 
   rubocop:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        rubygems: default
-        ruby-version: 'ruby'
-        bundler-cache: false
-    - run: bundle install
-    - name: Run RuboCop
-      run: bundle exec rubocop
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          rubygems: default
+          ruby-version: "ruby"
+          bundler-cache: false
+      - run: bundle install
+      - name: Run RuboCop
+        run: bundle exec rubocop
+
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          rubygems: default
+          ruby-version: "ruby"
+          bundler-cache: false
+      - run: bundle install
+      - run: rake yard
 
   required-checks:
     runs-on: ubuntu-latest
@@ -103,10 +137,11 @@ jobs:
     needs:
       - test
       - matrix-test
+      - docs
       - rubocop
     steps:
       - name: failure
         if: ${{ failure() || contains(needs.*.result, 'failure') }}
         run: exit 1
       - name: success
-        run: exit 0
+        run: exit 0

data/.rubocop.yml

@@ -1,16 +1,20 @@
+inherit_from: .rubocop_ignore_git.yml
+
 AllCops:
   TargetRubyVersion: 3.1
-  Exclude:
-    - "lib/generators/**/templates/**/*"
-    <% `git status --ignored --porcelain`.lines.grep(/^!! /).each do |path| %>
-    - <%= path.sub(/^!! /, '').sub(/\/$/, '/**/*') %>
-    <% end %>
   SuggestExtensions: false
   NewCops: disable
 
+Gemspec/DeprecatedAttributeAssignment:
+  Enabled: true
+
+Gemspec/DevelopmentDependencies:
+  Enabled: true
+
 Metrics/BlockLength:
   Exclude:
     - "**/*_spec.rb"
+    - pundit.gemspec
 
 Metrics/MethodLength:
   Max: 40
@@ -24,7 +28,7 @@ Layout/LineLength:
   Max: 120
 
 Gemspec/RequiredRubyVersion:
- Enabled: false
+  Enabled: false
 
 Layout/ParameterAlignment:
   EnforcedStyle: with_fixed_indentation
@@ -36,13 +40,19 @@ Layout/CaseIndentation:
     - end
   IndentOneStep: true
 
+Layout/FirstArrayElementIndentation:
+  EnforcedStyle: consistent
+
+Layout/FirstHashElementIndentation:
+  EnforcedStyle: consistent
+
 Layout/EndAlignment:
   EnforcedStyleAlignWith: variable
 
 Style/PercentLiteralDelimiters:
   PreferredDelimiters:
-    '%w': "[]"
-    '%W': "[]"
+    "%w": "[]"
+    "%W": "[]"
 
 Style/StringLiterals:
   EnforcedStyle: double_quotes

data/.rubocop_ignore_git.yml

@@ -0,0 +1,7 @@
+# This is here so we can keep YAML syntax highlight in the main file.
+AllCops:
+  Exclude:
+    - "lib/generators/**/templates/**/*"
+    <% `git status --ignored --porcelain`.lines.grep(/^!! /).each do |path| %>
+    - <%= path.sub(/^!! /, '').sub(/\/$/, '/**/*') %>
+    <% end %>

data/.yardopts

@@ -1 +1 @@
---api public --hide-void-return --markup markdown
+--no-private --private --protected --hide-void-return --markup markdown --fail-on-warning

data/CHANGELOG.md

@@ -2,43 +2,62 @@
 
 ## Unreleased
 
+## 2.5.0 (2025-03-03)
+
+### Added
+
+- Add `Pundit::Authorization#pundit_reset!` hook to reset the policy and policy scope cache. [#830](https://github.com/varvet/pundit/issues/830)
+- Add links to gemspec. [#845](https://github.com/varvet/pundit/issues/845)
+- Register policies directories for Rails 8 code statistics [#833](https://github.com/varvet/pundit/issues/833)
+- Added an example for how to use pundit with Rails 8 authentication generator [#850](https://github.com/varvet/pundit/issues/850)
+
+### Changed
+
+- Deprecated `Pundit::SUFFIX`, moved it to `Pundit::PolicyFinder::SUFFIX` [#835](https://github.com/varvet/pundit/issues/835)
+- Explicitly require less of `active_support` [#837](https://github.com/varvet/pundit/issues/837)
+- Using `permit` matcher without a surrouding `permissions` block now raises a useful error. [#836](https://github.com/varvet/pundit/issues/836)
+
+### Fixed
+
+- Using a hash as custom cache in `Pundit.authorize` now works as documented. [#838](https://github.com/varvet/pundit/issues/838)
+
 ## 2.4.0 (2024-08-26)
 
-## Changed
+### Changed
 
 - Improve the `NotAuthorizedError` message to include the policy class.
-  Furthermore, in the case where the record passed is a class instead of an instance, the class name is given. (#812)
+  Furthermore, in the case where the record passed is a class instead of an instance, the class name is given. [#812](https://github.com/varvet/pundit/issues/812)
 
-## Added
+### Added
 
-- Add customizable permit matcher description (#806)
-- Add support for filter_run_when_matching :focus with permissions helper. (#820)
+- Add customizable permit matcher description [#806](https://github.com/varvet/pundit/issues/806)
+- Add support for filter_run_when_matching :focus with permissions helper. [#820](https://github.com/varvet/pundit/issues/820)
 
 ## 2.3.2 (2024-05-08)
 
-- Refactor: First pass of Pundit::Context (#797)
+- Refactor: First pass of Pundit::Context [#797](https://github.com/varvet/pundit/issues/797)
 
-## Changed
+### Changed
 
-- Update `ApplicationPolicy` generator to qualify the `Scope` class name (#792)
-- Policy generator uses `NoMethodError` to indicate `#resolve` is not implemented (#776)
+- Update `ApplicationPolicy` generator to qualify the `Scope` class name [#792](https://github.com/varvet/pundit/issues/792)
+- Policy generator uses `NoMethodError` to indicate `#resolve` is not implemented [#776](https://github.com/varvet/pundit/issues/776)
 
 ## Deprecated
 
-- Dropped support for Ruby 3.0 (#796)
+- Dropped support for Ruby 3.0 [#796](https://github.com/varvet/pundit/issues/796)
 
 ## 2.3.1 (2023-07-17)
 
 ### Fixed
 
-- Use `Kernel.warn` instead of `ActiveSupport::Deprecation.warn` for deprecations (#764)
-- Policy generator now works on Ruby 3.2 (#754)
+- Use `Kernel.warn` instead of `ActiveSupport::Deprecation.warn` for deprecations [#764](https://github.com/varvet/pundit/issues/764)
+- Policy generator now works on Ruby 3.2 [#754](https://github.com/varvet/pundit/issues/754)
 
 ## 2.3.0 (2022-12-19)
 
 ### Added
 
-- add support for rubocop-rspec syntax extensions (#745)
+- add support for rubocop-rspec syntax extensions [#745](https://github.com/varvet/pundit/issues/745)
 
 ## 2.2.0 (2022-02-11)
 
@@ -52,41 +71,41 @@
 
 ### Deprecated
 
-- Deprecate `include Pundit` in favor of `include Pundit::Authorization` (#621)
+- Deprecate `include Pundit` in favor of `include Pundit::Authorization` [#621](https://github.com/varvet/pundit/issues/621)
 
 ## 2.1.1 (2021-08-13)
 
 Friday 13th-release!
 
-Careful! The bugfix below (#626) could break existing code. If you rely on the
+Careful! The bugfix below [#626](https://github.com/varvet/pundit/issues/626) could break existing code. If you rely on the
 return value for `authorize` and namespaced policies you might need to do some
 changes.
 
 ### Fixed
 
 - `.authorize` and `#authorize` return the instance, even for namespaced
-  policies (#626)
+  policies [#626](https://github.com/varvet/pundit/issues/626)
 
 ### Changed
 
-- Generate application scope with `protected` attr_readers. (#616)
+- Generate application scope with `protected` attr_readers. [#616](https://github.com/varvet/pundit/issues/616)
 
 ### Removed
 
-- Dropped support for Ruby end-of-life versions: 2.1 and 2.2. (#604)
-- Dropped support for Ruby end-of-life versions: 2.3 (#633)
-- Dropped support for Ruby end-of-life versions: 2.4, 2.5 and JRuby 9.1 (#676)
-- Dropped support for RSpec 2 (#615)
+- Dropped support for Ruby end-of-life versions: 2.1 and 2.2. [#604](https://github.com/varvet/pundit/issues/604)
+- Dropped support for Ruby end-of-life versions: 2.3 [#633](https://github.com/varvet/pundit/issues/633)
+- Dropped support for Ruby end-of-life versions: 2.4, 2.5 and JRuby 9.1 [#676](https://github.com/varvet/pundit/issues/676)
+- Dropped support for RSpec 2 [#615](https://github.com/varvet/pundit/issues/615)
 
 ## 2.1.0 (2019-08-14)
 
 ### Fixed
 
-- Avoid name clashes with the Error class. (#590)
+- Avoid name clashes with the Error class. [#590](https://github.com/varvet/pundit/issues/590)
 
 ### Changed
 
-- Return a safer default NotAuthorizedError message. (#583)
+- Return a safer default NotAuthorizedError message. [#583](https://github.com/varvet/pundit/issues/583)
 
 ## 2.0.1 (2019-01-18)
 
@@ -96,8 +115,8 @@ None
 
 ### Other changes
 
-- Improve exception handling for `#policy_scope` and `#policy_scope!`. (#550)
-- Add `:policy` metadata to RSpec template. (#566)
+- Improve exception handling for `#policy_scope` and `#policy_scope!`. [#550](https://github.com/varvet/pundit/issues/550)
+- Add `:policy` metadata to RSpec template. [#566](https://github.com/varvet/pundit/issues/566)
 
 ## 2.0.0 (2018-07-21)
 
@@ -107,20 +126,20 @@ No changes since beta1
 
 ### Breaking changes
 
-- Only pass last element of "namespace array" to policy and scope. (#529)
-- Raise `InvalidConstructorError` if a policy or policy scope with an invalid constructor is called. (#462)
-- Return passed object from `#authorize` method to make chaining possible. (#385)
+- Only pass last element of "namespace array" to policy and scope. [#529](https://github.com/varvet/pundit/issues/529)
+- Raise `InvalidConstructorError` if a policy or policy scope with an invalid constructor is called. [#462](https://github.com/varvet/pundit/issues/462)
+- Return passed object from `#authorize` method to make chaining possible. [#385](https://github.com/varvet/pundit/issues/385)
 
 ### Other changes
 
-- Add `policy_class` option to `authorize` to be able to override the policy. (#441)
-- Add `policy_scope_class` option to `authorize` to be able to override the policy scope. (#441)
-- Fix `param_key` issue when passed an array. (#529)
-- Allow specification of a `NilClassPolicy`. (#525)
-- Make sure `policy_class` override is called when passed an array. (#475)
+- Add `policy_class` option to `authorize` to be able to override the policy. [#441](https://github.com/varvet/pundit/issues/441)
+- Add `policy_scope_class` option to `authorize` to be able to override the policy scope. [#441](https://github.com/varvet/pundit/issues/441)
+- Fix `param_key` issue when passed an array. [#529](https://github.com/varvet/pundit/issues/529)
+- Allow specification of a `NilClassPolicy`. [#525](https://github.com/varvet/pundit/issues/525)
+- Make sure `policy_class` override is called when passed an array. [#475](https://github.com/varvet/pundit/issues/475)
 
-- Use `action_name` instead of `params[:action]`. (#419)
-- Add `pundit_params_for` method to make it easy to customize params fetching. (#502)
+- Use `action_name` instead of `params[:action]`. [#419](https://github.com/varvet/pundit/issues/419)
+- Add `pundit_params_for` method to make it easy to customize params fetching. [#502](https://github.com/varvet/pundit/issues/502)
 
 ## 1.1.0 (2016-01-14)
 
@@ -152,16 +171,16 @@ No changes since beta1
 
 ## 0.3.0 (2014-08-22)
 
-- Extend the default `ApplicationPolicy` with an `ApplicationPolicy::Scope` (#120)
-- Fix RSpec 3 deprecation warnings for built-in matchers (#162)
-- Generate blank policy spec/test files for Rspec/MiniTest/Test::Unit in Rails (#138)
+- Extend the default `ApplicationPolicy` with an `ApplicationPolicy::Scope` [#120](https://github.com/varvet/pundit/issues/120)
+- Fix RSpec 3 deprecation warnings for built-in matchers [#162](https://github.com/varvet/pundit/issues/162)
+- Generate blank policy spec/test files for Rspec/MiniTest/Test::Unit in Rails [#138](https://github.com/varvet/pundit/issues/138)
 
 ## 0.2.3 (2014-04-06)
 
-- Customizable error messages: `#query`, `#record` and `#policy` methods on `Pundit::NotAuthorizedError` (#114)
-- Raise a different `Pundit::AuthorizationNotPerformedError` when `authorize` call is expected in controller action but missing (#109)
-- Update Rspec matchers for Rspec 3 (#124)
+- Customizable error messages: `#query`, `#record` and `#policy` methods on `Pundit::NotAuthorizedError` [#114](https://github.com/varvet/pundit/issues/114)
+- Raise a different `Pundit::AuthorizationNotPerformedError` when `authorize` call is expected in controller action but missing [#109](https://github.com/varvet/pundit/issues/109)
+- Update Rspec matchers for Rspec 3 [#124](https://github.com/varvet/pundit/issues/124)
 
 ## 0.2.2 (2014-02-07)
 
-- Customize the user to be passed into policies: `pundit_user` (#42)
+- Customize the user to be passed into policies: `pundit_user` [#42](https://github.com/varvet/pundit/issues/42)

data/Gemfile

@@ -4,5 +4,25 @@ source "https://rubygems.org"
 
 gemspec
 
-# https://github.com/ruby/psych/issues/655
-gem "psych", "!= 5.1.1", platforms: %i[jruby]
+# Rails-related - for testing purposes
+gem "actionpack", ">= 3.0.0" # Used to test strong parameters
+gem "activemodel", ">= 3.0.0" # Used to test ActiveModel::Naming
+gem "railties", ">= 3.0.0" # Used to test generators
+
+# Testing
+gem "rspec", ">= 3.0.0"
+gem "simplecov", ">= 0.17.0"
+
+# Development tools
+gem "bundler"
+gem "rake"
+gem "rubocop"
+gem "rubocop-performance"
+gem "rubocop-rspec"
+gem "yard"
+gem "zeitwerk"
+
+# Affects us on JRuby 9.3.15.
+#
+# @see https://github.com/rails/rails/issues/54260
+gem "logger"

data/README.md

@@ -583,6 +583,36 @@ def pundit_user
 end
 ```
 
+For instance, Rails 8 includes a built-in [authentication generator](https://github.com/rails/rails/tree/8-0-stable/railties/lib/rails/generators/rails/authentication). If you choose to use it, the currently logged-in user is accessed via `Current.user` instead of `current_user`.
+
+To ensure compatibility with Pundit, define a `pundit_user` method in `application_controller.rb` (or another suitable location) as follows:
+
+```ruby
+def pundit_user
+  Current.user
+end
+```
+
+### Handling User Switching in Pundit
+
+When switching users in your application, it's important to reset the Pundit user context to ensure that authorization policies are applied correctly for the new user. Pundit caches the user context, so failing to reset it could result in incorrect permissions being applied.
+
+To handle user switching, you can use the following pattern in your controller:
+
+```ruby
+class ApplicationController
+  include Pundit::Authorization
+
+  def switch_user_to(user)
+    terminate_session if authenticated?
+    start_new_session_for user
+    pundit_reset!
+  end
+end
+```
+
+Make sure to invoke `pundit_reset!` whenever changing the user. This ensures the cached authorization context is reset, preventing any incorrect permissions from being applied.
+
 ## Policy Namespacing
 In some cases it might be helpful to have multiple policies that serve different contexts for a
 resource. A prime example of this is the case where User policies differ from Admin policies. To

data/Rakefile

@@ -15,6 +15,7 @@ end
 
 YARD::Rake::YardocTask.new do |t|
   t.files = ["lib/**/*.rb"]
+  t.stats_options = ["--list-undoc"]
 end
 
 task default: :spec

data/lib/generators/pundit/install/install_generator.rb

@@ -1,12 +1,14 @@
 # frozen_string_literal: true
 
 module Pundit
+  # @private
   module Generators
+    # @private
     class InstallGenerator < ::Rails::Generators::Base
       source_root File.expand_path("templates", __dir__)
 
       def copy_application_policy
-        template "application_policy.rb", "app/policies/application_policy.rb"
+        template "application_policy.rb.tt", "app/policies/application_policy.rb"
       end
     end
   end

data/lib/generators/pundit/policy/policy_generator.rb

@@ -1,12 +1,14 @@
 # frozen_string_literal: true
 
 module Pundit
+  # @private
   module Generators
+    # @private
     class PolicyGenerator < ::Rails::Generators::NamedBase
       source_root File.expand_path("templates", __dir__)
 
       def create_policy
-        template "policy.rb", File.join("app/policies", class_path, "#{file_name}_policy.rb")
+        template "policy.rb.tt", File.join("app/policies", class_path, "#{file_name}_policy.rb")
       end
 
       hook_for :test_framework

data/lib/generators/rspec/policy_generator.rb

@@ -1,12 +1,15 @@
 # frozen_string_literal: true
 
+# @private
 module Rspec
+  # @private
   module Generators
+    # @private
     class PolicyGenerator < ::Rails::Generators::NamedBase
       source_root File.expand_path("templates", __dir__)
 
       def create_policy_spec
-        template "policy_spec.rb", File.join("spec/policies", class_path, "#{file_name}_policy_spec.rb")
+        template "policy_spec.rb.tt", File.join("spec/policies", class_path, "#{file_name}_policy_spec.rb")
       end
     end
   end

data/lib/generators/test_unit/policy_generator.rb

@@ -1,12 +1,15 @@
 # frozen_string_literal: true
 
+# @private
 module TestUnit
+  # @private
   module Generators
+    # @private
     class PolicyGenerator < ::Rails::Generators::NamedBase
       source_root File.expand_path("templates", __dir__)
 
       def create_policy_test
-        template "policy_test.rb", File.join("test/policies", class_path, "#{file_name}_policy_test.rb")
+        template "policy_test.rb.tt", File.join("test/policies", class_path, "#{file_name}_policy_test.rb")
       end
     end
   end