pundit 2.4.0 → 2.5.1

data/CODE_OF_CONDUCT.md

@@ -1,28 +0,0 @@
-# Contributor Code of Conduct
-
-As contributors and maintainers of this project, we pledge to respect all
-people who contribute through reporting issues, posting feature requests,
-updating documentation, submitting pull requests or patches, and other
-activities.
-
-We are committed to making participation in this project a harassment-free
-experience for everyone, regardless of level of experience, gender, gender
-identity and expression, sexual orientation, disability, personal appearance,
-body size, race, age, or religion.
-
-Examples of unacceptable behavior by participants include the use of sexual
-language or imagery, derogatory comments or personal attacks, trolling, public
-or private harassment, insults, or other unprofessional conduct.
-
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct. Project maintainers who do not
-follow the Code of Conduct may be removed from the project team.
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by opening an issue or contacting one or more of the project
-maintainers.
-
-This Code of Conduct is adapted from the [Contributor
-Covenant](http:contributor-covenant.org), version 1.0.0, available at
-[https://contributor-covenant.org/version/1/0/0/](https://contributor-covenant.org/version/1/0/0/)

data/CONTRIBUTING.md

@@ -1,31 +0,0 @@
-## Security issues
-
-If you have found a security related issue, please do not file an issue on GitHub or send a PR addressing the issue. Refer to [SECURITY.md](./SECURITY.md) for instructions.
-
-## Reporting issues
-
-Please try to answer the following questions in your bug report:
-
-- What did you do?
-- What did you expect to happen?
-- What happened instead?
-
-Make sure to include as much relevant information as possible. Ruby version,
-Pundit version, OS version and any stack traces you have are very valuable.
-
-## Pull Requests
-
-- **Add tests!** Your patch won't be accepted if it doesn't have tests.
-
-- **Document any change in behaviour**. Make sure the README and any other
-  relevant documentation are kept up-to-date.
-
-- **Create topic branches**. Please don't ask us to pull from your main branch.
-
-- **One pull request per feature**. If you want to do more than one thing, send
-  multiple pull requests.
-
-- **Send coherent history**. Make sure each individual commit in your pull
-  request is meaningful. If you had to make multiple intermediate commits while
-  developing, please squash them before sending them to us.
-- **Update the CHANGELOG.** Don't forget to add your new changes to the CHANGELOG.

data/Gemfile

@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-source "https://rubygems.org"
-
-gemspec
-
-# https://github.com/ruby/psych/issues/655
-gem "psych", "!= 5.1.1", platforms: %i[jruby]

data/Rakefile

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-require "rubygems"
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
-require "yard"
-require "rubocop/rake_task"
-
-RuboCop::RakeTask.new
-
-desc "Run all examples"
-RSpec::Core::RakeTask.new(:spec) do |t|
-  t.rspec_opts = %w[--color]
-end
-
-YARD::Rake::YardocTask.new do |t|
-  t.files = ["lib/**/*.rb"]
-end
-
-task default: :spec

data/config/rubocop-rspec.yml

@@ -1,5 +0,0 @@
-RSpec:
-  Language:
-    ExampleGroups:
-      Regular:
-        - permissions

data/pundit.gemspec

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-
-lib = File.expand_path("lib", __dir__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require "pundit/version"
-
-Gem::Specification.new do |gem|
-  gem.name          = "pundit"
-  gem.version       = Pundit::VERSION
-  gem.authors       = ["Jonas Nicklas", "Varvet AB"]
-  gem.email         = ["jonas.nicklas@gmail.com", "info@varvet.com"]
-  gem.description   = "Object oriented authorization for Rails applications"
-  gem.summary       = "OO authorization for Rails"
-  gem.homepage      = "https://github.com/varvet/pundit"
-  gem.license       = "MIT"
-
-  gem.files         = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
-  gem.executables   = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
-  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
-  gem.require_paths = ["lib"]
-
-  gem.metadata      = { "rubygems_mfa_required" => "true" }
-
-  gem.add_dependency "activesupport", ">= 3.0.0"
-  gem.add_development_dependency "actionpack", ">= 3.0.0"
-  gem.add_development_dependency "activemodel", ">= 3.0.0"
-  gem.add_development_dependency "bundler"
-  gem.add_development_dependency "pry"
-  gem.add_development_dependency "railties", ">= 3.0.0"
-  gem.add_development_dependency "rake"
-  gem.add_development_dependency "rspec", ">= 3.0.0"
-  gem.add_development_dependency "rubocop"
-  gem.add_development_dependency "simplecov", ">= 0.17.0"
-  gem.add_development_dependency "yard"
-end

data/spec/authorization_spec.rb

@@ -1,274 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-describe Pundit::Authorization do
-  def to_params(*args, **kwargs, &block)
-    ActionController::Parameters.new(*args, **kwargs, &block)
-  end
-
-  let(:controller) { Controller.new(user, "update", to_params({})) }
-  let(:user) { double }
-  let(:post) { Post.new(user) }
-  let(:comment) { Comment.new }
-  let(:article) { Article.new }
-  let(:article_tag) { ArticleTag.new }
-  let(:wiki) { Wiki.new }
-
-  describe "#verify_authorized" do
-    it "does nothing when authorized" do
-      controller.authorize(post)
-      controller.verify_authorized
-    end
-
-    it "raises an exception when not authorized" do
-      expect { controller.verify_authorized }.to raise_error(Pundit::AuthorizationNotPerformedError)
-    end
-  end
-
-  describe "#verify_policy_scoped" do
-    it "does nothing when policy_scope is used" do
-      controller.policy_scope(Post)
-      controller.verify_policy_scoped
-    end
-
-    it "raises an exception when policy_scope is not used" do
-      expect { controller.verify_policy_scoped }.to raise_error(Pundit::PolicyScopingNotPerformedError)
-    end
-  end
-
-  describe "#pundit_policy_authorized?" do
-    it "is true when authorized" do
-      controller.authorize(post)
-      expect(controller.pundit_policy_authorized?).to be true
-    end
-
-    it "is false when not authorized" do
-      expect(controller.pundit_policy_authorized?).to be false
-    end
-  end
-
-  describe "#pundit_policy_scoped?" do
-    it "is true when policy_scope is used" do
-      controller.policy_scope(Post)
-      expect(controller.pundit_policy_scoped?).to be true
-    end
-
-    it "is false when policy scope is not used" do
-      expect(controller.pundit_policy_scoped?).to be false
-    end
-  end
-
-  describe "#authorize" do
-    it "infers the policy name and authorizes based on it" do
-      expect(controller.authorize(post)).to be_truthy
-    end
-
-    it "returns the record on successful authorization" do
-      expect(controller.authorize(post)).to eq(post)
-    end
-
-    it "returns the record when passed record with namespace " do
-      expect(controller.authorize([:project, comment], :update?)).to eq(comment)
-    end
-
-    it "returns the record when passed record with nested namespace " do
-      expect(controller.authorize([:project, :admin, comment], :update?)).to eq(comment)
-    end
-
-    it "returns the policy name symbol when passed record with headless policy" do
-      expect(controller.authorize(:publication, :create?)).to eq(:publication)
-    end
-
-    it "returns the class when passed record not a particular instance" do
-      expect(controller.authorize(Post, :show?)).to eq(Post)
-    end
-
-    it "can be given a different permission to check" do
-      expect(controller.authorize(post, :show?)).to be_truthy
-      expect { controller.authorize(post, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
-    end
-
-    it "can be given a different policy class" do
-      expect(controller.authorize(post, :create?, policy_class: PublicationPolicy)).to be_truthy
-    end
-
-    it "works with anonymous class policies" do
-      expect(controller.authorize(article_tag, :show?)).to be_truthy
-      expect { controller.authorize(article_tag, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
-    end
-
-    it "throws an exception when the permission check fails" do
-      expect { controller.authorize(Post.new) }.to raise_error(Pundit::NotAuthorizedError)
-    end
-
-    it "throws an exception when a policy cannot be found" do
-      expect { controller.authorize(Article) }.to raise_error(Pundit::NotDefinedError)
-    end
-
-    it "caches the policy" do
-      expect(controller.policies[post]).to be_nil
-      controller.authorize(post)
-      expect(controller.policies[post]).not_to be_nil
-    end
-
-    it "raises an error when the given record is nil" do
-      expect { controller.authorize(nil, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
-    end
-
-    it "raises an error with a invalid policy constructor" do
-      expect { controller.authorize(wiki, :destroy?) }.to raise_error(Pundit::InvalidConstructorError)
-    end
-  end
-
-  describe "#skip_authorization" do
-    it "disables authorization verification" do
-      controller.skip_authorization
-      expect { controller.verify_authorized }.not_to raise_error
-    end
-  end
-
-  describe "#skip_policy_scope" do
-    it "disables policy scope verification" do
-      controller.skip_policy_scope
-      expect { controller.verify_policy_scoped }.not_to raise_error
-    end
-  end
-
-  describe "#pundit_user" do
-    it "returns the same thing as current_user" do
-      expect(controller.pundit_user).to eq controller.current_user
-    end
-  end
-
-  describe "#policy" do
-    it "returns an instantiated policy" do
-      policy = controller.policy(post)
-      expect(policy.user).to eq user
-      expect(policy.post).to eq post
-    end
-
-    it "throws an exception if the given policy can't be found" do
-      expect { controller.policy(article) }.to raise_error(Pundit::NotDefinedError)
-    end
-
-    it "raises an error with a invalid policy constructor" do
-      expect { controller.policy(wiki) }.to raise_error(Pundit::InvalidConstructorError)
-    end
-
-    it "allows policy to be injected" do
-      new_policy = OpenStruct.new
-      controller.policies[post] = new_policy
-
-      expect(controller.policy(post)).to eq new_policy
-    end
-  end
-
-  describe "#policy_scope" do
-    it "returns an instantiated policy scope" do
-      expect(controller.policy_scope(Post)).to eq :published
-    end
-
-    it "allows policy scope class to be overridden" do
-      expect(controller.policy_scope(Post, policy_scope_class: PublicationPolicy::Scope)).to eq :published
-    end
-
-    it "throws an exception if the given policy can't be found" do
-      expect { controller.policy_scope(Article) }.to raise_error(Pundit::NotDefinedError)
-    end
-
-    it "raises an error with a invalid policy scope constructor" do
-      expect { controller.policy_scope(Wiki) }.to raise_error(Pundit::InvalidConstructorError)
-    end
-
-    it "allows policy_scope to be injected" do
-      new_scope = OpenStruct.new
-      controller.policy_scopes[Post] = new_scope
-
-      expect(controller.policy_scope(Post)).to eq new_scope
-    end
-  end
-
-  describe "#permitted_attributes" do
-    it "checks policy for permitted attributes" do
-      params = to_params(
-        post: {
-          title: "Hello",
-          votes: 5,
-          admin: true
-        }
-      )
-
-      action = "update"
-
-      expect(Controller.new(user, action, params).permitted_attributes(post).to_h).to eq(
-        "title" => "Hello",
-        "votes" => 5
-      )
-      expect(Controller.new(double, action, params).permitted_attributes(post).to_h).to eq("votes" => 5)
-    end
-
-    it "checks policy for permitted attributes for record of a ActiveModel type" do
-      customer_post = Customer::Post.new(user)
-      params = to_params(
-        customer_post: {
-          title: "Hello",
-          votes: 5,
-          admin: true
-        }
-      )
-
-      action = "update"
-
-      expect(Controller.new(user, action, params).permitted_attributes(customer_post).to_h).to eq(
-        "title" => "Hello",
-        "votes" => 5
-      )
-      expect(Controller.new(double, action, params).permitted_attributes(customer_post).to_h).to eq(
-        "votes" => 5
-      )
-    end
-
-    it "goes through the policy cache" do
-      params = to_params(post: { title: "Hello" })
-      user = double
-      post = Post.new(user)
-      controller = Controller.new(user, "update", params)
-
-      expect do
-        expect(controller.permitted_attributes(post)).to be_truthy
-        expect(controller.permitted_attributes(post)).to be_truthy
-      end.to change { PostPolicy.instances }.by(1)
-    end
-  end
-
-  describe "#permitted_attributes_for_action" do
-    it "is checked if it is defined in the policy" do
-      params = to_params(
-        post: {
-          title: "Hello",
-          body: "blah",
-          votes: 5,
-          admin: true
-        }
-      )
-
-      action = "revise"
-      expect(Controller.new(user, action, params).permitted_attributes(post).to_h).to eq("body" => "blah")
-    end
-
-    it "can be explicitly set" do
-      params = to_params(
-        post: {
-          title: "Hello",
-          body: "blah",
-          votes: 5,
-          admin: true
-        }
-      )
-
-      action = "update"
-      expect(Controller.new(user, action, params).permitted_attributes(post, :revise).to_h).to eq("body" => "blah")
-    end
-  end
-end

data/spec/dsl_spec.rb

@@ -1,30 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-RSpec.describe "Pundit RSpec DSL" do
-  let(:fake_rspec) do
-    double = class_double(RSpec::ExampleGroups)
-    double.extend(::Pundit::RSpec::DSL)
-    double
-  end
-  let(:block) { proc { "block content" } }
-
-  it "calls describe with the correct metadata and without :focus" do
-    expected_metadata = { permissions: %i[item1 item2], caller: instance_of(Array) }
-    expect(fake_rspec).to receive(:describe).with("item1 and item2", match(expected_metadata)) do |&block|
-      expect(block.call).to eq("block content")
-    end
-
-    fake_rspec.permissions(:item1, :item2, &block)
-  end
-
-  it "calls describe with the correct metadata and with :focus" do
-    expected_metadata = { permissions: %i[item1 item2], caller: instance_of(Array), focus: true }
-    expect(fake_rspec).to receive(:describe).with("item1 and item2", match(expected_metadata)) do |&block|
-      expect(block.call).to eq("block content")
-    end
-
-    fake_rspec.permissions(:item1, :item2, :focus, &block)
-  end
-end

data/spec/generators_spec.rb

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-require "tmpdir"
-
-require "rails/generators"
-require "generators/pundit/install/install_generator"
-require "generators/pundit/policy/policy_generator"
-
-RSpec.describe "generators" do
-  before(:all) do
-    @tmpdir = Dir.mktmpdir
-
-    Dir.chdir(@tmpdir) do
-      Pundit::Generators::InstallGenerator.new([], { quiet: true }).invoke_all
-      Pundit::Generators::PolicyGenerator.new(%w[Widget], { quiet: true }).invoke_all
-
-      require "./app/policies/application_policy"
-      require "./app/policies/widget_policy"
-    end
-  end
-
-  after(:all) do
-    FileUtils.remove_entry(@tmpdir)
-  end
-
-  describe "WidgetPolicy", type: :policy do
-    permissions :index?, :show?, :create?, :new?, :update?, :edit?, :destroy? do
-      it "has safe defaults" do
-        expect(WidgetPolicy).not_to permit(double("User"), double("Widget"))
-      end
-    end
-
-    describe "WidgetPolicy::Scope" do
-      describe "#resolve" do
-        it "raises a descriptive error" do
-          scope = WidgetPolicy::Scope.new(double("User"), double("User.all"))
-          expect { scope.resolve }.to raise_error(NoMethodError, /WidgetPolicy::Scope/)
-        end
-      end
-    end
-  end
-end

data/spec/policies/post_policy_spec.rb

@@ -1,49 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-RSpec.describe PostPolicy do
-  let(:user) { double }
-  let(:own_post) { double(user: user) }
-  let(:other_post) { double(user: double) }
-  subject { described_class }
-
-  permissions :update?, :show? do
-    it "is successful when all permissions match" do
-      should permit(user, own_post)
-    end
-
-    it "fails when any permissions do not match" do
-      expect do
-        should permit(user, other_post)
-      end.to raise_error(RSpec::Expectations::ExpectationNotMetError)
-    end
-
-    it "uses the default description if not overridden" do
-      expect(permit(user, own_post).description).to eq("permit #{user.inspect} and #{own_post.inspect}")
-    end
-
-    context "when the matcher description is overridden" do
-      after do
-        Pundit::RSpec::Matchers.description = nil
-      end
-
-      it "sets a custom matcher description with a Proc" do
-        allow(user).to receive(:role).and_return("default_role")
-        allow(own_post).to receive(:id).and_return(1)
-
-        Pundit::RSpec::Matchers.description = lambda { |user, record|
-          "permit user with role #{user.role} to access record with ID #{record.id}"
-        }
-
-        description = permit(user, own_post).description
-        expect(description).to eq("permit user with role default_role to access record with ID 1")
-      end
-
-      it "sets a custom matcher description with a string" do
-        Pundit::RSpec::Matchers.description = "permit user"
-        expect(permit(user, own_post).description).to eq("permit user")
-      end
-    end
-  end
-end