pundit 2.3.0 → 2.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/pull_request_template.md +9 -0
- data/.travis.yml +2 -1
- data/CHANGELOG.md +11 -0
- data/CONTRIBUTING.md +1 -4
- data/README.md +18 -28
- data/SECURITY.md +19 -0
- data/lib/generators/rspec/templates/policy_spec.rb +1 -1
- data/lib/pundit/version.rb +1 -1
- data/lib/pundit.rb +3 -1
- data/pundit.gemspec +3 -1
- data/spec/pundit_spec.rb +4 -8
- metadata +8 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b5c9e118c59bc3a683734817ac6fb9036a2b909df7abce2dbbdc00fc16aebdf7
|
4
|
+
data.tar.gz: 843cc1b7652e88d598a37a28f93bf13c41710bf3dddefeb96acf74e659279581
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f2430ece33471f7a321a124aeafab7dbc3be4688fbda581b758d90649f4ae06d0cbaf86df768e881d0a2f1c0ab55581cb5dc0f1d3012ab7611b2fd81b8a0f321
|
7
|
+
data.tar.gz: 3432cc545ca5139cfcd7e1fc26a17d0882c11de71a3c6949c1d1da232183eba495de18aa06b64462c1233b820099788b43feeb0e9b439911bc9761dc7bd1e141
|
@@ -0,0 +1,9 @@
|
|
1
|
+
## To do
|
2
|
+
|
3
|
+
- [ ] I have read the [contributing guidelines](https://github.com/varvet/pundit/contribute).
|
4
|
+
- [ ] I have added relevant tests.
|
5
|
+
- [ ] I have adjusted relevant documentation.
|
6
|
+
- [ ] I have made sure the individual commits are meaningful.
|
7
|
+
- [ ] I have added relevant lines to the CHANGELOG.
|
8
|
+
|
9
|
+
PS: Thank you for contributing to Pundit ❤️
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,16 @@
|
|
1
1
|
# Pundit
|
2
2
|
|
3
|
+
## Unreleased
|
4
|
+
|
5
|
+
Nothing.
|
6
|
+
|
7
|
+
## 2.3.1 (2023-07-17)
|
8
|
+
|
9
|
+
### Fixed
|
10
|
+
|
11
|
+
- Use `Kernel.warn` instead of `ActiveSupport::Deprecation.warn` for deprecations (#764)
|
12
|
+
- Policy generator now works on Ruby 3.2 (#754)
|
13
|
+
|
3
14
|
## 2.3.0 (2022-12-19)
|
4
15
|
|
5
16
|
### Added
|
data/CONTRIBUTING.md
CHANGED
@@ -1,9 +1,6 @@
|
|
1
1
|
## Security issues
|
2
2
|
|
3
|
-
If you have found a security related issue, please do not file an issue on
|
4
|
-
GitHub or send a PR addressing the issue. Contact
|
5
|
-
[Jonas](mailto:jonas.nicklas@gmail.com) directly. You will be given public
|
6
|
-
credit for your disclosure.
|
3
|
+
If you have found a security related issue, please do not file an issue on GitHub or send a PR addressing the issue. Refer to [SECURITY.md](./SECURITY.md) for instructions.
|
7
4
|
|
8
5
|
## Reporting issues
|
9
6
|
|
data/README.md
CHANGED
@@ -1,12 +1,12 @@
|
|
1
1
|
# Pundit
|
2
2
|
|
3
|
-
[![Build Status](https://
|
3
|
+
[![Build Status](https://app.travis-ci.com/varvet/pundit.svg?branch=main)](https://app.travis-ci.com/varvet/pundit)
|
4
4
|
[![Code Climate](https://codeclimate.com/github/varvet/pundit.svg)](https://codeclimate.com/github/varvet/pundit)
|
5
5
|
[![Inline docs](http://inch-ci.org/github/varvet/pundit.svg?branch=master)](http://inch-ci.org/github/varvet/pundit)
|
6
6
|
[![Gem Version](https://badge.fury.io/rb/pundit.svg)](http://badge.fury.io/rb/pundit)
|
7
7
|
|
8
8
|
Pundit provides a set of helpers which guide you in leveraging regular Ruby
|
9
|
-
classes and object oriented design patterns to build a
|
9
|
+
classes and object oriented design patterns to build a straightforward, robust, and
|
10
10
|
scalable authorization system.
|
11
11
|
|
12
12
|
Links:
|
@@ -49,8 +49,8 @@ can pick up any classes in the new `app/policies/` directory.
|
|
49
49
|
## Policies
|
50
50
|
|
51
51
|
Pundit is focused around the notion of policy classes. We suggest that you put
|
52
|
-
these classes in `app/policies`. This is
|
53
|
-
|
52
|
+
these classes in `app/policies`. This is an example that allows updating a post
|
53
|
+
if the user is an admin, or if the post is unpublished:
|
54
54
|
|
55
55
|
``` ruby
|
56
56
|
class PostPolicy
|
@@ -67,7 +67,7 @@ class PostPolicy
|
|
67
67
|
end
|
68
68
|
```
|
69
69
|
|
70
|
-
As you can see, this is
|
70
|
+
As you can see, this is a plain Ruby class. Pundit makes the following
|
71
71
|
assumptions about this class:
|
72
72
|
|
73
73
|
- The class has the same name as some kind of model class, only suffixed
|
@@ -199,7 +199,7 @@ you can retrieve it by passing a symbol.
|
|
199
199
|
class DashboardPolicy
|
200
200
|
attr_reader :user
|
201
201
|
|
202
|
-
# _record in this example will
|
202
|
+
# `_record` in this example will be :dashboard
|
203
203
|
def initialize(user, _record)
|
204
204
|
@user = user
|
205
205
|
end
|
@@ -211,7 +211,7 @@ end
|
|
211
211
|
```
|
212
212
|
|
213
213
|
Note that the headless policy still needs to accept two arguments. The
|
214
|
-
second argument will
|
214
|
+
second argument will be the symbol `:dashboard` in this case, which
|
215
215
|
is what is passed as the record to `authorize` below.
|
216
216
|
|
217
217
|
```ruby
|
@@ -374,7 +374,7 @@ these filters without affecting how your app works in any way.**
|
|
374
374
|
|
375
375
|
Some people have found this feature confusing, while many others
|
376
376
|
find it extremely helpful. If you fall into the category of people who find it
|
377
|
-
confusing then you do not need to use it. Pundit will work
|
377
|
+
confusing then you do not need to use it. Pundit will work fine without
|
378
378
|
using `verify_authorized` and `verify_policy_scoped`.
|
379
379
|
|
380
380
|
### Conditional verification
|
@@ -419,20 +419,13 @@ class Post
|
|
419
419
|
end
|
420
420
|
```
|
421
421
|
|
422
|
-
##
|
422
|
+
## Plain old Ruby
|
423
423
|
|
424
|
-
|
425
|
-
yourself. It's a very small library, it just provides a few neat helpers.
|
426
|
-
Together these give you the power of building a well structured, fully working
|
427
|
-
authorization system without using any special DSLs or funky syntax or
|
428
|
-
anything.
|
424
|
+
Pundit is a very small library on purpose, and it doesn't do anything you can't do yourself. There's no secret sauce here. It does as little as possible, and then gets out of your way.
|
429
425
|
|
430
|
-
|
431
|
-
|
432
|
-
Encapsulate a set of permissions into a module and include them in multiple
|
433
|
-
policies. Use `alias_method` to make some permissions behave the same as
|
434
|
-
others. Inherit from a base set of permissions. Use metaprogramming if you
|
435
|
-
really have to.
|
426
|
+
With the few but powerful helpers available in Pundit, you have the power to build a well structured, fully working authorization system without using any special DSLs or funky syntax.
|
427
|
+
|
428
|
+
Remember that all of the policy and scope classes are plain Ruby classes, which means you can use the same mechanisms you always use to DRY things up. Encapsulate a set of permissions into a module and include them in multiple policies. Use `alias_method` to make some permissions behave the same as others. Inherit from a base set of permissions. Use metaprogramming if you really have to.
|
436
429
|
|
437
430
|
## Generator
|
438
431
|
|
@@ -541,7 +534,7 @@ class ApplicationController < ActionController::Base
|
|
541
534
|
policy_name = exception.policy.class.to_s.underscore
|
542
535
|
|
543
536
|
flash[:error] = t "#{policy_name}.#{exception.query}", scope: "pundit", default: :default
|
544
|
-
redirect_back(
|
537
|
+
redirect_back(fallback_location: root_path)
|
545
538
|
end
|
546
539
|
end
|
547
540
|
```
|
@@ -555,8 +548,7 @@ en:
|
|
555
548
|
create?: 'You cannot create posts!'
|
556
549
|
```
|
557
550
|
|
558
|
-
|
559
|
-
your error messaging.
|
551
|
+
This is an example. Pundit is agnostic as to how you implement your error messaging.
|
560
552
|
|
561
553
|
## Manually retrieving policies and scopes
|
562
554
|
|
@@ -578,9 +570,7 @@ those without the bang will return nil.
|
|
578
570
|
|
579
571
|
## Customize Pundit user
|
580
572
|
|
581
|
-
|
582
|
-
`current_user` is not the method that should be invoked by Pundit. Simply
|
583
|
-
define a method in your controller called `pundit_user`.
|
573
|
+
On occasion, your controller may be unable to access `current_user`, or the method that should be invoked by Pundit may not be `current_user`. To address this, you can define a method in your controller named `pundit_user`.
|
584
574
|
|
585
575
|
```ruby
|
586
576
|
def pundit_user
|
@@ -796,11 +786,11 @@ end
|
|
796
786
|
```
|
797
787
|
|
798
788
|
An alternative approach to Pundit policy specs is scoping them to a user context as outlined in this
|
799
|
-
[excellent post](http://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/) and implemented in the third party [pundit-matchers](https://github.com/
|
789
|
+
[excellent post](http://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/) and implemented in the third party [pundit-matchers](https://github.com/punditcommunity/pundit-matchers) gem.
|
800
790
|
|
801
791
|
### Scope Specs
|
802
792
|
|
803
|
-
Pundit does not provide a DSL for testing scopes.
|
793
|
+
Pundit does not provide a DSL for testing scopes. Test them like you would a regular Ruby class!
|
804
794
|
|
805
795
|
### Linting with RuboCop RSpec
|
806
796
|
|
data/SECURITY.md
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
# Security Policy
|
2
|
+
|
3
|
+
Please do not file an issue on GitHub, or send a PR addressing the issue.
|
4
|
+
|
5
|
+
## Supported versions
|
6
|
+
|
7
|
+
Most recent major version only.
|
8
|
+
|
9
|
+
## Reporting a vulnerability
|
10
|
+
|
11
|
+
Contact one of the maintainers directly:
|
12
|
+
|
13
|
+
* [@Burgestrand](https://github.com/Burgestrand)
|
14
|
+
* [@dgmstuart](https://github.com/dgmstuart)
|
15
|
+
* [@varvet](https://github.com/varvet)
|
16
|
+
|
17
|
+
You can report vulnerabilities on GitHub too: https://github.com/varvet/pundit/security
|
18
|
+
|
19
|
+
Thank you!
|
data/lib/pundit/version.rb
CHANGED
data/lib/pundit.rb
CHANGED
@@ -55,8 +55,10 @@ module Pundit
|
|
55
55
|
class NotDefinedError < Error; end
|
56
56
|
|
57
57
|
def self.included(base)
|
58
|
-
|
58
|
+
location = caller_locations(1, 1).first
|
59
|
+
warn <<~WARNING
|
59
60
|
'include Pundit' is deprecated. Please use 'include Pundit::Authorization' instead.
|
61
|
+
(called from #{location.label} at #{location.path}:#{location.lineno})
|
60
62
|
WARNING
|
61
63
|
base.include Authorization
|
62
64
|
end
|
data/pundit.gemspec
CHANGED
@@ -8,7 +8,7 @@ Gem::Specification.new do |gem|
|
|
8
8
|
gem.name = "pundit"
|
9
9
|
gem.version = Pundit::VERSION
|
10
10
|
gem.authors = ["Jonas Nicklas", "Varvet AB"]
|
11
|
-
gem.email = ["jonas.nicklas@gmail.com", "
|
11
|
+
gem.email = ["jonas.nicklas@gmail.com", "info@varvet.com"]
|
12
12
|
gem.description = "Object oriented authorization for Rails applications"
|
13
13
|
gem.summary = "OO authorization for Rails"
|
14
14
|
gem.homepage = "https://github.com/varvet/pundit"
|
@@ -19,6 +19,8 @@ Gem::Specification.new do |gem|
|
|
19
19
|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
20
20
|
gem.require_paths = ["lib"]
|
21
21
|
|
22
|
+
gem.metadata = { "rubygems_mfa_required" => "true" }
|
23
|
+
|
22
24
|
gem.add_dependency "activesupport", ">= 3.0.0"
|
23
25
|
gem.add_development_dependency "actionpack", ">= 3.0.0"
|
24
26
|
gem.add_development_dependency "activemodel", ">= 3.0.0"
|
data/spec/pundit_spec.rb
CHANGED
@@ -399,22 +399,18 @@ RSpec.describe Pundit do
|
|
399
399
|
it "includes Authorization module" do
|
400
400
|
klass = Class.new
|
401
401
|
|
402
|
-
|
402
|
+
expect do
|
403
403
|
klass.include Pundit
|
404
|
-
end
|
404
|
+
end.to output.to_stderr
|
405
405
|
|
406
406
|
expect(klass).to include Pundit::Authorization
|
407
407
|
end
|
408
408
|
|
409
409
|
it "warns about deprecation" do
|
410
410
|
klass = Class.new
|
411
|
-
|
412
|
-
|
413
|
-
ActiveSupport::Deprecation.silence do
|
411
|
+
expect do
|
414
412
|
klass.include Pundit
|
415
|
-
end
|
416
|
-
|
417
|
-
expect(ActiveSupport::Deprecation).to have_received(:warn).with start_with("'include Pundit' is deprecated")
|
413
|
+
end.to output(a_string_starting_with("'include Pundit' is deprecated")).to_stderr
|
418
414
|
end
|
419
415
|
end
|
420
416
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pundit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.3.
|
4
|
+
version: 2.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jonas Nicklas
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2023-07-17 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activesupport
|
@@ -168,11 +168,12 @@ dependencies:
|
|
168
168
|
description: Object oriented authorization for Rails applications
|
169
169
|
email:
|
170
170
|
- jonas.nicklas@gmail.com
|
171
|
-
-
|
171
|
+
- info@varvet.com
|
172
172
|
executables: []
|
173
173
|
extensions: []
|
174
174
|
extra_rdoc_files: []
|
175
175
|
files:
|
176
|
+
- ".github/pull_request_template.md"
|
176
177
|
- ".gitignore"
|
177
178
|
- ".rubocop.yml"
|
178
179
|
- ".travis.yml"
|
@@ -184,6 +185,7 @@ files:
|
|
184
185
|
- LICENSE.txt
|
185
186
|
- README.md
|
186
187
|
- Rakefile
|
188
|
+
- SECURITY.md
|
187
189
|
- config/rubocop-rspec.yml
|
188
190
|
- lib/generators/pundit/install/USAGE
|
189
191
|
- lib/generators/pundit/install/install_generator.rb
|
@@ -210,7 +212,8 @@ files:
|
|
210
212
|
homepage: https://github.com/varvet/pundit
|
211
213
|
licenses:
|
212
214
|
- MIT
|
213
|
-
metadata:
|
215
|
+
metadata:
|
216
|
+
rubygems_mfa_required: 'true'
|
214
217
|
post_install_message:
|
215
218
|
rdoc_options: []
|
216
219
|
require_paths:
|
@@ -226,7 +229,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
226
229
|
- !ruby/object:Gem::Version
|
227
230
|
version: '0'
|
228
231
|
requirements: []
|
229
|
-
rubygems_version: 3.
|
232
|
+
rubygems_version: 3.4.10
|
230
233
|
signing_key:
|
231
234
|
specification_version: 4
|
232
235
|
summary: OO authorization for Rails
|