RubyGems - pundit - Versions diffs - 2.3.0 → 2.3.1 - Mend

pundit 2.3.0 → 2.3.1

Files changed (13) hide show

checksums.yaml +4 -4
data/.github/pull_request_template.md +9 -0
data/.travis.yml +2 -1
data/CHANGELOG.md +11 -0
data/CONTRIBUTING.md +1 -4
data/README.md +18 -28
data/SECURITY.md +19 -0
data/lib/generators/rspec/templates/policy_spec.rb +1 -1
data/lib/pundit/version.rb +1 -1
data/lib/pundit.rb +3 -1
data/pundit.gemspec +3 -1
data/spec/pundit_spec.rb +4 -8
metadata +8 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 74f2f6efff0c12342afad4bb45dc75f12443e20f6ab5a9ed40274f2f842f2441
-  data.tar.gz: ad984e338045f040964301fdf2c79323d2e1a1ebffad16fc332d49315de14da2
+  metadata.gz: b5c9e118c59bc3a683734817ac6fb9036a2b909df7abce2dbbdc00fc16aebdf7
+  data.tar.gz: 843cc1b7652e88d598a37a28f93bf13c41710bf3dddefeb96acf74e659279581
 SHA512:
-  metadata.gz: 106c8df42fc14b485dc4ea3951fba00232b6fa739b0a5910d9c33a33dde04cb1c015ecbf77f07a38274b9f9ae43ea5cfbbafb283f5eddc42fbf9454820ab87af
-  data.tar.gz: 4ab2a989938496acf224a9b20c247010e8d5882de168a995a02dbde021d308d7602f6305d675b26d461dcfb171346b02a1979325471f8713644aab8aac2dab9a
+  metadata.gz: f2430ece33471f7a321a124aeafab7dbc3be4688fbda581b758d90649f4ae06d0cbaf86df768e881d0a2f1c0ab55581cb5dc0f1d3012ab7611b2fd81b8a0f321
+  data.tar.gz: 3432cc545ca5139cfcd7e1fc26a17d0882c11de71a3c6949c1d1da232183eba495de18aa06b64462c1233b820099788b43feeb0e9b439911bc9761dc7bd1e141

data/.github/pull_request_template.md ADDED Viewed

@@ -0,0 +1,9 @@
+## To do
+- [ ] I have read the [contributing guidelines](https://github.com/varvet/pundit/contribute).
+- [ ] I have added relevant tests.
+- [ ] I have adjusted relevant documentation.
+- [ ] I have made sure the individual commits are meaningful.
+- [ ] I have added relevant lines to the CHANGELOG.
+PS: Thank you for contributing to Pundit ❤️

data/.travis.yml CHANGED Viewed

@@ -18,7 +18,8 @@ matrix:
     - rvm: 2.7.3
     - rvm: 3.0.1
     - rvm: 3.1.0
-    - rvm: jruby-9.2.17.0
+    - rvm: 3.2.0
+    - rvm: jruby-9.3.10.0
       env:
         - JRUBY_OPTS="--debug"
     - rvm: truffleruby-head

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,16 @@
 # Pundit
+## Unreleased
+Nothing.
+## 2.3.1 (2023-07-17)
+### Fixed
+- Use `Kernel.warn` instead of `ActiveSupport::Deprecation.warn` for deprecations (#764)
+- Policy generator now works on Ruby 3.2 (#754)
 ## 2.3.0 (2022-12-19)
 ### Added

data/CONTRIBUTING.md CHANGED Viewed

@@ -1,9 +1,6 @@
 ## Security issues
-If you have found a security related issue, please do not file an issue on
-GitHub or send a PR addressing the issue. Contact
-[Jonas](mailto:jonas.nicklas@gmail.com) directly. You will be given public
-credit for your disclosure.
+If you have found a security related issue, please do not file an issue on GitHub or send a PR addressing the issue. Refer to [SECURITY.md](./SECURITY.md) for instructions.
 ## Reporting issues

data/README.md CHANGED Viewed

@@ -1,12 +1,12 @@
 # Pundit
-[![Build Status](https://secure.travis-ci.org/varvet/pundit.svg?branch=master)](https://travis-ci.org/varvet/pundit)
+[![Build Status](https://app.travis-ci.com/varvet/pundit.svg?branch=main)](https://app.travis-ci.com/varvet/pundit)
 [![Code Climate](https://codeclimate.com/github/varvet/pundit.svg)](https://codeclimate.com/github/varvet/pundit)
 [![Inline docs](http://inch-ci.org/github/varvet/pundit.svg?branch=master)](http://inch-ci.org/github/varvet/pundit)
 [![Gem Version](https://badge.fury.io/rb/pundit.svg)](http://badge.fury.io/rb/pundit)
 Pundit provides a set of helpers which guide you in leveraging regular Ruby
-classes and object oriented design patterns to build a simple, robust and
+classes and object oriented design patterns to build a straightforward, robust, and
 scalable authorization system.
 Links:
@@ -49,8 +49,8 @@ can pick up any classes in the new `app/policies/` directory.
 ## Policies
 Pundit is focused around the notion of policy classes. We suggest that you put
-these classes in `app/policies`. This is a simple example that allows updating
-a post if the user is an admin, or if the post is unpublished:
+these classes in `app/policies`. This is an example that allows updating a post
+if the user is an admin, or if the post is unpublished:
 ``` ruby
 class PostPolicy
@@ -67,7 +67,7 @@ class PostPolicy
 end
 ```
-As you can see, this is just a plain Ruby class. Pundit makes the following
+As you can see, this is a plain Ruby class. Pundit makes the following
 assumptions about this class:
 - The class has the same name as some kind of model class, only suffixed
@@ -199,7 +199,7 @@ you can retrieve it by passing a symbol.
 class DashboardPolicy
   attr_reader :user
-  # _record in this example will just be :dashboard
+  # `_record` in this example will be :dashboard
   def initialize(user, _record)
     @user = user
   end
@@ -211,7 +211,7 @@ end
 ```
 Note that the headless policy still needs to accept two arguments. The
-second argument will just be the symbol `:dashboard` in this case which
+second argument will be the symbol `:dashboard` in this case, which
 is what is passed as the record to `authorize` below.
 ```ruby
@@ -374,7 +374,7 @@ these filters without affecting how your app works in any way.**
 Some people have found this feature confusing, while many others
 find it extremely helpful. If you fall into the category of people who find it
-confusing then you do not need to use it. Pundit will work just fine without
+confusing then you do not need to use it. Pundit will work fine without
 using `verify_authorized` and `verify_policy_scoped`.
 ### Conditional verification
@@ -419,20 +419,13 @@ class Post
 end
 ```
-## Just plain old Ruby
+## Plain old Ruby
-As you can see, Pundit doesn't do anything you couldn't have easily done
-yourself.  It's a very small library, it just provides a few neat helpers.
-Together these give you the power of building a well structured, fully working
-authorization system without using any special DSLs or funky syntax or
-anything.
+Pundit is a very small library on purpose, and it doesn't do anything you can't do yourself. There's no secret sauce here. It does as little as possible, and then gets out of your way.
-Remember that all of the policy and scope classes are just plain Ruby classes,
-which means you can use the same mechanisms you always use to DRY things up.
-Encapsulate a set of permissions into a module and include them in multiple
-policies. Use `alias_method` to make some permissions behave the same as
-others. Inherit from a base set of permissions. Use metaprogramming if you
-really have to.
+With the few but powerful helpers available in Pundit, you have the power to build a well structured, fully working authorization system without using any special DSLs or funky syntax.
+Remember that all of the policy and scope classes are plain Ruby classes, which means you can use the same mechanisms you always use to DRY things up. Encapsulate a set of permissions into a module and include them in multiple policies. Use `alias_method` to make some permissions behave the same as others. Inherit from a base set of permissions. Use metaprogramming if you really have to.
 ## Generator
@@ -541,7 +534,7 @@ class ApplicationController < ActionController::Base
    policy_name = exception.policy.class.to_s.underscore
    flash[:error] = t "#{policy_name}.#{exception.query}", scope: "pundit", default: :default
-   redirect_back(fallback_url: root_path)
+   redirect_back(fallback_location: root_path)
  end
 end
 ```
@@ -555,8 +548,7 @@ en:
      create?: 'You cannot create posts!'
 ```
-Of course, this is just an example. Pundit is agnostic as to how you implement
-your error messaging.
+This is an example. Pundit is agnostic as to how you implement your error messaging.
 ## Manually retrieving policies and scopes
@@ -578,9 +570,7 @@ those without the bang will return nil.
 ## Customize Pundit user
-In some cases your controller might not have access to `current_user`, or your
-`current_user` is not the method that should be invoked by Pundit. Simply
-define a method in your controller called `pundit_user`.
+On occasion, your controller may be unable to access `current_user`, or the method that should be invoked by Pundit may not be `current_user`. To address this, you can define a method in your controller named `pundit_user`.
 ```ruby
 def pundit_user
@@ -796,11 +786,11 @@ end
 ```
 An alternative approach to Pundit policy specs is scoping them to a user context as outlined in this
-[excellent post](http://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/) and implemented in the third party [pundit-matchers](https://github.com/chrisalley/pundit-matchers) gem.
+[excellent post](http://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/) and implemented in the third party [pundit-matchers](https://github.com/punditcommunity/pundit-matchers) gem.
 ### Scope Specs
-Pundit does not provide a DSL for testing scopes. Just test it like a regular Ruby class!
+Pundit does not provide a DSL for testing scopes. Test them like you would a regular Ruby class!
 ### Linting with RuboCop RSpec

data/SECURITY.md ADDED Viewed

@@ -0,0 +1,19 @@
+# Security Policy
+Please do not file an issue on GitHub, or send a PR addressing the issue.
+## Supported versions
+Most recent major version only.
+## Reporting a vulnerability
+Contact one of the maintainers directly:
+* [@Burgestrand](https://github.com/Burgestrand)
+* [@dgmstuart](https://github.com/dgmstuart)
+* [@varvet](https://github.com/varvet)
+You can report vulnerabilities on GitHub too: https://github.com/varvet/pundit/security
+Thank you!

data/lib/generators/rspec/templates/policy_spec.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-require '<%= File.exists?('spec/rails_helper.rb') ? 'rails_helper' : 'spec_helper' %>'
+require '<%= File.exist?('spec/rails_helper.rb') ? 'rails_helper' : 'spec_helper' %>'
 RSpec.describe <%= class_name %>Policy, type: :policy do
   let(:user) { User.new }

data/lib/pundit/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Pundit
-  VERSION = "2.3.0"
+  VERSION = "2.3.1"
 end

data/lib/pundit.rb CHANGED Viewed

@@ -55,8 +55,10 @@ module Pundit
   class NotDefinedError < Error; end
   def self.included(base)
-    ActiveSupport::Deprecation.warn <<~WARNING
+    location = caller_locations(1, 1).first
+    warn <<~WARNING
       'include Pundit' is deprecated. Please use 'include Pundit::Authorization' instead.
+       (called from #{location.label} at #{location.path}:#{location.lineno})
     WARNING
     base.include Authorization
   end

data/pundit.gemspec CHANGED Viewed

@@ -8,7 +8,7 @@ Gem::Specification.new do |gem|
   gem.name          = "pundit"
   gem.version       = Pundit::VERSION
   gem.authors       = ["Jonas Nicklas", "Varvet AB"]
-  gem.email         = ["jonas.nicklas@gmail.com", "dev@elabs.se"]
+  gem.email         = ["jonas.nicklas@gmail.com", "info@varvet.com"]
   gem.description   = "Object oriented authorization for Rails applications"
   gem.summary       = "OO authorization for Rails"
   gem.homepage      = "https://github.com/varvet/pundit"
@@ -19,6 +19,8 @@ Gem::Specification.new do |gem|
   gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
   gem.require_paths = ["lib"]
+  gem.metadata      = { "rubygems_mfa_required" => "true" }
   gem.add_dependency "activesupport", ">= 3.0.0"
   gem.add_development_dependency "actionpack", ">= 3.0.0"
   gem.add_development_dependency "activemodel", ">= 3.0.0"

data/spec/pundit_spec.rb CHANGED Viewed

@@ -399,22 +399,18 @@ RSpec.describe Pundit do
     it "includes Authorization module" do
       klass = Class.new
-      ActiveSupport::Deprecation.silence do
+      expect do
         klass.include Pundit
-      end
+      end.to output.to_stderr
       expect(klass).to include Pundit::Authorization
     end
     it "warns about deprecation" do
       klass = Class.new
-      allow(ActiveSupport::Deprecation).to receive(:warn)
-      ActiveSupport::Deprecation.silence do
+      expect do
         klass.include Pundit
-      end
-      expect(ActiveSupport::Deprecation).to have_received(:warn).with start_with("'include Pundit' is deprecated")
+      end.to output(a_string_starting_with("'include Pundit' is deprecated")).to_stderr
     end
   end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pundit
 version: !ruby/object:Gem::Version
-  version: 2.3.0
+  version: 2.3.1
 platform: ruby
 authors:
 - Jonas Nicklas
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-12-19 00:00:00.000000000 Z
+date: 2023-07-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -168,11 +168,12 @@ dependencies:
 description: Object oriented authorization for Rails applications
 email:
 - jonas.nicklas@gmail.com
-- dev@elabs.se
+- info@varvet.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/pull_request_template.md"
 - ".gitignore"
 - ".rubocop.yml"
 - ".travis.yml"
@@ -184,6 +185,7 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- SECURITY.md
 - config/rubocop-rspec.yml
 - lib/generators/pundit/install/USAGE
 - lib/generators/pundit/install/install_generator.rb
@@ -210,7 +212,8 @@ files:
 homepage: https://github.com/varvet/pundit
 licenses:
 - MIT
-metadata: {}
+metadata:
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -226,7 +229,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.4.10
 signing_key:
 specification_version: 4
 summary: OO authorization for Rails