pundit 2.3.2 → 2.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/ISSUE_TEMPLATE/bug_report.md +20 -0
- data/.github/ISSUE_TEMPLATE/feature_request.md +26 -0
- data/.github/PULL_REQUEST_TEMPLATE/gem_release_template.md +4 -4
- data/.github/workflows/main.yml +9 -4
- data/.github/workflows/push_gem.yml +4 -4
- data/CHANGELOG.md +12 -0
- data/CODE_OF_CONDUCT.md +1 -1
- data/CONTRIBUTING.md +1 -0
- data/README.md +58 -15
- data/lib/pundit/rspec.rb +23 -1
- data/lib/pundit/version.rb +1 -1
- data/lib/pundit.rb +4 -1
- data/spec/authorization_spec.rb +1 -1
- data/spec/dsl_spec.rb +30 -0
- data/spec/policies/post_policy_spec.rb +27 -0
- data/spec/pundit_spec.rb +21 -4
- data/spec/spec_helper.rb +1 -1
- metadata +8 -4
- /data/.github/{PULL_REQUEST_TEMPLATE/pull_request_template.md → pull_request_template.md} +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1cc7a931867875af2c1a7cd5c4225da689b33e101f76bb7a471afb967323e615
|
4
|
+
data.tar.gz: 8ca35ba01f65b52b1b8bbb2061858bdc61cd0034b01818b07dbbba4b7ddd3a69
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0f495747f61c744c04dffa7811d3a86fc818812807a971591d71542d798d5a7aa4438333534082e755bbead592b4b1b5465e23030e535b03420c643e088bcaf1
|
7
|
+
data.tar.gz: 951ec8a8c02c081bc6b412bb0b5d1d6ffcc33543fa71f66fef9c4f4a6f391ea53a057e20b94bdef5faf4c8f2ef0deffd09357c9580ef6a739575c94a70d9d950
|
@@ -0,0 +1,20 @@
|
|
1
|
+
---
|
2
|
+
name: Bug report
|
3
|
+
about: Create a bug report to report a problem
|
4
|
+
title: ''
|
5
|
+
labels: problem
|
6
|
+
assignees: ''
|
7
|
+
|
8
|
+
---
|
9
|
+
|
10
|
+
**Describe the bug**
|
11
|
+
A clear and concise description of what the bug is.
|
12
|
+
|
13
|
+
**To Reproduce**
|
14
|
+
Steps or runnable code to reproduce the problem.
|
15
|
+
|
16
|
+
**Expected behavior**
|
17
|
+
A clear and concise description of what you expected to happen.
|
18
|
+
|
19
|
+
**Additional context**
|
20
|
+
Add any other context about the problem here.
|
@@ -0,0 +1,26 @@
|
|
1
|
+
---
|
2
|
+
name: Feature request
|
3
|
+
about: Suggest an idea
|
4
|
+
title: ''
|
5
|
+
labels: ['feature request']
|
6
|
+
assignees: ''
|
7
|
+
---
|
8
|
+
|
9
|
+
**Please consider**
|
10
|
+
- Could this feature break backwards-compatibility?
|
11
|
+
- Could this feature benefit the many who use Pundit?
|
12
|
+
- Could this feature be useful in _most_ projects that use Pundit?
|
13
|
+
- Would this feature require Rails?
|
14
|
+
- Am I open to creating a Pull Request with the necessary changes?
|
15
|
+
|
16
|
+
**Is your feature request related to a problem? Please describe.**
|
17
|
+
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
|
18
|
+
|
19
|
+
**Describe the solution you'd like**
|
20
|
+
A clear and concise description of how you'd like to approach solving the problem.
|
21
|
+
|
22
|
+
**Describe alternatives you've considered**
|
23
|
+
A clear and concise description of any alternative solutions or features you've considered.
|
24
|
+
|
25
|
+
**Additional context**
|
26
|
+
Add any other context. Ex. if you've solved this problem in your own projects already, how that worked, and why the feature should be moved and maintained in Pundit instead.
|
@@ -1,8 +1,8 @@
|
|
1
1
|
## To do
|
2
2
|
|
3
|
-
- [ ]
|
3
|
+
- [ ] Make changes:
|
4
4
|
- [ ] Bump `Pundit::VERSION` in `lib/pundit/version.rb`.
|
5
5
|
- [ ] Update `CHANGELOG.md`.
|
6
|
-
- [ ]
|
7
|
-
- [ ]
|
8
|
-
- [ ] Make an announcement in [Pundit discussions](https://github.com/varvet/pundit/discussions/categories/announcements)
|
6
|
+
- [ ] Open pull request 🚀 and merge it.
|
7
|
+
- [ ] Run [push gem](https://github.com/varvet/pundit/actions/workflows/push_gem.yml) GitHub Action.
|
8
|
+
- [ ] Make an announcement in [Pundit discussions](https://github.com/varvet/pundit/discussions/categories/announcements)
|
data/.github/workflows/main.yml
CHANGED
@@ -42,20 +42,25 @@ jobs:
|
|
42
42
|
allow-failure: true
|
43
43
|
|
44
44
|
steps:
|
45
|
-
- uses: actions/checkout@
|
45
|
+
- uses: actions/checkout@v4
|
46
46
|
- name: Set up Ruby
|
47
47
|
uses: ruby/setup-ruby@v1
|
48
48
|
with:
|
49
49
|
rubygems: latest
|
50
50
|
ruby-version: ${{ matrix.ruby-version }}
|
51
|
-
bundler-cache:
|
51
|
+
bundler-cache: ${{ !startsWith(matrix.ruby-version, 'jruby') }}
|
52
|
+
- name: Bundler install (JRuby workaround)
|
53
|
+
if: ${{ startsWith(matrix.ruby-version, 'jruby') }}
|
54
|
+
run: |
|
55
|
+
gem install psych
|
56
|
+
bundle install
|
52
57
|
- name: Run tests
|
53
58
|
run: bundle exec rspec
|
54
59
|
|
55
60
|
test:
|
56
61
|
runs-on: ubuntu-latest
|
57
62
|
steps:
|
58
|
-
- uses: actions/checkout@
|
63
|
+
- uses: actions/checkout@v4
|
59
64
|
- name: Set up Ruby
|
60
65
|
uses: ruby/setup-ruby@v1
|
61
66
|
with:
|
@@ -81,7 +86,7 @@ jobs:
|
|
81
86
|
rubocop:
|
82
87
|
runs-on: ubuntu-latest
|
83
88
|
steps:
|
84
|
-
- uses: actions/checkout@
|
89
|
+
- uses: actions/checkout@v4
|
85
90
|
- name: Set up Ruby
|
86
91
|
uses: ruby/setup-ruby@v1
|
87
92
|
with:
|
@@ -18,16 +18,16 @@ jobs:
|
|
18
18
|
steps:
|
19
19
|
# Set up
|
20
20
|
- name: Harden Runner
|
21
|
-
uses: step-security/harden-runner@
|
21
|
+
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
|
22
22
|
with:
|
23
23
|
egress-policy: audit
|
24
24
|
|
25
|
-
- uses: actions/checkout@
|
25
|
+
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
26
26
|
- name: Set up Ruby
|
27
|
-
uses: ruby/setup-ruby@
|
27
|
+
uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
|
28
28
|
with:
|
29
29
|
bundler-cache: true
|
30
30
|
ruby-version: ruby
|
31
31
|
|
32
32
|
# Release
|
33
|
-
- uses: rubygems/release-gem@612653d273a73bdae1df8453e090060bb4db5f31 # v1
|
33
|
+
- uses: rubygems/release-gem@612653d273a73bdae1df8453e090060bb4db5f31 # v1+ unreleased
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,18 @@
|
|
2
2
|
|
3
3
|
## Unreleased
|
4
4
|
|
5
|
+
## 2.4.0 (2024-08-26)
|
6
|
+
|
7
|
+
## Changed
|
8
|
+
|
9
|
+
- Improve the `NotAuthorizedError` message to include the policy class.
|
10
|
+
Furthermore, in the case where the record passed is a class instead of an instance, the class name is given. (#812)
|
11
|
+
|
12
|
+
## Added
|
13
|
+
|
14
|
+
- Add customizable permit matcher description (#806)
|
15
|
+
- Add support for filter_run_when_matching :focus with permissions helper. (#820)
|
16
|
+
|
5
17
|
## 2.3.2 (2024-05-08)
|
6
18
|
|
7
19
|
- Refactor: First pass of Pundit::Context (#797)
|
data/CODE_OF_CONDUCT.md
CHANGED
@@ -25,4 +25,4 @@ maintainers.
|
|
25
25
|
|
26
26
|
This Code of Conduct is adapted from the [Contributor
|
27
27
|
Covenant](http:contributor-covenant.org), version 1.0.0, available at
|
28
|
-
[
|
28
|
+
[https://contributor-covenant.org/version/1/0/0/](https://contributor-covenant.org/version/1/0/0/)
|
data/CONTRIBUTING.md
CHANGED
@@ -28,3 +28,4 @@ Pundit version, OS version and any stack traces you have are very valuable.
|
|
28
28
|
- **Send coherent history**. Make sure each individual commit in your pull
|
29
29
|
request is meaningful. If you had to make multiple intermediate commits while
|
30
30
|
developing, please squash them before sending them to us.
|
31
|
+
- **Update the CHANGELOG.** Don't forget to add your new changes to the CHANGELOG.
|
data/README.md
CHANGED
@@ -2,8 +2,8 @@
|
|
2
2
|
|
3
3
|
[![Main](https://github.com/varvet/pundit/actions/workflows/main.yml/badge.svg)](https://github.com/varvet/pundit/actions/workflows/main.yml)
|
4
4
|
[![Code Climate](https://api.codeclimate.com/v1/badges/a940030f96c9fb43046a/maintainability)](https://codeclimate.com/github/varvet/pundit/maintainability)
|
5
|
-
[![Inline docs](
|
6
|
-
[![Gem Version](https://badge.fury.io/rb/pundit.svg)](
|
5
|
+
[![Inline docs](https://inch-ci.org/github/varvet/pundit.svg?branch=main)](https://inch-ci.org/github/varvet/pundit)
|
6
|
+
[![Gem Version](https://badge.fury.io/rb/pundit.svg)](https://badge.fury.io/rb/pundit)
|
7
7
|
|
8
8
|
Pundit provides a set of helpers which guide you in leveraging regular Ruby
|
9
9
|
classes and object oriented design patterns to build a straightforward, robust, and
|
@@ -11,7 +11,7 @@ scalable authorization system.
|
|
11
11
|
|
12
12
|
## Links:
|
13
13
|
|
14
|
-
- [API documentation for the most recent version](
|
14
|
+
- [API documentation for the most recent version](https://www.rubydoc.info/gems/pundit)
|
15
15
|
- [Source Code](https://github.com/varvet/pundit)
|
16
16
|
- [Contributing](https://github.com/varvet/pundit/blob/main/CONTRIBUTING.md)
|
17
17
|
- [Code of Conduct](https://github.com/varvet/pundit/blob/main/CODE_OF_CONDUCT.md)
|
@@ -116,7 +116,7 @@ and the given record. It then infers from the action name, that it should call
|
|
116
116
|
|
117
117
|
``` ruby
|
118
118
|
unless PostPolicy.new(current_user, @post).update?
|
119
|
-
raise Pundit::NotAuthorizedError, "not allowed to update? this
|
119
|
+
raise Pundit::NotAuthorizedError, "not allowed to PostPolicy#update? this Post"
|
120
120
|
end
|
121
121
|
```
|
122
122
|
|
@@ -360,8 +360,15 @@ authorize individual instances.
|
|
360
360
|
``` ruby
|
361
361
|
class ApplicationController < ActionController::Base
|
362
362
|
include Pundit::Authorization
|
363
|
-
after_action :
|
364
|
-
|
363
|
+
after_action :verify_pundit_authorization
|
364
|
+
|
365
|
+
def verify_pundit_authorization
|
366
|
+
if action_name == "index"
|
367
|
+
verify_policy_scoped
|
368
|
+
else
|
369
|
+
verify_authorized
|
370
|
+
end
|
371
|
+
end
|
365
372
|
end
|
366
373
|
```
|
367
374
|
|
@@ -489,7 +496,7 @@ end
|
|
489
496
|
## Rescuing a denied Authorization in Rails
|
490
497
|
|
491
498
|
Pundit raises a `Pundit::NotAuthorizedError` you can
|
492
|
-
[rescue_from](
|
499
|
+
[rescue_from](https://guides.rubyonrails.org/action_controller_overview.html#rescue-from)
|
493
500
|
in your `ApplicationController`. You can customize the `user_not_authorized`
|
494
501
|
method in every controller.
|
495
502
|
|
@@ -503,7 +510,7 @@ class ApplicationController < ActionController::Base
|
|
503
510
|
|
504
511
|
def user_not_authorized
|
505
512
|
flash[:alert] = "You are not authorized to perform this action."
|
506
|
-
|
513
|
+
redirect_back_or_to(root_path)
|
507
514
|
end
|
508
515
|
end
|
509
516
|
```
|
@@ -532,7 +539,7 @@ class ApplicationController < ActionController::Base
|
|
532
539
|
policy_name = exception.policy.class.to_s.underscore
|
533
540
|
|
534
541
|
flash[:error] = t "#{policy_name}.#{exception.query}", scope: "pundit", default: :default
|
535
|
-
|
542
|
+
redirect_back_or_to(root_path)
|
536
543
|
end
|
537
544
|
end
|
538
545
|
```
|
@@ -754,6 +761,10 @@ end
|
|
754
761
|
|
755
762
|
### Policy Specs
|
756
763
|
|
764
|
+
> [!TIP]
|
765
|
+
> An alternative approach to Pundit policy specs is scoping them to a user context as outlined in this
|
766
|
+
[excellent post](https://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/) and implemented in the third party [pundit-matchers](https://github.com/punditcommunity/pundit-matchers) gem.
|
767
|
+
|
757
768
|
Pundit includes a mini-DSL for writing expressive tests for your policies in RSpec.
|
758
769
|
Require `pundit/rspec` in your `spec_helper.rb`:
|
759
770
|
|
@@ -783,8 +794,40 @@ describe PostPolicy do
|
|
783
794
|
end
|
784
795
|
```
|
785
796
|
|
786
|
-
|
787
|
-
|
797
|
+
### Custom matcher description
|
798
|
+
|
799
|
+
By default rspec includes an inspected `user` and `record` in the matcher description, which might become overly verbose:
|
800
|
+
|
801
|
+
```
|
802
|
+
PostPolicy
|
803
|
+
update? and show?
|
804
|
+
is expected to permit #<User:0x0000000104aefd80> and #<Post:0x0000000104aef8d0 @user=#<User:0x0000000104aefd80>>
|
805
|
+
```
|
806
|
+
|
807
|
+
You can override the default description with a static string, or a block:
|
808
|
+
|
809
|
+
```ruby
|
810
|
+
# static alternative: Pundit::RSpec::Matchers.description = "permit the user"
|
811
|
+
Pundit::RSpec::Matchers.description = ->(user, record) do
|
812
|
+
"permit user with role #{user.role} to access record with ID #{record.id}"
|
813
|
+
end
|
814
|
+
```
|
815
|
+
|
816
|
+
Which would make for a less chatty output:
|
817
|
+
|
818
|
+
```
|
819
|
+
PostPolicy
|
820
|
+
update? and show?
|
821
|
+
is expected to permit user with role admin to access record with ID 130
|
822
|
+
```
|
823
|
+
|
824
|
+
### Focus Support
|
825
|
+
|
826
|
+
If your RSpec config has `filter_run_when_matching :focus`, you may tag the `permissions` helper like so:
|
827
|
+
|
828
|
+
```
|
829
|
+
permissions :show?, :focus do
|
830
|
+
```
|
788
831
|
|
789
832
|
### Scope Specs
|
790
833
|
|
@@ -803,15 +846,15 @@ inherit_gem:
|
|
803
846
|
# External Resources
|
804
847
|
|
805
848
|
- [RailsApps Example Application: Pundit and Devise](https://github.com/RailsApps/rails-devise-pundit)
|
806
|
-
- [Migrating to Pundit from CanCan](
|
807
|
-
- [Testing Pundit Policies with RSpec](
|
849
|
+
- [Migrating to Pundit from CanCan](https://blog.carbonfive.com/2013/10/21/migrating-to-pundit-from-cancan/)
|
850
|
+
- [Testing Pundit Policies with RSpec](https://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/)
|
808
851
|
- [Testing Pundit with Minitest](https://github.com/varvet/pundit/issues/204#issuecomment-60166450)
|
809
852
|
- [Using Pundit outside of a Rails controller](https://github.com/varvet/pundit/pull/136)
|
810
|
-
- [Straightforward Rails Authorization with Pundit](
|
853
|
+
- [Straightforward Rails Authorization with Pundit](https://www.sitepoint.com/straightforward-rails-authorization-with-pundit/)
|
811
854
|
|
812
855
|
## Other implementations
|
813
856
|
|
814
|
-
- [Flask-Pundit](https://github.com/anurag90x/flask-pundit) (Python) is a [Flask](
|
857
|
+
- [Flask-Pundit](https://github.com/anurag90x/flask-pundit) (Python) is a [Flask](https://flask.pocoo.org/) extension "heavily inspired by" Pundit
|
815
858
|
|
816
859
|
# License
|
817
860
|
|
data/lib/pundit/rspec.rb
CHANGED
@@ -5,6 +5,16 @@ module Pundit
|
|
5
5
|
module Matchers
|
6
6
|
extend ::RSpec::Matchers::DSL
|
7
7
|
|
8
|
+
class << self
|
9
|
+
attr_writer :description
|
10
|
+
|
11
|
+
def description(user, record)
|
12
|
+
return @description.call(user, record) if defined?(@description) && @description.respond_to?(:call)
|
13
|
+
|
14
|
+
@description
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
8
18
|
# rubocop:disable Metrics/BlockLength
|
9
19
|
matcher :permit do |user, record|
|
10
20
|
match_proc = lambda do |policy|
|
@@ -33,6 +43,10 @@ module Pundit
|
|
33
43
|
"#{record} but #{@violating_permissions.to_sentence} #{was_were} granted"
|
34
44
|
end
|
35
45
|
|
46
|
+
description do
|
47
|
+
Pundit::RSpec::Matchers.description(user, record) || super()
|
48
|
+
end
|
49
|
+
|
36
50
|
if respond_to?(:match_when_negated)
|
37
51
|
match(&match_proc)
|
38
52
|
match_when_negated(&match_when_negated_proc)
|
@@ -55,7 +69,15 @@ module Pundit
|
|
55
69
|
|
56
70
|
module DSL
|
57
71
|
def permissions(*list, &block)
|
58
|
-
|
72
|
+
metadata = { permissions: list, caller: caller }
|
73
|
+
|
74
|
+
if list.last == :focus
|
75
|
+
list.pop
|
76
|
+
metadata[:focus] = true
|
77
|
+
end
|
78
|
+
|
79
|
+
description = list.to_sentence
|
80
|
+
describe(description, metadata) { instance_eval(&block) }
|
59
81
|
end
|
60
82
|
end
|
61
83
|
|
data/lib/pundit/version.rb
CHANGED
data/lib/pundit.rb
CHANGED
@@ -36,7 +36,10 @@ module Pundit
|
|
36
36
|
@record = options[:record]
|
37
37
|
@policy = options[:policy]
|
38
38
|
|
39
|
-
message = options.fetch(:message)
|
39
|
+
message = options.fetch(:message) do
|
40
|
+
record_name = record.is_a?(Class) ? record.to_s : "this #{record.class}"
|
41
|
+
"not allowed to #{policy.class}##{query} #{record_name}"
|
42
|
+
end
|
40
43
|
end
|
41
44
|
|
42
45
|
super(message)
|
data/spec/authorization_spec.rb
CHANGED
@@ -169,7 +169,7 @@ describe Pundit::Authorization do
|
|
169
169
|
expect(controller.policy_scope(Post)).to eq :published
|
170
170
|
end
|
171
171
|
|
172
|
-
it "allows policy scope class to be
|
172
|
+
it "allows policy scope class to be overridden" do
|
173
173
|
expect(controller.policy_scope(Post, policy_scope_class: PublicationPolicy::Scope)).to eq :published
|
174
174
|
end
|
175
175
|
|
data/spec/dsl_spec.rb
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "spec_helper"
|
4
|
+
|
5
|
+
RSpec.describe "Pundit RSpec DSL" do
|
6
|
+
let(:fake_rspec) do
|
7
|
+
double = class_double(RSpec::ExampleGroups)
|
8
|
+
double.extend(::Pundit::RSpec::DSL)
|
9
|
+
double
|
10
|
+
end
|
11
|
+
let(:block) { proc { "block content" } }
|
12
|
+
|
13
|
+
it "calls describe with the correct metadata and without :focus" do
|
14
|
+
expected_metadata = { permissions: %i[item1 item2], caller: instance_of(Array) }
|
15
|
+
expect(fake_rspec).to receive(:describe).with("item1 and item2", match(expected_metadata)) do |&block|
|
16
|
+
expect(block.call).to eq("block content")
|
17
|
+
end
|
18
|
+
|
19
|
+
fake_rspec.permissions(:item1, :item2, &block)
|
20
|
+
end
|
21
|
+
|
22
|
+
it "calls describe with the correct metadata and with :focus" do
|
23
|
+
expected_metadata = { permissions: %i[item1 item2], caller: instance_of(Array), focus: true }
|
24
|
+
expect(fake_rspec).to receive(:describe).with("item1 and item2", match(expected_metadata)) do |&block|
|
25
|
+
expect(block.call).to eq("block content")
|
26
|
+
end
|
27
|
+
|
28
|
+
fake_rspec.permissions(:item1, :item2, :focus, &block)
|
29
|
+
end
|
30
|
+
end
|
@@ -18,5 +18,32 @@ RSpec.describe PostPolicy do
|
|
18
18
|
should permit(user, other_post)
|
19
19
|
end.to raise_error(RSpec::Expectations::ExpectationNotMetError)
|
20
20
|
end
|
21
|
+
|
22
|
+
it "uses the default description if not overridden" do
|
23
|
+
expect(permit(user, own_post).description).to eq("permit #{user.inspect} and #{own_post.inspect}")
|
24
|
+
end
|
25
|
+
|
26
|
+
context "when the matcher description is overridden" do
|
27
|
+
after do
|
28
|
+
Pundit::RSpec::Matchers.description = nil
|
29
|
+
end
|
30
|
+
|
31
|
+
it "sets a custom matcher description with a Proc" do
|
32
|
+
allow(user).to receive(:role).and_return("default_role")
|
33
|
+
allow(own_post).to receive(:id).and_return(1)
|
34
|
+
|
35
|
+
Pundit::RSpec::Matchers.description = lambda { |user, record|
|
36
|
+
"permit user with role #{user.role} to access record with ID #{record.id}"
|
37
|
+
}
|
38
|
+
|
39
|
+
description = permit(user, own_post).description
|
40
|
+
expect(description).to eq("permit user with role default_role to access record with ID 1")
|
41
|
+
end
|
42
|
+
|
43
|
+
it "sets a custom matcher description with a string" do
|
44
|
+
Pundit::RSpec::Matchers.description = "permit user"
|
45
|
+
expect(permit(user, own_post).description).to eq("permit user")
|
46
|
+
end
|
47
|
+
end
|
21
48
|
end
|
22
49
|
end
|
data/spec/pundit_spec.rb
CHANGED
@@ -57,11 +57,11 @@ RSpec.describe Pundit do
|
|
57
57
|
expect { Pundit.authorize(user, article_tag, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
|
58
58
|
end
|
59
59
|
|
60
|
-
it "raises an error with
|
60
|
+
it "raises an error with the policy, query and record" do
|
61
61
|
# rubocop:disable Style/MultilineBlockChain
|
62
62
|
expect do
|
63
63
|
Pundit.authorize(user, post, :destroy?)
|
64
|
-
end.to raise_error(Pundit::NotAuthorizedError, "not allowed to destroy? this Post") do |error|
|
64
|
+
end.to raise_error(Pundit::NotAuthorizedError, "not allowed to PostPolicy#destroy? this Post") do |error|
|
65
65
|
expect(error.query).to eq :destroy?
|
66
66
|
expect(error.record).to eq post
|
67
67
|
expect(error.policy).to have_attributes(
|
@@ -73,11 +73,12 @@ RSpec.describe Pundit do
|
|
73
73
|
# rubocop:enable Style/MultilineBlockChain
|
74
74
|
end
|
75
75
|
|
76
|
-
it "raises an error with
|
76
|
+
it "raises an error with the policy, query and record when the record is namespaced" do
|
77
77
|
# rubocop:disable Style/MultilineBlockChain
|
78
78
|
expect do
|
79
79
|
Pundit.authorize(user, [:project, :admin, comment], :destroy?)
|
80
|
-
end.to raise_error(Pundit::NotAuthorizedError,
|
80
|
+
end.to raise_error(Pundit::NotAuthorizedError,
|
81
|
+
"not allowed to Project::Admin::CommentPolicy#destroy? this Comment") do |error|
|
81
82
|
expect(error.query).to eq :destroy?
|
82
83
|
expect(error.record).to eq comment
|
83
84
|
expect(error.policy).to have_attributes(
|
@@ -89,6 +90,22 @@ RSpec.describe Pundit do
|
|
89
90
|
# rubocop:enable Style/MultilineBlockChain
|
90
91
|
end
|
91
92
|
|
93
|
+
it "raises an error with the policy, query and the class name when a Class is given" do
|
94
|
+
# rubocop:disable Style/MultilineBlockChain
|
95
|
+
expect do
|
96
|
+
Pundit.authorize(user, Post, :destroy?)
|
97
|
+
end.to raise_error(Pundit::NotAuthorizedError, "not allowed to PostPolicy#destroy? Post") do |error|
|
98
|
+
expect(error.query).to eq :destroy?
|
99
|
+
expect(error.record).to eq Post
|
100
|
+
expect(error.policy).to have_attributes(
|
101
|
+
user: user,
|
102
|
+
record: Post
|
103
|
+
)
|
104
|
+
expect(error.policy).to be_a(PostPolicy)
|
105
|
+
end
|
106
|
+
# rubocop:enable Style/MultilineBlockChain
|
107
|
+
end
|
108
|
+
|
92
109
|
it "raises an error with a invalid policy constructor" do
|
93
110
|
expect do
|
94
111
|
Pundit.authorize(user, wiki, :update?)
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pundit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jonas Nicklas
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2024-
|
12
|
+
date: 2024-08-26 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activesupport
|
@@ -173,8 +173,10 @@ executables: []
|
|
173
173
|
extensions: []
|
174
174
|
extra_rdoc_files: []
|
175
175
|
files:
|
176
|
+
- ".github/ISSUE_TEMPLATE/bug_report.md"
|
177
|
+
- ".github/ISSUE_TEMPLATE/feature_request.md"
|
176
178
|
- ".github/PULL_REQUEST_TEMPLATE/gem_release_template.md"
|
177
|
-
- ".github/
|
179
|
+
- ".github/pull_request_template.md"
|
178
180
|
- ".github/workflows/main.yml"
|
179
181
|
- ".github/workflows/push_gem.yml"
|
180
182
|
- ".gitignore"
|
@@ -209,6 +211,7 @@ files:
|
|
209
211
|
- lib/pundit/version.rb
|
210
212
|
- pundit.gemspec
|
211
213
|
- spec/authorization_spec.rb
|
214
|
+
- spec/dsl_spec.rb
|
212
215
|
- spec/generators_spec.rb
|
213
216
|
- spec/policies/post_policy_spec.rb
|
214
217
|
- spec/policy_finder_spec.rb
|
@@ -234,12 +237,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
234
237
|
- !ruby/object:Gem::Version
|
235
238
|
version: '0'
|
236
239
|
requirements: []
|
237
|
-
rubygems_version: 3.5.
|
240
|
+
rubygems_version: 3.5.11
|
238
241
|
signing_key:
|
239
242
|
specification_version: 4
|
240
243
|
summary: OO authorization for Rails
|
241
244
|
test_files:
|
242
245
|
- spec/authorization_spec.rb
|
246
|
+
- spec/dsl_spec.rb
|
243
247
|
- spec/generators_spec.rb
|
244
248
|
- spec/policies/post_policy_spec.rb
|
245
249
|
- spec/policy_finder_spec.rb
|
File without changes
|