pundit 2.5.0 → 2.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2e34d4263a4c386c0078ddfed804532e292357926fefb505b62bcea9c6e3d08d
-  data.tar.gz: 67c3471d5354cba97b650185770f81bdcc79699f8cbc4d8e60c99b57639a6cee
+  metadata.gz: 5c6f7c834aabbea0d1c74b4101d67a936f0c062db2c5a67dcb45c824d0a1f80e
+  data.tar.gz: 651d652baa3a1f511e794b80f4e514b5e2bb74f75abeaa184dff48dae63e27bf
 SHA512:
-  metadata.gz: e67f07116623c8fd505ed254a165136be512ea36f7635ca2e6062fd59bf73a23eb1a4bf5790a390ff6b4e014e3baf0f7f8e7b649e6e50a8985fcff2e6c27cecd
-  data.tar.gz: 65f7d1132b00f9bdcb8b717e08c402a5f6a9a90de5fa07e017b831cbb3ac7b9c11f8869466e3112fea4acddd1699dc495fe30b3234fab06c213ea65dd459c1fd
+  metadata.gz: e4081cc21e4827985808334e5753a6b6f812743308cc251f8e4923b0b3a73c41b64bb6da64da57919ac62672537e3d464b187f0d28811a0aaab9c17ea9354ec5
+  data.tar.gz: a7868288d12d4f63cc95b5d18f54bfdafbcf586c7f415a713713f1f520140c2f7c353572cdab770baf16f5525ec4fc369679fd5e640233360b743f34d66580d9

data/CHANGELOG.md

@@ -2,6 +2,11 @@
 
 ## Unreleased
 
+## 2.5.1 (2025-09-12)
+
+### Fixed
+- Requiring only `pundit/rspec` no longer raises an error in Active Support [#857](https://github.com/varvet/pundit/issues/857)
+
 ## 2.5.0 (2025-03-03)
 
 ### Added

data/README.md

@@ -1,7 +1,7 @@
 # Pundit
 
 [![Main](https://github.com/varvet/pundit/actions/workflows/main.yml/badge.svg)](https://github.com/varvet/pundit/actions/workflows/main.yml)
-[![Code Climate](https://api.codeclimate.com/v1/badges/a940030f96c9fb43046a/maintainability)](https://codeclimate.com/github/varvet/pundit/maintainability)
+[![Maintainability](https://qlty.sh/gh/varvet/projects/pundit/maintainability.svg)](https://qlty.sh/gh/varvet/projects/pundit)
 [![Inline docs](https://inch-ci.org/github/varvet/pundit.svg?branch=main)](https://inch-ci.org/github/varvet/pundit)
 [![Gem Version](https://badge.fury.io/rb/pundit.svg)](https://badge.fury.io/rb/pundit)
 

data/lib/pundit/authorization.rb

@@ -9,6 +9,7 @@ module Pundit
   #   end
   # @see #pundit
   # @api public
+  # @since v2.2.0
   module Authorization
     extend ActiveSupport::Concern
 
@@ -30,6 +31,7 @@ module Pundit
     # @return [Pundit::Context]
     # @see #pundit_user
     # @see #policies
+    # @since v2.3.2
     def pundit
       @pundit ||= Pundit::Context.new(
         user: pundit_user,
@@ -45,6 +47,7 @@ module Pundit
     # @see #pundit
     # @see #pundit_reset!
     # @return [Object] the user object to be used with pundit
+    # @since v0.2.2
     def pundit_user
       current_user
     end
@@ -59,6 +62,7 @@ module Pundit
     # with the correct context for the new pundit_user.
     #
     # @return [void]
+    # @since v2.5.0
     def pundit_reset!
       @pundit = nil
       @_pundit_policies = nil
@@ -81,6 +85,7 @@ module Pundit
     # @return [record] Always returns the passed object record
     # @see Pundit::Context#authorize
     # @see #verify_authorized
+    # @since v0.1.0
     def authorize(record, query = nil, policy_class: nil)
       query ||= "#{action_name}?"
 
@@ -94,6 +99,7 @@ module Pundit
     # @see https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used
     # @return [void]
     # @see #verify_authorized
+    # @since v1.0.0
     def skip_authorization
       @_pundit_policy_authorized = :skipped
     end
@@ -101,6 +107,7 @@ module Pundit
     # @return [Boolean] wether or not authorization has been performed
     # @see #authorize
     # @see #skip_authorization
+    # @since v1.0.0
     def pundit_policy_authorized?
       !!@_pundit_policy_authorized
     end
@@ -115,6 +122,7 @@ module Pundit
     # @return [void]
     # @see #authorize
     # @see #skip_authorization
+    # @since v0.1.0
     def verify_authorized
       raise AuthorizationNotPerformedError, self.class unless pundit_policy_authorized?
     end
@@ -124,6 +132,7 @@ module Pundit
     # Cache of policies. You should not rely on this method.
     #
     # @api private
+    # @since v1.0.0
     def policies
       @_pundit_policies ||= {}
     end
@@ -137,6 +146,7 @@ module Pundit
     # @see https://github.com/varvet/pundit#policies
     # @param record [Object] the object we're retrieving the policy for
     # @return [Object] instance of policy class with query methods
+    # @since v0.1.0
     def policy(record)
       pundit.policy!(record)
     end
@@ -149,6 +159,7 @@ module Pundit
     # @param scope [Object] the object we're retrieving the policy scope for
     # @param policy_scope_class [#resolve] the policy scope class we want to force use of
     # @return [#resolve, nil] instance of scope class which can resolve to a scope
+    # @since v0.1.0
     def policy_scope(scope, policy_scope_class: nil)
       @_pundit_policy_scoped = true
       policy_scope_class ? policy_scope_class.new(pundit_user, scope).resolve : pundit_policy_scope(scope)
@@ -159,6 +170,7 @@ module Pundit
     # @see https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used
     # @return [void]
     # @see #verify_policy_scoped
+    # @since v1.0.0
     def skip_policy_scope
       @_pundit_policy_scoped = :skipped
     end
@@ -166,6 +178,7 @@ module Pundit
     # @return [Boolean] wether or not policy scoping has been performed
     # @see #policy_scope
     # @see #skip_policy_scope
+    # @since v1.0.0
     def pundit_policy_scoped?
       !!@_pundit_policy_scoped
     end
@@ -181,6 +194,7 @@ module Pundit
     # @return [void]
     # @see #policy_scope
     # @see #skip_policy_scope
+    # @since v0.2.1
     def verify_policy_scoped
       raise PolicyScopingNotPerformedError, self.class unless pundit_policy_scoped?
     end
@@ -190,6 +204,7 @@ module Pundit
     # Cache of policy scope. You should not rely on this method.
     #
     # @api private
+    # @since v1.0.0
     def policy_scopes
       @_pundit_policy_scopes ||= {}
     end
@@ -206,6 +221,7 @@ module Pundit
     # @note This also memoizes the instance with `scope` as the key.
     # @see Pundit::Helper#policy_scope
     # @api private
+    # @since v1.0.0
     def pundit_policy_scope(scope)
       policy_scopes[scope] ||= pundit.policy_scope!(scope)
     end
@@ -228,6 +244,7 @@ module Pundit
     # @param action [Symbol, String] the name of the action being performed on the record (e.g. `:update`).
     #   If omitted then this defaults to the Rails controller action name.
     # @return [Hash{String => Object}] the permitted attributes
+    # @since v1.0.0
     def permitted_attributes(record, action = action_name)
       policy = policy(record)
       method_name = if policy.respond_to?("permitted_attributes_for_#{action}")
@@ -242,6 +259,7 @@ module Pundit
     #
     # @param record [Object] the object we're retrieving params for
     # @return [ActionController::Parameters] the params
+    # @since v2.0.0
     def pundit_params_for(record)
       params.require(PolicyFinder.new(record).param_key)
     end

data/lib/pundit/cache_store/legacy_store.rb

@@ -7,7 +7,9 @@ module Pundit
     # The original cache mechanism used by Pundit.
     #
     # @api private
+    # @since v2.3.2
     class LegacyStore
+      # @since v2.3.2
       def initialize(hash = {})
         @store = hash
       end
@@ -15,6 +17,7 @@ module Pundit
       # A cache store that uses only the record as a cache key, and ignores the user.
       #
       # @note `nil` results are not cached.
+      # @since v2.3.2
       def fetch(user:, record:)
         _ = user
         @store[record] ||= yield

data/lib/pundit/cache_store/null_store.rb

@@ -8,10 +8,12 @@ module Pundit
     #
     # @see Pundit::Context#initialize
     # @api private
+    # @since v2.3.2
     class NullStore
       @instance = new
 
       class << self
+        # @since v2.3.2
         # @return [NullStore] the singleton instance
         attr_reader :instance
       end
@@ -19,6 +21,7 @@ module Pundit
       # Always yields, does not cache anything.
       # @yield
       # @return [any] whatever the block returns.
+      # @since v2.3.2
       def fetch(*, **)
         yield
       end

data/lib/pundit/cache_store.rb

@@ -5,12 +5,14 @@ module Pundit
   #
   # Cache stores are used to cache policy lookups, so you get the same policy
   # instance for the same record.
+  # @since v2.3.2
   module CacheStore
     # @!group Cache Store Interface
 
     # @!method fetch(user:, record:, &block)
     #   Looks up a stored policy or generate a new one.
     #
+    #   @since v2.3.2
     #   @note This is a method template, but the method does not exist in this module.
     #   @param user [Object]  the user that initiated the action
     #   @param record [Object] the object being accessed

data/lib/pundit/context.rb

@@ -25,10 +25,13 @@ module Pundit
   #       context.authorize(Post.find(id), query: :show?)
   #     end
   #   end
+  #
+  # @since v2.3.2
   class Context
     # @see Pundit::Authorization#pundit
     # @param user later passed to policies and scopes
     # @param policy_cache [#fetch] cache store for policies (see e.g. {CacheStore::NullStore})
+    # @since v2.3.2
     def initialize(user:, policy_cache: CacheStore::NullStore.instance)
       @user = user
       @policy_cache = policy_cache
@@ -36,10 +39,12 @@ module Pundit
 
     # @api public
     # @see #initialize
+    # @since v2.3.2
     attr_reader :user
 
     # @api private
     # @see #initialize
+    # @since v2.3.2
     attr_reader :policy_cache
 
     # @!group Policies
@@ -53,6 +58,7 @@ module Pundit
     # @param policy_class [Class] the policy class we want to force use of
     # @raise [NotAuthorizedError] if the given query method returned false
     # @return [Object] Always returns the passed object record
+    # @since v2.3.2
     def authorize(possibly_namespaced_record, query:, policy_class:)
       record = pundit_model(possibly_namespaced_record)
       policy = if policy_class
@@ -72,6 +78,7 @@ module Pundit
     # @param record [Object] the object we're retrieving the policy for
     # @raise [InvalidConstructorError] if the policy constructor called incorrectly
     # @return [Object, nil] instance of policy class with query methods
+    # @since v2.3.2
     def policy(record)
       cached_find(record, &:policy)
     end
@@ -83,6 +90,7 @@ module Pundit
     # @raise [NotDefinedError] if the policy cannot be found
     # @raise [InvalidConstructorError] if the policy constructor called incorrectly
     # @return [Object] instance of policy class with query methods
+    # @since v2.3.2
     def policy!(record)
       cached_find(record, &:policy!)
     end
@@ -97,6 +105,7 @@ module Pundit
     # @param scope [Object] the object we're retrieving the policy scope for
     # @raise [InvalidConstructorError] if the policy constructor called incorrectly
     # @return [Scope{#resolve}, nil] instance of scope class which can resolve to a scope
+    # @since v2.3.2
     def policy_scope(scope)
       policy_scope_class = policy_finder(scope).scope
       return unless policy_scope_class
@@ -117,6 +126,7 @@ module Pundit
     # @raise [NotDefinedError] if the policy scope cannot be found
     # @raise [InvalidConstructorError] if the policy constructor called incorrectly
     # @return [Scope{#resolve}] instance of scope class which can resolve to a scope
+    # @since v2.3.2
     def policy_scope!(scope)
       policy_scope_class = policy_finder(scope).scope!
 
@@ -144,6 +154,7 @@ module Pundit
     # @yieldreturn [#new(user, model)]
     # @return [Policy, nil] an instantiated policy
     # @raise [InvalidConstructorError] if policy can't be instantated
+    # @since v2.3.2
     def cached_find(record)
       policy_cache.fetch(user: user, record: record) do
         klass = yield policy_finder(record)
@@ -163,6 +174,7 @@ module Pundit
     #
     # @api private
     # @return [PolicyFinder]
+    # @since v2.3.2
     def policy_finder(record)
       PolicyFinder.new(record)
     end
@@ -170,6 +182,7 @@ module Pundit
     # Given a possibly namespaced record, return the actual record.
     #
     # @api private
+    # @since v2.3.2
     def pundit_model(record)
       record.is_a?(Array) ? record.last : record
     end

data/lib/pundit/error.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+module Pundit
+  # @api private
+  # @since v1.0.0
+  # To avoid name clashes with common Error naming when mixing in Pundit,
+  # keep it here with compact class style definition.
+  class Error < StandardError; end
+
+  # Error that will be raised when authorization has failed
+  # @since v0.1.0
+  class NotAuthorizedError < Error
+    # @see #initialize
+    # @since v0.2.3
+    attr_reader :query
+    # @see #initialize
+    # @since v0.2.3
+    attr_reader :record
+    # @see #initialize
+    # @since v0.2.3
+    attr_reader :policy
+
+    # @since v1.0.0
+    #
+    # @overload initialize(message)
+    #   Create an error with a simple error message.
+    #   @param [String] message A simple error message string.
+    #
+    # @overload initialize(options)
+    #   Create an error with the specified attributes.
+    #   @param [Hash] options The error options.
+    #   @option options [String] :message Optional custom error message. Will default to a generalized message.
+    #   @option options [Symbol] :query The name of the policy method that was checked.
+    #   @option options [Object] :record The object that was being checked with the policy.
+    #   @option options [Class] :policy The class of policy that was used for the check.
+    def initialize(options = {})
+      if options.is_a? String
+        message = options
+      else
+        @query  = options[:query]
+        @record = options[:record]
+        @policy = options[:policy]
+
+        message = options.fetch(:message) do
+          record_name = record.is_a?(Class) ? record.to_s : "this #{record.class}"
+          "not allowed to #{policy.class}##{query} #{record_name}"
+        end
+      end
+
+      super(message)
+    end
+  end
+
+  # Error that will be raised if a policy or policy scope constructor is not called correctly.
+  # @since v2.0.0
+  class InvalidConstructorError < Error; end
+
+  # Error that will be raised if a controller action has not called the
+  # `authorize` or `skip_authorization` methods.
+  # @since v0.2.3
+  class AuthorizationNotPerformedError < Error; end
+
+  # Error that will be raised if a controller action has not called the
+  # `policy_scope` or `skip_policy_scope` methods.
+  # @since v0.3.0
+  class PolicyScopingNotPerformedError < AuthorizationNotPerformedError; end
+
+  # Error that will be raised if a policy or policy scope is not defined.
+  # @since v0.1.0
+  class NotDefinedError < Error; end
+end

data/lib/pundit/helper.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Pundit
+  # Rails view helpers, to allow a slightly different view-specific
+  # implementation of the methods in {Pundit::Authorization}.
+  #
+  # @api private
+  # @since v1.0.0
+  module Helper
+    # @see Pundit::Authorization#pundit_policy_scope
+    # @since v1.0.0
+    def policy_scope(scope)
+      pundit_policy_scope(scope)
+    end
+  end
+end

data/lib/pundit/policy_finder.rb

@@ -5,6 +5,7 @@ require "active_support/core_ext/string/inflections"
 
 module Pundit
   # Finds policy and scope classes for given object.
+  # @since v0.1.0
   # @api public
   # @example
   #   user = User.find(params[:id])
@@ -16,12 +17,15 @@ module Pundit
     # A constant applied to the end of the class name to find the policy class.
     #
     # @api private
+    # @since v2.5.0
     SUFFIX = "Policy"
 
     # @see #initialize
+    # @since v0.1.0
     attr_reader :object
 
     # @param object [any] the object to find policy and scope classes for
+    # @since v0.1.0
     def initialize(object)
       @object = object
     end
@@ -32,6 +36,7 @@ module Pundit
     #   scope = finder.scope #=> UserPolicy::Scope
     #   scope.resolve #=> <#ActiveRecord::Relation ...>
     #
+    # @since v0.1.0
     def scope
       "#{policy}::Scope".safe_constantize
     end
@@ -43,6 +48,7 @@ module Pundit
     #   policy.show? #=> true
     #   policy.update? #=> false
     #
+    # @since v0.1.0
     def policy
       klass = find(object)
       klass.is_a?(String) ? klass.safe_constantize : klass
@@ -51,6 +57,7 @@ module Pundit
     # @return [Scope{#resolve}] scope class which can resolve to a scope
     # @raise [NotDefinedError] if scope could not be determined
     #
+    # @since v0.1.0
     def scope!
       scope or raise NotDefinedError, "unable to find scope `#{find(object)}::Scope` for `#{object.inspect}`"
     end
@@ -58,12 +65,14 @@ module Pundit
     # @return [Class] policy class with query methods
     # @raise [NotDefinedError] if policy could not be determined
     #
+    # @since v0.1.0
     def policy!
       policy or raise NotDefinedError, "unable to find policy `#{find(object)}` for `#{object.inspect}`"
     end
 
     # @return [String] the name of the key this object would have in a params hash
     #
+    # @since v1.1.0
     def param_key # rubocop:disable Metrics/AbcSize
       model = object.is_a?(Array) ? object.last : object
 
@@ -83,6 +92,7 @@ module Pundit
     # Uses recursion to handle namespaces.
     #
     # @return [String, Class] the policy class, or its name.
+    # @since v0.2.0
     def find(subject)
       if subject.is_a?(Array)
         modules = subject.dup
@@ -107,6 +117,7 @@ module Pundit
     # - Supports object instances.
     #
     # @return [String, Class] the class, or its name.
+    # @since v1.1.0
     def find_class_name(subject)
       if subject.respond_to?(:model_name)
         subject.model_name

data/lib/pundit/railtie.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 module Pundit
+  # @since v2.5.0
   class Railtie < Rails::Railtie
     if Rails.version.to_f >= 8.0
       initializer "pundit.stats_directories" do

data/lib/pundit/rspec.rb

@@ -1,10 +1,12 @@
 # frozen_string_literal: true
 
+require "pundit"
 # Array#to_sentence
 require "active_support/core_ext/array/conversions"
 
 module Pundit
   # Namespace for Pundit's RSpec integration.
+  # @since v0.1.0
   module RSpec
     # Namespace for Pundit's RSpec matchers.
     module Matchers

data/lib/pundit/version.rb

@@ -2,5 +2,5 @@
 
 module Pundit
   # The current version of Pundit.
-  VERSION = "2.5.0"
+  VERSION = "2.5.1"
 end

data/lib/pundit.rb

@@ -3,83 +3,30 @@
 require "active_support"
 
 require "pundit/version"
+require "pundit/error"
 require "pundit/policy_finder"
-require "pundit/authorization"
 require "pundit/context"
+require "pundit/authorization"
+require "pundit/helper"
 require "pundit/cache_store"
 require "pundit/cache_store/null_store"
 require "pundit/cache_store/legacy_store"
 require "pundit/railtie" if defined?(Rails)
 
-# @api private
-# To avoid name clashes with common Error naming when mixing in Pundit,
-# keep it here with compact class style definition.
-class Pundit::Error < StandardError; end # rubocop:disable Style/ClassAndModuleChildren
-
 # Hello? Yes, this is Pundit.
 #
 # @api public
 module Pundit
   # @api private
+  # @since v1.0.0
   # @deprecated See {Pundit::PolicyFinder}
   SUFFIX = Pundit::PolicyFinder::SUFFIX
 
   # @api private
   # @private
+  # @since v0.1.0
   module Generators; end
 
-  # Error that will be raised when authorization has failed
-  class NotAuthorizedError < Error
-    # @see #initialize
-    attr_reader :query
-    # @see #initialize
-    attr_reader :record
-    # @see #initialize
-    attr_reader :policy
-
-    # @overload initialize(message)
-    #   Create an error with a simple error message.
-    #   @param [String] message A simple error message string.
-    #
-    # @overload initialize(options)
-    #   Create an error with the specified attributes.
-    #   @param [Hash] options The error options.
-    #   @option options [String] :message Optional custom error message. Will default to a generalized message.
-    #   @option options [Symbol] :query The name of the policy method that was checked.
-    #   @option options [Object] :record The object that was being checked with the policy.
-    #   @option options [Class] :policy The class of policy that was used for the check.
-    def initialize(options = {})
-      if options.is_a? String
-        message = options
-      else
-        @query  = options[:query]
-        @record = options[:record]
-        @policy = options[:policy]
-
-        message = options.fetch(:message) do
-          record_name = record.is_a?(Class) ? record.to_s : "this #{record.class}"
-          "not allowed to #{policy.class}##{query} #{record_name}"
-        end
-      end
-
-      super(message)
-    end
-  end
-
-  # Error that will be raised if a policy or policy scope constructor is not called correctly.
-  class InvalidConstructorError < Error; end
-
-  # Error that will be raised if a controller action has not called the
-  # `authorize` or `skip_authorization` methods.
-  class AuthorizationNotPerformedError < Error; end
-
-  # Error that will be raised if a controller action has not called the
-  # `policy_scope` or `skip_policy_scope` methods.
-  class PolicyScopingNotPerformedError < AuthorizationNotPerformedError; end
-
-  # Error that will be raised if a policy or policy scope is not defined.
-  class NotDefinedError < Error; end
-
   def self.included(base)
     location = caller_locations(1, 1).first
     warn <<~WARNING
@@ -91,6 +38,7 @@ module Pundit
 
   class << self
     # @see Pundit::Context#authorize
+    # @since v1.0.0
     def authorize(user, record, query, policy_class: nil, cache: nil)
       context = if cache
         policy_cache = CacheStore::LegacyStore.new(cache)
@@ -103,34 +51,27 @@ module Pundit
     end
 
     # @see Pundit::Context#policy_scope
+    # @since v0.1.0
     def policy_scope(user, *args, **kwargs, &block)
       Context.new(user: user).policy_scope(*args, **kwargs, &block)
     end
 
     # @see Pundit::Context#policy_scope!
+    # @since v0.1.0
     def policy_scope!(user, *args, **kwargs, &block)
       Context.new(user: user).policy_scope!(*args, **kwargs, &block)
     end
 
     # @see Pundit::Context#policy
+    # @since v0.1.0
     def policy(user, *args, **kwargs, &block)
       Context.new(user: user).policy(*args, **kwargs, &block)
     end
 
     # @see Pundit::Context#policy!
+    # @since v0.1.0
     def policy!(user, *args, **kwargs, &block)
       Context.new(user: user).policy!(*args, **kwargs, &block)
     end
   end
-
-  # Rails view helpers, to allow a slightly different view-specific
-  # implementation of the methods in {Pundit::Authorization}.
-  #
-  # @api private
-  module Helper
-    # @see Pundit::Authorization#pundit_policy_scope
-    def policy_scope(scope)
-      pundit_policy_scope(scope)
-    end
-  end
 end