rails_authorize 1.4.0 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 69d1d987cbe8d85ecfc3e0a733f4cae85116735f4c7774d1cbef729a74f9ae56
-  data.tar.gz: 98706c573a2f51f84ee0f149be59f0c3d0cbe20cd3600e715ae3b0bfe978d68b
+  metadata.gz: a84a4e7ebae1410009ffac8f0a7728eb6644f4eaa90b07724a59f469edc746ae
+  data.tar.gz: 9d28518dd6f5b0e3f647ba7977c6ffddd87d2a83f39255cc166b2c88bb1d7c92
 SHA512:
-  metadata.gz: 6f9d4fe71ac3e9cec3ad8f7f4cd43294777c42f93fea3591c8d457b8bf1f5961c2e421a2a54b3e83627960ee9e08945ca877cdad9b66e18b0c39edad36229b8b
-  data.tar.gz: '080621676991d0e6930f44a9e6405e722917d9969132a82c3c5d78327a997c22bec3487095e56729c433d2af4e324cf983cffc40d70cdba40b96b86dea636016'
+  metadata.gz: b2df0ac9bb1dd40b902062b1557acf9ead2881a55d4580e289364ec7e69bf5a2ed8b9046e256d59bc77d9332e16d8d91fd491886bd4c9551941193bed0df6f0b
+  data.tar.gz: 5022ee3cf9f35e3d4f8b9b9081312ec5cdff05b9f16d6afe1a119f02e72e71ba9165d8f4a193456c2d08a0805d24dcaa43177ab3f1230fc3cf7626097ab61f0a

data/Gemfile.lock

@@ -1,70 +1,70 @@
 PATH
   remote: .
   specs:
-    rails_authorize (1.4.0)
+    rails_authorize (1.5.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (6.0.0)
-      actionview (= 6.0.0)
-      activesupport (= 6.0.0)
-      rack (~> 2.0)
+    actionpack (6.0.3.2)
+      actionview (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
+      rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (6.0.0)
-      activesupport (= 6.0.0)
+    actionview (6.0.3.2)
+      activesupport (= 6.0.3.2)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activesupport (6.0.0)
+    activesupport (6.0.3.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-      zeitwerk (~> 2.1, >= 2.1.8)
-    builder (3.2.3)
-    concurrent-ruby (1.1.5)
-    crass (1.0.5)
-    diff-lcs (1.3)
-    erubi (1.8.0)
-    i18n (1.6.0)
+      zeitwerk (~> 2.2, >= 2.2.2)
+    builder (3.2.4)
+    concurrent-ruby (1.1.6)
+    crass (1.0.6)
+    diff-lcs (1.4.4)
+    erubi (1.9.0)
+    i18n (1.8.3)
       concurrent-ruby (~> 1.0)
-    loofah (2.3.1)
+    loofah (2.6.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mini_portile2 (2.4.0)
-    minitest (5.11.3)
-    nokogiri (1.10.5)
+    minitest (5.14.1)
+    nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
-    rack (2.0.7)
+    rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.2.0)
-      loofah (~> 2.2, >= 2.2.2)
-    rake (10.5.0)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.2)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.4)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    rake (13.0.1)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.2)
+      rspec-support (~> 3.9.3)
+    rspec-expectations (3.9.2)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.1)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.2)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.3)
     thread_safe (0.3.6)
-    tzinfo (1.2.5)
+    tzinfo (1.2.7)
       thread_safe (~> 0.1)
-    zeitwerk (2.1.9)
+    zeitwerk (2.4.0)
 
 PLATFORMS
   ruby
@@ -72,10 +72,10 @@ PLATFORMS
 DEPENDENCIES
   actionpack (>= 5.0.0)
   activesupport (>= 5.0.0)
-  bundler (~> 1.15)
+  bundler (~> 2.1)
   rails_authorize!
-  rake (~> 10)
+  rake (~> 13)
   rspec (~> 3.0)
 
 BUNDLED WITH
-   1.16.2
+   2.1.4

data/README.md

@@ -166,35 +166,6 @@ class PostPolicy < ApplicationPolicy
 end
 ```
 
-## Use without target
-
-Sometimes you need to authorize a controller action that it doesn't use a model to authorize.
-
-For this situations you can omit `target` and pass only options with `policy` to `authorize`:
-
-```ruby
-# app/controllers/custom_controller.rb
-
-class CustomController
-  def show
-    authorize policy: CustomPolicy
-    ...
-  end
-end
-```
-
-```ruby
-# app/policies/custom_policy.rb
-
-class CustomPolicy < ApplicationPolicy
-  def show?
-    # target is nil
-    ...
-  end
-end
-```
-
-
 ## Strong parameters
 
 Rails uses [strong_parameters](http://edgeguides.rubyonrails.org/action_controller_overview.html#strong-parameters) to handle mass-assignment protection in the controller.  With this gem you can control which attributes a user has access via your policies.
@@ -233,7 +204,7 @@ class PostController
 end
 ```
 
-By default `permitted_attributes` makes `params.require(:post)` if you want to personalize what attribute is required in params, your policy must define a `param_key`.
+By default `permitted_attributes` makes `params.require(:post)` if you want to personalize what attribute is required in params, your policy must define a `param_key`:
 
 ```ruby
 # app/policies/post_policy.rb
@@ -245,6 +216,18 @@ class PostPolicy < ApplicationPolicy
 end
 ```
 
+Also, you can pass custom key as option using `param_key` for specific situations:
+
+```ruby
+# app/controllers/posts_controller.rb
+
+class PostController
+  def update
+    @post.update(permitted_attributes(@post, param_key: 'custom_key'))
+  end
+end
+```
+
 If you want to permit different attributes based on the current action, you can define a `permitted_attributes_for_#{action_name}` method on your policy:
 
 ```ruby
@@ -260,6 +243,46 @@ class PostPolicy < ApplicationPolicy
   end
 end
 ```
+
+## Use without target
+
+Sometimes you need to authorize a controller action that it doesn't use a model to authorize.
+
+For this situations you can omit `target` and pass only options with `policy` to `authorize` or `permitted_attributes`:
+
+```ruby
+# app/controllers/custom_controller.rb
+
+class CustomController
+  def show
+    authorize policy: CustomPolicy
+    ...
+  end
+
+  def create
+    resource = Resource.new(permitted_attributes(policy: CustomPolicy))
+    ...
+  end
+end
+```
+
+```ruby
+# app/policies/custom_policy.rb
+
+class CustomPolicy < ApplicationPolicy
+  def show?
+    # target is nil
+    ...
+  end
+
+  def permitted_attributes
+    [:title, :body]
+  end
+end
+```
+
+
+
 ## Ensuring authorization and scoping are performed
 
 In certain kind of applications where almost all or even the whole application is private, in each of the actions you have to make sure that authorization is performed. To make sure that developers perform authorization, RailsAuthorize provides two methods. `verify_authorized` makes sure that authorization is performed, and likewise `verify_policy_scoped` checks that scoping is performed 

data/lib/rails_authorize.rb

@@ -93,6 +93,8 @@ module RailsAuthorize
   # @param options[:action] [String] the method to check on the policy (e.g. `:show?`)
   # @return [Hash{String => Object}] the permitted attributes
   def permitted_attributes(target, options={})
+    return permitted_attributes(nil, target) if target.is_a?(Hash)
+
     action = options.delete(:action) || action_name
     policy = policy(target, options)
 
@@ -102,7 +104,9 @@ module RailsAuthorize
                     'permitted_attributes'
                   end
 
-    param_key = if policy.try(:param_key).present?
+    param_key = if options[:param_key]
+                  options[:param_key]
+                elsif policy.try(:param_key).present?
                   policy.param_key
                 else
                   target.model_name.name.underscore

data/lib/rails_authorize/version.rb

@@ -1,3 +1,3 @@
 module RailsAuthorize
-  VERSION = "1.4.0"
+  VERSION = "1.5.0"
 end

data/rails_authorize.gemspec

@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_development_dependency 'bundler', '~> 1.15'
-  spec.add_development_dependency 'rake', '~> 10'
+  spec.add_development_dependency 'bundler', '~> 2.1'
+  spec.add_development_dependency 'rake', '~> 13'
   spec.add_development_dependency 'rspec', '~> 3.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_authorize
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.5.0
 platform: ruby
 authors:
 - rjurado01
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-11-19 00:00:00.000000000 Z
+date: 2020-07-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.15'
+        version: '2.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.15'
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10'
+        version: '13'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10'
+        version: '13'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -92,8 +92,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.3
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Simple and flexible authorization Rails system