rails_ops 1.5.7 → 1.6.0.rc0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2bbc09db31ff37b510e90a5e4b1de5ba64f50a5d53461c6526eb55011cede2c1
-  data.tar.gz: 5803d14113c57b999f7a119fa9ccf9f7e6582e0750943476b5b10ffb664b0d9b
+  metadata.gz: cc1e32fdbfeebc90a622cb5394dcf1d4d7b41e2d8286a45eadfec4db6f0894e8
+  data.tar.gz: 5fcf1149cb2b0a348a6ecdb81e7c874056aa26bac979b436c17144ee48d7094b
 SHA512:
-  metadata.gz: ed731e2912fd87ebbef299555febefa0dbe4f1a20201f429a92ca97e2f6e17c9e6106e4d701039c1832a8cb037d1feca6c92095da05eeea8ddb783e86644058e
-  data.tar.gz: 80c2d4ec48d3fa45ab385694acfecfccc94213e12e99107d456fbf8d0325853a19d6f6148b6da001a115a9120ff0b4cd394fd8f883985ee84693a7c1b3398095
+  metadata.gz: c0f97ccdac3919747d2c952805fc0e605e357e27ad8c3500f3e0e384e8063683a8031f9f8271ac3b492e1f9dca2633b57cdfad2cf81ec231b70cbeae8e54c797
+  data.tar.gz: f6a1e8a2eafc54e21a89f1b30b6c5d931ee90c4f352d8eed1df9f17e5f921b4da7115b2cc1d3bac35beaf0ebddfdf1cadffaaa7cd7ac7e935efb7ffcb742582d

data/.github/workflows/rubocop.yml

@@ -11,7 +11,7 @@ jobs:
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 3.0.1
+          ruby-version: 3.1.0
           bundler-cache: true
       - name: Run rubocop
         run: bundle exec rubocop

data/.github/workflows/ruby.yml

@@ -14,13 +14,13 @@ jobs:
       matrix:
         include:
           - rails-version: '6.0'
-            ruby-version: '2.7.1'
+            ruby-version: '2.7.8'
           - rails-version: '6.1'
-            ruby-version: '2.7.1'
+            ruby-version: '2.7.8'
           - rails-version: '6.1'
             ruby-version: '3.0.1'
           - rails-version: '7.0'
-            ruby-version: '2.7.1'
+            ruby-version: '2.7.8'
           - rails-version: '7.0'
             ruby-version: '3.0.1'
           - rails-version: '7.0'
@@ -28,7 +28,7 @@ jobs:
           - rails-version: '7.0'
             ruby-version: '3.2.0'
           - rails-version: '7.1'
-            ruby-version: '2.7.1'
+            ruby-version: '2.7.8'
           - rails-version: '7.1'
             ruby-version: '3.0.1'
           - rails-version: '7.1'
@@ -37,6 +37,12 @@ jobs:
             ruby-version: '3.2.0'
           - rails-version: '7.1'
             ruby-version: '3.3.0'
+          - rails-version: '8.0'
+            ruby-version: '3.2.0'
+          - rails-version: '8.0'
+            ruby-version: '3.3.0'
+          - rails-version: '8.0'
+            ruby-version: '3.4.0'
     name: Test against Ruby ${{ matrix.ruby-version }} / Rails ${{ matrix.rails-version }}
     env:
       BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/rails_${{ matrix.rails-version }}.gemfile

data/Appraisals

@@ -1,3 +1,16 @@
+appraise 'rails-8.0' do
+  gem 'rails', '~> 8.0.1'
+  gem 'sqlite3', '~> 2.1'
+end
+
+appraise 'rails-7.2' do
+  gem 'rails', '~> 7.2.1'
+end
+
+appraise 'rails-7.1' do
+  gem 'rails', '~> 7.1.0'
+end
+
 appraise 'rails-7.0' do
   gem 'rails', '~> 7.0.1'
 end
@@ -9,11 +22,3 @@ end
 appraise 'rails-6.0' do
   gem 'rails', '~> 6.0.4'
 end
-
-appraise 'rails-5.2' do
-  gem 'rails', '~> 5.2.6'
-end
-
-appraise 'rails-5.1' do
-  gem 'rails', '~> 5.1.7'
-end

data/CHANGELOG.md

@@ -1,5 +1,85 @@
 # Changelog
 
+## 1.6.0.rc0 (2025-01-22)
+
+* Adapt the way model authorization works for an additional layer of security:
+
+  * Update-Operations (operations inheriting from `RailsOps::Operation::Model::Update`)
+    now perform their model authorization immediately after the model is loaded (in `build_model`).
+
+    Previously, the authorization was only performed after the attributes have
+    already been assigned, never checking authorization against the "pristine"
+    model.
+
+  * Load-Operations (operations inheriting from
+    `RailsOps::Operation::Model::Load`) now always load their associated model
+    **directly on OP instantiation**. Previously, this was only the case if load
+    model authorization was enabled.
+
+    In addition, the method `model_authorization` has been renamed to
+    `load_model_authorization` in order to separate it from the method
+    `model_authorization` in `RailsOps::Operation::Model::Update`.
+
+  Internal reference: `#133622`.
+
+### Migrating from earlier versions
+
+Check that operations using model authorization still work as expected, especially
+operations inheriting from `RailsOps::Operation::Model::Update` or from
+`RailsOps::Operation::Model::Load`:
+
+* For operations inheriting from `RailsOps::Operation::Model::Load`: Rename all
+  uses of `model_authorization` to `load_model_authorization`.
+
+* For operations inheriting from `RailsOps::Operation::Model::Update`, you need
+  to make sure that running the model authorization on the "pristine" model (before
+  assigning the new attributes) is still applying your authorization logic in
+  the correct way (i.e. authorizing on the model *before* assigning the attributes
+  applies authorization correctly).
+  If you need to authorize the state *after* assigning the params to the model,
+  you'll need add that check manually in your operation.
+
+
+  One example of how this behaviour was changed: A user may only update
+  a `Group` object with a `color` of `'red'`:
+
+  ```ruby
+  class Ability
+    can :update, Group, color: 'red'
+  end
+  ```
+
+  Before, this was the way RailsOps handled it:
+
+  ```ruby
+  model = find_record(params[:id]) # => model = Group(color: 'blue')
+  model.assign_attributes(params)  # params = { color: 'red' }
+  authorize! :update, model
+  ```
+
+  This works, because RailsOps already assigned `'red'` to the `color` attribute of the model. This means
+  that the `authorize!` call will succeed, even though the original model in the database is not permissible
+  to be updated by the user.
+
+  Afterwards, the behaviour is as follows:
+
+  ```ruby
+  model = find_record(params[:id]) # => model = Group(color: 'blue')
+  authorize! :update, model        # => Fails with CanCan::AccessDenied, as the user may not update the group
+  # [...]
+  ```
+
+After applying these changes, carefully test your application, run unit tests etc.
+to ensure all operations still behave as expected in regards to authorization.
+
+## 1.5.8 (2024-09-11)
+
+* Also allow single path segments as symbols instead of array for
+  `authorize_param`'s `path` argument. Before, paths that were not arrays would
+  lead to the param authorization being ignored silently.
+
+  Internal reference: `#128987`.
+
 ## 1.5.7 (2024-08-22)
 
 * Fix compatibility issue with older versions of Rails introduced in version

data/Gemfile

@@ -2,3 +2,14 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in rails_ops.gemspec
 gemspec
+
+# Development dependencies should be specified in here
+gem 'appraisal'
+gem 'bundler'
+gem 'cancancan'
+gem 'pry'
+gem 'rake'
+gem 'rubocop', '1.70.0'
+gem 'simplecov'
+gem 'sprockets-rails'
+gem 'sqlite3', '<2.0.0'

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rails_ops (1.5.7)
+    rails_ops (1.6.0.rc0)
       active_type (>= 1.3.0)
       minitest
       rails
@@ -97,7 +97,6 @@ GEM
     builder (3.2.4)
     cancancan (3.5.0)
     coderay (1.1.3)
-    colorize (0.8.1)
     concurrent-ruby (1.3.1)
     connection_pool (2.4.1)
     crass (1.0.6)
@@ -113,7 +112,8 @@ GEM
     irb (1.11.2)
       rdoc
       reline (>= 0.4.2)
-    json (2.6.3)
+    json (2.9.1)
+    language_server-protocol (3.17.0.3)
     loofah (2.22.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
@@ -141,9 +141,10 @@ GEM
       racc (~> 1.4)
     nokogiri (1.16.5-x86_64-linux)
       racc (~> 1.4)
-    parallel (1.22.1)
-    parser (3.2.1.1)
+    parallel (1.26.3)
+    parser (3.3.7.0)
       ast (~> 2.4.1)
+      racc
     pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
@@ -191,25 +192,23 @@ GEM
     rake (13.1.0)
     rdoc (6.6.3.1)
       psych (>= 4.0.0)
-    regexp_parser (2.7.0)
+    regexp_parser (2.10.0)
     reline (0.4.3)
       io-console (~> 0.5)
     request_store (1.5.1)
       rack (>= 1.4)
-    rexml (3.3.3)
-      strscan
-    rubocop (1.45.1)
+    rubocop (1.70.0)
       json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.2.0.0)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
-      rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.24.1, < 2.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.36.2, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.28.0)
-      parser (>= 3.2.1.0)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.37.0)
+      parser (>= 3.3.1.0)
     ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.4)
     schemacop (3.0.22)
@@ -231,12 +230,13 @@ GEM
     sqlite3 (1.6.2-x86_64-darwin)
     sqlite3 (1.6.2-x86_64-linux)
     stringio (3.1.0)
-    strscan (3.1.0)
     thor (1.3.1)
     timeout (0.4.1)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (2.4.2)
+    unicode-display_width (3.1.4)
+      unicode-emoji (~> 4.0, >= 4.0.4)
+    unicode-emoji (4.0.4)
     webrick (1.8.1)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
@@ -254,11 +254,10 @@ DEPENDENCIES
   appraisal
   bundler
   cancancan
-  colorize
   pry
   rails_ops!
   rake
-  rubocop (= 1.45.1)
+  rubocop (= 1.70.0)
   simplecov
   sprockets-rails
   sqlite3 (< 2.0.0)

data/LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright © 2017-2024 Sitrox
+Copyright © 2017-2025 Sitrox
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -28,12 +28,15 @@ Requirements & Installation
   * Rails 6.1.x
   * Rails 7.0.x
   * Rails 7.1.x
+  * Rails 7.2.x
+  * Rails 8.0.x
 - Additionally, the following Ruby versions are covered by our unit tests:
-  * 2.7.1
+  * 2.7.8
   * 3.0.1
   * 3.1.0
   * 3.2.0
   * 3.3.0
+  * 3.4.0
 - Please see the [unit test workflow](https://github.com/sitrox/rails_ops/actions/workflows/ruby.yml) for the combinations of the Rails & Ruby versions, as only compatible versions are tested with each other.
 - Prior Rails and Ruby versions may be supported but they are not tested in the CI.
 - Rails Ops' model operations require ActiveRecord but are database / adapter
@@ -1352,8 +1355,9 @@ authorization check based on this model.
 
 While you can override this method to perform custom authorization, RailsOps
 provides a base implementation. Using the class method
-`model_authorization_action`, you can specify an action verb that is used for
-authorizing your model.
+`model_authorization_action` (or `load_model_authorization` for operations
+inheriting from `RailsOps::Operation::Model::Load`), you can specify an action
+verb that is used for authorizing your model.
 
 ```ruby
 class Operations::User::Load < RailsOps::Operation::Model::Load
@@ -1361,7 +1365,23 @@ class Operations::User::Load < RailsOps::Operation::Model::Load
 
   # This automatically calls `authorize_model! :read` after operation
   # instantiation.
-  model_authorization_action :read
+  load_model_authorization :read
+end
+```
+
+Another example for an update operation:
+
+```ruby
+class Operations::User::Update < RailsOps::Operation::Model::Update
+  model User
+
+  # This automatically calls `authorize_model! :read` after operation
+  # instantiation.
+  load_model_authorization :read
+
+  # This automatically calls `authorize_model! :update` after operation
+  # instantiation.
+  model_authorization :update
 end
 ```
 
@@ -1792,4 +1812,4 @@ Rails architecture.
 
 ## Copyright
 
-Copyright © 2017 - 2024 Sitrox. See `LICENSE` for further details.
+Copyright © 2017 - 2025 Sitrox. See `LICENSE` for further details.

data/Rakefile

@@ -16,16 +16,6 @@ task :gemspec do
     spec.require_paths = ['lib']
     spec.licenses      = ['MIT']
 
-    spec.add_development_dependency 'appraisal'
-    spec.add_development_dependency 'bundler'
-    spec.add_development_dependency 'rake'
-    spec.add_development_dependency 'sqlite3', '<2.0.0'
-    spec.add_development_dependency 'cancancan'
-    spec.add_development_dependency 'pry'
-    spec.add_development_dependency 'colorize'
-    spec.add_development_dependency 'rubocop', '1.45.1'
-    spec.add_development_dependency 'sprockets-rails'
-    spec.add_development_dependency 'simplecov'
     spec.add_dependency 'active_type', '>= 1.3.0'
     spec.add_dependency 'minitest'
     spec.add_dependency 'rails'

data/VERSION

@@ -1 +1 @@
-1.5.7
+1.6.0.rc0

data/gemfiles/rails_6.0.gemfile

@@ -2,6 +2,15 @@
 
 source 'https://rubygems.org'
 
+gem 'appraisal'
+gem 'bundler'
+gem 'cancancan'
+gem 'pry'
 gem 'rails', '~> 6.0.4'
+gem 'rake'
+gem 'rubocop', '1.70.0'
+gem 'simplecov'
+gem 'sprockets-rails'
+gem 'sqlite3', '<2.0.0'
 
 gemspec path: '../'

data/gemfiles/rails_6.1.gemfile

@@ -2,6 +2,15 @@
 
 source 'https://rubygems.org'
 
+gem 'appraisal'
+gem 'bundler'
+gem 'cancancan'
+gem 'pry'
 gem 'rails', '~> 6.1.4'
+gem 'rake'
+gem 'rubocop', '1.70.0'
+gem 'simplecov'
+gem 'sprockets-rails'
+gem 'sqlite3', '<2.0.0'
 
 gemspec path: '../'

data/gemfiles/rails_7.0.gemfile

@@ -2,6 +2,15 @@
 
 source 'https://rubygems.org'
 
+gem 'appraisal'
+gem 'bundler'
+gem 'cancancan'
+gem 'pry'
 gem 'rails', '~> 7.0.1'
+gem 'rake'
+gem 'rubocop', '1.70.0'
+gem 'simplecov'
+gem 'sprockets-rails'
+gem 'sqlite3', '<2.0.0'
 
 gemspec path: '../'

data/gemfiles/rails_7.1.gemfile

@@ -2,6 +2,15 @@
 
 source 'https://rubygems.org'
 
+gem 'appraisal'
+gem 'bundler'
+gem 'cancancan'
+gem 'pry'
 gem 'rails', '~> 7.1.0'
+gem 'rake'
+gem 'rubocop', '1.70.0'
+gem 'simplecov'
+gem 'sprockets-rails'
+gem 'sqlite3', '<2.0.0'
 
 gemspec path: '../'

data/gemfiles/rails_7.2.gemfile

@@ -0,0 +1,16 @@
+# This file was generated by Appraisal
+
+source 'https://rubygems.org'
+
+gem 'appraisal'
+gem 'bundler'
+gem 'cancancan'
+gem 'pry'
+gem 'rails', '~> 7.2.1'
+gem 'rake'
+gem 'rubocop', '1.70.0'
+gem 'simplecov'
+gem 'sprockets-rails'
+gem 'sqlite3', '<2.0.0'
+
+gemspec path: '../'

data/gemfiles/rails_8.0.gemfile

@@ -0,0 +1,16 @@
+# This file was generated by Appraisal
+
+source 'https://rubygems.org'
+
+gem 'appraisal'
+gem 'bundler'
+gem 'cancancan'
+gem 'pry'
+gem 'rails', '~> 8.0.1'
+gem 'rake'
+gem 'rubocop', '1.70.0'
+gem 'simplecov'
+gem 'sprockets-rails'
+gem 'sqlite3', '~> 2.1'
+
+gemspec path: '../'

data/lib/rails_ops/exceptions.rb

@@ -13,7 +13,7 @@ module RailsOps::Exceptions
 
     def initialize(original_exception)
       @original_exception = original_exception
-      super original_exception.message
+      super(original_exception.message)
     end
   end
 

data/lib/rails_ops/log_subscriber.rb

@@ -33,7 +33,7 @@ module RailsOps
       if Rails.gem_version >= Gem::Version.new('7.1')
         super(message, color, bold: bold)
       else
-        super(message, color, bold)
+        super
       end
     end
   end

data/lib/rails_ops/mixins/param_authorization.rb

@@ -29,6 +29,8 @@ module RailsOps::Mixins::ParamAuthorization
     #   authorization backend. The block receives no arguments and is executed
     #   in context of the operation instance.
     def authorize_param(path, action = nil, *args, &block)
+      path = Array(path)
+
       # Validate parameters
       if block_given? && (action || args.any?)
         fail ArgumentError,

data/lib/rails_ops/operation/model/destroy.rb

@@ -20,6 +20,11 @@ class RailsOps::Operation::Model::Destroy < RailsOps::Operation::Model::Load
     end
   end
 
+  def build_model
+    super
+    model_authorization
+  end
+
   def perform
     trigger :before_destroy, model: model
     model.destroy!

data/lib/rails_ops/operation/model/load.rb

@@ -4,7 +4,7 @@ class RailsOps::Operation::Model::Load < RailsOps::Operation::Model
   class_attribute :_lock_mode
 
   policy :on_init do
-    model_authorization
+    model
   end
 
   # Gets or sets the action verb used for authorizing models on load.
@@ -18,10 +18,8 @@ class RailsOps::Operation::Model::Load < RailsOps::Operation::Model
     return _load_model_authorization_action
   end
 
-  def model_authorization
-    return unless authorization_enabled?
-
-    unless load_model_authorization_action.nil?
+  def load_model_authorization
+    if authorization_enabled? && load_model_authorization_action.present?
       authorize_model! load_model_authorization_action, model
     end
   end
@@ -78,12 +76,18 @@ class RailsOps::Operation::Model::Load < RailsOps::Operation::Model
     relation = lock_relation(relation)
 
     # Fetch (and possibly lock) model
-    return relation.find_by!(model_id_field => params[model_id_field])
+    model = relation.find_by!(model_id_field => params[model_id_field])
+
+    # Return model
+    return model
   end
 
   def build_model
     @model = find_model
 
+    # Perform load model authorization
+    load_model_authorization
+
     if @model.respond_to?(:parent_op=)
       @model.parent_op = self
     end

data/lib/rails_ops/operation/model/update.rb

@@ -8,36 +8,44 @@ class RailsOps::Operation::Model::Update < RailsOps::Operation::Model::Load
     true
   end
 
-  policy :before_perform do
-    if model_authorization_action && self.class._model_authorization_lazy
-      authorize_model! model_authorization_action, model
+  policy :on_init do
+    if self.class._model_authorization_lazy && load_model_authorization_action.nil?
+      fail RailsOps::Exceptions::NoAuthorizationPerformed,
+           "Operation #{self.class.name} must specify a " \
+           'load_model_authorization_action because model ' \
+           'authorization is configured to be lazy.'
     end
   end
 
-  def model_authorization
-    return unless authorization_enabled?
-
-    if self.class._model_authorization_lazy
-      if load_model_authorization_action.nil?
-        fail RailsOps::Exceptions::NoAuthorizationPerformed,
-             "Operation #{self.class.name} must specify a " \
-             'load_model_authorization_action because model ' \
-             'authorization is configured to be lazy.'
-      else
-        authorize_model! load_model_authorization_action, model
-      end
-    elsif !load_model_authorization_action.nil?
-      authorize_model_with_authorize_only! load_model_authorization_action, model
-    end
+  policy :before_perform do
+    # If the authorization is configured to be lazy, we need to call the authorization
+    # on the copy of the model that we made before assigning the new attributes.
+    authorize_model! model_authorization_action, @model_before_assigning_attributes if self.class._model_authorization_lazy
+  end
 
-    unless model_authorization_action.nil? || self.class._model_authorization_lazy
+  def model_authorization
+    if authorization_enabled? && model_authorization_action.present?
       authorize_model! model_authorization_action, model
     end
   end
 
   def build_model
+    # Load model via parent class
     super
+
+    # Build nested model operations
     build_nested_model_ops :update
+
+    # Perform update authorization BEFORE assigning attributes. If the authorization is lazy,
+    # we copy the model before assigning the attributes, such that we can call the authorization
+    # later on.
+    if self.class._model_authorization_lazy
+      @model_before_assigning_attributes = @model.dup
+    else
+      model_authorization
+    end
+
+    # Assign attributes
     assign_attributes
   end
 

data/lib/rails_ops/operation/model.rb

@@ -169,9 +169,8 @@ class RailsOps::Operation::Model < RailsOps::Operation
 
   protected
 
-  # Performs nested model operations and then saves the model. If you have
-  # nested model operations, you should call this method instead of calling
-  # `model.save!` directly.
+  # Performs nested model operations and then saves the model. You should always
+  # call this method instead of invoking "model.save!" directly.
   def save!
     run_policies :before_nested_model_ops
     perform_nested_model_ops!

data/lib/rails_ops/profiler.rb

@@ -19,7 +19,7 @@ module RailsOps
       descr += ' - ' if descr
       start = Time.now
       res = yield
-      puts "#{descr}#{((Time.now - start).to_f * 1000).round(1)}ms elapsed.".magenta
+      puts "#{descr}#{((Time.now - start).to_f * 1000).round(1)}ms elapsed."
       res
     end
 

data/lib/rails_ops.rb

@@ -1,6 +1,7 @@
 require 'active_type'
 require 'schemacop'
 require 'request_store'
+require 'ostruct'
 
 module RailsOps
   AUTH_THREAD_STORAGE_KEY = :rails_ops_authorization_enabled