rails_ops 1.5.8 → 1.6.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d447da1ff197bd043c6831fd1fd4136541a064faf398ad78f376f45d6c98bda3
-  data.tar.gz: 351fb718726616969c07e48bc3967d7f3cd4e6bdda07512b1b5e45a878cd66fc
+  metadata.gz: b96c0188f23bcdbb31835f29ac2125a816db7d2345ad5c56786fec2ee9506381
+  data.tar.gz: b9dbe9d1111615b955c4e8d533ce2ed6e8351ad03a648cd52bdea23166145311
 SHA512:
-  metadata.gz: 2086a657d14d7addab4f5e995afa457853f574e0c74bfa074043f28d22cb6f2acc9367cf2d29c9a457218897baf9fb15430452025e4c8fdbcd5f29c9616f7663
-  data.tar.gz: e3ead99ce7cdddc297535f11ad37acdf36244468bc686114d2342bbb0b13289a1f669ca150c4af3b2d1100482336dc697de38f6a78b2e2fac0923d9f21f6bf1b
+  metadata.gz: 32af49ae5fb81eb1e0e56555f790dc2bd72621dd8d8a42da5adee18d4a5fba1a827bcc51aeb4562cd0721ff2656bcea40c68265fa28416fc5d380437fde1f80c
+  data.tar.gz: 64f6322f440685110cb8e76c1d65e127ad133fdc3188e42af37111562c7380854a9b181129b315005892e3fa8a1386d055bc5420c75ebe6cae6ffc5b7e86edcc

data/.github/workflows/rubocop.yml

@@ -11,7 +11,7 @@ jobs:
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 3.0.1
+          ruby-version: 3.1.0
           bundler-cache: true
       - name: Run rubocop
         run: bundle exec rubocop

data/.github/workflows/ruby.yml

@@ -37,6 +37,12 @@ jobs:
             ruby-version: '3.2.0'
           - rails-version: '7.1'
             ruby-version: '3.3.0'
+          - rails-version: '8.0'
+            ruby-version: '3.2.0'
+          - rails-version: '8.0'
+            ruby-version: '3.3.0'
+          - rails-version: '8.0'
+            ruby-version: '3.4.0'
     name: Test against Ruby ${{ matrix.ruby-version }} / Rails ${{ matrix.rails-version }}
     env:
       BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/rails_${{ matrix.rails-version }}.gemfile

data/Appraisals

@@ -1,3 +1,8 @@
+appraise 'rails-8.0' do
+  gem 'rails', '~> 8.0.1'
+  gem 'sqlite3', '~> 2.1'
+end
+
 appraise 'rails-7.2' do
   gem 'rails', '~> 7.2.1'
 end

data/CHANGELOG.md

@@ -1,5 +1,81 @@
 # Changelog
 
+## 1.6.0.rc1 (2025-01-22)
+
+* Add minimum version requirement for `rails` (rails `> 4` is required)
+
+## 1.6.0.rc0 (2025-01-22)
+
+* Adapt the way model authorization works for an additional layer of security:
+
+  * Update-Operations (operations inheriting from `RailsOps::Operation::Model::Update`)
+    now perform their model authorization immediately after the model is loaded (in `build_model`).
+
+    Previously, the authorization was only performed after the attributes have
+    already been assigned, never checking authorization against the "pristine"
+    model.
+
+  * Load-Operations (operations inheriting from
+    `RailsOps::Operation::Model::Load`) now always load their associated model
+    **directly on OP instantiation**. Previously, this was only the case if load
+    model authorization was enabled.
+
+    In addition, the method `model_authorization` has been renamed to
+    `load_model_authorization` in order to separate it from the method
+    `model_authorization` in `RailsOps::Operation::Model::Update`.
+
+  Internal reference: `#133622`.
+
+### Migrating from earlier versions
+
+Check that operations using model authorization still work as expected, especially
+operations inheriting from `RailsOps::Operation::Model::Update` or from
+`RailsOps::Operation::Model::Load`:
+
+* For operations inheriting from `RailsOps::Operation::Model::Load`: Rename all
+  uses of `model_authorization` to `load_model_authorization`.
+
+* For operations inheriting from `RailsOps::Operation::Model::Update`, you need
+  to make sure that running the model authorization on the "pristine" model (before
+  assigning the new attributes) is still applying your authorization logic in
+  the correct way (i.e. authorizing on the model *before* assigning the attributes
+  applies authorization correctly).
+  If you need to authorize the state *after* assigning the params to the model,
+  you'll need add that check manually in your operation.
+
+
+  One example of how this behaviour was changed: A user may only update
+  a `Group` object with a `color` of `'red'`:
+
+  ```ruby
+  class Ability
+    can :update, Group, color: 'red'
+  end
+  ```
+
+  Before, this was the way RailsOps handled it:
+
+  ```ruby
+  model = find_record(params[:id]) # => model = Group(color: 'blue')
+  model.assign_attributes(params)  # params = { color: 'red' }
+  authorize! :update, model
+  ```
+
+  This works, because RailsOps already assigned `'red'` to the `color` attribute of the model. This means
+  that the `authorize!` call will succeed, even though the original model in the database is not permissible
+  to be updated by the user.
+
+  Afterwards, the behaviour is as follows:
+
+  ```ruby
+  model = find_record(params[:id]) # => model = Group(color: 'blue')
+  authorize! :update, model        # => Fails with CanCan::AccessDenied, as the user may not update the group
+  # [...]
+  ```
+
+After applying these changes, carefully test your application, run unit tests etc.
+to ensure all operations still behave as expected in regards to authorization.
+
 ## 1.5.8 (2024-09-11)
 
 * Also allow single path segments as symbols instead of array for

data/Gemfile

@@ -2,3 +2,14 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in rails_ops.gemspec
 gemspec
+
+# Development dependencies should be specified in here
+gem 'appraisal'
+gem 'bundler'
+gem 'cancancan'
+gem 'pry'
+gem 'rake'
+gem 'rubocop', '1.70.0'
+gem 'simplecov'
+gem 'sprockets-rails'
+gem 'sqlite3', '<2.0.0'

data/Gemfile.lock

@@ -1,10 +1,10 @@
 PATH
   remote: .
   specs:
-    rails_ops (1.5.8)
+    rails_ops (1.6.0.rc1)
       active_type (>= 1.3.0)
       minitest
-      rails
+      rails (> 4)
       request_store
       schemacop (>= 3.0.0, <= 3.1)
 
@@ -97,7 +97,6 @@ GEM
     builder (3.2.4)
     cancancan (3.5.0)
     coderay (1.1.3)
-    colorize (0.8.1)
     concurrent-ruby (1.3.1)
     connection_pool (2.4.1)
     crass (1.0.6)
@@ -113,7 +112,8 @@ GEM
     irb (1.11.2)
       rdoc
       reline (>= 0.4.2)
-    json (2.6.3)
+    json (2.9.1)
+    language_server-protocol (3.17.0.3)
     loofah (2.22.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
@@ -141,9 +141,10 @@ GEM
       racc (~> 1.4)
     nokogiri (1.16.5-x86_64-linux)
       racc (~> 1.4)
-    parallel (1.22.1)
-    parser (3.2.1.1)
+    parallel (1.26.3)
+    parser (3.3.7.0)
       ast (~> 2.4.1)
+      racc
     pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
@@ -191,25 +192,23 @@ GEM
     rake (13.1.0)
     rdoc (6.6.3.1)
       psych (>= 4.0.0)
-    regexp_parser (2.7.0)
+    regexp_parser (2.10.0)
     reline (0.4.3)
       io-console (~> 0.5)
     request_store (1.5.1)
       rack (>= 1.4)
-    rexml (3.3.6)
-      strscan
-    rubocop (1.45.1)
+    rubocop (1.70.0)
       json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.2.0.0)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
-      rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.24.1, < 2.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.36.2, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.28.0)
-      parser (>= 3.2.1.0)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.37.0)
+      parser (>= 3.3.1.0)
     ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.4)
     schemacop (3.0.22)
@@ -231,12 +230,13 @@ GEM
     sqlite3 (1.6.2-x86_64-darwin)
     sqlite3 (1.6.2-x86_64-linux)
     stringio (3.1.0)
-    strscan (3.1.0)
     thor (1.3.1)
     timeout (0.4.1)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (2.4.2)
+    unicode-display_width (3.1.4)
+      unicode-emoji (~> 4.0, >= 4.0.4)
+    unicode-emoji (4.0.4)
     webrick (1.8.1)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
@@ -254,11 +254,10 @@ DEPENDENCIES
   appraisal
   bundler
   cancancan
-  colorize
   pry
   rails_ops!
   rake
-  rubocop (= 1.45.1)
+  rubocop (= 1.70.0)
   simplecov
   sprockets-rails
   sqlite3 (< 2.0.0)

data/LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright © 2017-2024 Sitrox
+Copyright © 2017-2025 Sitrox
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -23,18 +23,22 @@ Requirements & Installation
 
 ### Requirements
 
+* `rails > 4`
+
 - RailsOps only works with Rails applications, with the following Rails versions being tested in the CI:
   * Rails 6.0.x
   * Rails 6.1.x
   * Rails 7.0.x
   * Rails 7.1.x
   * Rails 7.2.x
+  * Rails 8.0.x
 - Additionally, the following Ruby versions are covered by our unit tests:
   * 2.7.8
   * 3.0.1
   * 3.1.0
   * 3.2.0
   * 3.3.0
+  * 3.4.0
 - Please see the [unit test workflow](https://github.com/sitrox/rails_ops/actions/workflows/ruby.yml) for the combinations of the Rails & Ruby versions, as only compatible versions are tested with each other.
 - Prior Rails and Ruby versions may be supported but they are not tested in the CI.
 - Rails Ops' model operations require ActiveRecord but are database / adapter
@@ -1353,8 +1357,9 @@ authorization check based on this model.
 
 While you can override this method to perform custom authorization, RailsOps
 provides a base implementation. Using the class method
-`model_authorization_action`, you can specify an action verb that is used for
-authorizing your model.
+`model_authorization_action` (or `load_model_authorization` for operations
+inheriting from `RailsOps::Operation::Model::Load`), you can specify an action
+verb that is used for authorizing your model.
 
 ```ruby
 class Operations::User::Load < RailsOps::Operation::Model::Load
@@ -1362,7 +1367,23 @@ class Operations::User::Load < RailsOps::Operation::Model::Load
 
   # This automatically calls `authorize_model! :read` after operation
   # instantiation.
-  model_authorization_action :read
+  load_model_authorization :read
+end
+```
+
+Another example for an update operation:
+
+```ruby
+class Operations::User::Update < RailsOps::Operation::Model::Update
+  model User
+
+  # This automatically calls `authorize_model! :read` after operation
+  # instantiation.
+  load_model_authorization :read
+
+  # This automatically calls `authorize_model! :update` after operation
+  # instantiation.
+  model_authorization :update
 end
 ```
 
@@ -1793,4 +1814,4 @@ Rails architecture.
 
 ## Copyright
 
-Copyright © 2017 - 2024 Sitrox. See `LICENSE` for further details.
+Copyright © 2017 - 2025 Sitrox. See `LICENSE` for further details.

data/Rakefile

@@ -16,19 +16,9 @@ task :gemspec do
     spec.require_paths = ['lib']
     spec.licenses      = ['MIT']
 
-    spec.add_development_dependency 'appraisal'
-    spec.add_development_dependency 'bundler'
-    spec.add_development_dependency 'rake'
-    spec.add_development_dependency 'sqlite3', '<2.0.0'
-    spec.add_development_dependency 'cancancan'
-    spec.add_development_dependency 'pry'
-    spec.add_development_dependency 'colorize'
-    spec.add_development_dependency 'rubocop', '1.45.1'
-    spec.add_development_dependency 'sprockets-rails'
-    spec.add_development_dependency 'simplecov'
     spec.add_dependency 'active_type', '>= 1.3.0'
     spec.add_dependency 'minitest'
-    spec.add_dependency 'rails'
+    spec.add_dependency 'rails', '> 4'
     spec.add_dependency 'request_store'
     spec.add_dependency 'schemacop', '>= 3.0.0', '<= 3.1'
   end

data/VERSION

@@ -1 +1 @@
-1.5.8
+1.6.0.rc1

data/gemfiles/rails_6.0.gemfile

@@ -2,6 +2,15 @@
 
 source 'https://rubygems.org'
 
+gem 'appraisal'
+gem 'bundler'
+gem 'cancancan'
+gem 'pry'
 gem 'rails', '~> 6.0.4'
+gem 'rake'
+gem 'rubocop', '1.70.0'
+gem 'simplecov'
+gem 'sprockets-rails'
+gem 'sqlite3', '<2.0.0'
 
 gemspec path: '../'

data/gemfiles/rails_6.1.gemfile

@@ -2,6 +2,15 @@
 
 source 'https://rubygems.org'
 
+gem 'appraisal'
+gem 'bundler'
+gem 'cancancan'
+gem 'pry'
 gem 'rails', '~> 6.1.4'
+gem 'rake'
+gem 'rubocop', '1.70.0'
+gem 'simplecov'
+gem 'sprockets-rails'
+gem 'sqlite3', '<2.0.0'
 
 gemspec path: '../'

data/gemfiles/rails_7.0.gemfile

@@ -2,6 +2,15 @@
 
 source 'https://rubygems.org'
 
+gem 'appraisal'
+gem 'bundler'
+gem 'cancancan'
+gem 'pry'
 gem 'rails', '~> 7.0.1'
+gem 'rake'
+gem 'rubocop', '1.70.0'
+gem 'simplecov'
+gem 'sprockets-rails'
+gem 'sqlite3', '<2.0.0'
 
 gemspec path: '../'

data/gemfiles/rails_7.1.gemfile

@@ -2,6 +2,15 @@
 
 source 'https://rubygems.org'
 
+gem 'appraisal'
+gem 'bundler'
+gem 'cancancan'
+gem 'pry'
 gem 'rails', '~> 7.1.0'
+gem 'rake'
+gem 'rubocop', '1.70.0'
+gem 'simplecov'
+gem 'sprockets-rails'
+gem 'sqlite3', '<2.0.0'
 
 gemspec path: '../'

data/gemfiles/rails_7.2.gemfile

@@ -2,6 +2,15 @@
 
 source 'https://rubygems.org'
 
+gem 'appraisal'
+gem 'bundler'
+gem 'cancancan'
+gem 'pry'
 gem 'rails', '~> 7.2.1'
+gem 'rake'
+gem 'rubocop', '1.70.0'
+gem 'simplecov'
+gem 'sprockets-rails'
+gem 'sqlite3', '<2.0.0'
 
 gemspec path: '../'

data/gemfiles/rails_8.0.gemfile

@@ -0,0 +1,16 @@
+# This file was generated by Appraisal
+
+source 'https://rubygems.org'
+
+gem 'appraisal'
+gem 'bundler'
+gem 'cancancan'
+gem 'pry'
+gem 'rails', '~> 8.0.1'
+gem 'rake'
+gem 'rubocop', '1.70.0'
+gem 'simplecov'
+gem 'sprockets-rails'
+gem 'sqlite3', '~> 2.1'
+
+gemspec path: '../'

data/lib/rails_ops/exceptions.rb

@@ -13,7 +13,7 @@ module RailsOps::Exceptions
 
     def initialize(original_exception)
       @original_exception = original_exception
-      super original_exception.message
+      super(original_exception.message)
     end
   end
 

data/lib/rails_ops/log_subscriber.rb

@@ -33,7 +33,7 @@ module RailsOps
       if Rails.gem_version >= Gem::Version.new('7.1')
         super(message, color, bold: bold)
       else
-        super(message, color, bold)
+        super
       end
     end
   end

data/lib/rails_ops/operation/model/destroy.rb

@@ -20,6 +20,11 @@ class RailsOps::Operation::Model::Destroy < RailsOps::Operation::Model::Load
     end
   end
 
+  def build_model
+    super
+    model_authorization
+  end
+
   def perform
     trigger :before_destroy, model: model
     model.destroy!

data/lib/rails_ops/operation/model/load.rb

@@ -4,7 +4,7 @@ class RailsOps::Operation::Model::Load < RailsOps::Operation::Model
   class_attribute :_lock_mode
 
   policy :on_init do
-    model_authorization
+    model
   end
 
   # Gets or sets the action verb used for authorizing models on load.
@@ -18,10 +18,8 @@ class RailsOps::Operation::Model::Load < RailsOps::Operation::Model
     return _load_model_authorization_action
   end
 
-  def model_authorization
-    return unless authorization_enabled?
-
-    unless load_model_authorization_action.nil?
+  def load_model_authorization
+    if authorization_enabled? && load_model_authorization_action.present?
       authorize_model! load_model_authorization_action, model
     end
   end
@@ -78,12 +76,18 @@ class RailsOps::Operation::Model::Load < RailsOps::Operation::Model
     relation = lock_relation(relation)
 
     # Fetch (and possibly lock) model
-    return relation.find_by!(model_id_field => params[model_id_field])
+    model = relation.find_by!(model_id_field => params[model_id_field])
+
+    # Return model
+    return model
   end
 
   def build_model
     @model = find_model
 
+    # Perform load model authorization
+    load_model_authorization
+
     if @model.respond_to?(:parent_op=)
       @model.parent_op = self
     end

data/lib/rails_ops/operation/model/update.rb

@@ -8,36 +8,44 @@ class RailsOps::Operation::Model::Update < RailsOps::Operation::Model::Load
     true
   end
 
-  policy :before_perform do
-    if model_authorization_action && self.class._model_authorization_lazy
-      authorize_model! model_authorization_action, model
+  policy :on_init do
+    if self.class._model_authorization_lazy && load_model_authorization_action.nil?
+      fail RailsOps::Exceptions::NoAuthorizationPerformed,
+           "Operation #{self.class.name} must specify a " \
+           'load_model_authorization_action because model ' \
+           'authorization is configured to be lazy.'
     end
   end
 
-  def model_authorization
-    return unless authorization_enabled?
-
-    if self.class._model_authorization_lazy
-      if load_model_authorization_action.nil?
-        fail RailsOps::Exceptions::NoAuthorizationPerformed,
-             "Operation #{self.class.name} must specify a " \
-             'load_model_authorization_action because model ' \
-             'authorization is configured to be lazy.'
-      else
-        authorize_model! load_model_authorization_action, model
-      end
-    elsif !load_model_authorization_action.nil?
-      authorize_model_with_authorize_only! load_model_authorization_action, model
-    end
+  policy :before_perform do
+    # If the authorization is configured to be lazy, we need to call the authorization
+    # on the copy of the model that we made before assigning the new attributes.
+    authorize_model! model_authorization_action, @model_before_assigning_attributes if self.class._model_authorization_lazy
+  end
 
-    unless model_authorization_action.nil? || self.class._model_authorization_lazy
+  def model_authorization
+    if authorization_enabled? && model_authorization_action.present?
       authorize_model! model_authorization_action, model
     end
   end
 
   def build_model
+    # Load model via parent class
     super
+
+    # Build nested model operations
     build_nested_model_ops :update
+
+    # Perform update authorization BEFORE assigning attributes. If the authorization is lazy,
+    # we copy the model before assigning the attributes, such that we can call the authorization
+    # later on.
+    if self.class._model_authorization_lazy
+      @model_before_assigning_attributes = @model.dup
+    else
+      model_authorization
+    end
+
+    # Assign attributes
     assign_attributes
   end
 

data/lib/rails_ops/operation/model.rb

@@ -169,9 +169,8 @@ class RailsOps::Operation::Model < RailsOps::Operation
 
   protected
 
-  # Performs nested model operations and then saves the model. If you have
-  # nested model operations, you should call this method instead of calling
-  # `model.save!` directly.
+  # Performs nested model operations and then saves the model. You should always
+  # call this method instead of invoking "model.save!" directly.
   def save!
     run_policies :before_nested_model_ops
     perform_nested_model_ops!

data/lib/rails_ops/profiler.rb

@@ -19,7 +19,7 @@ module RailsOps
       descr += ' - ' if descr
       start = Time.now
       res = yield
-      puts "#{descr}#{((Time.now - start).to_f * 1000).round(1)}ms elapsed.".magenta
+      puts "#{descr}#{((Time.now - start).to_f * 1000).round(1)}ms elapsed."
       res
     end
 

data/lib/rails_ops.rb

@@ -1,6 +1,7 @@
 require 'active_type'
 require 'schemacop'
 require 'request_store'
+require 'ostruct'
 
 module RailsOps
   AUTH_THREAD_STORAGE_KEY = :rails_ops_authorization_enabled

data/rails_ops.gemspec

@@ -1,15 +1,15 @@
 # -*- encoding: utf-8 -*-
-# stub: rails_ops 1.5.8 ruby lib
+# stub: rails_ops 1.6.0.rc1 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "rails_ops".freeze
-  s.version = "1.5.8"
+  s.version = "1.6.0.rc1"
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+  s.required_rubygems_version = Gem::Requirement.new("> 1.3.1".freeze) if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib".freeze]
   s.authors = ["Sitrox".freeze]
-  s.date = "2024-09-11"
-  s.files = [".github/workflows/rubocop.yml".freeze, ".github/workflows/ruby.yml".freeze, ".gitignore".freeze, ".releaser_config".freeze, ".rubocop.yml".freeze, "Appraisals".freeze, "CHANGELOG.md".freeze, "Gemfile".freeze, "Gemfile.lock".freeze, "LICENSE".freeze, "README.md".freeze, "Rakefile".freeze, "VERSION".freeze, "gemfiles/rails_6.0.gemfile".freeze, "gemfiles/rails_6.1.gemfile".freeze, "gemfiles/rails_7.0.gemfile".freeze, "gemfiles/rails_7.1.gemfile".freeze, "gemfiles/rails_7.2.gemfile".freeze, "lib/generators/operation/USAGE".freeze, "lib/generators/operation/operation_generator.rb".freeze, "lib/generators/operation/templates/controller.erb".freeze, "lib/generators/operation/templates/controller_wrapper.erb".freeze, "lib/generators/operation/templates/create.erb".freeze, "lib/generators/operation/templates/destroy.erb".freeze, "lib/generators/operation/templates/load.erb".freeze, "lib/generators/operation/templates/update.erb".freeze, "lib/generators/operation/templates/view.erb".freeze, "lib/rails_ops.rb".freeze, "lib/rails_ops/authorization_backend/abstract.rb".freeze, "lib/rails_ops/authorization_backend/can_can_can.rb".freeze, "lib/rails_ops/configuration.rb".freeze, "lib/rails_ops/context.rb".freeze, "lib/rails_ops/controller_mixin.rb".freeze, "lib/rails_ops/exceptions.rb".freeze, "lib/rails_ops/hooked_job.rb".freeze, "lib/rails_ops/hookup.rb".freeze, "lib/rails_ops/hookup/dsl.rb".freeze, "lib/rails_ops/hookup/dsl_validator.rb".freeze, "lib/rails_ops/hookup/hook.rb".freeze, "lib/rails_ops/log_subscriber.rb".freeze, "lib/rails_ops/mixins.rb".freeze, "lib/rails_ops/mixins/authorization.rb".freeze, "lib/rails_ops/mixins/log_settings.rb".freeze, "lib/rails_ops/mixins/model.rb".freeze, "lib/rails_ops/mixins/model/authorization.rb".freeze, "lib/rails_ops/mixins/model/nesting.rb".freeze, "lib/rails_ops/mixins/param_authorization.rb".freeze, "lib/rails_ops/mixins/policies.rb".freeze, "lib/rails_ops/mixins/require_context.rb".freeze, "lib/rails_ops/mixins/routes.rb".freeze, "lib/rails_ops/mixins/schema_validation.rb".freeze, "lib/rails_ops/mixins/sub_ops.rb".freeze, "lib/rails_ops/model_mixins.rb".freeze, "lib/rails_ops/model_mixins/ar_extension.rb".freeze, "lib/rails_ops/model_mixins/marshalling.rb".freeze, "lib/rails_ops/model_mixins/parent_op.rb".freeze, "lib/rails_ops/model_mixins/sti_fixes.rb".freeze, "lib/rails_ops/model_mixins/virtual_attributes.rb".freeze, "lib/rails_ops/model_mixins/virtual_attributes/virtual_column_wrapper.rb".freeze, "lib/rails_ops/model_mixins/virtual_has_one.rb".freeze, "lib/rails_ops/model_mixins/virtual_model_name.rb".freeze, "lib/rails_ops/operation.rb".freeze, "lib/rails_ops/operation/model.rb".freeze, "lib/rails_ops/operation/model/create.rb".freeze, "lib/rails_ops/operation/model/destroy.rb".freeze, "lib/rails_ops/operation/model/load.rb".freeze, "lib/rails_ops/operation/model/update.rb".freeze, "lib/rails_ops/profiler.rb".freeze, "lib/rails_ops/profiler/node.rb".freeze, "lib/rails_ops/railtie.rb".freeze, "lib/rails_ops/scoped_env.rb".freeze, "lib/rails_ops/virtual_model.rb".freeze, "rails_ops.gemspec".freeze, "test/db/models.rb".freeze, "test/db/schema.rb".freeze, "test/dummy/Rakefile".freeze, "test/dummy/app/assets/config/manifest.js".freeze, "test/dummy/app/assets/images/.keep".freeze, "test/dummy/app/assets/javascripts/application.js".freeze, "test/dummy/app/assets/javascripts/cable.js".freeze, "test/dummy/app/assets/javascripts/channels/.keep".freeze, "test/dummy/app/assets/stylesheets/application.css".freeze, "test/dummy/app/channels/application_cable/channel.rb".freeze, "test/dummy/app/channels/application_cable/connection.rb".freeze, "test/dummy/app/controllers/application_controller.rb".freeze, "test/dummy/app/controllers/concerns/.keep".freeze, "test/dummy/app/controllers/group_controller.rb".freeze, "test/dummy/app/helpers/application_helper.rb".freeze, "test/dummy/app/jobs/application_job.rb".freeze, "test/dummy/app/mailers/application_mailer.rb".freeze, "test/dummy/app/models/ability.rb".freeze, "test/dummy/app/models/animal.rb".freeze, "test/dummy/app/models/application_record.rb".freeze, "test/dummy/app/models/bird.rb".freeze, "test/dummy/app/models/cat.rb".freeze, "test/dummy/app/models/computer.rb".freeze, "test/dummy/app/models/concerns/.keep".freeze, "test/dummy/app/models/cpu.rb".freeze, "test/dummy/app/models/dog.rb".freeze, "test/dummy/app/models/flower.rb".freeze, "test/dummy/app/models/group.rb".freeze, "test/dummy/app/models/mainboard.rb".freeze, "test/dummy/app/models/nightingale.rb".freeze, "test/dummy/app/models/phoenix.rb".freeze, "test/dummy/app/models/user.rb".freeze, "test/dummy/app/views/layouts/application.html.erb".freeze, "test/dummy/app/views/layouts/mailer.html.erb".freeze, "test/dummy/app/views/layouts/mailer.text.erb".freeze, "test/dummy/bin/bundle".freeze, "test/dummy/bin/rails".freeze, "test/dummy/bin/rake".freeze, "test/dummy/bin/setup".freeze, "test/dummy/bin/update".freeze, "test/dummy/bin/yarn".freeze, "test/dummy/config.ru".freeze, "test/dummy/config/application.rb".freeze, "test/dummy/config/boot.rb".freeze, "test/dummy/config/cable.yml".freeze, "test/dummy/config/database.yml".freeze, "test/dummy/config/environment.rb".freeze, "test/dummy/config/environments/development.rb".freeze, "test/dummy/config/environments/production.rb".freeze, "test/dummy/config/environments/test.rb".freeze, "test/dummy/config/hookup.rb".freeze, "test/dummy/config/initializers/application_controller_renderer.rb".freeze, "test/dummy/config/initializers/assets.rb".freeze, "test/dummy/config/initializers/backtrace_silencers.rb".freeze, "test/dummy/config/initializers/cookies_serializer.rb".freeze, "test/dummy/config/initializers/filter_parameter_logging.rb".freeze, "test/dummy/config/initializers/inflections.rb".freeze, "test/dummy/config/initializers/mime_types.rb".freeze, "test/dummy/config/initializers/rails_ops.rb".freeze, "test/dummy/config/initializers/wrap_parameters.rb".freeze, "test/dummy/config/locales/en.yml".freeze, "test/dummy/config/puma.rb".freeze, "test/dummy/config/routes.rb".freeze, "test/dummy/config/secrets.yml".freeze, "test/dummy/config/spring.rb".freeze, "test/dummy/db/schema.rb".freeze, "test/dummy/lib/assets/.keep".freeze, "test/dummy/log/.keep".freeze, "test/dummy/package.json".freeze, "test/dummy/public/404.html".freeze, "test/dummy/public/422.html".freeze, "test/dummy/public/500.html".freeze, "test/dummy/public/apple-touch-icon-precomposed.png".freeze, "test/dummy/public/apple-touch-icon.png".freeze, "test/dummy/public/favicon.ico".freeze, "test/dummy/tmp/.keep".freeze, "test/test_helper.rb".freeze, "test/unit/rails_ops/generators/operation_generator_test.rb".freeze, "test/unit/rails_ops/hookup_test.rb".freeze, "test/unit/rails_ops/mixins/controller_test.rb".freeze, "test/unit/rails_ops/mixins/model/deep_nesting_test.rb".freeze, "test/unit/rails_ops/mixins/model/marshalling_test.rb".freeze, "test/unit/rails_ops/mixins/param_authorization_test.rb".freeze, "test/unit/rails_ops/mixins/policies_test.rb".freeze, "test/unit/rails_ops/operation/auth_test.rb".freeze, "test/unit/rails_ops/operation/model/create_test.rb".freeze, "test/unit/rails_ops/operation/model/destroy_test.rb".freeze, "test/unit/rails_ops/operation/model/load_test.rb".freeze, "test/unit/rails_ops/operation/model/sti_test.rb".freeze, "test/unit/rails_ops/operation/model/update_test.rb".freeze, "test/unit/rails_ops/operation/model_test.rb".freeze, "test/unit/rails_ops/operation/update_lazy_auth_test.rb".freeze, "test/unit/rails_ops/operation_test.rb".freeze, "test/unit/rails_ops/profiler_test.rb".freeze]
+  s.date = "2025-01-22"
+  s.files = [".github/workflows/rubocop.yml".freeze, ".github/workflows/ruby.yml".freeze, ".gitignore".freeze, ".releaser_config".freeze, ".rubocop.yml".freeze, "Appraisals".freeze, "CHANGELOG.md".freeze, "Gemfile".freeze, "Gemfile.lock".freeze, "LICENSE".freeze, "README.md".freeze, "Rakefile".freeze, "VERSION".freeze, "gemfiles/rails_6.0.gemfile".freeze, "gemfiles/rails_6.1.gemfile".freeze, "gemfiles/rails_7.0.gemfile".freeze, "gemfiles/rails_7.1.gemfile".freeze, "gemfiles/rails_7.2.gemfile".freeze, "gemfiles/rails_8.0.gemfile".freeze, "lib/generators/operation/USAGE".freeze, "lib/generators/operation/operation_generator.rb".freeze, "lib/generators/operation/templates/controller.erb".freeze, "lib/generators/operation/templates/controller_wrapper.erb".freeze, "lib/generators/operation/templates/create.erb".freeze, "lib/generators/operation/templates/destroy.erb".freeze, "lib/generators/operation/templates/load.erb".freeze, "lib/generators/operation/templates/update.erb".freeze, "lib/generators/operation/templates/view.erb".freeze, "lib/rails_ops.rb".freeze, "lib/rails_ops/authorization_backend/abstract.rb".freeze, "lib/rails_ops/authorization_backend/can_can_can.rb".freeze, "lib/rails_ops/configuration.rb".freeze, "lib/rails_ops/context.rb".freeze, "lib/rails_ops/controller_mixin.rb".freeze, "lib/rails_ops/exceptions.rb".freeze, "lib/rails_ops/hooked_job.rb".freeze, "lib/rails_ops/hookup.rb".freeze, "lib/rails_ops/hookup/dsl.rb".freeze, "lib/rails_ops/hookup/dsl_validator.rb".freeze, "lib/rails_ops/hookup/hook.rb".freeze, "lib/rails_ops/log_subscriber.rb".freeze, "lib/rails_ops/mixins.rb".freeze, "lib/rails_ops/mixins/authorization.rb".freeze, "lib/rails_ops/mixins/log_settings.rb".freeze, "lib/rails_ops/mixins/model.rb".freeze, "lib/rails_ops/mixins/model/authorization.rb".freeze, "lib/rails_ops/mixins/model/nesting.rb".freeze, "lib/rails_ops/mixins/param_authorization.rb".freeze, "lib/rails_ops/mixins/policies.rb".freeze, "lib/rails_ops/mixins/require_context.rb".freeze, "lib/rails_ops/mixins/routes.rb".freeze, "lib/rails_ops/mixins/schema_validation.rb".freeze, "lib/rails_ops/mixins/sub_ops.rb".freeze, "lib/rails_ops/model_mixins.rb".freeze, "lib/rails_ops/model_mixins/ar_extension.rb".freeze, "lib/rails_ops/model_mixins/marshalling.rb".freeze, "lib/rails_ops/model_mixins/parent_op.rb".freeze, "lib/rails_ops/model_mixins/sti_fixes.rb".freeze, "lib/rails_ops/model_mixins/virtual_attributes.rb".freeze, "lib/rails_ops/model_mixins/virtual_attributes/virtual_column_wrapper.rb".freeze, "lib/rails_ops/model_mixins/virtual_has_one.rb".freeze, "lib/rails_ops/model_mixins/virtual_model_name.rb".freeze, "lib/rails_ops/operation.rb".freeze, "lib/rails_ops/operation/model.rb".freeze, "lib/rails_ops/operation/model/create.rb".freeze, "lib/rails_ops/operation/model/destroy.rb".freeze, "lib/rails_ops/operation/model/load.rb".freeze, "lib/rails_ops/operation/model/update.rb".freeze, "lib/rails_ops/profiler.rb".freeze, "lib/rails_ops/profiler/node.rb".freeze, "lib/rails_ops/railtie.rb".freeze, "lib/rails_ops/scoped_env.rb".freeze, "lib/rails_ops/virtual_model.rb".freeze, "rails_ops.gemspec".freeze, "test/db/models.rb".freeze, "test/db/schema.rb".freeze, "test/dummy/Rakefile".freeze, "test/dummy/app/assets/config/manifest.js".freeze, "test/dummy/app/assets/images/.keep".freeze, "test/dummy/app/assets/javascripts/application.js".freeze, "test/dummy/app/assets/javascripts/cable.js".freeze, "test/dummy/app/assets/javascripts/channels/.keep".freeze, "test/dummy/app/assets/stylesheets/application.css".freeze, "test/dummy/app/channels/application_cable/channel.rb".freeze, "test/dummy/app/channels/application_cable/connection.rb".freeze, "test/dummy/app/controllers/application_controller.rb".freeze, "test/dummy/app/controllers/concerns/.keep".freeze, "test/dummy/app/controllers/group_controller.rb".freeze, "test/dummy/app/helpers/application_helper.rb".freeze, "test/dummy/app/jobs/application_job.rb".freeze, "test/dummy/app/mailers/application_mailer.rb".freeze, "test/dummy/app/models/ability.rb".freeze, "test/dummy/app/models/animal.rb".freeze, "test/dummy/app/models/application_record.rb".freeze, "test/dummy/app/models/bird.rb".freeze, "test/dummy/app/models/cat.rb".freeze, "test/dummy/app/models/computer.rb".freeze, "test/dummy/app/models/concerns/.keep".freeze, "test/dummy/app/models/cpu.rb".freeze, "test/dummy/app/models/dog.rb".freeze, "test/dummy/app/models/flower.rb".freeze, "test/dummy/app/models/group.rb".freeze, "test/dummy/app/models/mainboard.rb".freeze, "test/dummy/app/models/nightingale.rb".freeze, "test/dummy/app/models/phoenix.rb".freeze, "test/dummy/app/models/user.rb".freeze, "test/dummy/app/views/layouts/application.html.erb".freeze, "test/dummy/app/views/layouts/mailer.html.erb".freeze, "test/dummy/app/views/layouts/mailer.text.erb".freeze, "test/dummy/bin/bundle".freeze, "test/dummy/bin/rails".freeze, "test/dummy/bin/rake".freeze, "test/dummy/bin/setup".freeze, "test/dummy/bin/update".freeze, "test/dummy/bin/yarn".freeze, "test/dummy/config.ru".freeze, "test/dummy/config/application.rb".freeze, "test/dummy/config/boot.rb".freeze, "test/dummy/config/cable.yml".freeze, "test/dummy/config/database.yml".freeze, "test/dummy/config/environment.rb".freeze, "test/dummy/config/environments/development.rb".freeze, "test/dummy/config/environments/production.rb".freeze, "test/dummy/config/environments/test.rb".freeze, "test/dummy/config/hookup.rb".freeze, "test/dummy/config/initializers/application_controller_renderer.rb".freeze, "test/dummy/config/initializers/assets.rb".freeze, "test/dummy/config/initializers/backtrace_silencers.rb".freeze, "test/dummy/config/initializers/cookies_serializer.rb".freeze, "test/dummy/config/initializers/filter_parameter_logging.rb".freeze, "test/dummy/config/initializers/inflections.rb".freeze, "test/dummy/config/initializers/mime_types.rb".freeze, "test/dummy/config/initializers/rails_ops.rb".freeze, "test/dummy/config/initializers/wrap_parameters.rb".freeze, "test/dummy/config/locales/en.yml".freeze, "test/dummy/config/puma.rb".freeze, "test/dummy/config/routes.rb".freeze, "test/dummy/config/secrets.yml".freeze, "test/dummy/config/spring.rb".freeze, "test/dummy/db/schema.rb".freeze, "test/dummy/lib/assets/.keep".freeze, "test/dummy/log/.keep".freeze, "test/dummy/package.json".freeze, "test/dummy/public/404.html".freeze, "test/dummy/public/422.html".freeze, "test/dummy/public/500.html".freeze, "test/dummy/public/apple-touch-icon-precomposed.png".freeze, "test/dummy/public/apple-touch-icon.png".freeze, "test/dummy/public/favicon.ico".freeze, "test/dummy/tmp/.keep".freeze, "test/test_helper.rb".freeze, "test/unit/rails_ops/generators/operation_generator_test.rb".freeze, "test/unit/rails_ops/hookup_test.rb".freeze, "test/unit/rails_ops/mixins/controller_test.rb".freeze, "test/unit/rails_ops/mixins/model/deep_nesting_test.rb".freeze, "test/unit/rails_ops/mixins/model/marshalling_test.rb".freeze, "test/unit/rails_ops/mixins/param_authorization_test.rb".freeze, "test/unit/rails_ops/mixins/policies_test.rb".freeze, "test/unit/rails_ops/operation/auth_test.rb".freeze, "test/unit/rails_ops/operation/model/create_test.rb".freeze, "test/unit/rails_ops/operation/model/destroy_test.rb".freeze, "test/unit/rails_ops/operation/model/load_test.rb".freeze, "test/unit/rails_ops/operation/model/sti_test.rb".freeze, "test/unit/rails_ops/operation/model/update_test.rb".freeze, "test/unit/rails_ops/operation/model_test.rb".freeze, "test/unit/rails_ops/operation/update_lazy_auth_test.rb".freeze, "test/unit/rails_ops/operation_test.rb".freeze, "test/unit/rails_ops/profiler_test.rb".freeze]
   s.licenses = ["MIT".freeze]
   s.rubygems_version = "3.4.6".freeze
   s.summary = "An operations service layer for rails projects.".freeze
@@ -17,19 +17,9 @@ Gem::Specification.new do |s|
 
   s.specification_version = 4
 
-  s.add_development_dependency(%q<appraisal>.freeze, [">= 0"])
-  s.add_development_dependency(%q<bundler>.freeze, [">= 0"])
-  s.add_development_dependency(%q<rake>.freeze, [">= 0"])
-  s.add_development_dependency(%q<sqlite3>.freeze, ["< 2.0.0"])
-  s.add_development_dependency(%q<cancancan>.freeze, [">= 0"])
-  s.add_development_dependency(%q<pry>.freeze, [">= 0"])
-  s.add_development_dependency(%q<colorize>.freeze, [">= 0"])
-  s.add_development_dependency(%q<rubocop>.freeze, ["= 1.45.1"])
-  s.add_development_dependency(%q<sprockets-rails>.freeze, [">= 0"])
-  s.add_development_dependency(%q<simplecov>.freeze, [">= 0"])
   s.add_runtime_dependency(%q<active_type>.freeze, [">= 1.3.0"])
   s.add_runtime_dependency(%q<minitest>.freeze, [">= 0"])
-  s.add_runtime_dependency(%q<rails>.freeze, [">= 0"])
+  s.add_runtime_dependency(%q<rails>.freeze, ["> 4"])
   s.add_runtime_dependency(%q<request_store>.freeze, [">= 0"])
   s.add_runtime_dependency(%q<schemacop>.freeze, [">= 3.0.0", "<= 3.1"])
 end

data/test/dummy/config/application.rb

@@ -1,5 +1,6 @@
 require_relative 'boot'
 
+require 'logger'
 require 'rails'
 
 require 'active_model/railtie'

data/test/test_helper.rb

@@ -7,7 +7,6 @@ require File.expand_path('../test/dummy/config/environment.rb', __dir__)
 # ActiveRecord::Migrator.migrations_paths = [File.expand_path("../../test/dummy/db/migrate", __FILE__)]
 require 'rails/test_help'
 require 'pry'
-require 'colorize'
 
 # Filter out Minitest backtrace while allowing backtrace from other libraries
 # to be shown.

data/test/unit/rails_ops/operation/auth_test.rb

@@ -18,6 +18,12 @@ class RailsOps::Operation::AuthTest < ActiveSupport::TestCase
     model ::Group
   end
 
+  UPDATE_OP_WITH_SPECIAL_LOAD_OP = Class.new(RailsOps::Operation::Model::Update) do
+    model ::Group
+
+    load_model_authorization_action :create
+  end
+
   CREATE_OP = Class.new(RailsOps::Operation::Model::Create) do
     model ::Group
   end
@@ -78,12 +84,22 @@ class RailsOps::Operation::AuthTest < ActiveSupport::TestCase
   def test_permitted_update
     ctx = RailsOps::Context.new(ability: ABILITY.new(read: true, update: true))
     assert_nothing_raised do
+      # As `read``and `update` is permitted, `new` and `run` should both work for the operation
       op = UPDATE_OP.new(ctx, id: 1, group: { name: 'Group2' })
       res = op.run!
       assert_equal 'Group2', res.model.name
     end
   end
 
+  def test_unpermitted_read_permitted_update
+    # While `update` is permitted, `read` is not, and therefore already trying to
+    # instantiate the operation must fail.
+    ctx = RailsOps::Context.new(ability: ABILITY.new(update: true))
+    assert_raises CanCan::AccessDenied do
+      UPDATE_OP.new(ctx, id: 1, group: { name: 'Group2' })
+    end
+  end
+
   def test_unpermitted_create
     ctx = RailsOps::Context.new(ability: ABILITY.new(read: true))
     assert_raises CanCan::AccessDenied do

data/test/unit/rails_ops/operation/model/load_test.rb

@@ -26,16 +26,14 @@ class RailsOps::Operation::Model::LoadTest < ActiveSupport::TestCase
   end
 
   def test_without_id
-    op = BASIC_OP.new
     assert_raises_with_message RuntimeError, 'Param :id must be given.' do
-      op.model
+      BASIC_OP.new
     end
   end
 
   def test_not_found
-    op = BASIC_OP.new(id: 5)
     assert_raise ActiveRecord::RecordNotFound do
-      op.model
+      BASIC_OP.new(id: 5)
     end
   end
 

data/test/unit/rails_ops/operation/model/update_test.rb

@@ -1,4 +1,5 @@
 require 'test_helper'
+require 'rails_ops/authorization_backend/can_can_can'
 
 class RailsOps::Operation::Model::UpdateTest < ActiveSupport::TestCase
   include TestHelper
@@ -62,10 +63,8 @@ class RailsOps::Operation::Model::UpdateTest < ActiveSupport::TestCase
 
     assert_equal :red, op.model.color
 
-    op = FLOWER_OP.new(id: flower2.id)
-
     assert_raises ActiveRecord::RecordNotFound do
-      op.model
+      FLOWER_OP.new(id: flower2.id)
     end
   end
 
@@ -90,4 +89,78 @@ class RailsOps::Operation::Model::UpdateTest < ActiveSupport::TestCase
     refute op2.model.respond_to?(:planted_is_true)
     refute op2.model.respond_to?(:response_to_everything)
   end
+
+  def test_load_authorization_order
+    RailsOps.config.authorization_backend = 'RailsOps::AuthorizationBackend::CanCanCan'
+
+    op_klass = Class.new(RailsOps::Operation::Model::Update) do
+      model ::Group
+    end
+
+    ability = Class.new do
+      include CanCan::Ability
+
+      def initialize
+        super
+        can :read, Group, color: 'red'
+        can :update, Group, color: 'red'
+      end
+    end.new
+
+    context = RailsOps::Context.new(ability: ability)
+
+    assert_nothing_raised do
+      model = Group.create!(color: 'red')
+      op_klass.run!(context, id: model.id, group: { color: 'red' })
+    end
+
+    assert_raises CanCan::AccessDenied do
+      model = Group.create!(color: 'blue')
+      op_klass.run!(context, id: model.id, group: { color: 'red' })
+    end
+
+    assert_nothing_raised do
+      model = Group.create!(color: 'red')
+      op_klass.run!(context, id: model.id, group: { color: 'blue' })
+    end
+  ensure
+    RailsOps.config.authorization_backend = nil
+  end
+
+  def test_update_authorization_order
+    RailsOps.config.authorization_backend = 'RailsOps::AuthorizationBackend::CanCanCan'
+
+    op_klass = Class.new(RailsOps::Operation::Model::Update) do
+      model ::Group
+    end
+
+    ability = Class.new do
+      include CanCan::Ability
+
+      def initialize
+        super
+        can :read, Group
+        can :update, Group, color: 'red'
+      end
+    end.new
+
+    context = RailsOps::Context.new(ability: ability)
+
+    assert_nothing_raised do
+      model = Group.create!(color: 'red')
+      op_klass.run!(context, id: model.id, group: { color: 'red' })
+    end
+
+    assert_raises CanCan::AccessDenied do
+      model = Group.create!(color: 'blue')
+      op_klass.run!(context, id: model.id, group: { color: 'red' })
+    end
+
+    assert_nothing_raised do
+      model = Group.create!(color: 'red')
+      op_klass.run!(context, id: model.id, group: { color: 'blue' })
+    end
+  ensure
+    RailsOps.config.authorization_backend = nil
+  end
 end

data/test/unit/rails_ops/operation/update_lazy_auth_test.rb

@@ -12,6 +12,7 @@ class RailsOps::Operation::UpdateLazyAuthTest < ActiveSupport::TestCase
 
     def perform
       fail osparams.exception if osparams.exception
+      save!
       @done = true
     end
   end
@@ -21,32 +22,48 @@ class RailsOps::Operation::UpdateLazyAuthTest < ActiveSupport::TestCase
 
     def initialize(read: false, update: false)
       super()
-      can :read, Group if read
-      can :update, Group if update
+      can :read, Group, color: %w[red green] if read
+      can :update, Group, color: 'red' if update
     end
   end
 
   setup do
     Group.delete_all
-    Group.create!(id: 1, name: 'Group')
+    Group.create!(id: 1, name: 'Red Group', color: 'red')
+    Group.create!(id: 2, name: 'Blue group', color: 'blue')
+    Group.create!(id: 3, name: 'Green group', color: 'green')
     RailsOps.config.authorization_backend = 'RailsOps::AuthorizationBackend::CanCanCan'
   end
 
-  def test_unpermitted_read
+  def test_unpermitted_read_permitted_color
     ctx = RailsOps::Context.new(ability: ABILITY.new)
     assert_raises CanCan::AccessDenied do
       BASIC_OP.new(ctx, id: 1)
     end
   end
 
-  def test_permitted_read
+  def test_unpermitted_read_unpermitted_color
+    ctx = RailsOps::Context.new(ability: ABILITY.new)
+    assert_raises CanCan::AccessDenied do
+      BASIC_OP.new(ctx, id: 2)
+    end
+  end
+
+  def test_permitted_read_permitted_color
     ctx = RailsOps::Context.new(ability: ABILITY.new(read: true))
     assert_nothing_raised do
       BASIC_OP.new(ctx, id: 1)
     end
   end
 
-  def test_unpermitted_update
+  def test_permitted_read_unpermitted_color
+    ctx = RailsOps::Context.new(ability: ABILITY.new(read: true))
+    assert_raises CanCan::AccessDenied do
+      BASIC_OP.new(ctx, id: 2)
+    end
+  end
+
+  def test_unpermitted_update_permitted_color
     ctx = RailsOps::Context.new(ability: ABILITY.new(read: true))
     op = BASIC_OP.new(ctx, id: 1)
     assert_raises CanCan::AccessDenied do
@@ -54,11 +71,27 @@ class RailsOps::Operation::UpdateLazyAuthTest < ActiveSupport::TestCase
     end
   end
 
-  def test_permitted_update
+  def test_unpermitted_update_unpermitted_color
+    ctx = RailsOps::Context.new(ability: ABILITY.new(read: true))
+    op = BASIC_OP.new(ctx, id: 1)
+    assert_raises CanCan::AccessDenied do
+      op.run!
+    end
+  end
+
+  def test_permitted_update_permitted_color
     ctx = RailsOps::Context.new(ability: ABILITY.new(read: true, update: true))
     op = BASIC_OP.new(ctx, id: 1)
     assert_nothing_raised do
       op.run!
     end
   end
+
+  def test_permitted_update_unpermitted_color
+    ctx = RailsOps::Context.new(ability: ABILITY.new(read: true, update: true))
+    op = BASIC_OP.new(ctx, id: 3, group: { color: 'red' })
+    assert_raises CanCan::AccessDenied do
+      op.run!
+    end
+  end
 end

data/test/unit/rails_ops/operation_test.rb

@@ -168,13 +168,21 @@ class RailsOps::OperationTest < ActiveSupport::TestCase
   end
 
   def test_inspect
-    assert_equal 'RailsOps::OperationTest::BASIC_OP ({"foo"=>:bar})',
-                 BASIC_OP.new(foo: :bar).inspect
+    # See https://bugs.ruby-lang.org/issues/20433#note-10
+    if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('3.4.0')
+      assert_equal 'RailsOps::OperationTest::BASIC_OP ({"foo" => :bar})', BASIC_OP.new(foo: :bar).inspect
+    else
+      assert_equal 'RailsOps::OperationTest::BASIC_OP ({"foo"=>:bar})', BASIC_OP.new(foo: :bar).inspect
+    end
   end
 
   def test_inspect_with_numeric_param_keys
-    assert_equal 'RailsOps::OperationTest::BASIC_OP ({1=>2})',
-                 BASIC_OP.new(1 => 2).inspect
+    # See https://bugs.ruby-lang.org/issues/20433#note-10
+    if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('3.4.0')
+      assert_equal 'RailsOps::OperationTest::BASIC_OP ({1 => 2})', BASIC_OP.new(1 => 2).inspect
+    else
+      assert_equal 'RailsOps::OperationTest::BASIC_OP ({1=>2})', BASIC_OP.new(1 => 2).inspect
+    end
   end
 
   def test_with_rollback_on_exception

metadata

@@ -1,155 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: rails_ops
 version: !ruby/object:Gem::Version
-  version: 1.5.8
+  version: 1.6.0.rc1
 platform: ruby
 authors:
 - Sitrox
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-09-11 00:00:00.000000000 Z
+date: 2025-01-22 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: appraisal
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: sqlite3
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: 2.0.0
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: 2.0.0
-- !ruby/object:Gem::Dependency
-  name: cancancan
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: pry
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: colorize
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rubocop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.45.1
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 1.45.1
-- !ruby/object:Gem::Dependency
-  name: sprockets-rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: simplecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: active_type
   requirement: !ruby/object:Gem::Requirement
@@ -182,16 +42,16 @@ dependencies:
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ">"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - ">"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '4'
 - !ruby/object:Gem::Dependency
   name: request_store
   requirement: !ruby/object:Gem::Requirement
@@ -226,8 +86,8 @@ dependencies:
     - - "<="
       - !ruby/object:Gem::Version
         version: '3.1'
-description:
-email:
+description: 
+email: 
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -250,6 +110,7 @@ files:
 - gemfiles/rails_7.0.gemfile
 - gemfiles/rails_7.1.gemfile
 - gemfiles/rails_7.2.gemfile
+- gemfiles/rails_8.0.gemfile
 - lib/generators/operation/USAGE
 - lib/generators/operation/operation_generator.rb
 - lib/generators/operation/templates/controller.erb
@@ -399,11 +260,11 @@ files:
 - test/unit/rails_ops/operation/update_lazy_auth_test.rb
 - test/unit/rails_ops/operation_test.rb
 - test/unit/rails_ops/profiler_test.rb
-homepage:
+homepage: 
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -414,12 +275,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubygems_version: 3.5.4
-signing_key:
+rubygems_version: 3.4.6
+signing_key: 
 specification_version: 4
 summary: An operations service layer for rails projects.
 test_files: