Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rubygem-pundit for openSUSE:Factory
checked in at 2021-08-25 20:58:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-pundit (Old)
and /work/SRC/openSUSE:Factory/.rubygem-pundit.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-pundit"
Wed Aug 25 20:58:12 2021 rev:4 rq:914129 version:2.1.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-pundit/rubygem-pundit.changes
2019-08-16 15:45:13.781706650 +0200
+++ /work/SRC/openSUSE:Factory/.rubygem-pundit.new.1899/rubygem-pundit.changes
2021-08-25 20:59:42.925042469 +0200
@@ -1,0 +2,27 @@
+Wed Aug 25 05:22:31 UTC 2021 - Manuel Schnitzer <mschnit...@suse.com>
+
+- updated to version 2.1.1
+
+ Friday 13th-release!
+
+ Careful! The bugfix below (#626) could break existing code. If you rely on
the
+ return value for `authorize` and namespaced policies you might need to do
some
+ changes.
+
+ ### Fixed
+
+ - `.authorize` and `#authorize` return the instance, even for namespaced
+ policies (#626)
+
+ ### Changed
+
+ - Generate application scope with `protected` attr_readers. (#616)
+
+ ### Removed
+
+ - Dropped support for Ruby end-of-life versions: 2.1 and 2.2. (#604)
+ - Dropped support for Ruby end-of-life versions: 2.3 (#633)
+ - Dropped support for Ruby end-of-life versions: 2.4, 2.5 and JRuby 9.1
(#676)
+ - Dropped support for RSpec 2 (#615)
+
+-------------------------------------------------------------------
Old:
----
pundit-2.1.0.gem
New:
----
pundit-2.1.1.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-pundit.spec ++++++
--- /var/tmp/diff_new_pack.GzvAjZ/_old 2021-08-25 20:59:43.425041812 +0200
+++ /var/tmp/diff_new_pack.GzvAjZ/_new 2021-08-25 20:59:43.429041807 +0200
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-pundit
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
#
Name: rubygem-pundit
-Version: 2.1.0
+Version: 2.1.1
Release: 0
%define mod_name pundit
%define mod_full_name %{mod_name}-%{version}
@@ -32,7 +32,7 @@
BuildRequires: %{rubygem gem2rpm}
BuildRequires: %{ruby}
BuildRequires: ruby-macros >= 5
-Url: https://github.com/varvet/pundit
+URL: https://github.com/varvet/pundit
Source: https://rubygems.org/gems/%{mod_full_name}.gem
Source1: gem2rpm.yml
Summary: OO authorization for Rails
++++++ pundit-2.1.0.gem -> pundit-2.1.1.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore 2019-08-14 13:31:38.000000000 +0200
+++ new/.gitignore 2021-08-13 11:10:28.000000000 +0200
@@ -2,6 +2,7 @@
*.rbc
.bundle
.config
+.coverage
.yardoc
Gemfile.lock
InstalledFiles
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.rubocop.yml new/.rubocop.yml
--- old/.rubocop.yml 2019-08-14 13:31:38.000000000 +0200
+++ new/.rubocop.yml 2021-08-13 11:10:28.000000000 +0200
@@ -1,10 +1,7 @@
AllCops:
- DisplayCopNames: true
- TargetRubyVersion: 2.2
+ TargetRubyVersion: 2.6
Exclude:
- - "gemfiles/**/*"
- - "vendor/**/*"
- - "lib/generators/**/*"
+ - "lib/generators/**/templates/**/*"
Metrics/BlockLength:
Exclude:
@@ -40,15 +37,9 @@
- end
IndentOneStep: true
-Layout/AccessModifierIndentation:
- EnforcedStyle: outdent
-
Layout/EndAlignment:
EnforcedStyleAlignWith: variable
-Style/FrozenStringLiteralComment:
- Enabled: true
-
Style/PercentLiteralDelimiters:
PreferredDelimiters:
'%w': "[]"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.travis.yml new/.travis.yml
--- old/.travis.yml 2019-08-14 13:31:38.000000000 +0200
+++ new/.travis.yml 2021-08-13 11:10:28.000000000 +0200
@@ -1,21 +1,25 @@
language: ruby
-before_install:
- - gem install bundler -v 1.17.3
+dist: focal
matrix:
include:
- - rvm: 2.5.1 # Pre-installed Ruby version
+ - name: "RuboCop lint on pre-installed Ruby version"
+ rvm: 2.7.1 # Pre-installed Ruby version
+ before_install:
+ - gem install bundler
script: bundle exec rake rubocop # ONLY lint once, first
- - rvm: 2.1
- - rvm: 2.2
- - rvm: 2.3.5
- - rvm: 2.4.6
- - rvm: 2.5.5
- - rvm: 2.6.3
- - rvm: jruby-9.1.8.0
- env:
- - JRUBY_OPTS="--debug"
- jdk: openjdk8
- - rvm: jruby-9.2.8.0
+ - rvm: 2.6.7
+ before_script:
+ - curl -L
https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64
> ./cc-test-reporter
+ - chmod +x ./cc-test-reporter
+ - ./cc-test-reporter before-build
+ after_script:
+ - ./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT
+ - rvm: 2.7.3
+ - rvm: 3.0.1
+ - rvm: jruby-9.2.17.0
env:
- JRUBY_OPTS="--debug"
+ - rvm: truffleruby-head
+ allow_failures:
+ - rvm: truffleruby-head
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md
--- old/CHANGELOG.md 2019-08-14 13:31:38.000000000 +0200
+++ new/CHANGELOG.md 2021-08-13 11:10:28.000000000 +0200
@@ -1,5 +1,33 @@
# Pundit
+## Unreleased
+
+## 2.1.1 (2021-08-13)
+
+Friday 13th-release!
+
+Careful! The bugfix below (#626) could break existing code. If you rely on the
+return value for `authorize` and namespaced policies you might need to do some
+changes.
+
+### Fixed
+
+- `.authorize` and `#authorize` return the instance, even for namespaced
+ policies (#626)
+
+### Changed
+
+- Generate application scope with `protected` attr_readers. (#616)
+
+### Removed
+
+- Dropped support for Ruby end-of-life versions: 2.1 and 2.2. (#604)
+- Dropped support for Ruby end-of-life versions: 2.3 (#633)
+- Dropped support for Ruby end-of-life versions: 2.4, 2.5 and JRuby 9.1 (#676)
+- Dropped support for RSpec 2 (#615)
+
+## 2.1.0 (2019-08-14)
+
### Fixed
- Avoid name clashes with the Error class. (#590)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/README.md new/README.md
--- old/README.md 2019-08-14 13:31:38.000000000 +0200
+++ new/README.md 2021-08-13 11:10:28.000000000 +0200
@@ -7,7 +7,7 @@
Pundit provides a set of helpers which guide you in leveraging regular Ruby
classes and object oriented design patterns to build a simple, robust and
-scaleable authorization system.
+scalable authorization system.
Links:
@@ -31,7 +31,6 @@
``` ruby
class ApplicationController < ActionController::Base
include Pundit
- protect_from_forgery
end
```
@@ -61,7 +60,7 @@
end
def update?
- user.admin? or not post.published?
+ user.admin? || !post.published?
end
end
```
@@ -165,13 +164,18 @@
end
```
-`authorize` returns the object passed to it, so you can chain it like this:
+`authorize` returns the instance passed to it, so you can chain it like this:
Controller:
```ruby
def show
@user = authorize User.find(params[:id])
end
+
+# return the record even for namespaced policies
+def show
+ @user = authorize [:admin, User.find(params[:id])]
+end
```
You can easily get a hold of an instance of the policy through the `policy`
@@ -220,8 +224,6 @@
``` ruby
class PostPolicy < ApplicationPolicy
class Scope
- attr_reader :user, :scope
-
def initialize(user, scope)
@user = user
@scope = scope
@@ -234,6 +236,10 @@
scope.where(published: true)
end
end
+
+ private
+
+ attr_reader :user, :scope
end
def update?
@@ -296,13 +302,11 @@
end
```
-Just as with your policy, this will automatically infer that you want to use
-the `PostPolicy::Scope` class, it will instantiate this class and call
-`resolve` on the instance. In this case it is a shortcut for doing:
+In this case it is a shortcut for doing:
``` ruby
def index
- @posts = PostPolicy::Scope.new(current_user, Post).resolve
+ @publications = PublicationPolicy::Scope.new(current_user, Post).resolve
end
```
@@ -391,6 +395,16 @@
end
```
+Alternatively, you can declare an instance method:
+
+``` ruby
+class Post
+ def policy_class
+ PostablePolicy
+ end
+end
+```
+
## Just plain old Ruby
As you can see, Pundit doesn't do anything you couldn't have easily done
@@ -476,7 +490,6 @@
```ruby
class ApplicationController < ActionController::Base
- protect_from_forgery
include Pundit
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
@@ -597,8 +610,7 @@
end
def show
- post = Post.find(params[:id])
- authorize(post)
+ post = authorize Post.find(params[:id])
end
end
```
@@ -641,9 +653,8 @@
## Strong parameters
-In Rails 4 (or Rails 3.2 with the
-[strong_parameters](https://github.com/rails/strong_parameters) gem),
-mass-assignment protection is handled in the controller. With Pundit you can
+In Rails,
+mass-assignment protection is handled in the controller. With Pundit you can
control which attributes a user has access to update via your policies. You can
set up a `permitted_attributes` method in your policy like this:
@@ -782,6 +793,7 @@
- [RailsApps Example Application: Pundit and
Devise](https://github.com/RailsApps/rails-devise-pundit)
- [Migrating to Pundit from
CanCan](http://blog.carbonfive.com/2013/10/21/migrating-to-pundit-from-cancan/)
- [Testing Pundit Policies with
RSpec](http://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/)
+- [Testing Pundit with
Minitest](https://github.com/varvet/pundit/issues/204#issuecomment-60166450)
- [Using Pundit outside of a Rails
controller](https://github.com/varvet/pundit/pull/136)
- [Straightforward Rails Authorization with
Pundit](http://www.sitepoint.com/straightforward-rails-authorization-with-pundit/)
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/generators/pundit/install/install_generator.rb
new/lib/generators/pundit/install/install_generator.rb
--- old/lib/generators/pundit/install/install_generator.rb 2019-08-14
13:31:38.000000000 +0200
+++ new/lib/generators/pundit/install/install_generator.rb 2021-08-13
11:10:28.000000000 +0200
@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
module Pundit
module Generators
class InstallGenerator < ::Rails::Generators::Base
- source_root File.expand_path('templates', __dir__)
+ source_root File.expand_path("templates", __dir__)
def copy_application_policy
- template 'application_policy.rb', 'app/policies/application_policy.rb'
+ template "application_policy.rb", "app/policies/application_policy.rb"
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lib/generators/pundit/install/templates/application_policy.rb
new/lib/generators/pundit/install/templates/application_policy.rb
--- old/lib/generators/pundit/install/templates/application_policy.rb
2019-08-14 13:31:38.000000000 +0200
+++ new/lib/generators/pundit/install/templates/application_policy.rb
2021-08-13 11:10:28.000000000 +0200
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
class ApplicationPolicy
attr_reader :user, :record
@@ -35,8 +37,6 @@
end
class Scope
- attr_reader :user, :scope
-
def initialize(user, scope)
@user = user
@scope = scope
@@ -45,5 +45,9 @@
def resolve
scope.all
end
+
+ private
+
+ attr_reader :user, :scope
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/generators/pundit/policy/policy_generator.rb
new/lib/generators/pundit/policy/policy_generator.rb
--- old/lib/generators/pundit/policy/policy_generator.rb 2019-08-14
13:31:38.000000000 +0200
+++ new/lib/generators/pundit/policy/policy_generator.rb 2021-08-13
11:10:28.000000000 +0200
@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
module Pundit
module Generators
class PolicyGenerator < ::Rails::Generators::NamedBase
- source_root File.expand_path('templates', __dir__)
+ source_root File.expand_path("templates", __dir__)
def create_policy
- template 'policy.rb', File.join('app/policies', class_path,
"#{file_name}_policy.rb")
+ template "policy.rb", File.join("app/policies", class_path,
"#{file_name}_policy.rb")
end
hook_for :test_framework
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/generators/rspec/policy_generator.rb
new/lib/generators/rspec/policy_generator.rb
--- old/lib/generators/rspec/policy_generator.rb 2019-08-14
13:31:38.000000000 +0200
+++ new/lib/generators/rspec/policy_generator.rb 2021-08-13
11:10:28.000000000 +0200
@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
module Rspec
module Generators
class PolicyGenerator < ::Rails::Generators::NamedBase
- source_root File.expand_path('templates', __dir__)
+ source_root File.expand_path("templates", __dir__)
def create_policy_spec
- template 'policy_spec.rb', File.join('spec/policies', class_path,
"#{file_name}_policy_spec.rb")
+ template "policy_spec.rb", File.join("spec/policies", class_path,
"#{file_name}_policy_spec.rb")
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/generators/test_unit/policy_generator.rb
new/lib/generators/test_unit/policy_generator.rb
--- old/lib/generators/test_unit/policy_generator.rb 2019-08-14
13:31:38.000000000 +0200
+++ new/lib/generators/test_unit/policy_generator.rb 2021-08-13
11:10:28.000000000 +0200
@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
module TestUnit
module Generators
class PolicyGenerator < ::Rails::Generators::NamedBase
- source_root File.expand_path('templates', __dir__)
+ source_root File.expand_path("templates", __dir__)
def create_policy_test
- template 'policy_test.rb', File.join('test/policies', class_path,
"#{file_name}_policy_test.rb")
+ template "policy_test.rb", File.join("test/policies", class_path,
"#{file_name}_policy_test.rb")
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/pundit/policy_finder.rb
new/lib/pundit/policy_finder.rb
--- old/lib/pundit/policy_finder.rb 2019-08-14 13:31:38.000000000 +0200
+++ new/lib/pundit/policy_finder.rb 2021-08-13 11:10:28.000000000 +0200
@@ -68,7 +68,7 @@
end
end
- private
+ private
def find(subject)
if subject.is_a?(Array)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/pundit/rspec.rb new/lib/pundit/rspec.rb
--- old/lib/pundit/rspec.rb 2019-08-14 13:31:38.000000000 +0200
+++ new/lib/pundit/rspec.rb 2021-08-13 11:10:28.000000000 +0200
@@ -1,7 +1,5 @@
# frozen_string_literal: true
-require "active_support/core_ext/array/conversions"
-
module Pundit
module RSpec
module Matchers
@@ -74,17 +72,9 @@
end
RSpec.configure do |config|
- if RSpec::Core::Version::STRING.split(".").first.to_i >= 3
- config.include(
- Pundit::RSpec::PolicyExampleGroup,
- type: :policy,
- file_path: %r{spec/policies}
- )
- else
- config.include(
- Pundit::RSpec::PolicyExampleGroup,
- type: :policy,
- example_group: { file_path: %r{spec/policies} }
- )
- end
+ config.include(
+ Pundit::RSpec::PolicyExampleGroup,
+ type: :policy,
+ file_path: %r{spec/policies}
+ )
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/pundit/version.rb new/lib/pundit/version.rb
--- old/lib/pundit/version.rb 2019-08-14 13:31:38.000000000 +0200
+++ new/lib/pundit/version.rb 2021-08-13 11:10:28.000000000 +0200
@@ -1,5 +1,5 @@
# frozen_string_literal: true
module Pundit
- VERSION = "2.1.0".freeze
+ VERSION = "2.1.1"
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/pundit.rb new/lib/pundit.rb
--- old/lib/pundit.rb 2019-08-14 13:31:38.000000000 +0200
+++ new/lib/pundit.rb 2021-08-13 11:10:28.000000000 +0200
@@ -15,7 +15,7 @@
# @api public
module Pundit
- SUFFIX = "Policy".freeze
+ SUFFIX = "Policy"
# @api private
module Generators; end
@@ -71,7 +71,7 @@
raise NotAuthorizedError, query: query, record: record, policy: policy
unless policy.public_send(query)
- record
+ record.is_a?(Array) ? record.last : record
end
# Retrieves the policy scope for the given record.
@@ -124,7 +124,7 @@
# @return [Object, nil] instance of policy class with query methods
def policy(user, record)
policy = PolicyFinder.new(record).policy
- policy.new(user, pundit_model(record)) if policy
+ policy&.new(user, pundit_model(record))
rescue ArgumentError
raise InvalidConstructorError, "Invalid #<#{policy}> constructor is
called"
end
@@ -144,7 +144,7 @@
raise InvalidConstructorError, "Invalid #<#{policy}> constructor is
called"
end
- private
+ private
def pundit_model(record)
record.is_a?(Array) ? record.last : record
@@ -167,7 +167,7 @@
end
end
-protected
+ protected
# @return [Boolean] whether authorization has been performed, i.e. whether
# one {#authorize} or {#skip_authorization} has been called
@@ -222,7 +222,7 @@
raise NotAuthorizedError, query: query, record: record, policy: policy
unless policy.public_send(query)
- record
+ record.is_a?(Array) ? record.last : record
end
# Allow this action not to perform authorization.
@@ -317,7 +317,7 @@
current_user
end
-private
+ private
def pundit_policy_scope(scope)
policy_scopes[scope] ||= Pundit.policy_scope!(pundit_user, scope)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2019-08-14 13:31:38.000000000 +0200
+++ new/metadata 2021-08-13 11:10:28.000000000 +0200
@@ -1,7 +1,7 @@
--- !ruby/object:Gem::Specification
name: pundit
version: !ruby/object:Gem::Version
- version: 2.1.0
+ version: 2.1.1
platform: ruby
authors:
- Jonas Nicklas
@@ -9,7 +9,7 @@
autorequire:
bindir: bin
cert_chain: []
-date: 2019-08-14 00:00:00.000000000 Z
+date: 2021-08-13 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: activesupport
@@ -101,28 +101,42 @@
requirements:
- - ">="
- !ruby/object:Gem::Version
- version: 2.0.0
+ version: 3.0.0
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - ">="
- !ruby/object:Gem::Version
- version: 2.0.0
+ version: 3.0.0
- !ruby/object:Gem::Dependency
name: rubocop
requirement: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 0.57.2
+ version: 0.74.0
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 0.57.2
+ version: 0.74.0
+- !ruby/object:Gem::Dependency
+ name: simplecov
+ requirement: !ruby/object:Gem::Requirement
+ requirements:
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: 0.17.0
+ type: :development
+ prerelease: false
+ version_requirements: !ruby/object:Gem::Requirement
+ requirements:
+ - - ">="
+ - !ruby/object:Gem::Version
+ version: 0.17.0
- !ruby/object:Gem::Dependency
name: yard
requirement: !ruby/object:Gem::Requirement
@@ -194,7 +208,7 @@
- !ruby/object:Gem::Version
version: '0'
requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.2.25
signing_key:
specification_version: 4
summary: OO authorization for Rails
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pundit.gemspec new/pundit.gemspec
--- old/pundit.gemspec 2019-08-14 13:31:38.000000000 +0200
+++ new/pundit.gemspec 2021-08-13 11:10:28.000000000 +0200
@@ -25,7 +25,8 @@
gem.add_development_dependency "bundler"
gem.add_development_dependency "pry"
gem.add_development_dependency "rake"
- gem.add_development_dependency "rspec", ">= 2.0.0"
- gem.add_development_dependency "rubocop", "0.57.2"
+ gem.add_development_dependency "rspec", ">= 3.0.0"
+ gem.add_development_dependency "rubocop", "0.74.0"
+ gem.add_development_dependency "simplecov", ">= 0.17.0"
gem.add_development_dependency "yard"
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/policies/post_policy_spec.rb
new/spec/policies/post_policy_spec.rb
--- old/spec/policies/post_policy_spec.rb 2019-08-14 13:31:38.000000000
+0200
+++ new/spec/policies/post_policy_spec.rb 2021-08-13 11:10:28.000000000
+0200
@@ -2,7 +2,7 @@
require "spec_helper"
-describe PostPolicy do
+RSpec.describe PostPolicy do
let(:user) { double }
let(:own_post) { double(user: user) }
let(:other_post) { double(user: double) }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/policy_finder_spec.rb
new/spec/policy_finder_spec.rb
--- old/spec/policy_finder_spec.rb 2019-08-14 13:31:38.000000000 +0200
+++ new/spec/policy_finder_spec.rb 2021-08-13 11:10:28.000000000 +0200
@@ -2,7 +2,7 @@
require "spec_helper"
-describe Pundit::PolicyFinder do
+RSpec.describe Pundit::PolicyFinder do
let(:user) { double }
let(:post) { Post.new(user) }
let(:comment) { CommentFourFiveSix.new }
@@ -24,37 +24,100 @@
end
describe "#policy" do
- subject { described_class.new(post) }
+ context "with an instance" do
+ it "returns the associated policy" do
+ object = described_class.new(post)
+
+ expect(object.policy).to eq PostPolicy
+ end
+ end
+
+ context "with an array of symbols" do
+ it "returns the associated namespaced policy" do
+ object = described_class.new(%i[project post])
+
+ expect(object.policy).to eq Project::PostPolicy
+ end
+ end
+
+ context "with an array of a symbol and an instance" do
+ it "returns the associated namespaced policy" do
+ object = described_class.new([:project, post])
- it "returns a policy" do
- expect(subject.policy).to eq PostPolicy
+ expect(object.policy).to eq Project::PostPolicy
+ end
end
- context "with a string" do
- it "returns a policy" do
- allow(subject).to receive(:find).and_return "PostPolicy"
- expect(subject.policy).to eq PostPolicy
+ context "with an array of a symbol and a class with a specified policy
class" do
+ it "returns the associated namespaced policy" do
+ object = described_class.new([:project, Customer::Post])
+
+ expect(object.policy).to eq Project::PostPolicy
+ end
+ end
+
+ context "with an array of a symbol and a class with a specified model
name" do
+ it "returns the associated namespaced policy" do
+ object = described_class.new([:project, CommentsRelation])
+
+ expect(object.policy).to eq Project::CommentPolicy
end
end
context "with a class" do
- it "returns a policy" do
- allow(subject).to receive(:find).and_return PostPolicy
- expect(subject.policy).to eq PostPolicy
+ it "returns the associated policy" do
+ object = described_class.new(Post)
+
+ expect(object.policy).to eq PostPolicy
+ end
+ end
+
+ context "with a class which has a specified policy class" do
+ it "returns the associated policy" do
+ object = described_class.new(Customer::Post)
+
+ expect(object.policy).to eq PostPolicy
+ end
+ end
+
+ context "with an instance which has a specified policy class" do
+ it "returns the associated policy" do
+ object = described_class.new(Customer::Post.new(user))
+
+ expect(object.policy).to eq PostPolicy
+ end
+ end
+
+ context "with a class which has a specified model name" do
+ it "returns the associated policy" do
+ object = described_class.new(CommentsRelation)
+
+ expect(object.policy).to eq CommentPolicy
+ end
+ end
+
+ context "with an instance which has a specified policy class" do
+ it "returns the associated policy" do
+ object = described_class.new(CommentsRelation.new)
+
+ expect(object.policy).to eq CommentPolicy
end
end
context "with nil" do
- it "returns nil" do
- allow(subject).to receive(:find).and_return nil
- expect(subject.policy).to eq nil
+ it "returns a NilClassPolicy" do
+ object = described_class.new(nil)
+
+ expect(object.policy).to eq NilClassPolicy
end
end
- context "with a string that can't be constantized" do
+ context "with a class that doesn't have an associated policy" do
it "returns nil" do
- allow(subject).to receive(:find).and_return "FooPolicy"
- expect(subject.policy).to eq nil
+ class Foo; end
+ object = described_class.new(Foo)
+
+ expect(object.policy).to eq nil
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/pundit_spec.rb new/spec/pundit_spec.rb
--- old/spec/pundit_spec.rb 2019-08-14 13:31:38.000000000 +0200
+++ new/spec/pundit_spec.rb 2021-08-13 11:10:28.000000000 +0200
@@ -2,7 +2,7 @@
require "spec_helper"
-describe Pundit do
+RSpec.describe Pundit do
let(:user) { double }
let(:post) { Post.new(user) }
let(:customer_post) { Customer::Post.new(user) }
@@ -25,6 +25,26 @@
expect(Pundit.authorize(user, post, :update?)).to be_truthy
end
+ it "returns the record on successful authorization" do
+ expect(Pundit.authorize(user, post, :update?)).to eq(post)
+ end
+
+ it "returns the record when passed record with namespace " do
+ expect(Pundit.authorize(user, [:project, comment], :update?)).to
eq(comment)
+ end
+
+ it "returns the record when passed record with nested namespace " do
+ expect(Pundit.authorize(user, [:project, :admin, comment], :update?)).to
eq(comment)
+ end
+
+ it "returns the policy name symbol when passed record with headless
policy" do
+ expect(Pundit.authorize(user, :publication, :create?)).to
eq(:publication)
+ end
+
+ it "returns the class when passed record not a particular instance" do
+ expect(Pundit.authorize(user, Post, :show?)).to eq(Post)
+ end
+
it "can be given a different policy class" do
expect(Pundit.authorize(user, post, :create?, policy_class:
PublicationPolicy)).to be_truthy
end
@@ -410,7 +430,23 @@
end
it "returns the record on successful authorization" do
- expect(controller.authorize(post)).to be(post)
+ expect(controller.authorize(post)).to eq(post)
+ end
+
+ it "returns the record when passed record with namespace " do
+ expect(controller.authorize([:project, comment], :update?)).to
eq(comment)
+ end
+
+ it "returns the record when passed record with nested namespace " do
+ expect(controller.authorize([:project, :admin, comment], :update?)).to
eq(comment)
+ end
+
+ it "returns the policy name symbol when passed record with headless
policy" do
+ expect(controller.authorize(:publication, :create?)).to eq(:publication)
+ end
+
+ it "returns the class when passed record not a particular instance" do
+ expect(controller.authorize(Post, :show?)).to eq(Post)
end
it "can be given a different permission to check" do
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/spec/spec_helper.rb new/spec/spec_helper.rb
--- old/spec/spec_helper.rb 2019-08-14 13:31:38.000000000 +0200
+++ new/spec/spec_helper.rb 2021-08-13 11:10:28.000000000 +0200
@@ -1,5 +1,10 @@
# frozen_string_literal: true
+require "simplecov"
+SimpleCov.start do
+ add_filter "/spec/"
+end
+
require "pundit"
require "pundit/rspec"
@@ -11,22 +16,6 @@
require "active_model/naming"
require "action_controller/metal/strong_parameters"
-I18n.enforce_available_locales = false
-
-module PunditSpecHelper
- extend RSpec::Matchers::DSL
-
- matcher :be_truthy do
- match do |actual|
- actual
- end
- end
-end
-
-RSpec.configure do |config|
- config.include PunditSpecHelper
-end
-
class PostPolicy < Struct.new(:user, :post)
class Scope < Struct.new(:user, :scope)
def resolve
@@ -86,10 +75,6 @@
def self.policy_class
PostPolicy
end
-
- def policy_class
- self.class.policy_class
- end
end
end
@@ -137,7 +122,7 @@
@empty
end
- def model_name
+ def self.model_name
Comment.model_name
end
end
@@ -174,6 +159,10 @@
module Project
class CommentPolicy < Struct.new(:user, :comment)
+ def update?
+ true
+ end
+
class Scope < Struct.new(:user, :scope)
def resolve
scope
@@ -190,6 +179,14 @@
end
end
end
+
+ module Admin
+ class CommentPolicy < Struct.new(:user, :comment)
+ def update?
+ true
+ end
+ end
+ end
end
class DenierPolicy < Struct.new(:user, :record)
@@ -201,9 +198,9 @@
class Controller
include Pundit
# Mark protected methods public so they may be called in test
- # rubocop:disable Layout/AccessModifierIndentation,
Style/AccessModifierDeclarations
+ # rubocop:disable Style/AccessModifierDeclarations
public(*Pundit.protected_instance_methods)
- # rubocop:enable Layout/AccessModifierIndentation,
Style/AccessModifierDeclarations
+ # rubocop:enable Style/AccessModifierDeclarations
attr_reader :current_user, :action_name, :params
