From 95c951ca15f36d14c3b34bcffcca6de805335c05 Mon Sep 17 00:00:00 2001 From: Kim Burgestrand Date: Wed, 7 Aug 2024 15:32:26 +0200 Subject: [PATCH 1/3] Use HTTPS for all URLs, not HTTP --- CODE_OF_CONDUCT.md | 2 +- README.md | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 5bfdf0f8..f2679298 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -25,4 +25,4 @@ maintainers. This Code of Conduct is adapted from the [Contributor Covenant](http:contributor-covenant.org), version 1.0.0, available at -[http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/) +[https://contributor-covenant.org/version/1/0/0/](https://contributor-covenant.org/version/1/0/0/) diff --git a/README.md b/README.md index d1dd6339..7dd32268 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@ [![Main](https://github.com/varvet/pundit/actions/workflows/main.yml/badge.svg)](https://github.com/varvet/pundit/actions/workflows/main.yml) [![Code Climate](https://api.codeclimate.com/v1/badges/a940030f96c9fb43046a/maintainability)](https://codeclimate.com/github/varvet/pundit/maintainability) -[![Inline docs](http://inch-ci.org/github/varvet/pundit.svg?branch=main)](http://inch-ci.org/github/varvet/pundit) -[![Gem Version](https://badge.fury.io/rb/pundit.svg)](http://badge.fury.io/rb/pundit) +[![Inline docs](https://inch-ci.org/github/varvet/pundit.svg?branch=main)](https://inch-ci.org/github/varvet/pundit) +[![Gem Version](https://badge.fury.io/rb/pundit.svg)](https://badge.fury.io/rb/pundit) Pundit provides a set of helpers which guide you in leveraging regular Ruby classes and object oriented design patterns to build a straightforward, robust, and @@ -11,7 +11,7 @@ scalable authorization system. ## Links: -- [API documentation for the most recent version](http://www.rubydoc.info/gems/pundit) +- [API documentation for the most recent version](https://www.rubydoc.info/gems/pundit) - [Source Code](https://github.com/varvet/pundit) - [Contributing](https://github.com/varvet/pundit/blob/main/CONTRIBUTING.md) - [Code of Conduct](https://github.com/varvet/pundit/blob/main/CODE_OF_CONDUCT.md) @@ -496,7 +496,7 @@ end ## Rescuing a denied Authorization in Rails Pundit raises a `Pundit::NotAuthorizedError` you can -[rescue_from](http://guides.rubyonrails.org/action_controller_overview.html#rescue-from) +[rescue_from](https://guides.rubyonrails.org/action_controller_overview.html#rescue-from) in your `ApplicationController`. You can customize the `user_not_authorized` method in every controller. @@ -822,7 +822,7 @@ update? and show? which may be desirable when distributing policy specs as documentation. An alternative approach to Pundit policy specs is scoping them to a user context as outlined in this -[excellent post](http://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/) and implemented in the third party [pundit-matchers](https://github.com/punditcommunity/pundit-matchers) gem. +[excellent post](https://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/) and implemented in the third party [pundit-matchers](https://github.com/punditcommunity/pundit-matchers) gem. ### Scope Specs @@ -841,15 +841,15 @@ inherit_gem: # External Resources - [RailsApps Example Application: Pundit and Devise](https://github.com/RailsApps/rails-devise-pundit) -- [Migrating to Pundit from CanCan](http://blog.carbonfive.com/2013/10/21/migrating-to-pundit-from-cancan/) -- [Testing Pundit Policies with RSpec](http://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/) +- [Migrating to Pundit from CanCan](https://blog.carbonfive.com/2013/10/21/migrating-to-pundit-from-cancan/) +- [Testing Pundit Policies with RSpec](https://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/) - [Testing Pundit with Minitest](https://github.com/varvet/pundit/issues/204#issuecomment-60166450) - [Using Pundit outside of a Rails controller](https://github.com/varvet/pundit/pull/136) -- [Straightforward Rails Authorization with Pundit](http://www.sitepoint.com/straightforward-rails-authorization-with-pundit/) +- [Straightforward Rails Authorization with Pundit](https://www.sitepoint.com/straightforward-rails-authorization-with-pundit/) ## Other implementations -- [Flask-Pundit](https://github.com/anurag90x/flask-pundit) (Python) is a [Flask](http://flask.pocoo.org/) extension "heavily inspired by" Pundit +- [Flask-Pundit](https://github.com/anurag90x/flask-pundit) (Python) is a [Flask](https://flask.pocoo.org/) extension "heavily inspired by" Pundit # License From e862a894de41d0133421e9a67a69fbb50b5bbc6c Mon Sep 17 00:00:00 2001 From: Kim Burgestrand Date: Wed, 7 Aug 2024 15:57:42 +0200 Subject: [PATCH 2/3] Add CHANGELOG-entry for custom rspec description --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 18ad81d0..ec4bb4c9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ - Improve the `NotAuthorizedError` message to include the policy class. Furthermore, in the case where the record passed is a class instead of an instance, the class name is given. (#812) +- Add customizable permit matcher description (#806) ## 2.3.2 (2024-05-08) From 4eb0ba53de1dbbfb1231cd36d4b9b71e4372ed8c Mon Sep 17 00:00:00 2001 From: Kim Burgestrand Date: Wed, 7 Aug 2024 15:58:43 +0200 Subject: [PATCH 3/3] Refactor rspec section to be more visually clear - Adds heading for custom description section. - Shortens custom description section a bit. - Increase priority/visibility of `pundit-matchers`. --- README.md | 41 +++++++++++++++++++---------------------- 1 file changed, 19 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 7dd32268..10cfadb0 100644 --- a/README.md +++ b/README.md @@ -761,6 +761,10 @@ end ### Policy Specs +> [!TIP] +> An alternative approach to Pundit policy specs is scoping them to a user context as outlined in this +[excellent post](https://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/) and implemented in the third party [pundit-matchers](https://github.com/punditcommunity/pundit-matchers) gem. + Pundit includes a mini-DSL for writing expressive tests for your policies in RSpec. Require `pundit/rspec` in your `spec_helper.rb`: @@ -790,40 +794,33 @@ describe PostPolicy do end ``` -You can customize the description used for the `permit` matcher: +### Custom matcher description -``` ruby -Pundit::RSpec::Matchers.description = - "permit the user" +By default rspec includes an inspected `user` and `record` in the matcher description, which might become overly verbose: + +``` +PostPolicy + update? and show? + is expected to permit # and #> ``` -given the spec +You can override the default description with a static string, or a block: ```ruby -permissions :update?, :show? do - it { expect(policy).to permit(user, record) } +# static alternative: Pundit::RSpec::Matchers.description = "permit the user" +Pundit::RSpec::Matchers.description = ->(user, record) do + "permit user with role #{user.role} to access record with ID #{record.id}" end ``` -will change the output from - -``` -update? and show? - is expected to permit # and # -``` - -to +Which would make for a less chatty output: ``` -update? and show? - is expected to permit the user +PostPolicy + update? and show? + is expected to permit user with role admin to access record with ID 130 ``` -which may be desirable when distributing policy specs as documentation. - -An alternative approach to Pundit policy specs is scoping them to a user context as outlined in this -[excellent post](https://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/) and implemented in the third party [pundit-matchers](https://github.com/punditcommunity/pundit-matchers) gem. - ### Scope Specs Pundit does not provide a DSL for testing scopes. Test them like you would a regular Ruby class!