All Versions
10
Latest Version
Avg Release Cycle
91 days
Latest Release
759 days ago

Changelog History

  • v1.0.3 Changes

    September 24, 2019

    ๐Ÿ”’ Security fix

    ๐Ÿš€ This releases fix a security issue where in a controller with multiple power directives, the :only and :except options of the last directive was applied to all directives.

    Affected code looks like this:

    class UsersController < ApplicationController
      power :foo
      power :bar, only: :index
    
      ...
    end
    

    In this example both the powers :foo and :bar were only checked for the #index action. Other actions were left unprotected by powers checks.

    Controllers with a single power directive are unaffected. Contollers where neither power uses :only or :except options are unaffected.

    This vulnerability has been assigned the CVE identifier CVE-2019-16377.

    Compatible changes

    • ๐Ÿ‘€ The RSpec matcher check_power now also sees powers inherited by a parent controller.
  • v1.0.2 Changes

    May 22, 2019

    Compatible changes

    • The #arity of power methods with optional arguments is now preserved.
  • v1.0.1 Changes

    February 27, 2019

    Compatible changes

    • ๐Ÿ’Ž Methods defined with power now preserve the arity of their block.
  • v1.0.0 Changes

    February 15, 2019

    ๐Ÿ’ฅ Breaking changes

    • Removed Power.for_record(record). Use Power.for_model(record.class) instead.
    • Removed Power#for_record(record). Use Power#for_model(record.class) instead.
    • Removed Power#name_for_record(record). Use Power#name_for_model(record.class) instead.
  • v0.14.1 Changes

    November 13, 2018

    Compatible changes

    • ๐Ÿ›  inherit power guards upon controller inheritance (fixes #40)
  • v0.14.0 Changes

    October 09, 2018

    ๐Ÿ’ฅ Breaking changes

    • โฌ‡๏ธ drop support for Rails 2.3

    Compatible changes

    • โœ… migrate tests to Gemika
  • v0.13.2 Changes

    October 02, 2018

    Compatible changes

    • Bang methods should return the scope when successful (e.g. power.notes! returns the scope you defined in the power)
    • ๐Ÿ‘Œ improve the error message for scoped powers
  • v0.13.1 Changes

    September 28, 2017

    Compatible changes

    • ๐Ÿ›  Fix controller integration when using ActionController::API.

    Thanks to derekprior.

  • v0.13.0 Changes

    September 05, 2017

    ๐Ÿ’ฅ Breaking change

    • All powers memoize.
  • v0.12.4

    June 23, 2017