Scopes have private attr_readers

- Generate application scope with `private` attr readers
- Update documentation to suggest that other scopes should use `private`

There doesn't seem to be a use case for accessing the initialisation
parameters on scopes. In general keeping the public interface of classes
as small as possible can help to keep code decoupled.

CHANGELOG.md

@@ -7,6 +7,10 @@
 - `.authorize` and `#authorize` return the instance, even for namespaced
   policies (#626)
 
+### Changed
+
+- Generate application scope with `protected` attr_readers. (#616)
+
 ### Removed
 
 - Dropped support for Ruby end-of-life versions: 2.1 and 2.2. (#604)

README.md

@@ -220,8 +220,6 @@ define a class called a policy scope. It can look something like this:
 ``` ruby
 class PostPolicy < ApplicationPolicy
   class Scope
-    attr_reader :user, :scope
-
     def initialize(user, scope)
       @user  = user
       @scope = scope
@@ -234,6 +232,10 @@ class PostPolicy < ApplicationPolicy
         scope.where(published: true)
       end
     end
+
+    private
+
+    attr_reader :user, :scope
   end
 
   def update?

lib/generators/pundit/install/templates/application_policy.rb

@@ -37,8 +37,6 @@ class ApplicationPolicy
   end
 
   class Scope
-    attr_reader :user, :scope
-
     def initialize(user, scope)
       @user = user
       @scope = scope
@@ -47,5 +45,9 @@ class ApplicationPolicy
     def resolve
       scope.all
     end
+
+    private
+
+    attr_reader :user, :scope
   end
 end