kotovalexarian-likes-github/varvet--pundit
1
0
Fork 0
mirror of https://github.com/varvet/pundit.git synced 2022-11-09 12:30:11 -05:00
Code Releases Activity
varvet--pundit/pundit.gemspec
Kim Burgestrand 44cfa73d72 Require users to explicitly define Scope#resolve 
Closes https://github.com/varvet/pundit/pull/711 (original issue and pull request)

> A01:2021-Broken Access Control is the category with the most serious web
application security risk.
>
> Using scope.all in templates violates the principle of least privilege
or deny by default, where access should only be granted for particular
capabilities, roles, or users.
>
> This change improves the security of default templates
>
> Ref: https://owasp.org/Top10/A01_2021-Broken_Access_Control/
— by @tagliala (github.com/tagliala)

Co-authored-by: Duncan Stuart <dgmstuart@gmail.com>
2022-02-11 12:52:24 +01:00

33 lines
1.3 KiB
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
lib = File.expand_path("lib", __dir__)
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
require "pundit/version"
Gem::Specification.new do |gem|
gem.name = "pundit"
gem.version = Pundit::VERSION
gem.authors = ["Jonas Nicklas", "Varvet AB"]
gem.email = ["jonas.nicklas@gmail.com", "dev@elabs.se"]
gem.description = "Object oriented authorization for Rails applications"
gem.summary = "OO authorization for Rails"
gem.homepage = "https://github.com/varvet/pundit"
gem.license = "MIT"
gem.files = `git ls-files`.split($INPUT_RECORD_SEPARATOR)
gem.executables = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
gem.require_paths = ["lib"]
gem.add_dependency "activesupport", ">= 3.0.0"
gem.add_development_dependency "actionpack", ">= 3.0.0"
gem.add_development_dependency "activemodel", ">= 3.0.0"
gem.add_development_dependency "bundler"
gem.add_development_dependency "pry"
gem.add_development_dependency "railties", ">= 3.0.0"
gem.add_development_dependency "rake"
gem.add_development_dependency "rspec", ">= 3.0.0"
gem.add_development_dependency "rubocop", "1.24.0"
gem.add_development_dependency "simplecov", ">= 0.17.0"
gem.add_development_dependency "yard"
end
View git blame Copy permalink