Merge pull request #692 from sriddbs/ignore-readonly-attrs

Ignore readonly columns in audit
collectiveidea · Jan 11, 2024 · e361f02 · e361f02
2 parents 3b4e52f + ab22a3f
commit e361f02
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 3 deletions.
diff --git a/lib/audited/auditor.rb b/lib/audited/auditor.rb
@@ -231,7 +231,7 @@ def revision_with(attributes)
 
       private
 
-      def audited_changes(for_touch: false)
+      def audited_changes(for_touch: false, exclude_readonly_attrs: false)
         all_changes = if for_touch
           previous_changes
         elsif respond_to?(:changes_to_save)
@@ -240,6 +240,8 @@ def audited_changes(for_touch: false)
           changes
         end
 
+        all_changes = all_changes.except(*self.class.readonly_attributes.to_a) if exclude_readonly_attrs
+
         filtered_changes = \
           if audited_options[:only].present?
             all_changes.slice(*self.class.audited_columns)
@@ -333,14 +335,14 @@ def audit_create
       end
 
       def audit_update
-        unless (changes = audited_changes).empty? && (audit_comment.blank? || audited_options[:update_with_comment_only] == false)
+        unless (changes = audited_changes(exclude_readonly_attrs: true)).empty? && (audit_comment.blank? || audited_options[:update_with_comment_only] == false)
           write_audit(action: "update", audited_changes: changes,
             comment: audit_comment)
         end
       end
 
       def audit_touch
-        unless (changes = audited_changes(for_touch: true)).empty?
+        unless (changes = audited_changes(for_touch: true, exclude_readonly_attrs: true)).empty?
           write_audit(action: "update", audited_changes: changes,
             comment: audit_comment)
         end

diff --git a/spec/audited/auditor_spec.rb b/spec/audited/auditor_spec.rb
@@ -358,6 +358,12 @@ def non_column_attr=(val)
         Models::ActiveRecord::OnUpdateDestroy.create!(name: "Bart")
       }.to_not change(Audited::Audit, :count)
     end
+
+    it "should save readonly columns" do
+      expect {
+        Models::ActiveRecord::UserWithReadOnlyAttrs.create!(name: "Bart")
+      }.to change(Audited::Audit, :count)
+    end
   end
 
   describe "on update" do
@@ -409,6 +415,16 @@ def non_column_attr=(val)
       expect { @user.update_attribute :activated, "1" }.to_not change(Audited::Audit, :count)
     end
 
+    context "with readonly attributes" do
+      before do
+        @user = create_user_with_readonly_attrs(status: "active")
+      end
+
+      it "should not save readonly columns" do
+        expect { @user.update! status: "banned" }.to_not change(Audited::Audit, :count)
+      end
+    end
+
     describe "with no dirty changes" do
       it "does not create an audit if the record is not changed" do
         expect {

diff --git a/spec/audited_spec_helpers.rb b/spec/audited_spec_helpers.rb
@@ -3,6 +3,10 @@ def create_user(attrs = {})
     Models::ActiveRecord::User.create({name: "Brandon", username: "brandon", password: "password", favourite_device: "Android Phone"}.merge(attrs))
   end
 
+  def create_user_with_readonly_attrs(attrs = {})
+    Models::ActiveRecord::UserWithReadOnlyAttrs.create({name: "Brandon", username: "brandon", password: "password", favourite_device: "Android Phone"}.merge(attrs))
+  end
+
   def build_user(attrs = {})
     Models::ActiveRecord::User.new({name: "darth", username: "darth", password: "noooooooo"}.merge(attrs))
   end

diff --git a/spec/support/active_record/models.rb b/spec/support/active_record/models.rb
@@ -54,6 +54,12 @@ class UserWithEncryptedPassword < ::ActiveRecord::Base
       end
     end
 
+    class UserWithReadOnlyAttrs < ::ActiveRecord::Base
+      self.table_name = :users
+      audited
+      attr_readonly :status
+    end
+
     class CommentRequiredUser < ::ActiveRecord::Base
       self.table_name = :users
       audited except: :password, comment_required: true