Audited.store changes of behavior and impact on rails controller tests #756
Description
Two changes of behavior related to enabling/disabling auditing for a specific model can observed (at least with Rails 6.1.7.4, but I could investigate with other versions if needed). See https://github.com/stripedpumpkin/rails-audited-controller-poc/blob/main/README.md for a simple way to reproduce for different versions of the gem.
In the change from 5.3.0 to 5.4.0 v5.3.0...v5.4.0
the definition of Audited.store is changed to use RequestStore, this breaks the persistence of SomeModel.auditing_enabled after a controller action
In the change from 5.4.3 to 5.6.0 v5.5.0...v5.6.0
the implementation of Audited.store is changed, Audit.store is already cleaned up in the before_action step of the controller leading the change being audited even if SomeModel.auditing_enabled is false. Post-action the store is still emptied.
In practice we get the following changes:
test 'can skip auditing' do
book_copy = book_copies(:poe_poetry_one)
BookCopy.auditing_enabled = false
# assertion holds in audited 5.3.0, 5.4.0 and 5.5.0
# assertion does not hold in 5.6.0
assert_no_difference 'Audited::Audit.count' do
patch(
book_copy_path(book_copy.id),
params: {
book_copy: {
state: 'acceptable'
}
}
)
end
assert_response :success
# Assertions holds in audited 5.3.0
# but not in audited 5.4.0 or 5.5.0 or 5.6.0
assert_equal false, BookCopy.auditing_enabled
end
So in particular in 5.6.0 onwards the change is audited despite setting BookCopy.auditing_enabled = false.