lib/pundit.rb in pundit-2.1.0 vs lib/pundit.rb in pundit-2.1.1

@@ -13,11 +13,11 @@
 # keep it here with compact class style definition.
 class Pundit::Error < StandardError; end # rubocop:disable Style/ClassAndModuleChildren
 
 # @api public
 module Pundit
-  SUFFIX = "Policy".freeze
+  SUFFIX = "Policy"
 
   # @api private
   module Generators; end
 
   # Error that will be raised when authorization has failed
@@ -69,11 +69,11 @@
     def authorize(user, record, query, policy_class: nil)
       policy = policy_class ? policy_class.new(user, record) : policy!(user, record)
 
       raise NotAuthorizedError, query: query, record: record, policy: policy unless policy.public_send(query)
 
-      record
+      record.is_a?(Array) ? record.last : record
     end
 
     # Retrieves the policy scope for the given record.
     #
     # @see https://github.com/varvet/pundit#scopes
@@ -122,11 +122,11 @@
     # @param record [Object] the object we're retrieving the policy for
     # @raise [InvalidConstructorError] if the policy constructor called incorrectly
     # @return [Object, nil] instance of policy class with query methods
     def policy(user, record)
       policy = PolicyFinder.new(record).policy
-      policy.new(user, pundit_model(record)) if policy
+      policy&.new(user, pundit_model(record))
     rescue ArgumentError
       raise InvalidConstructorError, "Invalid #<#{policy}> constructor is called"
     end
 
     # Retrieves the policy for the given record.
@@ -142,11 +142,11 @@
       policy.new(user, pundit_model(record))
     rescue ArgumentError
       raise InvalidConstructorError, "Invalid #<#{policy}> constructor is called"
     end
 
-  private
+    private
 
     def pundit_model(record)
       record.is_a?(Array) ? record.last : record
     end
   end
@@ -165,11 +165,11 @@
       helper_method :pundit_policy_scope
       helper_method :pundit_user
     end
   end
 
-protected
+  protected
 
   # @return [Boolean] whether authorization has been performed, i.e. whether
   #                   one {#authorize} or {#skip_authorization} has been called
   def pundit_policy_authorized?
     !!@_pundit_policy_authorized
@@ -220,11 +220,11 @@
 
     policy = policy_class ? policy_class.new(pundit_user, record) : policy(record)
 
     raise NotAuthorizedError, query: query, record: record, policy: policy unless policy.public_send(query)
 
-    record
+    record.is_a?(Array) ? record.last : record
   end
 
   # Allow this action not to perform authorization.
   #
   # @see https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used
@@ -315,10 +315,10 @@
   # @return [Object] the user object to be used with pundit
   def pundit_user
     current_user
   end
 
-private
+  private
 
   def pundit_policy_scope(scope)
     policy_scopes[scope] ||= Pundit.policy_scope!(pundit_user, scope)
   end
 end