action_policy-graphiti 0.0.1 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/README.md +31 -6
- data/lib/action_policy/graphiti/behaviour.rb +32 -12
- data/lib/action_policy/graphiti/version.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 14c1d111ab3637ca0a0473052745648b29d59eae102983f2352aee57cad48b91
|
4
|
+
data.tar.gz: ef0f1e0ba47fbf1091c471dae9a0b6902c9c63cd238f5325c5af19afe82936db
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 94e2a8414ab817b697a36de4c438e29ed5f9b610b30cf2f551b2598e56e257443a6adabecea6af9d43553376279b024cce266d45ec687b7809157eed9ab7d63a
|
7
|
+
data.tar.gz: 014b16778a53046c51d6851d1e8d8298fbec0840d0dbd6de898441d2f2d71e7fd07b19ae09842de7e7fae0a61462c79c3c736e1ae5e146a6ce7299e815b9184e
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -7,12 +7,10 @@ The following features are currently enabled:
|
|
7
7
|
- Authorization of `create`, `update` and `destroy` actions
|
8
8
|
- Resource scoping
|
9
9
|
|
10
|
-
**This gem is under heavy development
|
10
|
+
**This gem is under heavy development so use it at your own risk!**
|
11
11
|
|
12
12
|
## Installation
|
13
13
|
|
14
|
-
**This gem was not yet released and can be installed only via a github link**
|
15
|
-
|
16
14
|
Add this line to your application's Gemfile:
|
17
15
|
|
18
16
|
```ruby
|
@@ -40,17 +38,44 @@ class TestResource < ApplicationResource
|
|
40
38
|
authorize_action :destroy
|
41
39
|
end
|
42
40
|
```
|
41
|
+
|
42
|
+
Or certain action shortcuts may be used (pay attention to explicit policies and actions):
|
43
|
+
|
44
|
+
```ruby
|
45
|
+
class TestResource < ApplicationResource
|
46
|
+
include ActionPolicy::Graphiti::Behaviour
|
47
|
+
|
48
|
+
authorize_create to: :manage_but_not_destroy?
|
49
|
+
authorize_update with: 'TestExplicitPolicy', to: :manage_but_not_destroy?
|
50
|
+
authorize_destroy
|
51
|
+
end
|
52
|
+
```
|
53
|
+
|
54
|
+
**Note:** current implementation requires you to use policy names (when specifying explicit policies) instead of classes since it is not guaranteed that policy classes are already loaded **before** the resource classes load.
|
55
|
+
|
43
56
|
**Note:** current implementation requires you to place `authorize_` directives **after** `before_save` and `before_destroy` hooks (since it is adding authorization checks as hooks and we want them to be called **after** all the regular hooks were completed).
|
44
57
|
|
45
|
-
Scoping is done via adding the following class method call:
|
58
|
+
Scoping is done via adding the following class method call (you can specify the explicit policy using `with` argument):
|
46
59
|
```ruby
|
47
60
|
class TestResource < ApplicationResource
|
48
61
|
include ActionPolicy::Graphiti::Behaviour
|
49
62
|
|
50
|
-
authorize_scope
|
63
|
+
authorize_scope with: 'TestExplicitPolicy'
|
64
|
+
# or just plain authorize_scope
|
51
65
|
end
|
52
66
|
```
|
53
|
-
|
67
|
+
|
68
|
+
You can also use a handy shortcut (you can also use an explicit `with` argument just as with other `authorize_` class methods) to authorize `create`, `update`, `destroy` methods and also apply scoping:
|
69
|
+
```ruby
|
70
|
+
class TestResource < ApplicationResource
|
71
|
+
include ActionPolicy::Graphiti::Behaviour
|
72
|
+
|
73
|
+
authorize_and_scope_all with: 'TestExplicitPolicy'
|
74
|
+
# or just plain authorize_and_scope_all if you want to deduce the policy class
|
75
|
+
end
|
76
|
+
```
|
77
|
+
|
78
|
+
**Note:** current implementation requires you to place `authorize_scope` (and `authorize_and_scope_all` too) call **after** the explicit `base_scope` method (scoping is performed by base scope results modification).
|
54
79
|
|
55
80
|
You can also use authorization context building inside Graphiti resources (just like with Action Policy in controllers):
|
56
81
|
```ruby
|
@@ -12,17 +12,23 @@ module ActionPolicy
|
|
12
12
|
AUTHORIZABLE_ACTIONS = %i[create update destroy].freeze
|
13
13
|
IMPLICITLY_AUTHORIZABLE_ACTIONS = %i[index show].freeze
|
14
14
|
|
15
|
-
def authorize_action(action, **arguments)
|
15
|
+
def authorize_action(action, to: nil, with: nil, **arguments)
|
16
16
|
if AUTHORIZABLE_ACTIONS.include?(action)
|
17
|
-
rule = "#{action}?".to_sym
|
18
|
-
|
19
17
|
callback_and_arguments = callback_and_arguments_for_action(action)
|
20
18
|
|
21
19
|
callback = callback_and_arguments[:callback]
|
22
20
|
callback_arguments = callback_and_arguments[:arguments]
|
23
21
|
|
24
22
|
send(callback, **callback_arguments) do |model|
|
25
|
-
|
23
|
+
rule = to || "#{action}?".to_sym
|
24
|
+
|
25
|
+
policy = if with
|
26
|
+
with.is_a?(String) ? ActiveSupport::Inflector.safe_constantize(with) : with
|
27
|
+
else
|
28
|
+
ActionPolicy.lookup(self)
|
29
|
+
end
|
30
|
+
|
31
|
+
authorize! model, with: policy, to: rule, **arguments
|
26
32
|
end
|
27
33
|
elsif IMPLICITLY_AUTHORIZABLE_ACTIONS.include?(action)
|
28
34
|
raise ArgumentError, "Index and show authorization is done implicitly by scoping"
|
@@ -46,28 +52,42 @@ module ActionPolicy
|
|
46
52
|
}
|
47
53
|
end
|
48
54
|
|
49
|
-
def authorize_create
|
50
|
-
authorize_action(:create)
|
55
|
+
def authorize_create(**arguments)
|
56
|
+
authorize_action(:create, **arguments)
|
51
57
|
end
|
52
58
|
|
53
|
-
def authorize_update
|
54
|
-
authorize_action(:update)
|
59
|
+
def authorize_update(**arguments)
|
60
|
+
authorize_action(:update, **arguments)
|
55
61
|
end
|
56
62
|
|
57
|
-
def authorize_destroy
|
58
|
-
authorize_action(:destroy)
|
63
|
+
def authorize_destroy(**arguments)
|
64
|
+
authorize_action(:destroy, **arguments)
|
59
65
|
end
|
60
66
|
|
61
|
-
def authorize_scope(_scope_name = nil)
|
67
|
+
def authorize_scope(_scope_name = nil, with: nil)
|
62
68
|
original_base_scope = instance_method(:base_scope)
|
63
69
|
|
64
70
|
define_method(:base_scope) do |*args, &block|
|
71
|
+
policy = if with
|
72
|
+
with.is_a?(String) ? ActiveSupport::Inflector.safe_constantize(with) : with
|
73
|
+
else
|
74
|
+
ActionPolicy.lookup(self)
|
75
|
+
end
|
76
|
+
|
65
77
|
authorized_scope(
|
66
78
|
original_base_scope.bind(self).call(*args, &block),
|
67
|
-
with:
|
79
|
+
with: policy
|
68
80
|
)
|
69
81
|
end
|
70
82
|
end
|
83
|
+
|
84
|
+
def authorize_and_scope_all(**arguments)
|
85
|
+
authorize_scope(**arguments)
|
86
|
+
|
87
|
+
authorize_create(**arguments)
|
88
|
+
authorize_update(**arguments)
|
89
|
+
authorize_destroy(**arguments)
|
90
|
+
end
|
71
91
|
end
|
72
92
|
|
73
93
|
def self.included(base)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: action_policy-graphiti
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Andrei Mochalov
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-06-
|
11
|
+
date: 2023-06-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: action_policy
|
@@ -70,28 +70,28 @@ dependencies:
|
|
70
70
|
name: rake
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
|
-
- - "
|
73
|
+
- - "~>"
|
74
74
|
- !ruby/object:Gem::Version
|
75
75
|
version: '13.0'
|
76
76
|
type: :development
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
|
-
- - "
|
80
|
+
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: '13.0'
|
83
83
|
- !ruby/object:Gem::Dependency
|
84
84
|
name: rspec
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
86
86
|
requirements:
|
87
|
-
- - "
|
87
|
+
- - "~>"
|
88
88
|
- !ruby/object:Gem::Version
|
89
89
|
version: '3.8'
|
90
90
|
type: :development
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
|
-
- - "
|
94
|
+
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
96
|
version: '3.8'
|
97
97
|
- !ruby/object:Gem::Dependency
|