RubyGems - action_policy-graphiti - Versions diffs - 0.0.1 - Mend

action_policy-graphiti 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +5 -0
data/LICENSE.txt +21 -0
data/README.md +92 -0
data/lib/action_policy/graphiti/behaviour.rb +80 -0
data/lib/action_policy/graphiti/lookup_chain.rb +22 -0
data/lib/action_policy/graphiti/policy_name_inferrer.rb +22 -0
data/lib/action_policy/graphiti/resource_analyzer.rb +34 -0
data/lib/action_policy/graphiti/resource_validator.rb +28 -0
data/lib/action_policy/graphiti/version.rb +7 -0
data/lib/action_policy/graphiti.rb +20 -0
data/lib/action_policy-graphiti.rb +3 -0
metadata +154 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 7db91afa6d3c7fbc23e5d0551cb462666a488930e6e3faebe4652da3ffc3d31b
+  data.tar.gz: e23d9222e846dd0c649093e296617ed0114a8377f97d28ee13ab36726d65f22c
+SHA512:
+  metadata.gz: 5120f1911ee32eca98396110b06c4173114f1bff437f8e51af7f856e35352166bce58f38d129ab7be4f95618e5a15e6b216a7fc4d16cd7fedc4f9dffcbc7b5a4
+  data.tar.gz: f28b0083a0fe65b96983fa7b53d292852a009cb1a56bf34f83cd1e9bf862e33ec4e66027afbe625a81df633b1bf74a1863a083f5c85ed308010268845e9b42f9

data/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,5 @@
+# Change Log
+## [0.0.1] - 2023-05-02
+- Initial release

data/LICENSE.txt ADDED Viewed

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+Copyright (c) 2023 shrimple.tech
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,92 @@
+# Action Policy Graphiti
+This gem allows you to use [Action Policy](https://github.com/palkan/action_policy) as an authorization framework for [Graphiti](https://www.graphiti.dev) applications.
+The following features are currently enabled:
+- Authorization of `create`, `update` and `destroy` actions
+- Resource scoping
+**This gem is under heavy development, was not yet released (since it is not production ready) so use it at your own risk!**
+## Installation
+**This gem was not yet released and can be installed only via a github link**
+Add this line to your application's Gemfile:
+```ruby
+gem "action_policy-graphiti"
+```
+## Usage
+The integration is done via including a behaviour module into your Graphiti resources:
+```ruby
+class TestResource < ApplicationResource
+  include ActionPolicy::Graphiti::Behaviour
+end
+```
+Authorization of actions is done via using corresponding class methods:
+```ruby
+class TestResource < ApplicationResource
+  include ActionPolicy::Graphiti::Behaviour
+  authorize_action :create
+  authorize_action :update
+  authorize_action :destroy
+end
+```
+**Note:** current implementation requires you to place `authorize_` directives **after** `before_save` and `before_destroy` hooks (since it is adding authorization checks as hooks and we want them to be called **after** all the regular hooks were completed).
+Scoping is done via adding the following class method call:
+```ruby
+class TestResource < ApplicationResource
+  include ActionPolicy::Graphiti::Behaviour
+  authorize_scope
+end
+```
+**Note:** current implementation requires you to place `authorize_scope` call **after** the explicit `base_scope` method (scoping is performed by base scope results modification).
+You can also use authorization context building inside Graphiti resources (just like with Action Policy in controllers):
+```ruby
+class TestResource < ApplicationResource
+  include ActionPolicy::Graphiti::Behaviour
+  authorize :parameter, through: :acquire_parameter
+  def acquire_parameter
+    # Your code goes here
+  end
+end
+```
+Or in a base class:
+```ruby
+class ApplicationResource < Graphiti::Resource
+  include ActionPolicy::Graphiti::Behaviour
+  authorize :parameter, through: :acquire_parameter
+  def acquire_parameter
+    # Your code goes here
+  end
+end
+```
+And then in a corresponding policy:
+```ruby
+class ApplicationPolicy < ActionPolicy::Base
+  authorize :parameter
+end
+```
+## Contributing
+Bug reports and pull requests are welcome on GitHub at https://github.com/shrimple-tech/action_policy-graphiti.
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/lib/action_policy/graphiti/behaviour.rb ADDED Viewed

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+require "action_policy/graphiti/lookup_chain"
+module ActionPolicy
+  module Graphiti
+    # Automatically authorize actions
+    module Behaviour
+      # Authorization configuration class methods
+      # Meant to be used in Graphiti resources
+      module ClassMethods
+        AUTHORIZABLE_ACTIONS = %i[create update destroy].freeze
+        IMPLICITLY_AUTHORIZABLE_ACTIONS = %i[index show].freeze
+        def authorize_action(action, **arguments)
+          if AUTHORIZABLE_ACTIONS.include?(action)
+            rule = "#{action}?".to_sym
+            callback_and_arguments = callback_and_arguments_for_action(action)
+            callback = callback_and_arguments[:callback]
+            callback_arguments = callback_and_arguments[:arguments]
+            send(callback, **callback_arguments) do |model|
+              authorize! model, with: ActionPolicy.lookup(self), to: rule, **arguments
+            end
+          elsif IMPLICITLY_AUTHORIZABLE_ACTIONS.include?(action)
+            raise ArgumentError, "Index and show authorization is done implicitly by scoping"
+          else
+            raise ArgumentError, "Unknown action cannot be authorized"
+          end
+        end
+        def callback_and_arguments_for_action(action)
+          if action == :destroy
+            callback = :before_destroy
+            arguments = {}
+          else
+            callback = :before_save
+            arguments = { only: [action] }
+          end
+          {
+            callback: callback,
+            arguments: arguments
+          }
+        end
+        def authorize_create
+          authorize_action(:create)
+        end
+        def authorize_update
+          authorize_action(:update)
+        end
+        def authorize_destroy
+          authorize_action(:destroy)
+        end
+        def authorize_scope(_scope_name = nil)
+          original_base_scope = instance_method(:base_scope)
+          define_method(:base_scope) do |*args, &block|
+            authorized_scope(
+              original_base_scope.bind(self).call(*args, &block),
+              with: ActionPolicy.lookup(self)
+            )
+          end
+        end
+      end
+      def self.included(base)
+        base.include(ActionPolicy::Behaviour)
+        base.extend(ClassMethods)
+      end
+    end
+  end
+end

data/lib/action_policy/graphiti/lookup_chain.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+require "action_policy/graphiti/policy_name_inferrer"
+module ActionPolicy
+  # Allow policies to be found not only for ActiveRecords
+  # but for Graphiti Resources (<EntityName>Resource) too
+  module LookupChain
+    INFER_FROM_RESOURCE_CLASS = lambda do |resource, namespace: nil, strict_namespace: false, **_options|
+      policy_name = Graphiti::PolicyNameInferrer.infer(resource)
+      lookup_within_namespace(policy_name, namespace, strict: strict_namespace)
+    end
+    INFER_FOR_BASE_FROM_POLYMORPHIC_RESOURCE_CLASS = lambda do |resource, namespace: nil, strict_namespace: false, **_options|
+      policy_name = Graphiti::PolicyNameInferrer.infer_polymorphic(resource)
+      lookup_within_namespace(policy_name, namespace, strict: strict_namespace)
+    end
+    chain << ActionPolicy::LookupChain::INFER_FROM_RESOURCE_CLASS
+    chain << ActionPolicy::LookupChain::INFER_FOR_BASE_FROM_POLYMORPHIC_RESOURCE_CLASS
+  end
+end

data/lib/action_policy/graphiti/policy_name_inferrer.rb ADDED Viewed

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+require "action_policy/graphiti/resource_analyzer"
+module ActionPolicy
+  module Graphiti
+    # Infer policy names for Graphiti resources
+    module PolicyNameInferrer
+      def self.infer(resource)
+        model_name = ResourceAnalyzer.model_name(resource)
+        "#{model_name}Policy" if model_name
+      end
+      def self.infer_polymorphic(resource)
+        base_model_name = ResourceAnalyzer.base_model_name(resource)
+        "#{base_model_name}Policy" if base_model_name
+      end
+    end
+  end
+end

data/lib/action_policy/graphiti/resource_analyzer.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+require "action_policy/graphiti/resource_validator"
+module ActionPolicy
+  module Graphiti
+    # A helper module used to get resource details
+    module ResourceAnalyzer
+      def self.resource_class(resource)
+        return unless ResourceValidator.graphiti_resource?(resource)
+        resource.is_a?(Class) ? resource : resource.class
+      end
+      def self.base_resource_class(polymorphic_resource)
+        return unless ResourceValidator.polymorphic_graphiti_resource?(polymorphic_resource)
+        resource_class = resource.is_a?(Class) ? resource : resource.class
+        polymorphic_marker_index = resource_class.ancestors.find_index(::Graphiti::Resource::Polymorphism)
+        resource_class.ancestors[polymorphic_marker_index + 1]
+      end
+      def self.model_name(resource)
+        resource_class(resource)&.name&.delete_suffix("Resource")
+      end
+      def self.base_model_name(polymorphic_resource)
+        base_resource_class(polymorphic_resource)&.name&.delete_suffix("Resource")
+      end
+    end
+  end
+end

data/lib/action_policy/graphiti/resource_validator.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+module ActionPolicy
+  module Graphiti
+    # Validate Graphiti resources
+    # Provides a few helpers mostly used in policy class lookups
+    module ResourceValidator
+      def self.graphiti_resource?(resource)
+        resource_class = resource.is_a?(Class) ? resource : resource.class
+        return unless resource_class.name.end_with?("Resource") &&
+                      resource_class.ancestors.include?(::Graphiti::Resource)
+        true
+      end
+      def self.polymorphic_graphiti_resource?(resource)
+        resource_class = resource.is_a?(Class) ? resource : resource.class
+        return unless resource_class.name.end_with?("Resource") &&
+                      resource_class.ancestors.include?(::Graphiti::Resource::Polymorphism) &&
+                      resource_class.ancestors.include?(::Graphiti::Resource)
+        true
+      end
+    end
+  end
+end

data/lib/action_policy/graphiti/version.rb ADDED Viewed

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+module ActionPolicy
+  module Graphiti
+    VERSION = "0.0.1"
+  end
+end

data/lib/action_policy/graphiti.rb ADDED Viewed

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+require "graphiti"
+require "action_policy"
+require "active_support"
+require "action_policy/graphiti/behaviour"
+module ActionPolicy
+  # Top-level module for ActionPolicy - Graphiti integration
+  module Graphiti
+    class << self
+      # Which rule to use when no specified (e.g. `authorize: true`)
+      # Defaults to `:show?`
+      attr_accessor :default_authorize_rule
+    end
+    self.default_authorize_rule = :show?
+  end
+end

data/lib/action_policy-graphiti.rb ADDED Viewed

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+require "action_policy/graphiti"

metadata ADDED Viewed

@@ -0,0 +1,154 @@
+--- !ruby/object:Gem::Specification
+name: action_policy-graphiti
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Andrei Mochalov
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2023-06-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: action_policy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: graphiti
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.8'
+- !ruby/object:Gem::Dependency
+  name: solargraph
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.41'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.41'
+description: This gem allows you to use a JSON:API implementation (Graphiti) with
+  ActionPolicy
+email:
+- factyy@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- lib/action_policy-graphiti.rb
+- lib/action_policy/graphiti.rb
+- lib/action_policy/graphiti/behaviour.rb
+- lib/action_policy/graphiti/lookup_chain.rb
+- lib/action_policy/graphiti/policy_name_inferrer.rb
+- lib/action_policy/graphiti/resource_analyzer.rb
+- lib/action_policy/graphiti/resource_validator.rb
+- lib/action_policy/graphiti/version.rb
+homepage: https://github.com/shrimple-tech/action_policy-graphiti
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/shrimple-tech/action_policy-graphiti
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.10
+signing_key:
+specification_version: 4
+summary: This gem allows you to use a JSON:API implementation (Graphiti) with ActionPolicy.
+test_files: []