action_policy-graphiti 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 7db91afa6d3c7fbc23e5d0551cb462666a488930e6e3faebe4652da3ffc3d31b
+  data.tar.gz: e23d9222e846dd0c649093e296617ed0114a8377f97d28ee13ab36726d65f22c
+SHA512:
+  metadata.gz: 5120f1911ee32eca98396110b06c4173114f1bff437f8e51af7f856e35352166bce58f38d129ab7be4f95618e5a15e6b216a7fc4d16cd7fedc4f9dffcbc7b5a4
+  data.tar.gz: f28b0083a0fe65b96983fa7b53d292852a009cb1a56bf34f83cd1e9bf862e33ec4e66027afbe625a81df633b1bf74a1863a083f5c85ed308010268845e9b42f9

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+# Change Log
+
+## [0.0.1] - 2023-05-02
+
+- Initial release

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2023 shrimple.tech
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,92 @@
+# Action Policy Graphiti
+
+This gem allows you to use [Action Policy](https://github.com/palkan/action_policy) as an authorization framework for [Graphiti](https://www.graphiti.dev) applications.
+
+The following features are currently enabled:
+
+- Authorization of `create`, `update` and `destroy` actions
+- Resource scoping
+
+**This gem is under heavy development, was not yet released (since it is not production ready) so use it at your own risk!**
+
+## Installation
+
+**This gem was not yet released and can be installed only via a github link**
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem "action_policy-graphiti"
+```
+
+## Usage
+
+The integration is done via including a behaviour module into your Graphiti resources:
+
+```ruby
+class TestResource < ApplicationResource
+  include ActionPolicy::Graphiti::Behaviour
+end
+```
+
+Authorization of actions is done via using corresponding class methods:
+
+```ruby
+class TestResource < ApplicationResource
+  include ActionPolicy::Graphiti::Behaviour
+  
+  authorize_action :create
+  authorize_action :update
+  authorize_action :destroy
+end
+```
+**Note:** current implementation requires you to place `authorize_` directives **after** `before_save` and `before_destroy` hooks (since it is adding authorization checks as hooks and we want them to be called **after** all the regular hooks were completed).
+
+Scoping is done via adding the following class method call: 
+```ruby
+class TestResource < ApplicationResource
+  include ActionPolicy::Graphiti::Behaviour
+  
+  authorize_scope
+end
+```
+**Note:** current implementation requires you to place `authorize_scope` call **after** the explicit `base_scope` method (scoping is performed by base scope results modification).
+
+You can also use authorization context building inside Graphiti resources (just like with Action Policy in controllers):
+```ruby
+class TestResource < ApplicationResource
+  include ActionPolicy::Graphiti::Behaviour
+  
+  authorize :parameter, through: :acquire_parameter
+  
+  def acquire_parameter
+    # Your code goes here
+  end
+end
+```
+Or in a base class:
+```ruby
+class ApplicationResource < Graphiti::Resource
+  include ActionPolicy::Graphiti::Behaviour
+  
+  authorize :parameter, through: :acquire_parameter
+  
+  def acquire_parameter
+    # Your code goes here
+  end
+end
+```
+And then in a corresponding policy:
+```ruby
+class ApplicationPolicy < ActionPolicy::Base
+  authorize :parameter
+end
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/shrimple-tech/action_policy-graphiti.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/lib/action_policy/graphiti/behaviour.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require "action_policy/graphiti/lookup_chain"
+
+module ActionPolicy
+  module Graphiti
+    # Automatically authorize actions
+    module Behaviour
+      # Authorization configuration class methods
+      # Meant to be used in Graphiti resources
+      module ClassMethods
+        AUTHORIZABLE_ACTIONS = %i[create update destroy].freeze
+        IMPLICITLY_AUTHORIZABLE_ACTIONS = %i[index show].freeze
+
+        def authorize_action(action, **arguments)
+          if AUTHORIZABLE_ACTIONS.include?(action)
+            rule = "#{action}?".to_sym
+
+            callback_and_arguments = callback_and_arguments_for_action(action)
+
+            callback = callback_and_arguments[:callback]
+            callback_arguments = callback_and_arguments[:arguments]
+
+            send(callback, **callback_arguments) do |model|
+              authorize! model, with: ActionPolicy.lookup(self), to: rule, **arguments
+            end
+          elsif IMPLICITLY_AUTHORIZABLE_ACTIONS.include?(action)
+            raise ArgumentError, "Index and show authorization is done implicitly by scoping"
+          else
+            raise ArgumentError, "Unknown action cannot be authorized"
+          end
+        end
+
+        def callback_and_arguments_for_action(action)
+          if action == :destroy
+            callback = :before_destroy
+            arguments = {}
+          else
+            callback = :before_save
+            arguments = { only: [action] }
+          end
+
+          {
+            callback: callback,
+            arguments: arguments
+          }
+        end
+
+        def authorize_create
+          authorize_action(:create)
+        end
+
+        def authorize_update
+          authorize_action(:update)
+        end
+
+        def authorize_destroy
+          authorize_action(:destroy)
+        end
+
+        def authorize_scope(_scope_name = nil)
+          original_base_scope = instance_method(:base_scope)
+
+          define_method(:base_scope) do |*args, &block|
+            authorized_scope(
+              original_base_scope.bind(self).call(*args, &block),
+              with: ActionPolicy.lookup(self)
+            )
+          end
+        end
+      end
+
+      def self.included(base)
+        base.include(ActionPolicy::Behaviour)
+
+        base.extend(ClassMethods)
+      end
+    end
+  end
+end

data/lib/action_policy/graphiti/lookup_chain.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require "action_policy/graphiti/policy_name_inferrer"
+
+module ActionPolicy
+  # Allow policies to be found not only for ActiveRecords
+  # but for Graphiti Resources (<EntityName>Resource) too
+  module LookupChain
+    INFER_FROM_RESOURCE_CLASS = lambda do |resource, namespace: nil, strict_namespace: false, **_options|
+      policy_name = Graphiti::PolicyNameInferrer.infer(resource)
+      lookup_within_namespace(policy_name, namespace, strict: strict_namespace)
+    end
+
+    INFER_FOR_BASE_FROM_POLYMORPHIC_RESOURCE_CLASS = lambda do |resource, namespace: nil, strict_namespace: false, **_options|
+      policy_name = Graphiti::PolicyNameInferrer.infer_polymorphic(resource)
+      lookup_within_namespace(policy_name, namespace, strict: strict_namespace)
+    end
+
+    chain << ActionPolicy::LookupChain::INFER_FROM_RESOURCE_CLASS
+    chain << ActionPolicy::LookupChain::INFER_FOR_BASE_FROM_POLYMORPHIC_RESOURCE_CLASS
+  end
+end

data/lib/action_policy/graphiti/policy_name_inferrer.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require "action_policy/graphiti/resource_analyzer"
+
+module ActionPolicy
+  module Graphiti
+    # Infer policy names for Graphiti resources
+    module PolicyNameInferrer
+      def self.infer(resource)
+        model_name = ResourceAnalyzer.model_name(resource)
+
+        "#{model_name}Policy" if model_name
+      end
+
+      def self.infer_polymorphic(resource)
+        base_model_name = ResourceAnalyzer.base_model_name(resource)
+
+        "#{base_model_name}Policy" if base_model_name
+      end
+    end
+  end
+end

data/lib/action_policy/graphiti/resource_analyzer.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require "action_policy/graphiti/resource_validator"
+
+module ActionPolicy
+  module Graphiti
+    # A helper module used to get resource details
+    module ResourceAnalyzer
+      def self.resource_class(resource)
+        return unless ResourceValidator.graphiti_resource?(resource)
+
+        resource.is_a?(Class) ? resource : resource.class
+      end
+
+      def self.base_resource_class(polymorphic_resource)
+        return unless ResourceValidator.polymorphic_graphiti_resource?(polymorphic_resource)
+
+        resource_class = resource.is_a?(Class) ? resource : resource.class
+
+        polymorphic_marker_index = resource_class.ancestors.find_index(::Graphiti::Resource::Polymorphism)
+
+        resource_class.ancestors[polymorphic_marker_index + 1]
+      end
+
+      def self.model_name(resource)
+        resource_class(resource)&.name&.delete_suffix("Resource")
+      end
+
+      def self.base_model_name(polymorphic_resource)
+        base_resource_class(polymorphic_resource)&.name&.delete_suffix("Resource")
+      end
+    end
+  end
+end

data/lib/action_policy/graphiti/resource_validator.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Graphiti
+    # Validate Graphiti resources
+    # Provides a few helpers mostly used in policy class lookups
+    module ResourceValidator
+      def self.graphiti_resource?(resource)
+        resource_class = resource.is_a?(Class) ? resource : resource.class
+
+        return unless resource_class.name.end_with?("Resource") &&
+                      resource_class.ancestors.include?(::Graphiti::Resource)
+
+        true
+      end
+
+      def self.polymorphic_graphiti_resource?(resource)
+        resource_class = resource.is_a?(Class) ? resource : resource.class
+
+        return unless resource_class.name.end_with?("Resource") &&
+                      resource_class.ancestors.include?(::Graphiti::Resource::Polymorphism) &&
+                      resource_class.ancestors.include?(::Graphiti::Resource)
+
+        true
+      end
+    end
+  end
+end

data/lib/action_policy/graphiti/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Graphiti
+    VERSION = "0.0.1"
+  end
+end

data/lib/action_policy/graphiti.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require "graphiti"
+require "action_policy"
+require "active_support"
+
+require "action_policy/graphiti/behaviour"
+
+module ActionPolicy
+  # Top-level module for ActionPolicy - Graphiti integration
+  module Graphiti
+    class << self
+      # Which rule to use when no specified (e.g. `authorize: true`)
+      # Defaults to `:show?`
+      attr_accessor :default_authorize_rule
+    end
+
+    self.default_authorize_rule = :show?
+  end
+end

data/lib/action_policy-graphiti.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require "action_policy/graphiti"

metadata

@@ -0,0 +1,154 @@
+--- !ruby/object:Gem::Specification
+name: action_policy-graphiti
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Andrei Mochalov
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2023-06-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: action_policy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: graphiti
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: debug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.8'
+- !ruby/object:Gem::Dependency
+  name: solargraph
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.41'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.41'
+description: This gem allows you to use a JSON:API implementation (Graphiti) with
+  ActionPolicy
+email:
+- factyy@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- lib/action_policy-graphiti.rb
+- lib/action_policy/graphiti.rb
+- lib/action_policy/graphiti/behaviour.rb
+- lib/action_policy/graphiti/lookup_chain.rb
+- lib/action_policy/graphiti/policy_name_inferrer.rb
+- lib/action_policy/graphiti/resource_analyzer.rb
+- lib/action_policy/graphiti/resource_validator.rb
+- lib/action_policy/graphiti/version.rb
+homepage: https://github.com/shrimple-tech/action_policy-graphiti
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/shrimple-tech/action_policy-graphiti
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.10
+signing_key: 
+specification_version: 4
+summary: This gem allows you to use a JSON:API implementation (Graphiti) with ActionPolicy.
+test_files: []