action_policy-graphql 0.3.2 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4af0cfd306d4128f52758c4336988f29bfa8628f5839aa18e1a54b366c07a9b9
4
- data.tar.gz: 69098890e8c59b44dd2af5a902639dbc407ce190a73e55c1d84b6c9ce464bad0
3
+ metadata.gz: bd6ef7017bd2bda6778f20997ea146431c9ed368f35ca257fd96c2050f3036c4
4
+ data.tar.gz: 4270fc41dadbbce556841298bcd6b2de62bafd7ac9826dd7b7ea60907d6ba98e
5
5
  SHA512:
6
- metadata.gz: 2ee55992d03aa2cd350c2c29e9c632c84dff85288a55ef3608e5f277d407f182a98a1bafd820e18caffe4571b1f896cc5608f72979958da0336e6afef0d7f7ef
7
- data.tar.gz: a99cac79463311fecb84d459b537555b9cefe88e0b268b07412d5a0b053ce603c8cea3a426e92cd58033b789d474f008bd3f22b7296270f66e0409f37c0ac6bf
6
+ metadata.gz: 2337aa180c36185a1790863df06346c36ad17e3335d1dcc724ba6de9e9b498d0fb6c36336ee7cabe0489995dfe782447f9c1fe6da1747849a3ae58acb9a6aa90
7
+ data.tar.gz: f7448255b43d4cec0e5f837a11c00b48c74148ba0f2839520f9466286ff5f53594c1bcf1f033a08479790cc426a0a2feaf475a2c11739b2344a2231204b3f52f
data/.rubocop.yml CHANGED
@@ -13,7 +13,7 @@ AllCops:
13
13
  - 'vendor/**/*'
14
14
  - 'gemfiles/**/*'
15
15
  DisplayCopNames: true
16
- TargetRubyVersion: 2.4
16
+ TargetRubyVersion: 2.5
17
17
 
18
18
  Standard/SemanticBlocks:
19
19
  Enabled: false
data/.travis.yml CHANGED
@@ -22,14 +22,14 @@ matrix:
22
22
  gemfile: gemfiles/action_policy/master.gemfile
23
23
  - rvm: 2.6
24
24
  gemfile: gemfiles/action_policy/0.3.gemfile
25
- - rvm: jruby-9.2.5.0
25
+ - rvm: jruby-9.2.8.0
26
26
  gemfile: gemfiles/jruby.gemfile
27
+ - rvm: 2.7
28
+ gemfile: Gemfile
27
29
  - rvm: 2.6
28
30
  gemfile: Gemfile
29
31
  - rvm: 2.5
30
32
  gemfile: Gemfile
31
- - rvm: 2.4
32
- gemfile: Gemfile
33
33
  allow_failures:
34
34
  - rvm: ruby-head
35
35
  gemfile: gemfiles/graphql/master.gemfile
@@ -37,3 +37,5 @@ matrix:
37
37
  gemfile: gemfiles/graphql/master.gemfile
38
38
  - rvm: 2.6
39
39
  gemfile: gemfiles/action_policy/master.gemfile
40
+ - rvm: jruby-9.2.8.0
41
+ gemfile: gemfiles/jruby.gemfile
data/CHANGELOG.md CHANGED
@@ -2,6 +2,12 @@
2
2
 
3
3
  ## master (unreleased)
4
4
 
5
+ ## 0.4.0 (2010-03-11)
6
+
7
+ - **Require Ruby 2.5+**. ([@palkan][])
8
+
9
+ - Add `authorized_field: *` option to perform authorization on the base of the upper object policy prior to resolving fields. ([@sponomarev][])
10
+
5
11
  ## 0.3.2 (2019-12-12)
6
12
 
7
13
  - Fix compatibility with Action Policy 0.4.0 ([@haines][])
@@ -35,3 +41,4 @@ Action Policy helpers there.
35
41
 
36
42
  [@palkan]: https://github.com/palkan
37
43
  [@haines]: https://github.com/haines
44
+ [@sponomarev]: https://github.com/sponomarev
data/README.md CHANGED
@@ -98,7 +98,7 @@ class CityType < ::Common::Graphql::Type
98
98
  end
99
99
  ```
100
100
 
101
- **NOTE:** you cannot use `authorize: *` and `authorized_scope: *` at the same time but you can combine `preauthorize: *` with `authorized_scope: *`.
101
+ **NOTE:** you cannot use `authorize: *` and `authorized_scope: *` at the same time but you can combine `preauthorize: *` or `authorize_field: *` with `authorized_scope: *`.
102
102
 
103
103
  ### `preauthorize: *`
104
104
 
@@ -126,7 +126,7 @@ end
126
126
  **NOTE:** we pass the field's name as the `record` to the policy rule. We assume that preauthorization rules do not depend on
127
127
  the record itself and pass the field's name for debugging purposes only.
128
128
 
129
- You can customize the authorization options, e.g. `authorize: {to: :preview?, with: CustomPolicy}`.
129
+ You can customize the authorization options, e.g. `preauthorize: {to: :preview?, with: CustomPolicy}`.
130
130
 
131
131
  **NOTE:** unlike `authorize: *` you MUST specify the `with: SomePolicy` option.
132
132
  The default authorization rule depends on the type of the field:
@@ -134,6 +134,32 @@ The default authorization rule depends on the type of the field:
134
134
  - for lists we use `index?` (configured by `ActionPolicy::GraphQL.default_preauthorize_list_rule` parameter)
135
135
  - for _singleton_ fields we use `show?` (configured by `ActionPolicy::GraphQL.default_preauthorize_node_rule` parameter)
136
136
 
137
+ ### `authorize_field: *`
138
+
139
+ If you want to perform authorization before resolving the field value _on the base of the upper object_, you can use `authorize_field: *` option:
140
+
141
+ ```ruby
142
+ field :homes, Home, null: false, authorize_field: true
143
+
144
+ def homes
145
+ Home.all
146
+ end
147
+ ```
148
+
149
+ The code above is equal to:
150
+
151
+ ```ruby
152
+ field :homes, [Home], null: false
153
+
154
+ def homes
155
+ authorize! object, to: :homes?
156
+ Home.all
157
+ end
158
+ ```
159
+ By default we use `#{underscored_field_name}?` authorization rule.
160
+
161
+ You can customize the authorization options, e.g. `authorize_field: {to: :preview?, with: CustomPolicy}`.
162
+
137
163
  ### `expose_authorization_rules`
138
164
 
139
165
  You can add permissions/authorization exposing fields to "tell" clients which actions could be performed against the object or not (and why).
@@ -29,13 +29,13 @@ Gem::Specification.new do |spec|
29
29
 
30
30
  spec.require_paths = ["lib"]
31
31
 
32
- spec.required_ruby_version = ">= 2.4.0"
32
+ spec.required_ruby_version = ">= 2.5.0"
33
33
 
34
34
  spec.add_dependency "action_policy", ">= 0.3.0"
35
35
  spec.add_dependency "graphql", ">= 1.9.3"
36
36
 
37
37
  spec.add_development_dependency "bundler", ">= 1.15"
38
- spec.add_development_dependency "rake", "~> 10.0"
38
+ spec.add_development_dependency "rake", "~> 13.0"
39
39
  spec.add_development_dependency "rspec", "~> 3.8"
40
40
  spec.add_development_dependency "rubocop", "~> 0.67.0"
41
41
  spec.add_development_dependency "rubocop-md", "~> 0.3"
@@ -67,6 +67,28 @@ module ActionPolicy
67
67
  end
68
68
  end
69
69
 
70
+ class AuthorizeFieldExtension < Extension
71
+ def apply
72
+ @to = extract_option(:to) { underscored_field_name }
73
+ @raise = extract_option(:raise) { ::ActionPolicy::GraphQL.authorize_raise_exception }
74
+ end
75
+
76
+ def resolve(context:, object:, arguments:, **_rest)
77
+ if @raise
78
+ object.authorize! object.object, to: @to, **options
79
+ yield object, arguments
80
+ elsif object.allowed_to?(@to, object.object, **options)
81
+ yield object, arguments
82
+ end
83
+ end
84
+
85
+ private
86
+
87
+ def underscored_field_name
88
+ "#{field.instance_variable_get(:@underscored_name)}?".to_sym
89
+ end
90
+ end
91
+
70
92
  class ScopeExtension < Extension
71
93
  def after_resolve(value:, context:, object:, **_rest)
72
94
  return value if value.nil?
@@ -75,14 +97,14 @@ module ActionPolicy
75
97
  end
76
98
  end
77
99
 
78
- def initialize(*args, preauthorize: nil, authorize: nil, authorized_scope: nil, **kwargs, &block)
100
+ def initialize(*args, preauthorize: nil, authorize: nil, authorized_scope: nil, authorize_field: nil, **kwargs, &block)
79
101
  if authorize && authorized_scope
80
102
  raise ArgumentError, "Only one of `authorize` and `authorized_scope` " \
81
- "options could be specified. You can use `preauthorize` along with scoping"
103
+ "options could be specified. You can use `preauthorize` or `authorize_field` along with scoping"
82
104
  end
83
105
 
84
- if authorize && preauthorize
85
- raise ArgumentError, "Only one of `authorize` and `preauthorize` " \
106
+ if !!authorize == !!preauthorize ? authorize : authorize_field
107
+ raise ArgumentError, "Only one of `authorize`, `preauthorize` or `authorize_field` " \
86
108
  "options could be specified."
87
109
  end
88
110
 
@@ -91,6 +113,7 @@ module ActionPolicy
91
113
  add_extension! extensions, AuthorizeExtension, authorize
92
114
  add_extension! extensions, ScopeExtension, authorized_scope
93
115
  add_extension! extensions, PreauthorizeExtension, preauthorize
116
+ add_extension! extensions, AuthorizeFieldExtension, authorize_field
94
117
 
95
118
  super(*args, **kwargs, &block)
96
119
  end
@@ -45,7 +45,7 @@ module ActionPolicy
45
45
  null: false
46
46
 
47
47
  define_method(gql_field_name) do
48
- allowance_to(rule, options)
48
+ allowance_to(rule, **options)
49
49
  end
50
50
  end
51
51
  end
@@ -2,6 +2,6 @@
2
2
 
3
3
  module ActionPolicy
4
4
  module GraphQL
5
- VERSION = "0.3.2"
5
+ VERSION = "0.4.0"
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: action_policy-graphql
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.2
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Vladimir Dementyev
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-12-12 00:00:00.000000000 Z
11
+ date: 2020-03-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: action_policy
@@ -58,14 +58,14 @@ dependencies:
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: '10.0'
61
+ version: '13.0'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: '10.0'
68
+ version: '13.0'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rspec
71
71
  requirement: !ruby/object:Gem::Requirement
@@ -183,7 +183,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
183
183
  requirements:
184
184
  - - ">="
185
185
  - !ruby/object:Gem::Version
186
- version: 2.4.0
186
+ version: 2.5.0
187
187
  required_rubygems_version: !ruby/object:Gem::Requirement
188
188
  requirements:
189
189
  - - ">="