action_policy 0.0.1 → 0.1.0

data/docs/assets/vue.min.css

@@ -0,0 +1 @@
+@import url("https://fonts.googleapis.com/css?family=Roboto+Mono|Source+Sans+Pro:300,400,600");*{-webkit-font-smoothing:antialiased;-webkit-overflow-scrolling:touch;-webkit-tap-highlight-color:rgba(0,0,0,0);-webkit-text-size-adjust:none;-webkit-touch-callout:none;box-sizing:border-box}body:not(.ready){overflow:hidden}body:not(.ready) .app-nav,body:not(.ready)>nav,body:not(.ready) [data-cloak]{display:none}div#app{font-size:30px;font-weight:lighter;margin:40vh auto;text-align:center}div#app:empty:before{content:"Loading..."}.emoji{height:1.2rem;vertical-align:middle}.progress{background-color:var(--theme-color,#42b983);height:2px;left:0;position:fixed;right:0;top:0;transition:width .2s,opacity .4s;width:0;z-index:5}.search .search-keyword,.search a:hover{color:var(--theme-color,#42b983)}.search .search-keyword{font-style:normal;font-weight:700}body,html{height:100%}body{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;color:#34495e;font-family:Source Sans Pro,Helvetica Neue,Arial,sans-serif;font-size:15px;letter-spacing:0;margin:0;overflow-x:hidden}img{max-width:100%}a[disabled]{cursor:not-allowed;opacity:.6}kbd{border:1px solid #ccc;border-radius:3px;display:inline-block;font-size:12px!important;line-height:12px;margin-bottom:3px;padding:3px 5px;vertical-align:middle}.task-list-item{list-style-type:none}li input[type=checkbox]{margin:0 .2em .25em -1.6em;vertical-align:middle}.app-nav{margin:25px 60px 0 0;position:absolute;right:0;text-align:right;z-index:2}.app-nav.no-badge{margin-right:25px}.app-nav p{margin:0}.app-nav>a{margin:0 1rem;padding:5px 0}.app-nav li,.app-nav ul{display:inline-block;list-style:none;margin:0}.app-nav a{color:inherit;font-size:16px;text-decoration:none;transition:color .3s}.app-nav a.active,.app-nav a:hover{color:var(--theme-color,#42b983)}.app-nav a.active{border-bottom:2px solid var(--theme-color,#42b983)}.app-nav li{display:inline-block;margin:0 1rem;padding:5px 0;position:relative}.app-nav li ul{background-color:#fff;border:1px solid #ddd;border-bottom-color:#ccc;border-radius:4px;box-sizing:border-box;display:none;max-height:calc(100vh - 61px);overflow-y:auto;padding:10px 0;position:absolute;right:-15px;text-align:left;top:100%;white-space:nowrap}.app-nav li ul li{display:block;font-size:14px;line-height:1rem;margin:0;margin:8px 14px;white-space:nowrap}.app-nav li ul a{display:block;font-size:inherit;margin:0;padding:0}.app-nav li ul a.active{border-bottom:0}.app-nav li:hover ul{display:block}.github-corner{border-bottom:0;position:fixed;right:0;text-decoration:none;top:0;z-index:1}.github-corner:hover .octo-arm{animation:a .56s ease-in-out}.github-corner svg{color:#fff;fill:var(--theme-color,#42b983);height:80px;width:80px}main{display:block;position:relative;width:100vw;height:100%;z-index:0}main.hidden{display:none}.anchor{display:inline-block;text-decoration:none;transition:all .3s}.anchor span{color:#34495e}.anchor:hover{text-decoration:underline}.sidebar{border-right:1px solid rgba(0,0,0,.07);overflow-y:auto;padding:40px 0 0;position:absolute;top:0;bottom:0;left:0;transition:transform .25s ease-out;width:300px;z-index:3}.sidebar>h1{margin:0 auto 1rem;font-size:1.5rem;font-weight:300;text-align:center}.sidebar>h1 a{color:inherit;text-decoration:none}.sidebar>h1 .app-nav{display:block;position:static}.sidebar .sidebar-nav{line-height:2em;padding-bottom:40px}.sidebar li.collapse .app-sub-sidebar{display:none}.sidebar ul{margin:0;padding:0}.sidebar li>p{font-weight:700;margin:0}.sidebar ul,.sidebar ul li{list-style:none}.sidebar ul li a{border-bottom:none;display:block}.sidebar ul li ul{padding-left:20px}.sidebar::-webkit-scrollbar{width:4px}.sidebar::-webkit-scrollbar-thumb{background:transparent;border-radius:4px}.sidebar:hover::-webkit-scrollbar-thumb{background:hsla(0,0%,53%,.4)}.sidebar:hover::-webkit-scrollbar-track{background:hsla(0,0%,53%,.1)}.sidebar-toggle{background-color:transparent;background-color:hsla(0,0%,100%,.8);border:0;outline:none;padding:10px;position:absolute;bottom:0;left:0;text-align:center;transition:opacity .3s;width:284px;z-index:4}.sidebar-toggle .sidebar-toggle-button:hover{opacity:.4}.sidebar-toggle span{background-color:var(--theme-color,#42b983);display:block;margin-bottom:4px;width:16px;height:2px}body.sticky .sidebar,body.sticky .sidebar-toggle{position:fixed}.content{padding-top:60px;position:absolute;top:0;right:0;bottom:0;left:300px;transition:left .25s ease}.markdown-section{margin:0 auto;max-width:800px;padding:30px 15px 40px;position:relative}.markdown-section>*{box-sizing:border-box;font-size:inherit}.markdown-section>:first-child{margin-top:0!important}.markdown-section hr{border:none;border-bottom:1px solid #eee;margin:2em 0}.markdown-section iframe{border:1px solid #eee}.markdown-section table{border-collapse:collapse;border-spacing:0;display:block;margin-bottom:1rem;overflow:auto;width:100%}.markdown-section th{font-weight:700}.markdown-section td,.markdown-section th{border:1px solid #ddd;padding:6px 13px}.markdown-section tr{border-top:1px solid #ccc}.markdown-section p.tip,.markdown-section tr:nth-child(2n){background-color:#f8f8f8}.markdown-section p.tip{border-bottom-right-radius:2px;border-left:4px solid #f66;border-top-right-radius:2px;margin:2em 0;padding:12px 24px 12px 30px;position:relative}.markdown-section p.tip:before{background-color:#f66;border-radius:100%;color:#fff;content:"!";font-family:Dosis,Source Sans Pro,Helvetica Neue,Arial,sans-serif;font-size:14px;font-weight:700;left:-12px;line-height:20px;position:absolute;height:20px;width:20px;text-align:center;top:14px}.markdown-section p.tip code{background-color:#efefef}.markdown-section p.tip em{color:#34495e}.markdown-section p.warn{background:rgba(66,185,131,.1);border-radius:2px;padding:1rem}body.close .sidebar{transform:translateX(-300px)}body.close .sidebar-toggle{width:auto}body.close .content{left:0}@media print{.app-nav,.github-corner,.sidebar,.sidebar-toggle{display:none}}@media screen and (max-width:768px){.github-corner,.sidebar,.sidebar-toggle{position:fixed}.app-nav{margin-top:16px}.app-nav li ul{top:30px}main{height:auto;overflow-x:hidden}.sidebar{left:-300px;transition:transform .25s ease-out}.content{left:0;max-width:100vw;position:static;padding-top:20px;transition:transform .25s ease}.app-nav,.github-corner{transition:transform .25s ease-out}.sidebar-toggle{background-color:transparent;width:auto;padding:30px 30px 10px 10px}body.close .sidebar{transform:translateX(300px)}body.close .sidebar-toggle{background-color:hsla(0,0%,100%,.8);transition:background-color 1s;width:284px;padding:10px}body.close .content{transform:translateX(300px)}body.close .app-nav,body.close .github-corner{display:none}.github-corner:hover .octo-arm{animation:none}.github-corner .octo-arm{animation:a .56s ease-in-out}}@keyframes a{0%,to{transform:rotate(0)}20%,60%{transform:rotate(-25deg)}40%,80%{transform:rotate(10deg)}}section.cover{-ms-flex-align:center;align-items:center;background-position:50%;background-repeat:no-repeat;background-size:cover;height:100vh;display:none}section.cover.show{display:-ms-flexbox;display:flex}section.cover.has-mask .mask{background-color:#fff;opacity:.8;position:absolute;top:0;height:100%;width:100%}section.cover .cover-main{-ms-flex:1;flex:1;margin:-20px 16px 0;text-align:center;z-index:1}section.cover a{color:inherit}section.cover a,section.cover a:hover{text-decoration:none}section.cover p{line-height:1.5rem;margin:1em 0}section.cover h1{color:inherit;font-size:2.5rem;font-weight:300;margin:.625rem 0 2.5rem;position:relative;text-align:center}section.cover h1 a{display:block}section.cover h1 small{bottom:-.4375rem;font-size:1rem;position:absolute}section.cover blockquote{font-size:1.5rem;text-align:center}section.cover ul{line-height:1.8;list-style-type:none;margin:1em auto;max-width:500px;padding:0}section.cover .cover-main>p:last-child a{border:1px solid var(--theme-color,#42b983);border-radius:2rem;box-sizing:border-box;color:var(--theme-color,#42b983);display:inline-block;font-size:1.05rem;letter-spacing:.1rem;margin:.5rem 1rem;padding:.75em 2rem;text-decoration:none;transition:all .15s ease}section.cover .cover-main>p:last-child a:last-child{background-color:var(--theme-color,#42b983);color:#fff}section.cover .cover-main>p:last-child a:last-child:hover{color:inherit;opacity:.8}section.cover .cover-main>p:last-child a:hover{color:inherit}section.cover blockquote>p>a{border-bottom:2px solid var(--theme-color,#42b983);transition:color .3s}section.cover blockquote>p>a:hover{color:var(--theme-color,#42b983)}.sidebar,body{background-color:#fff}.sidebar{color:#364149}.sidebar li{margin:6px 0 6px 15px}.sidebar ul li a{color:#505d6b;font-size:14px;font-weight:400;overflow:hidden;text-decoration:none;text-overflow:ellipsis;white-space:nowrap}.sidebar ul li a:hover{text-decoration:underline}.sidebar ul li ul{padding:0}.sidebar ul li.active>a{border-right:2px solid;color:var(--theme-color,#42b983);font-weight:600}.app-sub-sidebar li:before{content:"-";padding-right:4px;float:left}.markdown-section h1,.markdown-section h2,.markdown-section h3,.markdown-section h4,.markdown-section strong{color:#2c3e50;font-weight:600}.markdown-section a{color:var(--theme-color,#42b983);font-weight:600}.markdown-section h1{font-size:2rem;margin:0 0 1rem}.markdown-section h2{font-size:1.75rem;margin:45px 0 .8rem}.markdown-section h3{font-size:1.5rem;margin:40px 0 .6rem}.markdown-section h4{font-size:1.25rem}.markdown-section h5{font-size:1rem}.markdown-section h6{color:#777;font-size:1rem}.markdown-section figure,.markdown-section p{margin:1.2em 0}.markdown-section ol,.markdown-section p,.markdown-section ul{line-height:1.6rem;word-spacing:.05rem}.markdown-section ol,.markdown-section ul{padding-left:1.5rem}.markdown-section blockquote{border-left:4px solid var(--theme-color,#42b983);color:#858585;margin:2em 0;padding-left:20px}.markdown-section blockquote p{font-weight:600;margin-left:0}.markdown-section iframe{margin:1em 0}.markdown-section em{color:#7f8c8d}.markdown-section code{border-radius:2px;color:#e96900;font-size:.8rem;margin:0 2px;padding:3px 5px;white-space:pre-wrap}.markdown-section code,.markdown-section pre{background-color:#f8f8f8;font-family:Roboto Mono,Monaco,courier,monospace}.markdown-section pre{-moz-osx-font-smoothing:initial;-webkit-font-smoothing:initial;line-height:1.5rem;margin:1.2em 0;overflow:auto;padding:0 1.4rem;position:relative;word-wrap:normal}.token.cdata,.token.comment,.token.doctype,.token.prolog{color:#8e908c}.token.namespace{opacity:.7}.token.boolean,.token.number{color:#c76b29}.token.punctuation{color:#525252}.token.property{color:#c08b30}.token.tag{color:#2973b7}.token.string{color:var(--theme-color,#42b983)}.token.selector{color:#6679cc}.token.attr-name{color:#2973b7}.language-css .token.string,.style .token.string,.token.entity,.token.url{color:#22a2c9}.token.attr-value,.token.control,.token.directive,.token.unit{color:var(--theme-color,#42b983)}.token.keyword{color:#e96900}.token.atrule,.token.regex,.token.statement{color:#22a2c9}.token.placeholder,.token.variable{color:#3d8fd1}.token.deleted{text-decoration:line-through}.token.inserted{border-bottom:1px dotted #202746;text-decoration:none}.token.italic{font-style:italic}.token.bold,.token.important{font-weight:700}.token.important{color:#c94922}.token.entity{cursor:help}.markdown-section pre>code{-moz-osx-font-smoothing:initial;-webkit-font-smoothing:initial;background-color:#f8f8f8;border-radius:2px;color:#525252;display:block;font-family:Roboto Mono,Monaco,courier,monospace;font-size:.8rem;line-height:inherit;margin:0 2px;max-width:inherit;overflow:inherit;padding:2.2em 5px;white-space:inherit}.markdown-section code:after,.markdown-section code:before{letter-spacing:.05rem}code .token{-moz-osx-font-smoothing:initial;-webkit-font-smoothing:initial;min-height:1.5rem}pre:after{color:#ccc;content:attr(data-lang);font-size:.6rem;font-weight:600;height:15px;line-height:15px;padding:5px 10px 0;position:absolute;right:0;text-align:right;top:0}

data/docs/authorization_context.md

@@ -0,0 +1,33 @@
+# Authorization Context
+
+_Authorization context_ contains information about the acting subject.
+
+In most cases, it is just a _user_, but sometimes it could be a composition of subjects.
+
+You must configure authorization context in **two places**: in the policy itself and in the place where you perform the authorization (e.g., controllers).
+
+By default, `ActionPolicy::Base` includes `user` as authorization context. If you don't need it, you have to [build your own base policy](custom_policy.md).
+
+To specify additional contexts, you should use `authorize` method:
+
+```ruby
+class ApplicationPolicy < ActionPolicy::Base
+  authorize :account
+end
+```
+
+Now you must provide `account` during policy initialization. When authorization key is missing or equals to `nil`, `ActionPolicy::AuthorizationContextMissing` error is raised.
+
+**NOTE:** if you want to allow passing `nil` as `account` value, you must add `allow_nil: true` option to `authorize`.
+
+To do that automatically in your `authorize!` and `allowed_to?` calls, you must also configure authorization context. For example, in your controller:
+
+```ruby
+class ApplicationController < ActionController::Base
+  # First argument should be the same as in the policy.
+  # `through` specifies the method name to be called to
+  # get the required context object
+  # (equals to the context name itself by default, i.e. `account`)
+  authorize :account, through: :current_account
+end
+```

data/docs/caching.md

@@ -0,0 +1,262 @@
+# Caching
+
+Action Policy aims to be as performant as possible. One of the ways to accomplish that is to include a comprehensive caching system.
+
+There are several cache layers available: rule-level memoization, local (instance-level) memoization, and _external_ cache (through cache stores).
+
+<div class="chart-container">
+  <img src="assets/images/cache.svg" alt="Cache layers" width="60%">
+</div>
+
+## Policy memoization
+
+### Per-instance
+
+There could be a situation when you need to apply the same policy to the same record multiple times during the action (e.g., request). For example:
+
+```ruby
+# app/controllers/posts_controller.rb
+class PostsController < ApplicationController
+  def show
+    @post = Post.find(params[:id])
+    authorize! @post
+    render :show
+  end
+end
+```
+
+```erb
+# app/views/posts/show.html.erb
+<h1><%= @post.title %>
+
+<% if allowed_to?(:edit?, @post) %>
+  <%= link_to "Edit", @post %>
+<% end %>
+
+<% if allowed_to?(:destroy?, @post) %>
+  <%= link_to "Delete", @post, method: :delete %>
+<% end %>
+```
+
+In the above example, we need to use the same policy three times. Action Policy re-uses the policy instance to avoid unnecessary object allocation.
+
+We rely on the following assumptions:
+- parent object (e.g., a controller instance) is _ephemeral_, i.e., it is a short-lived object
+- all authorizations use the same [authorization context](authorization_context.md).
+
+We use `record.policy_cache_key` with fallback to `record.cache_key` or `record.object_id` as a part of policy identifier in the local store.
+
+**NOTE**: policies memoization is an extension for `ActionPolicy::Behaviour` and could be included with `ActionPolicy::Behaviours::Memoized`.
+
+**NOTE**: memoization is automatically included into Rails controllers integration, but not included into channels integration, since channels are long-lived objects.
+
+### Per-thread
+
+Consider a more complex situation:
+
+```ruby
+# app/controllers/comments_controller.rb
+class CommentsController < ApplicationController
+  def index
+    # all comments for all posts
+    @comments = Comment.all
+  end
+end
+```
+
+```erb
+# app/views/comments/index.html.erb
+<% @comments.each do |comment| %>
+  <li><%= comment.text %>
+    <% if allowed_to?(:edit?, comment) %>
+      <%= link_to comment, "Edit" %>
+    <% end %>
+  </li>
+<% end %>
+```
+
+```ruby
+# app/policies/comment_policy.rb
+class CommentPolicy < ApplicationPolicy
+  def edit?
+    user.admin? || (user.id == record.id) ||
+      allowed_to?(:manage?, record.post)
+  end
+end
+```
+
+In some cases, we have to initialize **two** policies for each comment: one for the comment itself and one for the comment's post (in the `allowed_to?` call).
+
+That is an example of a _N+1 authorization_ problem, which in its turn could easily cause a _N+1 query_ problem (if `PostPolicy#manage?` makes database queries). Sounds terrible, doesn't it?
+
+It is likely that many comments belong to the same post. If so, we can move our memoization one level up and use local thread store.
+
+Action Policy provides `ActionPolicy::Behaviours::ThreadMemoized` module with this functionality (included into Rails controllers integration by default).
+
+If you want to add this behavior to your custom authorization-aware class, you should care about cleaning up the thread store manually (by calling `ActionPolicy::PerThreadCache.clear_all`).
+
+## Rule cache
+
+### Per-instance
+
+There could be a situation when the same rule is called multiple times for the same policy instance (for example, when using [aliases](aliases.md)).
+
+In that case, Action Policy invokes the rule method only once, remembers the result, and returns it immediately for the subsequent calls.
+
+**NOTE**: rule results memoization is available only if you inherit from `ActionPolicy::Base` or include `ActionPolicy::Policy::CachedApply` into your `ApplicationPolicy`.
+
+### Using the cache store
+
+Some policy rules might be _performance-heavy_, e.g., make complex database queries.
+
+In that case, it makes sense to cache the rule application result for a long time (not just for the duration of a request).
+
+Action Policy provides a way to use _cache stores_ for that. You have to explicitly define which rules you want to cache in your policy class. For example:
+
+```ruby
+class StagePolicy < ApplicationPolicy
+  # mark show? rule to be cached
+  cache :show?
+  # you can also provide store-specific options
+  # cache :show?, expires_in: 1.hour
+
+  def show?
+    full_access? ||
+      user.stage_permissions.where(
+        stage_id: record.id
+      ).exists?
+  end
+
+  private
+
+  def full_access?
+    !record.funnel.is_private? ||
+      user.permissions
+          .where(
+            funnel_id: record.funnel_id,
+            full_access: true
+          ).exists?
+  end
+end
+```
+
+You must configure a cache store to use this feature:
+
+```ruby
+ActionPolicy.cache_store = MyCacheStore.new
+```
+
+Or, in Rails:
+
+```ruby
+# config/application.rb (or config/environments/<environment>.rb)
+Rails.application.configure do |config|
+  config.action_policy.cache_store = :redis_cache_store
+end
+```
+
+Cache store must provide at least a `#fetch(key, **options, &block)` method.
+
+By default, Action Policy builds a cache key using the following scheme:
+
+```ruby
+"#{cache_namespace}/#{context_cache_key}" \
+"/#{record.policy_cache_key}/#{policy.class.name}/#{rule}"
+```
+
+Where `cache_namespace` is equal to `"acp:#{MAJOR_GEM_VERSION}.#{MINOR_GEM_VERSION}"`, and `context_cache_key` is a concatenation of all authorization contexts cache keys (in the same order as they are defined in the policy class).
+
+If any object does not respond to `#policy_cache_key`, we fallback to `#cache_key`. If `#cache_key` is not defined, an `ArgumentError` is raised.
+
+You can define your own `cache_key` / `cache_namespace` / `context_cache_key` methods for policy class to override this logic.
+
+#### Invalidation
+
+There no one-size-fits-all solution for invalidation. It highly depends on your business logic.
+
+**Case \#1**: no invalidation required.
+
+First of all, you should try to avoid manual invalidation at all. That could be achieved by using elaborate cache keys.
+
+Let's consider an example.
+
+Suppose that your users have _roles_ (i.e. `User.belongs_to :role`) and you give access to resources through the `Access` model (i.e. `Resource.has_many :accesses`).
+
+Then you can do the following:
+- Keep tracking the last `Access` added/updated/deleted for resource (e.g. `Access.belongs_to :accessessable, touch: :access_updated_at`)
+- Use the following cache keys:
+
+```ruby
+class User
+  def policy_cache_key
+    "user::#{id}::#{role_id}"
+  end
+end
+
+class Resource
+  def policy_cache_key
+    "#{resource.class.name}::#{id}::#{access_updated_at}"
+  end
+end
+```
+
+**Case \#2**: discarding all cache at once.
+
+That's pretty easy: just override `cache_namespace` method in your `ApplicationPolicy` with the new value:
+
+```ruby
+class ApplicationPolicy < ActionPolicy::Base
+  # It's a good idea to store the changing part in the constant
+  CACHE_VERSION = "v2".freeze
+
+  # or even from the env variable
+  # CACHE_VERSION = ENV.fetch("POLICY_CACHE_VERSION", "v2").freeze
+
+  def cache_namespace
+    "action_policy::#{CACHE_VERSION}"
+  end
+end
+```
+
+**Case \#3**: discarding some keys.
+
+That is an alternative approach to _crafting_ cache keys.
+
+If you have a limited number of places in your application where you update access control,
+you can invalidate policies cache manually. If your cache store supports `delete_matched` command (deleting keys using a wildcard), you can try the following:
+
+```ruby
+class ApplicationPolicy < ActionPolicy::Base
+  # Define custom cache key generator
+  def cache_key(rule)
+    "policy_cache/#{user.id}/#{self.class.name}/#{record.id}/#{rule}"
+  end
+end
+
+class Access < ApplicationRecord
+  belongs_to :resource
+  belongs_to :user
+
+  after_commit :cleanup_policy_cache, on: [:create, :destroy]
+
+  def cleanup_policy_cache
+    # Clear cache for the corresponding user-record pair
+    ActionPolicy.cache_store.delete_matched(
+      "policy_cache/#{user_id}/#{ResourcePolicy.name}/#{resource_id}/*"
+    )
+  end
+end
+
+class User < ApplicationRecord
+  belongs_to :role
+
+  after_commit :cleanup_policy_cache, on: [:update], if: :role_id_changed?
+
+  def cleanup_policy_cache
+    # Clear all policies cache for user
+    ActionPolicy.cache_store.delete_matched(
+      "policy_cache/#{user_id}/*"
+    )
+  end
+end
+```

data/docs/custom_lookup_chain.md

@@ -0,0 +1,48 @@
+# Custom Lookup Chain
+
+Action Policy's lookup chain is just an array of _probes_ (lambdas with a specific interface).
+
+The lookup process itself is pretty simple:
+- Call the first probe;
+- Return the result if it is not `nil`;
+- Go to the next probe.
+
+You can override the default chain with your own. For example:
+
+```ruby
+ActionPolicy::LookupChain.chain = [
+  # Probe accepts record as the first argument
+  # and arbitrary options (passed to `authorize!` / `allowed_to?` call)
+  lambda do |record, **options|
+    # your custom lookup logic
+  end
+]
+```
+
+## NullPolicy example
+
+Let's consider a simple example of extending the existing lookup chain with one more probe.
+
+Suppose that we want to have a fallback policy (policy used when none found for the resource) instead of raising an `ActionPolicy::NotFound` error.
+
+Let's call this policy a `NullPolicy`:
+
+```ruby
+class NullPolicy < ActionPolicy::Base
+  default_rule :any?
+
+  def any?
+    false
+  end
+end
+```
+
+Here we use the [default rule](aliases.md#default-rule) to handle any rule applied.
+
+Now we need to add a simple probe to the end of our lookup chain:
+
+```ruby
+ActionPolicy::LookupChain.chain << ->(_, _) { NullPolicy }
+```
+
+That's it!

data/docs/custom_policy.md

@@ -0,0 +1,51 @@
+# Custom Base Policy
+
+`ActionPolicy::Base` is a combination of all available policy extensions with the default configuration.
+
+It looks like this:
+
+<span style="display:none;"># rubocop:disable Style/ClassAndModuleChildren</span>
+
+```ruby
+class ActionPolicy::Base
+  include ActionPolicy::Policy::Core
+  include ActionPolicy::Policy::Authorization
+  include ActionPolicy::Policy::Reasons
+  include ActionPolicy::Policy::PreCheck
+  include ActionPolicy::Policy::Aliases
+  include ActionPolicy::Policy::CachedApply
+
+  # ActionPolicy::Policy::Defaults module adds the following
+
+  authorize :user
+
+  default_rule :manage?
+  alias_rule :new?, to: :create?
+
+  def index?
+    false
+  end
+
+  def create?
+    false
+  end
+
+  def manage?
+    false
+  end
+end
+```
+
+<span style="display:none;"># rubocop:enable Style/ClassAndModuleChildren</span>
+
+You can write your `ApplicationPolicy` from scratch instead of inheriting from `ActionPolicy::Base`
+if the defaults above do not fit your needs. The only required component is `ActionPolicy::Policy::Core`:
+
+```ruby
+# minimal ApplicationPolicy
+class ApplicationPolicy
+  include ActionPolicy::Policy::Core
+end
+```
+
+The `Core` module provides `apply` and `allowed_to?` methods.

data/docs/i18n.md

@@ -0,0 +1,3 @@
+# I18n Support
+
+🛠 **WORK IN PROGRESS**

data/docs/index.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <title>Action Policy: authorization framework for Ruby/Rails applications</title>
+  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
+  <meta name="description" content="Description">
+  <meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
+  <link rel="stylesheet" href="assets/vue.min.css">
+  <link rel="stylesheet" href="assets/styles.css">
+</head>
+<body>
+  <div id="app"></div>
+  <script>
+    window.$docsify = {
+      name: 'action_policy',
+      repo: 'https://github.com/palkan/action_policy',
+      loadSidebar: true,
+      subMaxLevel: 3
+    }
+  </script>
+  <script src="assets/docsify.min.js"></script>
+  <script src="assets/prism-ruby.min.js"></script>
+</body>
+</html>

data/docs/instrumentation.md

@@ -0,0 +1,3 @@
+# Instrumentation
+
+🛠 **WORK IN PROGRESS**

data/docs/lookup_chain.md

@@ -0,0 +1,16 @@
+# Policy Lookup
+
+Action Policy tries to automatically infer policy class from the target using the following _probes_:
+
+1. If the target responds to `policy_class`, then use it;
+2. If the target's class responds to `policy_class`, then use it;
+3. If the target's class responds to `policy_name`, then use `#{target.class.policy_name}Policy`;
+4. Otherwise, use `#{target.class.name}Policy`.
+
+> \* [Namespaces](namespaces.md) could be also be considered when `namespace` option is set.
+
+You can call `ActionPolicy.lookup(record, options)` to infer policy class for the record.
+
+When no policy class is found, an `ActionPolicy::NotFound` error is raised.
+
+You can [customize lookup](custom_lookup_chain.md) logic if necessary.