action_policy 0.0.1 → 0.1.0

data/lib/action_policy/ext/module_namespace.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Ext
+    # Add Module#namespace method
+    module ModuleNamespace
+      refine Module do
+        unless "".respond_to?(:safe_constantize)
+          require "action_policy/ext/string_constantize"
+          using ActionPolicy::Ext::StringConstantize
+        end
+
+        def namespace
+          return unless name.match?(/[^^]::/)
+
+          name.sub(/::[^:]+$/, "").safe_constantize
+        end
+      end
+    end
+  end
+end

data/lib/action_policy/ext/policy_cache_key.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Ext
+    # Adds #_policy_cache_key method to Object,
+    # which just call #policy_cache_key or #cache_key
+    # or #object_id (if `use_object_id` parameter is set to true).
+    #
+    # For other core classes returns string representation.
+    #
+    # Raises ArgumentError otherwise.
+    module PolicyCacheKey
+      refine Object do
+        def _policy_cache_key(use_object_id: false)
+          return policy_cache_key if respond_to?(:policy_cache_key)
+          return cache_key if respond_to?(:cache_key)
+
+          return object_id if use_object_id == true
+
+          raise ArgumentError, "object is not cacheable"
+        end
+      end
+
+      refine NilClass do
+        def _policy_cache_key(*)
+          ""
+        end
+      end
+
+      refine TrueClass do
+        def _policy_cache_key(*)
+          "t"
+        end
+      end
+
+      refine FalseClass do
+        def _policy_cache_key(*)
+          "f"
+        end
+      end
+
+      refine String do
+        def _policy_cache_key(*)
+          self
+        end
+      end
+
+      refine Symbol do
+        def _policy_cache_key(*)
+          to_s
+        end
+      end
+
+      refine Numeric do
+        def _policy_cache_key(*)
+          to_s
+        end
+      end
+
+      refine Time do
+        def _policy_cache_key(*)
+          to_s
+        end
+      end
+    end
+  end
+end

data/lib/action_policy/ext/string_constantize.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Ext
+    # Add simple safe_constantize method to String
+    module StringConstantize
+      refine String do
+        def safe_constantize
+          names = split("::")
+
+          return nil if names.empty?
+
+          # Remove the first blank element in case of '::ClassName' notation.
+          names.shift if names.size > 1 && names.first.empty?
+
+          names.inject(Object) do |constant, name|
+            constant.const_get(name) if constant.const_defined?(name)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/action_policy/lookup_chain.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  # LookupChain contains _resolvers_ to determine a policy
+  # for a record (with additional options).
+  #
+  # You can modify the `LookupChain.chain` (for example, to add
+  # custom resolvers).
+  module LookupChain
+    unless "".respond_to?(:safe_constantize)
+      require "action_policy/ext/string_constantize"
+      using ActionPolicy::Ext::StringConstantize
+    end
+
+    require "action_policy/ext/module_namespace"
+    using ActionPolicy::Ext::ModuleNamespace
+
+    class << self
+      attr_accessor :chain
+
+      def call(record, **opts)
+        chain.each do |probe|
+          val = probe.call(record, **opts)
+          return val unless val.nil?
+        end
+        nil
+      end
+
+      private
+
+      def lookup_within_namespace(record, namespace)
+        policy_name = policy_class_name_for(record)
+        mod = namespace
+        loop do
+          return mod.const_get(policy_name, false) if
+            mod.const_defined?(policy_name, false)
+
+          mod = mod.namespace
+
+          return if mod.nil?
+        end
+      end
+
+      def policy_class_name_for(record)
+        record_class = record.is_a?(Class) ? record : record.class
+
+        if record_class.respond_to?(:policy_name)
+          record_class.policy_name.to_s
+        else
+          "#{record_class}Policy"
+        end
+      end
+    end
+
+    # By self `policy_class` method
+    INSTANCE_POLICY_CLASS = ->(record, _) {
+      record.policy_class if record.respond_to?(:policy_class)
+    }
+
+    # By record's class `policy_class` method
+    CLASS_POLICY_CLASS = ->(record, _) {
+      record.class.policy_class if record.class.respond_to?(:policy_class)
+    }
+
+    # Lookup within namespace when provided
+    NAMESPACE_LOOKUP = ->(record, namespace: nil, **) {
+      next if namespace.nil?
+
+      lookup_within_namespace(record, namespace)
+    }
+
+    # Infer from class name
+    INFER_FROM_CLASS = ->(record, _) {
+      policy_class_name_for(record).safe_constantize
+    }
+
+    self.chain = [
+      INSTANCE_POLICY_CLASS,
+      CLASS_POLICY_CLASS,
+      NAMESPACE_LOOKUP,
+      INFER_FROM_CLASS
+    ]
+  end
+end

data/lib/action_policy/policy/aliases.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Policy
+    # Adds rules aliases support and ability to specify
+    # the default rule.
+    #
+    #   class ApplicationPolicy
+    #     include ActionPolicy::Policy::Core
+    #     prepend ActionPolicy::Policy::Aliases
+    #
+    #     # define which rule to use if `authorize!` called with
+    #     # unknown rule
+    #     default_rule :manage?
+    #
+    #     alias_rule :publish?, :unpublish?, to: :update?
+    #   end
+    #
+    # Aliases are used only during `authorize!` call (and do not act like _real_ aliases).
+    #
+    # Aliases useful when combined with `CachedApply` (since we can cache only the target rule).
+    module Aliases
+      DEFAULT = :__default__
+
+      class << self
+        def prepended(base)
+          base.extend ClassMethods
+          base.prepend InstanceMethods
+        end
+
+        alias included prepended
+      end
+
+      module InstanceMethods # :nodoc:
+        def resolve_rule(activity)
+          return activity if respond_to?(activity)
+          self.class.lookup_alias(activity) || super
+        end
+      end
+
+      module ClassMethods # :nodoc:
+        def default_rule(val)
+          rules_aliases[DEFAULT] = val
+        end
+
+        def alias_rule(*rules, to:)
+          rules.each do |rule|
+            rules_aliases[rule] = to
+          end
+        end
+
+        def lookup_alias(rule)
+          rules_aliases.fetch(rule, rules_aliases[DEFAULT])
+        end
+
+        def rules_aliases
+          return @rules_aliases if instance_variable_defined?(:@rules_aliases)
+
+          @rules_aliases =
+            if superclass.respond_to?(:rules_aliases)
+              superclass.rules_aliases.dup
+            else
+              {}
+            end
+        end
+      end
+    end
+  end
+end

data/lib/action_policy/policy/authorization.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  class AuthorizationContextMissing < Error # :nodoc:
+    MESSAGE_TEMPLATE = "Missing policy authorization context: %s"
+
+    attr_reader :message
+
+    def initialize(id)
+      @message = MESSAGE_TEMPLATE % id
+    end
+  end
+
+  module Policy
+    # Authorization context could include multiple parameters.
+    #
+    # It is possible to provide more verificatio contexts, by specifying them in the policy and
+    # providing them at the authorization step.
+    #
+    # For example:
+    #
+    #   class ApplicationPolicy < ActionPolicy::Base
+    #     # Add user and account to the context; it's required to be passed
+    #     # to a policy constructor and be not nil
+    #     authorize :user, :account
+    #
+    #     # you can skip non-nil check if you want
+    #     # authorize :account, allow_nil: true
+    #
+    #     def manage?
+    #       # available as a simple accessor
+    #       account.enabled?
+    #     end
+    #   end
+    #
+    #   ApplicantPolicy.new(user: user, account: account)
+    module Authorization
+      class << self
+        def prepended(base)
+          base.extend ClassMethods
+          base.prepend InstanceMethods
+        end
+
+        alias included prepended
+      end
+
+      attr_reader :authorization_context
+
+      module InstanceMethods # :nodoc:
+        def initialize(*args, **params)
+          super(*args)
+
+          @authorization_context = {}
+
+          self.class.authorization_targets.each do |id, opts|
+            raise AuthorizationContextMissing, id unless params.key?(id)
+
+            val = params.fetch(id)
+
+            raise AuthorizationContextMissing, id if val.nil? && opts[:allow_nil] != true
+
+            authorization_context[id] = instance_variable_set("@#{id}", val)
+          end
+
+          authorization_context.freeze
+        end
+      end
+
+      module ClassMethods # :nodoc:
+        def authorize(*ids, **opts)
+          ids.each do |id|
+            authorization_targets[id] = opts
+          end
+
+          attr_reader(*ids)
+        end
+
+        def authorization_targets
+          return @authorization_targets if instance_variable_defined?(:@authorization_targets)
+
+          @authorization_targets =
+            if superclass.respond_to?(:authorization_targets)
+              superclass.authorization_targets.dup
+            else
+              {}
+            end
+        end
+      end
+    end
+  end
+end

data/lib/action_policy/policy/cache.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+require "action_policy/version"
+
+module ActionPolicy # :nodoc:
+  # By default cache namespace (or prefix) contains major and minor version of the gem
+  CACHE_NAMESPACE = "acp:#{ActionPolicy::VERSION.split('.').take(2).join('.')}"
+
+  require "action_policy/ext/policy_cache_key"
+  using ActionPolicy::Ext::PolicyCacheKey
+
+  module Policy
+    # Provides long-lived cache through ActionPolicy.cache_store.
+    #
+    # NOTE: if cache_store is nil then we silently skip all the caching.
+    module Cache
+      class << self
+        def prepended(base)
+          base.extend ClassMethods
+          base.prepend InstanceMethods
+        end
+
+        alias included prepended
+      end
+
+      def cache_namespace
+        ActionPolicy::CACHE_NAMESPACE
+      end
+
+      def cache_key(rule)
+        "#{cache_namespace}/#{context_cache_key}/" \
+        "#{record._policy_cache_key}/#{self.class.name}/#{rule}"
+      end
+
+      def context_cache_key
+        authorization_context.map { |_k, v| v._policy_cache_key.to_s }.join("/")
+      end
+
+      def apply_with_cache(rule)
+        options = self.class.cached_rules.fetch(rule)
+
+        ActionPolicy.cache_store.fetch(cache_key(rule), options) { yield }
+      end
+
+      module InstanceMethods # :nodoc:
+        def apply(rule)
+          return super if ActionPolicy.cache_store.nil? ||
+                          !self.class.cached_rules.key?(rule)
+
+          apply_with_cache(rule) { super }
+        end
+      end
+
+      module ClassMethods # :nodoc:
+        def cache(*rules, **options)
+          rules.each do |rule|
+            cached_rules[rule] = options
+          end
+        end
+
+        def cached_rules
+          return @cached_rules if instance_variable_defined?(:@cached_rules)
+
+          @cached_rules =
+            if superclass.respond_to?(:cached_rules)
+              superclass.cached_rules.dup
+            else
+              {}
+            end
+        end
+      end
+    end
+  end
+end

data/lib/action_policy/policy/cached_apply.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Policy
+    # Per-policy cache for applied rules.
+    #
+    # When you call `apply` twice on the same policy and for the same rule,
+    # the check (and pre-checks) is only called once.
+    module CachedApply
+      class << self
+        def prepended(base)
+          base.prepend InstanceMethods
+        end
+
+        alias included prepended
+      end
+
+      module InstanceMethods # :nodoc:
+        def apply(rule)
+          @__rules_cache__ ||= {}
+          return @__rules_cache__[rule] if @__rules_cache__.key?(rule)
+
+          @__rules_cache__[rule] = super
+        end
+      end
+    end
+  end
+end