action_policy 0.0.1 → 0.1.0

data/lib/action_policy/railtie.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module ActionPolicy # :nodoc:
+  require "action_policy/rails/controller"
+  require "action_policy/rails/channel"
+
+  class Railtie < ::Rails::Railtie # :nodoc:
+    # Provides Rails-specific configuration,
+    # accessible through `Rails.application.config.action_policy`
+    module Config
+      class << self
+        # Define whether we need to extend ApplicationController::Base
+        # with the default authorization logic
+        attr_accessor :auto_inject_into_controller
+
+        # Define whether we want to specify `current_user` as
+        # the default authorization context in controller
+        attr_accessor :controller_authorize_current_user
+
+        # Define whether we need to include ActionCable::Channel::Base
+        # with the default authorization logic
+        attr_accessor :auto_inject_into_channel
+
+        # Define whether we want to specify `current_user` as
+        # the default authorization context in channels
+        attr_accessor :channel_authorize_current_user
+
+        def cache_store=(store, *args)
+          if store.is_a?(Symbol)
+            store = ActiveSupport::Cache.lookup_store(
+              store, *args
+            )
+          end
+
+          ActionPolicy.cache_store = store
+        end
+      end
+
+      self.auto_inject_into_controller = true
+      self.controller_authorize_current_user = true
+      self.auto_inject_into_channel = true
+      self.channel_authorize_current_user = true
+    end
+
+    config.action_policy = Config
+
+    initializer "action_policy.clear_per_thread_cache" do |app|
+      app.executor.to_run { ActionPolicy::PerThreadCache.clear_all }
+      app.executor.to_complete { ActionPolicy::PerThreadCache.clear_all }
+    end
+
+    config.after_initialize do |_app|
+      ActiveSupport.on_load(:action_controller) do
+        next unless Rails.application.config.action_policy.auto_inject_into_controller
+
+        ActionController::Base.include ActionPolicy::Controller
+
+        next unless Rails.application.config.action_policy.controller_authorize_current_user
+
+        ActionController::Base.authorize :user, through: :current_user
+      end
+
+      ActiveSupport.on_load(:action_cable) do
+        next unless Rails.application.config.action_policy.auto_inject_into_channel
+
+        ActionCable::Channel::Base.include ActionPolicy::Channel
+
+        next unless Rails.application.config.action_policy.channel_authorize_current_user
+
+        ActionCable::Channel::Base.authorize :user, through: :current_user
+      end
+    end
+  end
+end

data/lib/action_policy/rspec.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require "action_policy/rspec/be_authorized_to"

data/lib/action_policy/rspec/be_authorized_to.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+require "action_policy/testing"
+
+module ActionPolicy
+  module RSpec
+    # Authorization matcher `be_authorized_to`.
+    #
+    # Verifies that a block of code has been authorized using specific policy.
+    #
+    # Example:
+    #
+    #   # in controller/request specs
+    #   subject { patch :update, id: product.id }
+    #
+    #   it "is authorized" do
+    #     expect { subject }
+    #       .to be_authorized_to(:manage?, product)
+    #       .with(ProductPolicy)
+    #   end
+    #
+    class BeAuthorizedTo < ::RSpec::Matchers::BuiltIn::BaseMatcher
+      attr_reader :rule, :target, :policy, :actual_calls
+
+      def initialize(rule, target)
+        @rule = rule
+        @target = target
+      end
+
+      def with(policy)
+        @policy = policy
+        self
+      end
+
+      def match(_expected, actual)
+        raise "This matcher only supports block expectations" unless actual.is_a?(Proc)
+
+        @policy ||= ::ActionPolicy.lookup(target)
+
+        begin
+          ActionPolicy::Testing::AuthorizeTracker.tracking { actual.call }
+        rescue ActionPolicy::Unauthorized # rubocop: disable Lint/HandleExceptions
+          # we don't want to care about authorization result
+        end
+
+        @actual_calls = ActionPolicy::Testing::AuthorizeTracker.calls
+
+        actual_calls.any? { |call| call.matches?(policy, rule, target) }
+      end
+
+      def does_not_match?(*)
+        raise "This matcher doesn't support negation"
+      end
+
+      def supports_block_expectations?
+        true
+      end
+
+      def failure_message
+        "expected #{formatted_record} " \
+        "to be authorized with #{policy}##{rule}, " \
+        "but #{actual_calls_message}"
+      end
+
+      def actual_calls_message
+        if actual_calls.empty?
+          "no authorization calls have been made"
+        else
+          "the following calls were encountered:\n" \
+          "#{formatted_calls}"
+        end
+      end
+
+      def formatted_calls
+        actual_calls.map do |acall|
+          " - #{acall.inspect}"
+        end.join("\n")
+      end
+
+      def formatted_record(record = target)
+        ::RSpec::Support::ObjectFormatter.format(record)
+      end
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include(Module.new do
+    def be_authorized_to(rule, target)
+      ActionPolicy::RSpec::BeAuthorizedTo.new(rule, target)
+    end
+  end)
+end

data/lib/action_policy/rspec/pundit_syntax.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module RSpec
+    # Adds Pundit-style syntax for testing policies
+    module PunditSyntax # :nodoc: all
+      module Matchers
+        extend ::RSpec::Matchers::DSL
+
+        matcher :permit do |user, record|
+          match do |policy|
+            permissions.all? do |permission|
+              policy.new(record, user: user).apply(permission)
+            end
+          end
+        end
+      end
+
+      module DSL
+        def permissions(*list, &block)
+          describe list.to_sentence do
+            let(:permissions) { list }
+
+            instance_eval(&block)
+          end
+        end
+      end
+
+      module PolicyExampleGroup
+        include Matchers
+
+        def self.included(base)
+          base.metadata[:type] = :policy
+          base.extend DSL
+          super
+        end
+      end
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include(
+    ActionPolicy::RSpec::PunditSyntax::PolicyExampleGroup,
+    type: :policy,
+    example_group: { file_path: %r{spec/policies} }
+  )
+end

data/lib/action_policy/test_helper.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require "action_policy/testing"
+
+module ActionPolicy
+  # Provides assertions for policies usage
+  module TestHelper
+    # Asserts that the given policy was used to authorize the given target.
+    #
+    #   def test_authorize
+    #     assert_authorized_to(:show?, user, with: UserPolicy) do
+    #       get :show, id: user.id
+    #     end
+    #   end
+    #
+    # You can omit the policy (then it would be inferred from the target):
+    #
+    #     assert_authorized_to(:show?, user) do
+    #       get :show, id: user.id
+    #     end
+    #
+    # rubocop: disable Metrics/MethodLength
+    def assert_authorized_to(rule, target, with: nil)
+      raise ArgumentError, "Block is required" unless block_given?
+
+      policy = with || ::ActionPolicy.lookup(target)
+
+      begin
+        ActionPolicy::Testing::AuthorizeTracker.tracking { yield }
+      rescue ActionPolicy::Unauthorized # rubocop: disable Lint/HandleExceptions
+        # we don't want to care about authorization result
+      end
+
+      actual_calls = ActionPolicy::Testing::AuthorizeTracker.calls
+
+      assert(
+        actual_calls.any? { |call| call.matches?(policy, rule, target) },
+        "Expected #{target.inspect} to be authorized with #{policy}##{rule}, " \
+        "but no such authorization has been made.\n" \
+        "Registered authorizations: " \
+        "#{actual_calls.empty? ? 'none' : actual_calls.map(&:inspect).join(',')}"
+      )
+    end
+    # rubocop: enable Metrics/MethodLength
+  end
+end

data/lib/action_policy/testing.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  # Testing utils
+  module Testing
+    # Collects all Authorizer calls
+    module AuthorizeTracker
+      class Call # :nodoc:
+        attr_reader :policy, :rule
+
+        def initialize(policy, rule)
+          @policy = policy
+          @rule = rule
+        end
+
+        def matches?(policy_class, actual_rule, target)
+          policy_class == policy.class &&
+            target == policy.record &&
+            rule == actual_rule
+        end
+
+        def inspect
+          "#{policy.record.inspect} was authorized with #{policy.class}##{rule}"
+        end
+      end
+
+      class << self
+        # Wrap code under inspection into this method
+        # to track authorize! calls
+        def tracking
+          calls.clear
+          Thread.current[:__action_policy_tracking] = true
+          yield
+        ensure
+          Thread.current[:__action_policy_tracking] = false
+        end
+
+        # Called from Authorizer
+        def track(policy, rule)
+          return unless tracking?
+          calls << Call.new(policy, rule)
+        end
+
+        def calls
+          Thread.current[:__action_policy_calls] ||= []
+        end
+
+        def tracking?
+          Thread.current[:__action_policy_tracking] == true
+        end
+      end
+    end
+
+    # Extend authorizer to add tracking functionality
+    module AuthorizerExt
+      def call(*args)
+        AuthorizeTracker.track(*args)
+        super
+      end
+    end
+
+    ActionPolicy::Authorizer.singleton_class.prepend(AuthorizerExt)
+  end
+end

data/lib/action_policy/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module ActionPolicy
-  VERSION = "0.0.1"
+  VERSION = "0.1.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: action_policy
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.1.0
 platform: ruby
 authors:
 - Vladimir Dementyev
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-02-12 00:00:00.000000000 Z
+date: 2018-04-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -24,6 +24,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.15'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -39,20 +53,48 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '10.0'
 - !ruby/object:Gem::Dependency
-  name: minitest
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '3.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
-description: 'WIP: Authorization framework'
+        version: '3.3'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.51'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.51'
+- !ruby/object:Gem::Dependency
+  name: rubocop-md
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+description: Authorization framework for Ruby/Rails application
 email:
 - dementiev.vm@gmail.com
 executables: []
@@ -60,7 +102,9 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".rubocop.yml"
 - ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -68,7 +112,69 @@ files:
 - action_policy.gemspec
 - bin/console
 - bin/setup
+- docs/.nojekyll
+- docs/CNAME
+- docs/README.md
+- docs/_sidebar.md
+- docs/aliases.md
+- docs/assets/docsify.min.js
+- docs/assets/fonts/FiraCode-Medium.woff
+- docs/assets/fonts/FiraCode-Regular.woff
+- docs/assets/images/cache.png
+- docs/assets/images/cache.svg
+- docs/assets/images/layer.png
+- docs/assets/images/layer.svg
+- docs/assets/prism-ruby.min.js
+- docs/assets/styles.css
+- docs/assets/vue.min.css
+- docs/authorization_context.md
+- docs/caching.md
+- docs/custom_lookup_chain.md
+- docs/custom_policy.md
+- docs/favicon.ico
+- docs/i18n.md
+- docs/index.html
+- docs/instrumentation.md
+- docs/lookup_chain.md
+- docs/namespaces.md
+- docs/non_rails.md
+- docs/pre_checks.md
+- docs/quick_start.md
+- docs/rails.md
+- docs/reasons.md
+- docs/testing.md
+- docs/writing_policies.md
+- gemfiles/jruby.gemfile
+- gemfiles/rails42.gemfile
+- gemfiles/railsmaster.gemfile
 - lib/action_policy.rb
+- lib/action_policy/authorizer.rb
+- lib/action_policy/base.rb
+- lib/action_policy/behaviour.rb
+- lib/action_policy/behaviours/memoized.rb
+- lib/action_policy/behaviours/namespaced.rb
+- lib/action_policy/behaviours/policy_for.rb
+- lib/action_policy/behaviours/thread_memoized.rb
+- lib/action_policy/ext/module_namespace.rb
+- lib/action_policy/ext/policy_cache_key.rb
+- lib/action_policy/ext/string_constantize.rb
+- lib/action_policy/lookup_chain.rb
+- lib/action_policy/policy/aliases.rb
+- lib/action_policy/policy/authorization.rb
+- lib/action_policy/policy/cache.rb
+- lib/action_policy/policy/cached_apply.rb
+- lib/action_policy/policy/core.rb
+- lib/action_policy/policy/defaults.rb
+- lib/action_policy/policy/pre_check.rb
+- lib/action_policy/policy/reasons.rb
+- lib/action_policy/rails/channel.rb
+- lib/action_policy/rails/controller.rb
+- lib/action_policy/railtie.rb
+- lib/action_policy/rspec.rb
+- lib/action_policy/rspec/be_authorized_to.rb
+- lib/action_policy/rspec/pundit_syntax.rb
+- lib/action_policy/test_helper.rb
+- lib/action_policy/testing.rb
 - lib/action_policy/version.rb
 homepage: https://github.com/palkan/action-policy
 licenses:
@@ -82,7 +188,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.3.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -90,8 +196,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.13
+rubygems_version: 2.7.4
 signing_key: 
 specification_version: 4
-summary: 'WIP: Authorization framework'
+summary: Authorization framework for Ruby/Rails application
 test_files: []