action_policy 0.2.4 → 0.3.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 01a2dfdc255ba25c36b8054db9d56372ffb2a47137dd412568a6d3c9f2f2c81a
-  data.tar.gz: 27f0e25159c6a5d5bca89a238e8342dcdc852d24a2f9129365de455ccb859690
+  metadata.gz: 3f655148e9920ff5afe7b4fdcd52fb15475dc72e84e46545820769b2d68b9f48
+  data.tar.gz: a4fd3da807acc43638357557f8df80745b14033d7f7183a5f7e5468f4df7fc51
 SHA512:
-  metadata.gz: 682229b71f8de1c7828028d7731cc7fead59c86ad82285ae6989d1df476a402bc8f5f6984799e7b9dacb83e867bb5ad0688bc91d943045b116c005b35ccf0b47
-  data.tar.gz: 2fe558adf815be0c32a9b683470ff95f75b3f3fe431aa959c3c60420f8faa2e28de3d390b20b19eb007cc86c999540d86b3491fdf94861a2a41cb98dc251bca5
+  metadata.gz: eadd511dc2a0d912ded1b35af655896210fbade0e18923d0e42261e7ee3db4bc68773b3c9acc90c9cb0a3e54e4dcec601800aedf5c52d2d7a3615edc18b26c44
+  data.tar.gz: c9e1ef737e1f3b764ec5d0a94585a5f80ed7c5f180c42e3ff7053ada2c1578d9b2bf6d8572199dca57dac330918b98e7aea4be032a9b2d6febf0ff96441c2eda

data/.rubocop.yml

@@ -1,32 +1,44 @@
 require:
+  - standard/cop/semantic_blocks
   - rubocop-md
 
+inherit_gem:
+  standard: config/base.yml
+
 AllCops:
-  Include:
-    - 'lib/**/*.rb'
-    - 'lib/**/*.rake'
-    - 'test/**/*.rb'
   Exclude:
-    - 'bin/**/*'
-    - 'gemfiles/**/*'
-    - 'vendor/**/*'
+    - 'bin/*'
     - 'tmp/**/*'
+    - 'Gemfile'
+    - 'vendor/**/*'
+    - 'gemfiles/**/*'
   DisplayCopNames: true
-  StyleGuideCopsOnly: false
-  TargetRubyVersion: 2.3
+  TargetRubyVersion: 2.4s
 
-Rails:
+Standard/SemanticBlocks:
   Enabled: false
 
-Bundler/OrderedGems:
-  Enabled: false
+Style/FrozenStringLiteralComment:
+  Enabled: true
+
+Style/TrailingCommaInArrayLiteral:
+  EnforcedStyleForMultiline: no_comma
+
+Style/TrailingCommaInHashLiteral:
+  EnforcedStyleForMultiline: no_comma
+
+Layout/AlignParameters:
+  EnforcedStyle: with_first_parameter
 
 Lint/Void:
   Exclude:
     - '**/*.md'
 
-Lint/SplatKeywordArguments:
-  Enabled: false
+# See https://github.com/rubocop-hq/rubocop/issues/4222
+Lint/AmbiguousBlockAssociation:
+  Exclude:
+    - 'spec/**/*'
+    - '**/*.md'
 
 Lint/DuplicateMethods:
   Exclude:
@@ -34,58 +46,8 @@ Lint/DuplicateMethods:
 
 Naming/FileName:
   Exclude:
-   - 'Rakefile'
-   - 'Gemfile'
    - '**/*.md'
 
 Layout/InitialIndentation:
   Exclude:
     - 'CHANGELOG.md'
-
-Naming/UncommunicativeMethodParamName:
-  Enabled: false
-
-Naming/VariableNumber:
-  Exclude:
-    - 'test/**/*.rb'
-
-Style/SymbolArray:
-  Enabled: false
-
-Style/Documentation:
-  Exclude:
-    - 'test/**/*.rb'
-    - '**/*.md'
-
-Style/StringLiterals:
-  EnforcedStyle: double_quotes
-
-Style/RegexpLiteral:
-  Enabled: false
-
-Style/NumericPredicate:
-  Enabled: false
-
-Style/Lambda:
-  Enabled: false
-
-Layout/SpaceInsideStringInterpolation:
-  EnforcedStyle: no_space
-
-Lint/AmbiguousRegexpLiteral:
-  Enabled: false
-
-Metrics/LineLength:
-  Max: 100
-
-Metrics/AbcSize:
-  Exclude:
-    - 'test/**/*.rb'
-
-Metrics/BlockLength:
-  Exclude:
-    - 'spec/**/*.rb'
-
-Metrics/MethodLength:
-  Exclude:
-    - 'test/**/*.rb'

data/.travis.yml

@@ -1,28 +1,31 @@
 sudo: false
 language: ruby
-rvm:
-  - 2.5.0
-
+cache: bundler
 notifications:
   email: false
 
+before_install:
+  - gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
+  - gem install bundler -v '< 2'
+
+script:
+  - bundle exec rake test:ci
+
 matrix:
   fast_finish: true
   include:
     - rvm: ruby-head
       gemfile: gemfiles/railsmaster.gemfile
-    - rvm: jruby-9.2.0.0
+    - rvm: jruby-9.2.5.0
       gemfile: gemfiles/jruby.gemfile
-    - rvm: 2.5.1
+    - rvm: 2.6.0
+      gemfile: gemfiles/rails6.gemfile
+    - rvm: 2.5.3
       gemfile: Gemfile
-    - rvm: 2.5.1
-      gemfile: gemfiles/rails42.gemfile
     - rvm: 2.4.3
-      gemfile: Gemfile
-    - rvm: 2.3.1
       gemfile: gemfiles/rails42.gemfile
   allow_failures:
     - rvm: ruby-head
       gemfile: gemfiles/railsmaster.gemfile
-    - rvm: jruby-9.2.0.0
+    - rvm: jruby-9.2.5.0
       gemfile: gemfiles/jruby.gemfile

data/CHANGELOG.md

@@ -1,5 +1,218 @@
 ## master
 
+## 0.3.0.beta1 (2019-03-30)
+
+- Added ActiveSupport-based instrumentation. ([@palkan][])
+
+  See [PR#4](https://github.com/palkan/action_policy/pull/4)
+
+- Allow passing authorization context explicitly. ([@palkan][])
+
+  Closes [#3](https://github.com/palkan/action_policy/issues/3).
+
+  Now it's possible to override implicit authorization context
+  via `context` option:
+
+  ```ruby
+  authorize! target, to: :show?, context: {user: another_user}
+  authorized_scope User.all, context: {user: another_user}
+  ```
+
+- Renamed `#authorized` to `#authorized_scope`. ([@palkan][])
+
+  **NOTE:** `#authorized` alias is also available.
+
+- Added `Policy#pp(rule)` method to print annotated rule source code. ([@palkan][])
+
+  Example (debugging):
+
+  ```ruby
+  def edit?
+    binding.pry # rubocop:disable Lint/Debugger
+    (user.name == "John") && (admin? || access_feed?)
+  end
+  ```
+
+  ```sh
+  pry> pp :edit?
+  MyPolicy#edit?
+  ↳ (
+      user.name == "John" #=> false
+    )
+    AND
+    (
+      admin? #=> false
+      OR
+      access_feed? #=> true
+    )
+  )
+  ```
+
+  See [PR#63](https://github.com/palkan/action_policy/pull/63)
+
+- Added ability to provide additional failure reasons details. ([@palkan][])
+
+  Example:
+
+  ```ruby
+  class ApplicantPolicy < ApplicationPolicy
+    def show?
+      allowed_to?(:show?, object.stage)
+    end
+  end
+
+  class StagePolicy < ApplicationPolicy
+    def show?
+      # Add stage title to the failure reason (if any)
+      # (could be used by client to show more descriptive message)
+      details[:title] = record.title
+      # then perform the checks
+      user.stages.where(id: record.id).exists?
+    end
+  end
+
+  # when accessing the reasons
+  p ex.result.reasons.details #=> { stage: [{show?: {title: "Onboarding"}] }
+  ```
+
+  See https://github.com/palkan/action_policy/pull/58
+
+- Ruby 2.4+ is required. ([@palkan][])
+
+- Added RSpec DSL for writing policy specs. ([@palkan])
+
+  The goal of this DSL is to reduce the boilerplate when writing
+  policies specs.
+
+  Example:
+
+  ```ruby
+  describe PostPolicy do
+    let(:user) { build_stubbed :user }
+    let(:record) { build_stubbed :post, draft: false }
+
+    let(:context) { {user: user} }
+
+    describe_rule :show? do
+      succeed "when post is published"
+
+      failed "when post is draft" do
+        before { post.draft = false }
+
+        succeed "when user is a manager" do
+          before { user.role = "manager" }
+        end
+      end
+    end
+  end
+  ```
+
+- Added I18n support ([@DmitryTsepelev][])
+
+  Example:
+
+  ```ruby
+  class ApplicationController < ActionController::Base
+    rescue_from ActionPolicy::Unauthorized do |ex|
+      p ex.result.message #=> "You do not have access to the stage"
+      p ex.result.reasons.full_messages #=> ["You do not have access to the stage"]
+    end
+  end
+  ```
+
+- Added scope options to scopes. ([@korolvs][])
+
+  See [#47](https://github.com/palkan/action_policy/pull/47).
+
+  Example:
+  ```ruby
+  # users_controller.rb
+  class UsersController < ApplicationController
+    def index
+      @user = authorized(User.all, scope_options: {with_deleted: true})
+    end
+  end
+
+  # user_policy.rb
+  describe UserPolicy < Application do
+    relation_scope do |relation, with_deleted: false|
+      rel = some_logic(relation)
+      with_deleted ? rel.with_deleted : rel
+    end
+  end
+  ```
+
+- Added Symbol lookup to the lookup chain ([@DmitryTsepelev][])
+
+  For instance, lookup will implicitly use `AdminPolicy` in a following case:
+
+  ```ruby
+  # admin_controller.rb
+  class AdminController < ApplicationController
+    authorize! :admin, to: :update_settings
+  end
+  ```
+
+- Added testing for scopes. ([@palkan][])
+
+  Example:
+
+  ```ruby
+  # users_controller.rb
+  class UsersController < ApplicationController
+    def index
+      @user = authorized(User.all)
+    end
+  end
+
+  # users_controller_spec.rb
+  describe UsersController do
+    subject { get :index }
+    it "has authorized scope" do
+      expect { subject }.to have_authorized_scope(:active_record_relation)
+        .with(PostPolicy)
+    end
+  end
+  ```
+
+- Added scoping support. ([@palkan][])
+
+  See [#5](https://github.com/palkan/action_policy/issues/5).
+
+  By "scoping" we mean an ability to use policies to _scope data_.
+
+  For example, when you want to _scope_ Active Record collections depending
+  on the current user permissions:
+
+  ```ruby
+  class PostsController < ApplicationController
+    def index
+      @posts = authorized(Post.all)
+    end
+  end
+
+  class PostPolicy < ApplicationPolicy
+    relation_scope do |relation|
+      next relation if user.admin?
+      relation.where(user: user)
+    end
+  end
+  ```
+
+  Action Policy provides a flexible mechanism to apply scopes to anything you want.
+
+  Read more in [docs](https://actionpolicy.evilmartians.io/).
+
+- Added `#implicit_authorization_target`. ([@palkan][]).
+
+  See [#35](https://github.com/palkan/action_policy/issues/35).
+
+  Implicit authorization target (defined by `implicit_authorization_target`) is used when no target specified for `authorize!` call.
+
+  For example, for Rails controllers integration it's just `controller_name.classify.safe_constantize`.
+
+- Consider `record#policy_name` when looking up for a policy class. ([@palkan][])
+
 ## 0.2.4 (2018-09-06)
 
 - [Fix [#39](https://github.com/palkan/action_policy/issues/39)] Fix configuring cache store in Rails. ([@palkan][])
@@ -24,7 +237,7 @@
 
   It could be disabled by setting `ActionPolicy::LookupChain.namespace_cache_enabled = false`. It's enabled by default unless `RACK_ENV` env var is specified and is not equal to `"production"` (e.g. when `RACK_ENV=test` the cache is disabled).
 
-  When using Rails it's enabled only in production mode but could be configured through setting the `config.config.action_policy.namespace_cache_enabled` parameter.
+  When using Rails it's enabled only in production mode but could be configured through setting the `config.action_policy.namespace_cache_enabled` parameter.
 
 - [Fix [#18](https://github.com/palkan/action_policy/issues/18)] Clarify documentation around, and fix the way `resolve_rule` resolves rules and rule aliases when subclasses are involved. ([@brendon][])
 
@@ -86,3 +299,5 @@
 [@palkan]: https://github.com/palkan
 [@ilyasgaraev]: https://github.com/ilyasgaraev
 [@brendon]: https://github.com/brendon
+[@DmitryTsepelev]: https://github.com/DmitryTsepelev
+[@korolvs]: https://github.com/korolvs

data/Gemfile

@@ -6,6 +6,13 @@ gemspec
 
 gem "pry-byebug", platform: :mri
 
+gem "method_source"
+gem "unparser"
+
+gem 'sqlite3', "~> 1.3.0", platform: :mri
+gem 'activerecord-jdbcsqlite3-adapter', '~> 50.0', platform: :jruby
+gem 'jdbc-sqlite3', platform: :jruby
+
 local_gemfile = File.join(__dir__, "Gemfile.local")
 
 if File.exist?(local_gemfile)

data/LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2018 Vladimir Dementyev
+Copyright (c) 2018-2019 Vladimir Dementyev
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/Rakefile

@@ -15,4 +15,14 @@ Rake::TestTask.new(:test) do |t|
   t.test_files = FileList["test/**/*_test.rb"]
 end
 
+namespace :test do
+  task :isolated do
+    Dir.glob("test/**/*_test.rb").all? do |file|
+      sh(Gem.ruby, "-w", "-Ilib:test", file)
+    end || raise("Failures")
+  end
+
+  task ci: %w[rubocop test:isolated spec]
+end
+
 task default: [:rubocop, :test, :spec]

data/action_policy.gemspec

@@ -21,13 +21,15 @@ Gem::Specification.new do |spec|
 
   spec.require_paths = ["lib"]
 
-  spec.required_ruby_version = ">= 2.3.0"
+  spec.required_ruby_version = ">= 2.4.0"
 
-  spec.add_development_dependency "bundler", "~> 1.15"
+  spec.add_development_dependency "bundler", ">= 1.15"
   spec.add_development_dependency "minitest", "~> 5.0"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "rspec", "~> 3.3"
-  spec.add_development_dependency "rubocop", "~> 0.56.0"
+  spec.add_development_dependency "rubocop", "~> 0.65.0"
   spec.add_development_dependency "rubocop-md", "~> 0.2"
+  spec.add_development_dependency "standard", "~> 0.0.36"
   spec.add_development_dependency "benchmark-ips", "~> 2.7.0"
+  spec.add_development_dependency "i18n"
 end