action_policy 0.2.4 → 0.3.0.beta1

data/lib/action_policy/behaviours/policy_for.rb

@@ -5,10 +5,10 @@ module ActionPolicy
     # Adds `policy_for` method
     module PolicyFor
       # Returns policy instance for the record.
-      def policy_for(record:, with: nil, namespace: nil)
+      def policy_for(record:, with: nil, namespace: nil, context: nil, **options)
         namespace ||= authorization_namespace
-        policy_class = with || ::ActionPolicy.lookup(record, namespace: namespace)
-        policy_class.new(record, authorization_context)
+        policy_class = with || ::ActionPolicy.lookup(record, namespace: namespace, **options)
+        policy_class&.new(record, authorization_context.tap { |ctx| ctx.merge!(context) if context })
       end
 
       def authorization_context
@@ -18,6 +18,15 @@ module ActionPolicy
       def authorization_namespace
         # override to provide specific authorization namespace
       end
+
+      # Override this method to provide implicit authorization target
+      # that would be used in case `record` is not specified in
+      # `authorize!` and `allowed_to?` call.
+      #
+      # It is also used to infer a policy for scoping (in `authorized_scope` method).
+      def implicit_authorization_target
+        # no-op
+      end
     end
   end
 end

data/lib/action_policy/behaviours/scoping.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Behaviours
+    # Adds `authorized_scop` method to behaviour
+    module Scoping
+      # Apply scope to the target of the specified type.
+      #
+      # NOTE: policy lookup consists of the following steps:
+      #   - first, check whether `with` option is present
+      #   - secondly, try to infer policy class from `target` (non-raising lookup)
+      #   - use `implicit_authorization_target` if none of the above works.
+      def authorized_scope(target, type: nil, as: :default, scope_options: nil, **options)
+        policy = policy_for(record: target, allow_nil: true, **options)
+        policy ||= policy_for(record: implicit_authorization_target, **options)
+
+        type ||= authorization_scope_type_for(policy, target)
+
+        Authorizer.scopify(target, policy, type: type, name: as, scope_options: scope_options)
+      end
+
+      # For backward compatibility
+      alias authorized authorized_scope
+
+      # Infer scope type for target if none provided.
+      # Raises an exception if type couldn't be inferred.
+      def authorization_scope_type_for(policy, target)
+        policy.resolve_scope_type(target)
+      end
+    end
+  end
+end

data/lib/action_policy/behaviours/thread_memoized.rb

@@ -54,7 +54,7 @@ module ActionPolicy
         end
       end
 
-      def __policy_thread_memoize__(record, with: nil, namespace: nil)
+      def __policy_thread_memoize__(record, with: nil, namespace: nil, **_opts)
         record_key = record._policy_cache_key(use_object_id: true)
         cache_key = "#{namespace}/#{with}/#{record_key}"
 

data/lib/action_policy/ext/hash_transform_keys.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Ext
+    # Add transform_keys to Hash for older Rubys
+    module HashTransformKeys
+      refine Hash do
+        def transform_keys
+          return enum_for(:transform_keys) { size } unless block_given?
+          result = {}
+          each_key do |key|
+            result[yield(key)] = self[key]
+          end
+          result
+        end
+      end
+    end
+  end
+end

data/lib/action_policy/ext/module_namespace.rb

@@ -16,7 +16,7 @@ module ActionPolicy
 
       module Ext
         def namespace
-          return unless name.match?(/[^^]::/)
+          return unless name&.match?(/[^^]::/)
 
           name.sub(/::[^:]+$/, "").safe_constantize
         end

data/lib/action_policy/ext/policy_cache_key.rb

@@ -23,6 +23,7 @@ module ActionPolicy
 
       # JRuby doesn't support _global_ modules refinements (see https://github.com/jruby/jruby/issues/5220)
       # Fallback to monkey-patching.
+      # TODO: remove after 9.2.7.0 (See https://github.com/jruby/jruby/pull/5627)
       ::Object.include(ObjectExt) if RUBY_PLATFORM =~ /java/i
 
       refine Object do
@@ -59,7 +60,7 @@ module ActionPolicy
         end
       end
 
-      if RUBY_PLATFORM =~ /java/i
+      if RUBY_PLATFORM.match?(/java/i)
         refine Integer do
           def _policy_cache_key(*)
             to_s

data/lib/action_policy/ext/proc_case_eq.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Ext
+    # Add #=== to Proc
+    module ProcCaseEq
+      refine Proc do
+        def ===(other)
+          call(other) == true
+        end
+      end
+    end
+  end
+end

data/lib/action_policy/ext/string_constantize.rb

@@ -14,6 +14,7 @@ module ActionPolicy
           names.shift if names.size > 1 && names.first.empty?
 
           names.inject(Object) do |constant, name|
+            break if constant.nil?
             constant.const_get(name, false) if constant.const_defined?(name, false)
           end
         end

data/lib/action_policy/ext/symbol_classify.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Ext
+    # Add `classify` to Symbol
+    module SymbolClassify
+      refine Symbol do
+        if "".respond_to?(:classify)
+          def classify
+            to_s.classify
+          end
+        else
+          def classify
+            word = to_s.capitalize
+            word.gsub!(/(?:_)([a-z\d]*)/) { $1.capitalize }
+            word
+          end
+        end
+      end
+    end
+  end
+end

data/lib/action_policy/i18n.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module I18n # :nodoc:
+    DEFAULT_UNAUTHORIZED_MESSAGE = "You are not authorized to perform this action"
+
+    class << self
+      def full_message(policy_class, rule, details = nil)
+        candidates = candidates_for(policy_class, rule)
+
+        options = {scope: :action_policy}
+        options.merge!(details) unless details.nil?
+
+        ::I18n.t(
+          candidates.shift,
+          default: candidates,
+          **options
+        )
+      end
+
+      private
+
+      def candidates_for(policy_class, rule)
+        policy_hierarchy = policy_class.ancestors.select { |klass| klass.respond_to?(:identifier) }
+        [
+          *policy_hierarchy.map { |klass| :"policy.#{klass.identifier}.#{rule}" },
+          :"policy.#{rule}",
+          :unauthorized,
+          DEFAULT_UNAUTHORIZED_MESSAGE
+        ]
+      end
+    end
+
+    ActionPolicy::Policy::FailureReasons.prepend(Module.new do
+      def full_messages
+        reasons.flat_map do |policy_klass, rules|
+          rules.flat_map do |rule|
+            if rule.is_a?(::Hash)
+              rule.map do |key, details|
+                ActionPolicy::I18n.full_message(policy_klass, key, details)
+              end
+            else
+              ActionPolicy::I18n.full_message(policy_klass, rule)
+            end
+          end
+        end
+      end
+    end)
+
+    ActionPolicy::Policy::ExecutionResult.prepend(Module.new do
+      def message
+        ActionPolicy::I18n.full_message(policy, rule, details)
+      end
+    end)
+  end
+end

data/lib/action_policy/lookup_chain.rb

@@ -12,6 +12,9 @@ module ActionPolicy
       using ActionPolicy::Ext::StringConstantize
     end
 
+    require "action_policy/ext/symbol_classify"
+    using ActionPolicy::Ext::SymbolClassify
+
     require "action_policy/ext/module_namespace"
     using ActionPolicy::Ext::ModuleNamespace
 
@@ -50,8 +53,7 @@ module ActionPolicy
 
       private
 
-      def lookup_within_namespace(record, namespace)
-        policy_name = policy_class_name_for(record)
+      def lookup_within_namespace(policy_name, namespace)
         NamespaceCache.fetch(namespace.name, policy_name) do
           mod = namespace
 
@@ -68,6 +70,8 @@ module ActionPolicy
       end
 
       def policy_class_name_for(record)
+        return record.policy_name.to_s if record.respond_to?(:policy_name)
+
         record_class = record.is_a?(Module) ? record : record.class
 
         if record_class.respond_to?(:policy_name)
@@ -97,7 +101,8 @@ module ActionPolicy
     NAMESPACE_LOOKUP = ->(record, namespace: nil, **) {
       next if namespace.nil?
 
-      lookup_within_namespace(record, namespace)
+      policy_name = policy_class_name_for(record)
+      lookup_within_namespace(policy_name, namespace)
     }
 
     # Infer from class name
@@ -105,7 +110,20 @@ module ActionPolicy
       policy_class_name_for(record).safe_constantize
     }
 
+    # Infer from passed symbol
+    SYMBOL_LOOKUP = ->(record, namespace: nil, **) {
+      next unless record.is_a?(Symbol)
+
+      policy_name = "#{record.classify}Policy"
+      if namespace.nil?
+        policy_name.safe_constantize
+      else
+        lookup_within_namespace(policy_name, namespace)
+      end
+    }
+
     self.chain = [
+      SYMBOL_LOOKUP,
       INSTANCE_POLICY_CLASS,
       CLASS_POLICY_CLASS,
       NAMESPACE_LOOKUP,

data/lib/action_policy/policy/cache.rb

@@ -4,12 +4,15 @@ require "action_policy/version"
 
 module ActionPolicy # :nodoc:
   # By default cache namespace (or prefix) contains major and minor version of the gem
-  CACHE_NAMESPACE = "acp:#{ActionPolicy::VERSION.split('.').take(2).join('.')}"
+  CACHE_NAMESPACE = "acp:#{ActionPolicy::VERSION.split(".").take(2).join(".")}"
 
   require "action_policy/ext/yield_self_then"
   require "action_policy/ext/policy_cache_key"
 
-  using ActionPolicy::Ext::YieldSelfThen
+  unless "".respond_to?(:then)
+    require "action_policy/ext/yield_self_then"
+    using ActionPolicy::Ext::YieldSelfThen
+  end
   using ActionPolicy::Ext::PolicyCacheKey
 
   module Policy
@@ -36,24 +39,25 @@ module ActionPolicy # :nodoc:
         authorization_context.map { |_k, v| v._policy_cache_key.to_s }.join("/")
       end
 
-      # rubocop: disable Metrics/AbcSize
       def apply_with_cache(rule)
         options = self.class.cached_rules.fetch(rule)
         key = cache_key(rule)
 
         ActionPolicy.cache_store.then do |store|
           @result = store.read(key)
-          next result.value unless result.nil?
+          unless result.nil?
+            result.cached!
+            next result.value
+          end
           yield
           store.write(key, result, options)
           result.value
         end
       end
-      # rubocop: enable Metrics/AbcSize
 
       def apply(rule)
         return super if ActionPolicy.cache_store.nil? ||
-                        !self.class.cached_rules.key?(rule)
+          !self.class.cached_rules.key?(rule)
 
         apply_with_cache(rule) { super }
       end

data/lib/action_policy/policy/core.rb

@@ -2,6 +2,8 @@
 
 require "action_policy/behaviours/policy_for"
 require "action_policy/policy/execution_result"
+require "action_policy/utils/suggest_message"
+require "action_policy/utils/pretty_print"
 
 unless "".respond_to?(:underscore)
   require "action_policy/ext/string_underscore"
@@ -12,26 +14,16 @@ module ActionPolicy
   # Raised when `resolve_rule` failed to find an approriate
   # policy rule method for the activity
   class UnknownRule < Error
+    include ActionPolicy::SuggestMessage
+
     attr_reader :policy, :rule, :message
 
     def initialize(policy, rule)
       @policy = policy.class
       @rule = rule
-      @message = "Couldn't find rule '#{@rule}' for #{@policy}#{suggest(policy, rule)}"
-    end
-
-    if defined?(::DidYouMean::SpellChecker)
-      def suggest(policy, error)
-        suggestion = ::DidYouMean::SpellChecker.new(
-          dictionary: policy.public_methods
-        ).correct(error).first
-
-        suggestion ? "\nDid you mean? #{suggestion}" : ""
-      end
-    else
-      def suggest(*)
-        ""
-      end
+      @message =
+        "Couldn't find rule '#{@rule}' for #{@policy}" \
+        "#{suggest(@rule, @policy.instance_methods - Object.instance_methods)}"
     end
   end
 
@@ -73,7 +65,7 @@ module ActionPolicy
 
       attr_reader :record, :result
 
-      def initialize(record = nil)
+      def initialize(record = nil, **_opts)
         @record = record
       end
 
@@ -94,10 +86,10 @@ module ActionPolicy
 
       # Wrap code that could modify result
       # to prevent the current result modification
-      def with_clean_result
+      def with_clean_result # :nodoc:
         was_result = @result
-        res = yield
-        @result = was_result
+        yield
+        res, @result = @result, was_result
         res
       end
 
@@ -129,6 +121,26 @@ module ActionPolicy
           respond_to?(activity)
         activity
       end
+
+      # Return annotated source code for the rule
+      # NOTE: require "method_source" and "unparser" gems to be installed.
+      # Otherwise returns empty string.
+      def inspect_rule(rule)
+        PrettyPrint.print_method(self, rule)
+      end
+
+      # Helper for printing the annotated rule source.
+      # Useful for debugging: type `pp :show?` within the context of the policy
+      # to preview the rule.
+      def pp(rule)
+        with_clean_result do
+          # We need result to exist for `allowed_to?` to work correctly
+          @result = self.class.result_class.new(self.class, rule)
+          header = "#{self.class.name}##{rule}"
+          source = inspect_rule(rule)
+          $stdout.puts "#{header}\n#{source}"
+        end
+      end
     end
   end
 end

data/lib/action_policy/policy/execution_result.rb

@@ -26,6 +26,18 @@ module ActionPolicy
       def fail?
         @value == false
       end
+
+      def cached!
+        @cached = true
+      end
+
+      def cached?
+        @cached == true
+      end
+
+      def inspect
+        "<#{policy}##{rule}: #{@value}>"
+      end
     end
   end
 end

data/lib/action_policy/policy/pre_check.rb

@@ -88,8 +88,6 @@ module ActionPolicy
           end
         end
 
-        # rubocop: disable Metrics/AbcSize, Metrics/CyclomaticComplexity
-        # rubocop: disable Metrics/PerceivedComplexity, Metrics/MethodLength
         def skip!(except: nil, only: nil)
           if !except.nil? && !only.nil?
             raise ArgumentError,
@@ -114,8 +112,8 @@ module ActionPolicy
 
           rebuild_filter
         end
-        # rubocop: enable Metrics/AbcSize, Metrics/CyclomaticComplexity
-        # rubocop: enable Metrics/PerceivedComplexity, Metrics/MethodLength
+        # rubocop: enable
+        # rubocop: enable
 
         def dup
           self.class.new(policy_class, name, except: blacklist&.dup, only: whitelist&.dup)
@@ -174,7 +172,6 @@ module ActionPolicy
           end
         end
 
-        # rubocop: disable Metrics/AbcSize
         def skip_pre_check(*names, **options)
           names.each do |name|
             check = pre_checks.find { |c| c.name == name }
@@ -187,7 +184,6 @@ module ActionPolicy
             pre_checks[pre_checks.index(check)] = check.dup.tap { |c| c.skip! options }
           end
         end
-        # rubocop: enable Metrics/AbcSize
 
         def pre_checks
           return @pre_checks if instance_variable_defined?(:@pre_checks)