action_policy 0.3.2 → 0.3.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 998666ad64277112c6ddc44e6db9e0aa81b6bbf32994fb675797bcd8e1f9ca70
-  data.tar.gz: 5a35c722589841c6b41d6efd1735abe63833db03b9a7aec23e798648a97c5470
+  metadata.gz: 782d6e62c1723d8aa9b128cf054d90ace4a52a65467db205a079f898a9e068a8
+  data.tar.gz: e581bec4f5a7aaa782229f85aa34d09d7ed27eb19c870dcc9d3982c3271205d8
 SHA512:
-  metadata.gz: 03a5594069a5947566708f3b3ad419d79be8931d38c25195f754d1474fa9b2f3bcf5e0f9e520a828d56c1fcfac762929ae4fdcf852c657f4b6bec973c0559e0b
-  data.tar.gz: e41e88d916fdf0832e7b03cdadcf7f6c1a4814c45e6ca76e12094bbcb03a6ea54146a0e676d079a0813caff31f54c3dfe90d0e917ade8c4261e17ec4d55a4221
+  metadata.gz: 8178fe440e7b7b8f1b60a858e503ad65e37eaa3157dca0f48b772a626704f66763392d60a2f18758d9e903d19e687f292c0b261f5c531d81693ee5e1df38472c
+  data.tar.gz: 8126f417658773d0deeca4d927881d8a9bf504853d89d58d1d43dd07d6f1328bc355b81bd9f12e7742ce753d20d6c17caf07a0ce2f4fd6df50e2fb0bb70ca034

data/.gitignore

@@ -8,3 +8,8 @@
 /spec/reports/
 /tmp/
 Gemfile.local
+
+spec/dummy/log/*
+spec/dummy/db/*.sqlite3
+spec/dummy/db/*.sqlite3-journal
+spec/dummy/tmp/

data/.rubocop.yml

@@ -12,6 +12,7 @@ AllCops:
     - 'Gemfile'
     - 'vendor/**/*'
     - 'gemfiles/**/*'
+    - 'lib/generators/**/templates/**/*'
   DisplayCopNames: true
   TargetRubyVersion: 2.4
 

data/CHANGELOG.md

@@ -1,5 +1,29 @@
 ## master
 
+## 0.3.3 (2019-11-27)
+
+- Improve pretty print functionality. ([@palkan][])
+
+  Colorize true/false values.
+  Handle multiline expressions and debug statements (i.e., `binding.pry`).
+
+- Add Rails generators. ([@nicolas-brousse][])
+
+  Adds `action_policy:install` and `action_policy:policy MODEL` Rails generators.
+
+- Optional authorization target. ([@somenugget][])
+
+  Allows making authorization context optional:
+
+  ```ruby
+  class OptionalRolePolicy < ActionPolicy::Base
+    authorize :role, optional: true
+  end
+
+  policy = OptionalRolePolicy.new
+  policy.role #=> nil
+  ```
+
 ## 0.3.2 (2019-05-26) 👶
 
 - Fixed thread-safety issues with scoping configs. ([@palkan][])
@@ -313,3 +337,5 @@
 [@brendon]: https://github.com/brendon
 [@DmitryTsepelev]: https://github.com/DmitryTsepelev
 [@korolvs]: https://github.com/korolvs
+[@nicolas-brousse]: https://github.com/nicolas-brousse
+[@somenugget]: https://github.com/somenugget

data/README.md

@@ -47,6 +47,8 @@ class ApplicationPolicy < ActionPolicy::Base
 end
 ```
 
+This may be done with `rails generate action_policy:install` generator.
+
 Then write a policy for a resource. For example:
 
 ```ruby
@@ -64,6 +66,8 @@ class PostPolicy < ApplicationPolicy
 end
 ```
 
+This may be done with `rails generate action_policy:policy Post` generator.
+
 Now you can easily add authorization to your Rails\* controller:
 
 ```ruby

data/action_policy.gemspec

@@ -31,6 +31,7 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = ">= 2.4.0"
 
+  spec.add_development_dependency "ammeter", "~> 1.1.3"
   spec.add_development_dependency "bundler", ">= 1.15"
   spec.add_development_dependency "minitest", "~> 5.0"
   spec.add_development_dependency "rake", "~> 10.0"

data/docs/authorization_context.md

@@ -19,6 +19,7 @@ end
 Now you must provide `account` during policy initialization. When authorization key is missing or equals to `nil`, `ActionPolicy::AuthorizationContextMissing` error is raised.
 
 **NOTE:** if you want to allow passing `nil` as `account` value, you must add `allow_nil: true` option to `authorize`.
+If you want to be able not to pass `account` at all, you must add `optional: true`
 
 To do that automatically in your `authorize!` and `allowed_to?` calls, you must also configure authorization context. For example, in your controller:
 

data/docs/graphql.md

@@ -1,15 +1,15 @@
 # GraphQL integration
 
-You can use Action Policy as an authorization library for you [GraphQL Ruby](https://graphql-ruby.org/) application via the [`action_policy-graphql` gem](https://github.com/palkan/action_policy-graphql).
+You can use Action Policy as an authorization library for your [GraphQL Ruby](https://graphql-ruby.org/) application via the [`action_policy-graphql` gem](https://github.com/palkan/action_policy-graphql).
 
 This integration provides the following features:
 - Fields & mutations authorization
 - List and connections scoping
-- [**Exposing permissions/authorization rules in the API**](https://dev.to/evilmartians/exposing-permissions-in-graphql-apis-with-action-policy-1mfh).
+- [**Exposing permissions/authorization rules in the API**](https://evilmartians.com/chronicles/exposing-permissions-in-graphql-apis-with-action-policy).
 
 ## Getting Started
 
-First, add `action_policy-graphql` gem to your Gemfile (see [installation instructions](https://github.com/palkan/action_policy-graphql#installation)).
+First, add the `action_policy-graphql` gem to your Gemfile (see [installation instructions](https://github.com/palkan/action_policy-graphql#installation)).
 
 Then, include `ActionPolicy::GraphQL::Behaviour` to your base type (or any other type/mutation where you want to use authorization features):
 
@@ -23,11 +23,16 @@ end
 class Types::BaseMutation < GraphQL::Schema::Mutation
   include ActionPolicy::GraphQL::Behaviour
 end
+
+# For using authorization helpers in resolvers
+class Types::BaseResolver < GraphQL::Schema::Resolver
+  include ActionPolicy::GraphQL::Behaviour
+end
 ```
 
 ## Authorization Context
 
-By default, Action Policy use `context[:current_user]` as the `user` [authorization context](./authoriation_context.md).
+By default, Action Policy uses `context[:current_user]` as the `user` [authorization context](./authorization_context.md).
 
 **NOTE:** see below for more information on what's included into `ActionPolicy::GraphQL::Behaviour`.
 
@@ -75,6 +80,38 @@ You can also change the default `show?` rule globally:
 ActionPolicy::GraphQL.default_authorize_rule = :show_graphql_field?
 ```
 
+If you want to perform authorization before resolving the field value, you can use `preauthorize: *` option:
+
+```ruby
+field :homes, [Home], null: false, preauthorize: {with: HomePolicy}
+
+def homes
+  Home.all
+end
+```
+
+The code above is equal to:
+
+```ruby
+field :homes, [Home], null: false
+
+def homes
+  authorize! "homes", to: :index?, with: HomePolicy
+  Home.all
+end
+```
+
+**NOTE:** we pass the field's name as the `record` to the policy rule. We assume that preauthorization rules do not depend on
+the record itself and pass the field's name for debugging purposes only.
+
+You can customize the authorization options, e.g. `authorize: {to: :preview?, with: CustomPolicy}`.
+
+**NOTE:** unlike `authorize: *` you MUST specify the `with: SomePolicy` option.
+The default authorization rule depends on the type of the field:
+
+- for lists we use `index?` (configured by `ActionPolicy::GraphQL.default_preauthorize_list_rule` parameter)
+- for _singleton_ fields we use `show?` (configured by `ActionPolicy::GraphQL.default_preauthorize_node_rule` parameter)
+
 ### Class-level authorization
 
 You can use Action Policy in the class-level [authorization hooks](https://graphql-ruby.org/authorization/authorization.html) (`self.authorized?`) like this:
@@ -83,9 +120,10 @@ You can use Action Policy in the class-level [authorization hooks](https://graph
 class Types::Friendship < Types::BaseObject
   def self.authorized?(object, context)
     super &&
-      object.allowed_to?(
+      allowed_to?(
         :show?,
         object,
+        # NOTE: you must provide context explicitly
         context: {user: context[:current_user]}
       )
   end
@@ -94,7 +132,7 @@ end
 
 ## Authorizing Mutations
 
-Mutation is just a Ruby class with a single API method. There is nothing specific in authorizing mutations: from the Action Policy point of view, they are just [_behaviours_](./behaviour.md).
+A mutation is just a Ruby class with a single API method. There is nothing specific in authorizing mutations: from the Action Policy point of view, they are just [_behaviours_](./behaviour.md).
 
 If you want to authorize the mutation, you call `authorize!` method. For example:
 
@@ -166,6 +204,8 @@ class CityType < ::Common::Graphql::Type
 end
 ```
 
+**NOTE:** you cannot use `authorize: *` and `authorized_scope: *` at the same time but you can combine `preauthorize: *` with `authorized_scope: *`.
+
 See the documenation on [scoping](./scoping.md).
 
 ## Exposing Authorization Rules
@@ -221,6 +261,16 @@ You can override a custom authorization field prefix (`can_`):
 ActionPolicy::GraphQL.default_authorization_field_prefix = "allowed_to_"
 ```
 
+You can specify a custom field name as well (only for a single rule):
+
+```ruby
+class ProfileType < ::Common::Graphql::Type
+  # Adds can_create_post field.
+
+  expose_authorization_rules :create?, with: PostPolicy, field_name: "can_create_post"
+end
+```
+
 ## Custom Behaviour
 
 Including the default `ActionPolicy::GraphQL::Behaviour` is equal to adding the following to your base class:

data/docs/pundit_migration.md

@@ -77,4 +77,4 @@ When everything is green, it's time to fully migrate to ActionPolicy:
 - migrate view helpers (from `policy(..)` to `allowed_to?`, from `policy_scope` to `authorized`)
 - re-write specs using simple non-DSL syntax (or [Action Policy RSpec syntax](testing#rspec-dsl))
 - add [authorization tests](testing#testing-authorization) (add `require 'action_policy/rspec'`)
-- use [Reasons](), [I18n integration](i18n), [cache](caching) and other Action Policy features!
+- use [Reasons](reasons), [I18n integration](i18n), [cache](caching) and other Action Policy features!

data/docs/quick_start.md

@@ -34,6 +34,10 @@ class ApplicationPolicy < ActionPolicy::Base
 end
 ```
 
+You could use the following command to generate it.
+
+    $ rails generate action_policy:install
+
 **NOTE:** it is not necessary to inherit from `ActionPolicy::Base`; instead, you can [construct basic policy](custom_policy.md) choosing only the components you need.
 
 Rules must be public methods on the class. Using private methods as rules will raise an error.

data/docs/reasons.md

@@ -87,9 +87,10 @@ The additional details are especially helpful when combined with localization, '
 
 ```yml
 en:
-  policy:
-    stage:
-      show?: "The %{title} stage is not accessible"
+  action_policy:
+    policy:
+      stage:
+        show?: "The %{title} stage is not accessible"
 ```
 
 And then when you call `full_messages`:

data/docs/testing.md

@@ -85,7 +85,7 @@ end
 If test failed the exception message includes the result and [failure reasons](reasons) (if any):
 
 ```
-1) PostPolucy#show? when post is draft
+1) PostPolicy#show? when post is draft
 Failure/Error:  ...
 
 Expected to fail but succeed:
@@ -96,7 +96,7 @@ If you have [debugging utils](debugging) installed the message also includes the
 source code of the policy rule:
 
 ```
-1) UserPolucy#manage? when post is draft
+1) UserPolicy#manage? when post is draft
 Failure/Error:  ...
 
 Expected to fail but succeed:

data/lib/action_policy/policy/authorization.rb

@@ -49,11 +49,15 @@ module ActionPolicy
         @authorization_context = {}
 
         self.class.authorization_targets.each do |id, opts|
-          raise AuthorizationContextMissing, id unless params.key?(id)
+          if opts[:optional] == true
+            val = params.fetch(id, nil)
+          else
+            raise AuthorizationContextMissing, id unless params.key?(id)
 
-          val = params.fetch(id)
+            val = params.fetch(id)
 
-          raise AuthorizationContextMissing, id if val.nil? && opts[:allow_nil] != true
+            raise AuthorizationContextMissing, id if val.nil? && opts[:allow_nil] != true
+          end
 
           authorization_context[id] = instance_variable_set("@#{id}", val)
         end

data/lib/action_policy/policy/core.rb

@@ -90,8 +90,9 @@ module ActionPolicy
       def with_clean_result # :nodoc:
         was_result = @result
         yield
-        res, @result = @result, was_result
-        res
+        @result
+      ensure
+        @result = was_result
       end
 
       # Returns a result of applying the specified rule to the specified record.

data/lib/action_policy/rspec/pundit_syntax.rb

@@ -43,6 +43,6 @@ RSpec.configure do |config|
   config.include(
     ActionPolicy::RSpec::PunditSyntax::PolicyExampleGroup,
     type: :policy,
-    example_group: {file_path: %r{spec/policies}}
+    file_path: %r{spec/policies}
   )
 end

data/lib/action_policy/utils/pretty_print.rb

@@ -41,6 +41,9 @@ module ActionPolicy
   #  #=> AND
   #  #=> access_feed? #=> true
   module PrettyPrint
+    TRUE =  "\e[32mtrue\e[0m"
+    FALSE = "\e[31mfalse\e[0m"
+
     class Visitor
       attr_reader :lines, :object
       attr_accessor :indent
@@ -68,10 +71,11 @@ module ActionPolicy
 
       def expression_with_result(sexp)
         expression = Unparser.unparse(sexp)
-        "#{expression} #=> #{eval_exp(expression)}"
+        "#{expression} #=> #{colorize(eval_exp(expression))}"
       end
 
       def eval_exp(exp)
+        return "<skipped>" if ignore_exp?(exp)
         object.instance_eval(exp)
       rescue => e
         "Failed: #{e.message}"
@@ -89,13 +93,22 @@ module ActionPolicy
         visit_node(ast.children[1])
       end
 
-      # Parens
       def visit_begin(ast)
-        lines << indented("(")
-        self.indent += 2
-        visit_node(ast.children[0])
-        self.indent -= 2
-        lines << indented(")")
+        #  Parens
+        if ast.children.size == 1
+          lines << indented("(")
+          self.indent += 2
+          visit_node(ast.children[0])
+          self.indent -= 2
+          lines << indented(")")
+        else
+          # Multiple expressions
+          ast.children.each do |node|
+            visit_node(node)
+            # restore indent after each expression
+            self.indent -= 2
+          end
+        end
       end
 
       def visit_missing(ast)
@@ -108,6 +121,18 @@ module ActionPolicy
           self.indent += 2 if indent.zero?
         end
       end
+
+      # Some lines should not be evaled
+      def ignore_exp?(exp)
+        exp.match?(/^\s*binding\.(pry|irb)\s*$/)
+      end
+
+      def colorize(val)
+        return val unless $stdout.isatty
+        return TRUE if val.eql?(true)
+        return FALSE if val.eql?(false)
+        val
+      end
     end
 
     class << self

data/lib/action_policy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ActionPolicy
-  VERSION = "0.3.2"
+  VERSION = "0.3.3"
 end

data/lib/generators/action_policy/install/USAGE

@@ -0,0 +1,2 @@
+Description:
+    Generates an application policy for your application.

data/lib/generators/action_policy/install/install_generator.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+
+module ActionPolicy
+  module Generators
+    class InstallGenerator < ::Rails::Generators::Base
+      source_root File.expand_path("templates", __dir__)
+
+      def copy_application_policy
+        template "application_policy.rb", "app/policies/application_policy.rb"
+      end
+    end
+  end
+end

data/lib/generators/action_policy/install/templates/application_policy.rb

@@ -0,0 +1,2 @@
+class ApplicationPolicy < ActionPolicy::Base
+end

data/lib/generators/action_policy/policy/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Generates a policy for a model with the given name.
+
+Example:
+    rails generate action_policy:policy user
+
+    This will create:
+        app/policies/user_policy.rb

data/lib/generators/action_policy/policy/policy_generator.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+
+module ActionPolicy
+  module Generators
+    class PolicyGenerator < ::Rails::Generators::NamedBase
+      source_root File.expand_path("templates", __dir__)
+
+      invoke "action_policy:install"
+
+      def create_policy
+        template "policy.rb", File.join("app/policies", class_path, "#{file_name}_policy.rb")
+      end
+
+      hook_for :test_framework
+    end
+  end
+end

data/lib/generators/action_policy/policy/templates/policy.rb

@@ -0,0 +1,22 @@
+<% module_namespacing do -%>
+class <%= class_name %>Policy < ApplicationPolicy
+  # See https://actionpolicy.evilmartians.io/#/writing_policies
+  #
+  # def index?
+  #   true
+  # end
+  #
+  # def update?
+  #   # here we can access our context and record
+  #   user.admin? || (user.id == record.user_id)
+  # end
+
+  # Scoping
+  # See https://actionpolicy.evilmartians.io/#/scoping
+  #
+  # relation_scope do |relation|
+  #   next relation if user.admin?
+  #   relation.where(user: user)
+  # end
+end
+<% end -%>

data/lib/generators/action_policy/rspec/policy_generator.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+
+module Rspec
+  module Generators
+    class PolicyGenerator < ::Rails::Generators::NamedBase
+      source_root File.expand_path("templates", __dir__)
+
+      def create_policy_spec
+        template "policy_spec.rb", File.join("spec/policies", class_path, "#{file_name}_policy_spec.rb")
+      end
+    end
+  end
+end

data/lib/generators/action_policy/rspec/templates/policy_spec.rb

@@ -0,0 +1,19 @@
+require '<%= File.exists?("spec/rails_helper.rb") ? "rails_helper" : "spec_helper" %>'
+
+RSpec.describe <%= class_name %>Policy, type: :policy do
+  # let(:user) { build_stubbed :user }
+  # let(:record) { build_stubbed :post, draft: false }
+  # let(:context) { {user: user} }
+
+  describe_rule :index? do
+    pending "add some examples to (or delete) #{__FILE__}"
+  end
+
+  describe_rule :create? do
+    pending "add some examples to (or delete) #{__FILE__}"
+  end
+
+  describe_rule :manage? do
+    pending "add some examples to (or delete) #{__FILE__}"
+  end
+end

data/lib/generators/action_policy/test_unit/policy_generator.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+
+module TestUnit
+  module Generators
+    class PolicyGenerator < ::Rails::Generators::NamedBase
+      source_root File.expand_path("templates", __dir__)
+
+      def create_policy_test
+        template "policy_test.rb", File.join("test/policies", class_path, "#{file_name}_policy_test.rb")
+      end
+    end
+  end
+end

data/lib/generators/action_policy/test_unit/templates/policy_test.rb

@@ -0,0 +1,12 @@
+require 'test_helper'
+
+class <%= class_name %>PolicyTest < ActiveSupport::TestCase
+  def test_index
+  end
+
+  def test_create
+  end
+
+  def test_manage
+  end
+end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: action_policy
 version: !ruby/object:Gem::Version
-  version: 0.3.2
+  version: 0.3.3
 platform: ruby
 authors:
 - Vladimir Dementyev
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-06-27 00:00:00.000000000 Z
+date: 2019-11-27 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: ammeter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.1.3
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -253,6 +267,16 @@ files:
 - lib/action_policy/utils/pretty_print.rb
 - lib/action_policy/utils/suggest_message.rb
 - lib/action_policy/version.rb
+- lib/generators/action_policy/install/USAGE
+- lib/generators/action_policy/install/install_generator.rb
+- lib/generators/action_policy/install/templates/application_policy.rb
+- lib/generators/action_policy/policy/USAGE
+- lib/generators/action_policy/policy/policy_generator.rb
+- lib/generators/action_policy/policy/templates/policy.rb
+- lib/generators/action_policy/rspec/policy_generator.rb
+- lib/generators/action_policy/rspec/templates/policy_spec.rb
+- lib/generators/action_policy/test_unit/policy_generator.rb
+- lib/generators/action_policy/test_unit/templates/policy_test.rb
 homepage: https://github.com/palkan/action_policy
 licenses:
 - MIT
@@ -277,7 +301,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.0.6
 signing_key: 
 specification_version: 4
 summary: Authorization framework for Ruby/Rails application