action_policy 0.4.2 → 0.5.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +229 -171
- data/LICENSE.txt +1 -1
- data/README.md +7 -11
- data/lib/.rbnext/2.7/action_policy/behaviours/policy_for.rb +62 -0
- data/lib/.rbnext/2.7/action_policy/i18n.rb +56 -0
- data/lib/.rbnext/2.7/action_policy/policy/cache.rb +101 -0
- data/lib/.rbnext/2.7/action_policy/policy/pre_check.rb +162 -0
- data/lib/.rbnext/2.7/action_policy/rspec/be_authorized_to.rb +89 -0
- data/lib/.rbnext/2.7/action_policy/rspec/have_authorized_scope.rb +124 -0
- data/lib/.rbnext/2.7/action_policy/utils/pretty_print.rb +159 -0
- data/lib/.rbnext/3.0/action_policy/behaviour.rb +115 -0
- data/lib/.rbnext/3.0/action_policy/behaviours/policy_for.rb +62 -0
- data/lib/.rbnext/3.0/action_policy/behaviours/scoping.rb +35 -0
- data/lib/.rbnext/3.0/action_policy/behaviours/thread_memoized.rb +59 -0
- data/lib/.rbnext/3.0/action_policy/ext/policy_cache_key.rb +72 -0
- data/lib/.rbnext/3.0/action_policy/policy/aliases.rb +69 -0
- data/lib/.rbnext/3.0/action_policy/policy/authorization.rb +87 -0
- data/lib/.rbnext/3.0/action_policy/policy/cache.rb +101 -0
- data/lib/.rbnext/3.0/action_policy/policy/core.rb +161 -0
- data/lib/.rbnext/3.0/action_policy/policy/defaults.rb +31 -0
- data/lib/.rbnext/3.0/action_policy/policy/execution_result.rb +37 -0
- data/lib/.rbnext/3.0/action_policy/policy/pre_check.rb +162 -0
- data/lib/.rbnext/3.0/action_policy/policy/reasons.rb +210 -0
- data/lib/.rbnext/3.0/action_policy/policy/scoping.rb +160 -0
- data/lib/.rbnext/3.0/action_policy/rspec/be_authorized_to.rb +89 -0
- data/lib/.rbnext/3.0/action_policy/rspec/have_authorized_scope.rb +124 -0
- data/lib/.rbnext/3.0/action_policy/utils/pretty_print.rb +159 -0
- data/lib/.rbnext/3.0/action_policy/utils/suggest_message.rb +19 -0
- data/lib/action_policy.rb +7 -1
- data/lib/action_policy/behaviour.rb +22 -16
- data/lib/action_policy/behaviours/policy_for.rb +10 -3
- data/lib/action_policy/behaviours/scoping.rb +2 -1
- data/lib/action_policy/behaviours/thread_memoized.rb +1 -3
- data/lib/action_policy/ext/module_namespace.rb +1 -6
- data/lib/action_policy/ext/policy_cache_key.rb +15 -33
- data/lib/action_policy/ext/{symbol_classify.rb → symbol_camelize.rb} +6 -6
- data/lib/action_policy/i18n.rb +1 -1
- data/lib/action_policy/lookup_chain.rb +41 -21
- data/lib/action_policy/policy/aliases.rb +7 -12
- data/lib/action_policy/policy/authorization.rb +14 -17
- data/lib/action_policy/policy/cache.rb +34 -18
- data/lib/action_policy/policy/core.rb +25 -12
- data/lib/action_policy/policy/defaults.rb +3 -9
- data/lib/action_policy/policy/execution_result.rb +3 -9
- data/lib/action_policy/policy/pre_check.rb +19 -58
- data/lib/action_policy/policy/reasons.rb +32 -20
- data/lib/action_policy/policy/scoping.rb +5 -6
- data/lib/action_policy/rails/controller.rb +6 -1
- data/lib/action_policy/rails/ext/active_record.rb +7 -0
- data/lib/action_policy/rails/policy/instrumentation.rb +1 -1
- data/lib/action_policy/rspec/be_authorized_to.rb +5 -9
- data/lib/action_policy/rspec/dsl.rb +3 -3
- data/lib/action_policy/rspec/have_authorized_scope.rb +5 -7
- data/lib/action_policy/utils/pretty_print.rb +21 -24
- data/lib/action_policy/utils/suggest_message.rb +1 -3
- data/lib/action_policy/version.rb +1 -1
- data/lib/generators/action_policy/install/templates/{application_policy.rb → application_policy.rb.tt} +1 -1
- data/lib/generators/action_policy/policy/policy_generator.rb +4 -1
- data/lib/generators/action_policy/policy/templates/{policy.rb → policy.rb.tt} +0 -0
- data/lib/generators/rspec/templates/{policy_spec.rb → policy_spec.rb.tt} +0 -0
- data/lib/generators/test_unit/templates/{policy_test.rb → policy_test.rb.tt} +0 -0
- metadata +55 -119
- data/.gitattributes +0 -2
- data/.github/FUNDING.yml +0 -1
- data/.github/ISSUE_TEMPLATE.md +0 -18
- data/.github/PULL_REQUEST_TEMPLATE.md +0 -29
- data/.gitignore +0 -15
- data/.rubocop.yml +0 -54
- data/.tidelift.yml +0 -6
- data/.travis.yml +0 -31
- data/Gemfile +0 -22
- data/Rakefile +0 -27
- data/action_policy.gemspec +0 -44
- data/benchmarks/namespaced_lookup_cache.rb +0 -71
- data/bin/console +0 -14
- data/bin/setup +0 -8
- data/docs/.nojekyll +0 -0
- data/docs/CNAME +0 -1
- data/docs/README.md +0 -77
- data/docs/_sidebar.md +0 -27
- data/docs/aliases.md +0 -122
- data/docs/assets/docsify-search.js +0 -364
- data/docs/assets/docsify.min.js +0 -3
- data/docs/assets/fonts/FiraCode-Medium.woff +0 -0
- data/docs/assets/fonts/FiraCode-Regular.woff +0 -0
- data/docs/assets/images/banner.png +0 -0
- data/docs/assets/images/cache.png +0 -0
- data/docs/assets/images/cache.svg +0 -70
- data/docs/assets/images/layer.png +0 -0
- data/docs/assets/images/layer.svg +0 -35
- data/docs/assets/prism-ruby.min.js +0 -1
- data/docs/assets/styles.css +0 -347
- data/docs/assets/vue.min.css +0 -1
- data/docs/authorization_context.md +0 -92
- data/docs/behaviour.md +0 -113
- data/docs/caching.md +0 -273
- data/docs/controller_action_aliases.md +0 -109
- data/docs/custom_lookup_chain.md +0 -48
- data/docs/custom_policy.md +0 -53
- data/docs/debugging.md +0 -55
- data/docs/decorators.md +0 -27
- data/docs/favicon.ico +0 -0
- data/docs/graphql.md +0 -302
- data/docs/i18n.md +0 -44
- data/docs/index.html +0 -43
- data/docs/instrumentation.md +0 -84
- data/docs/lookup_chain.md +0 -17
- data/docs/namespaces.md +0 -77
- data/docs/non_rails.md +0 -28
- data/docs/pre_checks.md +0 -57
- data/docs/pundit_migration.md +0 -80
- data/docs/quick_start.md +0 -118
- data/docs/rails.md +0 -120
- data/docs/reasons.md +0 -120
- data/docs/scoping.md +0 -255
- data/docs/testing.md +0 -333
- data/docs/writing_policies.md +0 -107
- data/gemfiles/jruby.gemfile +0 -8
- data/gemfiles/rails42.gemfile +0 -8
- data/gemfiles/rails6.gemfile +0 -8
- data/gemfiles/railsmaster.gemfile +0 -6
- data/lib/action_policy/ext/string_match.rb +0 -14
- data/lib/action_policy/ext/yield_self_then.rb +0 -25
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7922156f6a9b0fa40a6451b6f6c114a0ea8d7f52d9d050ecfd266a5575357c6e
|
4
|
+
data.tar.gz: d38c700872a91ddad81a4d2db99cb4415d4ccf51064ec10db10771ebcf517c5f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: efcd8c5cd621c6b08c713e71e37416e1b88a400e1f4195039059bb6d1d8baf7d09edb9425ebc0d2bdbc3a64ae6c94f78c39b55017bd918bedf890a6a107ad5b6
|
7
|
+
data.tar.gz: ca147c91c0da934f98787a4ec8ed0a84173363c828729d4d8cddb0df11a0ec4895efb63d7d25b3b9a969e807d338063ddf4746e9b4156211d96e5d8ff696a272
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,63 @@
|
|
2
2
|
|
3
3
|
## master
|
4
4
|
|
5
|
+
## 0.5.0 (2020-09-29)
|
6
|
+
|
7
|
+
- Move `deny!` / `allow!` to core. ([@palkan][])
|
8
|
+
|
9
|
+
Now you can call `deny!` and `allow!` in policy rules to fail- or pass-fast.
|
10
|
+
|
11
|
+
**BREAKING.** Pre-check name is no longer added automatically to failure reasons. You should specify the reason
|
12
|
+
explicitly: `deny!(:my_reason)`.
|
13
|
+
|
14
|
+
- Add `Result#all_details` to return all collected details in a single hash. ([@palkan][])
|
15
|
+
|
16
|
+
- Add `default` option to lookup and `default_authorization_policy_class` callback to behaviour. ([@palkan][])
|
17
|
+
|
18
|
+
- Add `skip_verify_authorized!` to Rails controllers integration. ([@palkan][])
|
19
|
+
|
20
|
+
This method allows you to skip the `verify_authorized` callback dynamically.
|
21
|
+
|
22
|
+
- **Drop Ruby 2.4 support**. ([@palkan][])
|
23
|
+
|
24
|
+
- Add `allowance_to` method to authorization behaviour. ([@palkan][])
|
25
|
+
|
26
|
+
This method is similar to `allowed_to?` but returns an authorization result object.
|
27
|
+
|
28
|
+
- Support aliases in `allowed_to?` / `check?` calls within policies. ([@palkan][])
|
29
|
+
|
30
|
+
## 0.4.5 (2020-07-29)
|
31
|
+
|
32
|
+
- Add strict_namespace option to lookup chain. (@rainerborene)
|
33
|
+
|
34
|
+
## 0.4.4 (2020-07-07)
|
35
|
+
|
36
|
+
- Fix symbol lookup with namespaces. ([@palkan][])
|
37
|
+
|
38
|
+
Fixes [#122](https://github.com/palkan/action_policy/issues/122).
|
39
|
+
|
40
|
+
- Separated `#classify`-based and `#camelize`-based symbol lookups. ([Be-ngt-oH][])
|
41
|
+
|
42
|
+
Only affects Rails apps. Now lookup for `:users` tries to find `UsersPolicy` first (camelize),
|
43
|
+
and only then search for `UserPolicy` (classify).
|
44
|
+
|
45
|
+
See [PR#118](https://github.com/palkan/action_policy/pull/118).
|
46
|
+
|
47
|
+
- Fix calling rules with `allowed_to?` directly. ([@palkan][])
|
48
|
+
|
49
|
+
Fixes [#113](https://github.com/palkan/action_policy/issues/113)
|
50
|
+
|
51
|
+
## 0.4.3 (2019-12-14)
|
52
|
+
|
53
|
+
- Add `#cache(*parts, **options) { ... }` method. ([@palkan][])
|
54
|
+
|
55
|
+
Allows you to cache anything in policy classes using the Action Policy
|
56
|
+
cache key generation mechanism.
|
57
|
+
|
58
|
+
- Handle versioned Rails cache keys. ([@palkan][])
|
59
|
+
|
60
|
+
Use `#cache_with_version` as a cache key if defined.
|
61
|
+
|
5
62
|
## 0.4.2 (2019-12-13)
|
6
63
|
|
7
64
|
- Fix regression introduced in 0.4.0 which broke testing Class targets. ([@palkan][])
|
@@ -10,274 +67,275 @@
|
|
10
67
|
|
11
68
|
- Add `action_policy.init` instrumentation event. ([@palkan][])
|
12
69
|
|
13
|
-
|
70
|
+
Triggered every time a new policy object is initialized.
|
14
71
|
|
15
72
|
- Fix policy memoization with explicit context. ([@palkan][])
|
16
73
|
|
17
|
-
|
18
|
-
|
74
|
+
Explicit context (`authorize! context: {}`) wasn't considered during
|
75
|
+
policies memoization. Not this is fixed.
|
19
76
|
|
20
77
|
- Support composed matchers for authorization target testing. ([@palkan][])
|
21
78
|
|
22
|
-
|
79
|
+
Now you can write tests like this:
|
23
80
|
|
24
|
-
|
25
|
-
|
26
|
-
|
81
|
+
```ruby
|
82
|
+
expect { subject }.to be_authorized_to(:show?, an_instance_of(User))
|
83
|
+
```
|
27
84
|
|
28
85
|
## 0.3.4 (2019-11-27)
|
29
86
|
|
30
87
|
- Fix Rails generators. ([@palkan][])
|
31
88
|
|
32
|
-
|
33
|
-
|
89
|
+
Only invoke install generator if `application_policy.rb` is missing.
|
90
|
+
Fix hooking into test frameworks.
|
34
91
|
|
35
92
|
## 0.3.3 (2019-11-27)
|
36
93
|
|
37
94
|
- Improve pretty print functionality. ([@palkan][])
|
38
95
|
|
39
|
-
|
40
|
-
|
96
|
+
Colorize true/false values.
|
97
|
+
Handle multiline expressions and debug statements (i.e., `binding.pry`).
|
41
98
|
|
42
99
|
- Add Rails generators. ([@nicolas-brousse][])
|
43
100
|
|
44
|
-
|
101
|
+
Adds `action_policy:install` and `action_policy:policy MODEL` Rails generators.
|
45
102
|
|
46
103
|
- Optional authorization target. ([@somenugget][])
|
47
104
|
|
48
|
-
|
105
|
+
Allows making authorization context optional:
|
49
106
|
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
107
|
+
```ruby
|
108
|
+
class OptionalRolePolicy < ActionPolicy::Base
|
109
|
+
authorize :role, optional: true
|
110
|
+
end
|
54
111
|
|
55
|
-
|
56
|
-
|
57
|
-
|
112
|
+
policy = OptionalRolePolicy.new
|
113
|
+
policy.role #=> nil
|
114
|
+
```
|
58
115
|
|
59
116
|
## 0.3.2 (2019-05-26) 👶
|
60
117
|
|
61
118
|
- Fixed thread-safety issues with scoping configs. ([@palkan][])
|
62
119
|
|
63
|
-
|
120
|
+
Fixes [#75](https://github.com/palkan/action_policy/issues/75).
|
64
121
|
|
65
122
|
## 0.3.1 (2019-05-30)
|
66
123
|
|
67
124
|
- Fixed bug with missing implicit target and hash like scoping data. ([@palkan][])
|
68
125
|
|
69
|
-
|
126
|
+
Fixes [#70](https://github.com/palkan/action_policy/issues/70).
|
70
127
|
|
71
128
|
## 0.3.0 (2019-04-02)
|
72
129
|
|
73
130
|
- Added ActiveSupport-based instrumentation. ([@palkan][])
|
74
131
|
|
75
|
-
|
132
|
+
See [PR#4](https://github.com/palkan/action_policy/pull/4)
|
76
133
|
|
77
134
|
- Allow passing authorization context explicitly. ([@palkan][])
|
78
135
|
|
79
|
-
|
136
|
+
Closes [#3](https://github.com/palkan/action_policy/issues/3).
|
80
137
|
|
81
|
-
|
82
|
-
|
138
|
+
Now it's possible to override implicit authorization context
|
139
|
+
via `context` option:
|
83
140
|
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
141
|
+
```ruby
|
142
|
+
authorize! target, to: :show?, context: {user: another_user}
|
143
|
+
authorized_scope User.all, context: {user: another_user}
|
144
|
+
```
|
88
145
|
|
89
146
|
- Renamed `#authorized` to `#authorized_scope`. ([@palkan][])
|
90
147
|
|
91
|
-
|
148
|
+
**NOTE:** `#authorized` alias is also available.
|
92
149
|
|
93
150
|
- Added `Policy#pp(rule)` method to print annotated rule source code. ([@palkan][])
|
94
151
|
|
95
|
-
|
152
|
+
Example (debugging):
|
96
153
|
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
)
|
110
|
-
AND
|
111
|
-
(
|
112
|
-
admin? #=> false
|
113
|
-
OR
|
114
|
-
access_feed? #=> true
|
115
|
-
)
|
154
|
+
```ruby
|
155
|
+
def edit?
|
156
|
+
binding.pry # rubocop:disable Lint/Debugger
|
157
|
+
(user.name == "John") && (admin? || access_feed?)
|
158
|
+
end
|
159
|
+
```
|
160
|
+
|
161
|
+
```sh
|
162
|
+
pry> pp :edit?
|
163
|
+
MyPolicy#edit?
|
164
|
+
↳ (
|
165
|
+
user.name == "John" #=> false
|
116
166
|
)
|
117
|
-
|
167
|
+
AND
|
168
|
+
(
|
169
|
+
admin? #=> false
|
170
|
+
OR
|
171
|
+
access_feed? #=> true
|
172
|
+
)
|
173
|
+
)
|
174
|
+
```
|
118
175
|
|
119
|
-
|
176
|
+
See [PR#63](https://github.com/palkan/action_policy/pull/63)
|
120
177
|
|
121
178
|
- Added ability to provide additional failure reasons details. ([@palkan][])
|
122
179
|
|
123
|
-
|
180
|
+
Example:
|
124
181
|
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
end
|
182
|
+
```ruby
|
183
|
+
class ApplicantPolicy < ApplicationPolicy
|
184
|
+
def show?
|
185
|
+
allowed_to?(:show?, object.stage)
|
130
186
|
end
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
187
|
+
end
|
188
|
+
|
189
|
+
class StagePolicy < ApplicationPolicy
|
190
|
+
def show?
|
191
|
+
# Add stage title to the failure reason (if any)
|
192
|
+
# (could be used by client to show more descriptive message)
|
193
|
+
details[:title] = record.title
|
194
|
+
# then perform the checks
|
195
|
+
user.stages.where(id: record.id).exists?
|
140
196
|
end
|
197
|
+
end
|
141
198
|
|
142
|
-
|
143
|
-
|
144
|
-
|
199
|
+
# when accessing the reasons
|
200
|
+
p ex.result.reasons.details #=> { stage: [{show?: {title: "Onboarding"}] }
|
201
|
+
```
|
145
202
|
|
146
|
-
|
203
|
+
See https://github.com/palkan/action_policy/pull/58
|
147
204
|
|
148
205
|
- Ruby 2.4+ is required. ([@palkan][])
|
149
206
|
|
150
207
|
- Added RSpec DSL for writing policy specs. ([@palkan])
|
151
208
|
|
152
|
-
|
153
|
-
|
209
|
+
The goal of this DSL is to reduce the boilerplate when writing
|
210
|
+
policies specs.
|
154
211
|
|
155
|
-
|
212
|
+
Example:
|
156
213
|
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
214
|
+
```ruby
|
215
|
+
describe PostPolicy do
|
216
|
+
let(:user) { build_stubbed :user }
|
217
|
+
let(:record) { build_stubbed :post, draft: false }
|
161
218
|
|
162
|
-
|
219
|
+
let(:context) { {user: user} }
|
163
220
|
|
164
|
-
|
165
|
-
|
221
|
+
describe_rule :show? do
|
222
|
+
succeed "when post is published"
|
166
223
|
|
167
|
-
|
168
|
-
|
224
|
+
failed "when post is draft" do
|
225
|
+
before { post.draft = false }
|
169
226
|
|
170
|
-
|
171
|
-
|
172
|
-
end
|
227
|
+
succeed "when user is a manager" do
|
228
|
+
before { user.role = "manager" }
|
173
229
|
end
|
174
230
|
end
|
175
231
|
end
|
176
|
-
|
232
|
+
end
|
233
|
+
```
|
177
234
|
|
178
235
|
- Added I18n support ([@DmitryTsepelev][])
|
179
236
|
|
180
|
-
|
237
|
+
Example:
|
181
238
|
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
end
|
239
|
+
```ruby
|
240
|
+
class ApplicationController < ActionController::Base
|
241
|
+
rescue_from ActionPolicy::Unauthorized do |ex|
|
242
|
+
p ex.result.message #=> "You do not have access to the stage"
|
243
|
+
p ex.result.reasons.full_messages #=> ["You do not have access to the stage"]
|
188
244
|
end
|
189
|
-
|
245
|
+
end
|
246
|
+
```
|
190
247
|
|
191
248
|
- Added scope options to scopes. ([@korolvs][])
|
192
249
|
|
193
|
-
|
250
|
+
See [#47](https://github.com/palkan/action_policy/pull/47).
|
194
251
|
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
252
|
+
Example:
|
253
|
+
|
254
|
+
```ruby
|
255
|
+
# users_controller.rb
|
256
|
+
class UsersController < ApplicationController
|
257
|
+
def index
|
258
|
+
@user = authorized(User.all, scope_options: {with_deleted: true})
|
202
259
|
end
|
260
|
+
end
|
203
261
|
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
end
|
262
|
+
# user_policy.rb
|
263
|
+
describe UserPolicy < Application do
|
264
|
+
relation_scope do |relation, with_deleted: false|
|
265
|
+
rel = some_logic(relation)
|
266
|
+
with_deleted ? rel.with_deleted : rel
|
210
267
|
end
|
211
|
-
|
268
|
+
end
|
269
|
+
```
|
212
270
|
|
213
271
|
- Added Symbol lookup to the lookup chain ([@DmitryTsepelev][])
|
214
272
|
|
215
|
-
|
273
|
+
For instance, lookup will implicitly use `AdminPolicy` in a following case:
|
216
274
|
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
275
|
+
```ruby
|
276
|
+
# admin_controller.rb
|
277
|
+
class AdminController < ApplicationController
|
278
|
+
authorize! :admin, to: :update_settings
|
279
|
+
end
|
280
|
+
```
|
223
281
|
|
224
282
|
- Added testing for scopes. ([@palkan][])
|
225
283
|
|
226
|
-
|
284
|
+
Example:
|
227
285
|
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
|
232
|
-
|
233
|
-
end
|
286
|
+
```ruby
|
287
|
+
# users_controller.rb
|
288
|
+
class UsersController < ApplicationController
|
289
|
+
def index
|
290
|
+
@user = authorized(User.all)
|
234
291
|
end
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
|
292
|
+
end
|
293
|
+
|
294
|
+
# users_controller_spec.rb
|
295
|
+
describe UsersController do
|
296
|
+
subject { get :index }
|
297
|
+
it "has authorized scope" do
|
298
|
+
expect { subject }.to have_authorized_scope(:active_record_relation)
|
299
|
+
.with(PostPolicy)
|
243
300
|
end
|
244
|
-
|
301
|
+
end
|
302
|
+
```
|
245
303
|
|
246
304
|
- Added scoping support. ([@palkan][])
|
247
305
|
|
248
|
-
|
306
|
+
See [#5](https://github.com/palkan/action_policy/issues/5).
|
249
307
|
|
250
|
-
|
308
|
+
By "scoping" we mean an ability to use policies to _scope data_.
|
251
309
|
|
252
|
-
|
253
|
-
|
310
|
+
For example, when you want to _scope_ Active Record collections depending
|
311
|
+
on the current user permissions:
|
254
312
|
|
255
|
-
|
256
|
-
|
257
|
-
|
258
|
-
|
259
|
-
end
|
313
|
+
```ruby
|
314
|
+
class PostsController < ApplicationController
|
315
|
+
def index
|
316
|
+
@posts = authorized(Post.all)
|
260
317
|
end
|
318
|
+
end
|
261
319
|
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
end
|
320
|
+
class PostPolicy < ApplicationPolicy
|
321
|
+
relation_scope do |relation|
|
322
|
+
next relation if user.admin?
|
323
|
+
relation.where(user: user)
|
267
324
|
end
|
268
|
-
|
325
|
+
end
|
326
|
+
```
|
269
327
|
|
270
|
-
|
328
|
+
Action Policy provides a flexible mechanism to apply scopes to anything you want.
|
271
329
|
|
272
|
-
|
330
|
+
Read more in [docs](https://actionpolicy.evilmartians.io/).
|
273
331
|
|
274
332
|
- Added `#implicit_authorization_target`. ([@palkan][]).
|
275
333
|
|
276
|
-
|
334
|
+
See [#35](https://github.com/palkan/action_policy/issues/35).
|
277
335
|
|
278
|
-
|
336
|
+
Implicit authorization target (defined by `implicit_authorization_target`) is used when no target specified for `authorize!` call.
|
279
337
|
|
280
|
-
|
338
|
+
For example, for Rails controllers integration it's just `controller_name.classify.safe_constantize`.
|
281
339
|
|
282
340
|
- Consider `record#policy_name` when looking up for a policy class. ([@palkan][])
|
283
341
|
|
@@ -291,21 +349,21 @@
|
|
291
349
|
|
292
350
|
- Add ability to disable per-thread cache and disable it in test env by default. ([@palkan][])
|
293
351
|
|
294
|
-
|
352
|
+
You can control per-thread cache by setting:
|
295
353
|
|
296
|
-
|
297
|
-
|
298
|
-
|
354
|
+
```ruby
|
355
|
+
ActionPolicy::PerThreadCache.enabled = true # or false
|
356
|
+
```
|
299
357
|
|
300
358
|
## 0.2.3 (2018-07-03)
|
301
359
|
|
302
360
|
- [Fix [#16](https://github.com/palkan/action_policy/issues/16)] Add ability to disable namespace resolution cache. ([@palkan][])
|
303
361
|
|
304
|
-
|
362
|
+
We cache namespaced policy resolution for better performance (it could affect performance when we look up a policy from a deeply nested module context).
|
305
363
|
|
306
|
-
|
364
|
+
It could be disabled by setting `ActionPolicy::LookupChain.namespace_cache_enabled = false`. It's enabled by default unless `RACK_ENV` env var is specified and is not equal to `"production"` (e.g. when `RACK_ENV=test` the cache is disabled).
|
307
365
|
|
308
|
-
|
366
|
+
When using Rails it's enabled only in production mode but could be configured through setting the `config.action_policy.namespace_cache_enabled` parameter.
|
309
367
|
|
310
368
|
- [Fix [#18](https://github.com/palkan/action_policy/issues/18)] Clarify documentation around, and fix the way `resolve_rule` resolves rules and rule aliases when subclasses are involved. ([@brendon][])
|
311
369
|
|
@@ -313,11 +371,10 @@
|
|
313
371
|
|
314
372
|
- [Fix [#29](https://github.com/palkan/action_policy/issues/29)] Fix loading cache middleware. ([@palkan][])
|
315
373
|
|
316
|
-
|
317
374
|
- Use `send` instead of `public_send` to get the `authorization_context` so that contexts such as
|
318
375
|
`current_user` can be `private` in the controller. ([@brendon][])
|
319
376
|
|
320
|
-
- Fix railtie
|
377
|
+
- Fix railtie initialization for Rails < 5. ([@brendon][])
|
321
378
|
|
322
379
|
## 0.2.1 (yanked)
|
323
380
|
|
@@ -327,18 +384,18 @@
|
|
327
384
|
|
328
385
|
- Add `reasons.details`. ([@palkan][])
|
329
386
|
|
330
|
-
|
331
|
-
|
332
|
-
|
333
|
-
|
334
|
-
|
387
|
+
```ruby
|
388
|
+
rescue_from ActionPolicy::Unauthorized do |ex|
|
389
|
+
ex.result.reasons.details #=> { stage: [:show?] }
|
390
|
+
end
|
391
|
+
```
|
335
392
|
|
336
393
|
- Add `ExecutionResult`. ([@palkan][])
|
337
394
|
|
338
|
-
|
339
|
-
|
395
|
+
ExecutionResult contains all the rule application artifacts: the result (`true` / `false`),
|
396
|
+
failures reasons.
|
340
397
|
|
341
|
-
|
398
|
+
This value is now stored in a cache (if any) instead of just the call result (`true` / `false`).
|
342
399
|
|
343
400
|
- Add `Policy.identifier`. ([@palkan][])
|
344
401
|
|
@@ -371,3 +428,4 @@
|
|
371
428
|
[@korolvs]: https://github.com/korolvs
|
372
429
|
[@nicolas-brousse]: https://github.com/nicolas-brousse
|
373
430
|
[@somenugget]: https://github.com/somenugget
|
431
|
+
[@Be-ngt-oH]: https://github.com/Be-ngt-oH
|