action_policy 0.4.3 → 0.5.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +221 -174
- data/LICENSE.txt +1 -1
- data/README.md +7 -11
- data/lib/.rbnext/2.7/action_policy/behaviours/policy_for.rb +62 -0
- data/lib/.rbnext/2.7/action_policy/i18n.rb +56 -0
- data/lib/.rbnext/2.7/action_policy/policy/cache.rb +101 -0
- data/lib/.rbnext/2.7/action_policy/policy/pre_check.rb +162 -0
- data/lib/.rbnext/2.7/action_policy/rspec/be_authorized_to.rb +89 -0
- data/lib/.rbnext/2.7/action_policy/rspec/have_authorized_scope.rb +124 -0
- data/lib/.rbnext/2.7/action_policy/utils/pretty_print.rb +159 -0
- data/lib/.rbnext/3.0/action_policy/behaviour.rb +115 -0
- data/lib/.rbnext/3.0/action_policy/behaviours/policy_for.rb +62 -0
- data/lib/.rbnext/3.0/action_policy/behaviours/scoping.rb +35 -0
- data/lib/.rbnext/3.0/action_policy/behaviours/thread_memoized.rb +59 -0
- data/lib/.rbnext/3.0/action_policy/ext/policy_cache_key.rb +72 -0
- data/lib/.rbnext/3.0/action_policy/policy/aliases.rb +69 -0
- data/lib/.rbnext/3.0/action_policy/policy/authorization.rb +87 -0
- data/lib/.rbnext/3.0/action_policy/policy/cache.rb +101 -0
- data/lib/.rbnext/3.0/action_policy/policy/core.rb +161 -0
- data/lib/.rbnext/3.0/action_policy/policy/defaults.rb +31 -0
- data/lib/.rbnext/3.0/action_policy/policy/execution_result.rb +37 -0
- data/lib/.rbnext/3.0/action_policy/policy/pre_check.rb +162 -0
- data/lib/.rbnext/3.0/action_policy/policy/reasons.rb +212 -0
- data/lib/.rbnext/3.0/action_policy/policy/scoping.rb +160 -0
- data/lib/.rbnext/3.0/action_policy/rspec/be_authorized_to.rb +89 -0
- data/lib/.rbnext/3.0/action_policy/rspec/have_authorized_scope.rb +124 -0
- data/lib/.rbnext/3.0/action_policy/utils/pretty_print.rb +159 -0
- data/lib/.rbnext/3.0/action_policy/utils/suggest_message.rb +19 -0
- data/lib/action_policy.rb +7 -1
- data/lib/action_policy/behaviour.rb +22 -16
- data/lib/action_policy/behaviours/policy_for.rb +10 -3
- data/lib/action_policy/behaviours/scoping.rb +2 -1
- data/lib/action_policy/behaviours/thread_memoized.rb +1 -3
- data/lib/action_policy/ext/module_namespace.rb +1 -6
- data/lib/action_policy/ext/policy_cache_key.rb +10 -30
- data/lib/action_policy/ext/{symbol_classify.rb → symbol_camelize.rb} +6 -6
- data/lib/action_policy/i18n.rb +1 -1
- data/lib/action_policy/lookup_chain.rb +41 -21
- data/lib/action_policy/policy/aliases.rb +7 -12
- data/lib/action_policy/policy/authorization.rb +8 -7
- data/lib/action_policy/policy/cache.rb +11 -17
- data/lib/action_policy/policy/core.rb +25 -12
- data/lib/action_policy/policy/defaults.rb +3 -9
- data/lib/action_policy/policy/execution_result.rb +3 -9
- data/lib/action_policy/policy/pre_check.rb +19 -58
- data/lib/action_policy/policy/reasons.rb +32 -20
- data/lib/action_policy/policy/scoping.rb +5 -6
- data/lib/action_policy/rails/controller.rb +6 -1
- data/lib/action_policy/rails/ext/active_record.rb +7 -0
- data/lib/action_policy/rails/policy/instrumentation.rb +1 -1
- data/lib/action_policy/rspec/be_authorized_to.rb +5 -9
- data/lib/action_policy/rspec/dsl.rb +3 -3
- data/lib/action_policy/rspec/have_authorized_scope.rb +5 -7
- data/lib/action_policy/utils/pretty_print.rb +21 -24
- data/lib/action_policy/utils/suggest_message.rb +1 -3
- data/lib/action_policy/version.rb +1 -1
- data/lib/generators/action_policy/install/templates/{application_policy.rb → application_policy.rb.tt} +1 -1
- data/lib/generators/action_policy/policy/policy_generator.rb +4 -1
- data/lib/generators/action_policy/policy/templates/{policy.rb → policy.rb.tt} +0 -0
- data/lib/generators/rspec/templates/{policy_spec.rb → policy_spec.rb.tt} +0 -0
- data/lib/generators/test_unit/templates/{policy_test.rb → policy_test.rb.tt} +0 -0
- metadata +55 -119
- data/.gitattributes +0 -2
- data/.github/FUNDING.yml +0 -1
- data/.github/ISSUE_TEMPLATE.md +0 -18
- data/.github/PULL_REQUEST_TEMPLATE.md +0 -29
- data/.gitignore +0 -15
- data/.rubocop.yml +0 -54
- data/.tidelift.yml +0 -6
- data/.travis.yml +0 -31
- data/Gemfile +0 -22
- data/Rakefile +0 -27
- data/action_policy.gemspec +0 -44
- data/benchmarks/namespaced_lookup_cache.rb +0 -71
- data/bin/console +0 -14
- data/bin/setup +0 -8
- data/docs/.nojekyll +0 -0
- data/docs/CNAME +0 -1
- data/docs/README.md +0 -79
- data/docs/_sidebar.md +0 -27
- data/docs/aliases.md +0 -122
- data/docs/assets/docsify-search.js +0 -364
- data/docs/assets/docsify.min.js +0 -3
- data/docs/assets/fonts/FiraCode-Medium.woff +0 -0
- data/docs/assets/fonts/FiraCode-Regular.woff +0 -0
- data/docs/assets/images/banner.png +0 -0
- data/docs/assets/images/cache.png +0 -0
- data/docs/assets/images/cache.svg +0 -70
- data/docs/assets/images/layer.png +0 -0
- data/docs/assets/images/layer.svg +0 -35
- data/docs/assets/prism-ruby.min.js +0 -1
- data/docs/assets/styles.css +0 -347
- data/docs/assets/vue.min.css +0 -1
- data/docs/authorization_context.md +0 -92
- data/docs/behaviour.md +0 -113
- data/docs/caching.md +0 -291
- data/docs/controller_action_aliases.md +0 -109
- data/docs/custom_lookup_chain.md +0 -48
- data/docs/custom_policy.md +0 -53
- data/docs/debugging.md +0 -55
- data/docs/decorators.md +0 -27
- data/docs/favicon.ico +0 -0
- data/docs/graphql.md +0 -302
- data/docs/i18n.md +0 -44
- data/docs/index.html +0 -43
- data/docs/instrumentation.md +0 -84
- data/docs/lookup_chain.md +0 -17
- data/docs/namespaces.md +0 -77
- data/docs/non_rails.md +0 -28
- data/docs/pre_checks.md +0 -57
- data/docs/pundit_migration.md +0 -80
- data/docs/quick_start.md +0 -118
- data/docs/rails.md +0 -120
- data/docs/reasons.md +0 -120
- data/docs/scoping.md +0 -255
- data/docs/testing.md +0 -333
- data/docs/writing_policies.md +0 -107
- data/gemfiles/jruby.gemfile +0 -8
- data/gemfiles/rails42.gemfile +0 -9
- data/gemfiles/rails6.gemfile +0 -8
- data/gemfiles/railsmaster.gemfile +0 -6
- data/lib/action_policy/ext/string_match.rb +0 -14
- data/lib/action_policy/ext/yield_self_then.rb +0 -25
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5e0d9085b8204e1846c9820dbc5eb7a9960fa9c512a51d942cc8aab16b065257
|
4
|
+
data.tar.gz: c85bf2348affc45eb365200070257bc31b873ded038033a0fb3d6f5ca8adb48d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2a1de70b5460eed8dc481a651ea52318e060fb486e604b0595f0fa09a4840a0eb93be2b90b7f20789cb135e62388f00a18650881e9739564ba311d11a3fbd131
|
7
|
+
data.tar.gz: 5cbcf29add9f224ce3b77a42a17ab403dec7f2f93a581f6ad25e13d8f1e75bc650d9889cb05dd247355fee6b6844fb400852f51b2d1118ac30076e5277b95e75
|
data/CHANGELOG.md
CHANGED
@@ -2,16 +2,62 @@
|
|
2
2
|
|
3
3
|
## master
|
4
4
|
|
5
|
+
## 0.5.0 (2020-09-29)
|
6
|
+
|
7
|
+
- Move `deny!` / `allow!` to core. ([@palkan][])
|
8
|
+
|
9
|
+
Now you can call `deny!` and `allow!` in policy rules to fail- or pass-fast.
|
10
|
+
|
11
|
+
**BREAKING.** Pre-check name is no longer added automatically to failure reasons. You should specify the reason
|
12
|
+
explicitly: `deny!(:my_reason)`.
|
13
|
+
|
14
|
+
- Add `Result#all_details` to return all collected details in a single hash. ([@palkan][])
|
15
|
+
|
16
|
+
- Add `default` option to lookup and `default_authorization_policy_class` callback to behaviour. ([@palkan][])
|
17
|
+
|
18
|
+
- Add `skip_verify_authorized!` to Rails controllers integration. ([@palkan][])
|
19
|
+
|
20
|
+
This method allows you to skip the `verify_authorized` callback dynamically.
|
21
|
+
|
22
|
+
- **Drop Ruby 2.4 support**. ([@palkan][])
|
23
|
+
|
24
|
+
- Add `allowance_to` method to authorization behaviour. ([@palkan][])
|
25
|
+
|
26
|
+
This method is similar to `allowed_to?` but returns an authorization result object.
|
27
|
+
|
28
|
+
- Support aliases in `allowed_to?` / `check?` calls within policies. ([@palkan][])
|
29
|
+
|
30
|
+
## 0.4.5 (2020-07-29)
|
31
|
+
|
32
|
+
- Add strict_namespace option to lookup chain. (@rainerborene)
|
33
|
+
|
34
|
+
## 0.4.4 (2020-07-07)
|
35
|
+
|
36
|
+
- Fix symbol lookup with namespaces. ([@palkan][])
|
37
|
+
|
38
|
+
Fixes [#122](https://github.com/palkan/action_policy/issues/122).
|
39
|
+
|
40
|
+
- Separated `#classify`-based and `#camelize`-based symbol lookups. ([Be-ngt-oH][])
|
41
|
+
|
42
|
+
Only affects Rails apps. Now lookup for `:users` tries to find `UsersPolicy` first (camelize),
|
43
|
+
and only then search for `UserPolicy` (classify).
|
44
|
+
|
45
|
+
See [PR#118](https://github.com/palkan/action_policy/pull/118).
|
46
|
+
|
47
|
+
- Fix calling rules with `allowed_to?` directly. ([@palkan][])
|
48
|
+
|
49
|
+
Fixes [#113](https://github.com/palkan/action_policy/issues/113)
|
50
|
+
|
5
51
|
## 0.4.3 (2019-12-14)
|
6
52
|
|
7
53
|
- Add `#cache(*parts, **options) { ... }` method. ([@palkan][])
|
8
54
|
|
9
|
-
|
10
|
-
|
55
|
+
Allows you to cache anything in policy classes using the Action Policy
|
56
|
+
cache key generation mechanism.
|
11
57
|
|
12
58
|
- Handle versioned Rails cache keys. ([@palkan][])
|
13
59
|
|
14
|
-
|
60
|
+
Use `#cache_with_version` as a cache key if defined.
|
15
61
|
|
16
62
|
## 0.4.2 (2019-12-13)
|
17
63
|
|
@@ -21,274 +67,275 @@
|
|
21
67
|
|
22
68
|
- Add `action_policy.init` instrumentation event. ([@palkan][])
|
23
69
|
|
24
|
-
|
70
|
+
Triggered every time a new policy object is initialized.
|
25
71
|
|
26
72
|
- Fix policy memoization with explicit context. ([@palkan][])
|
27
73
|
|
28
|
-
|
29
|
-
|
74
|
+
Explicit context (`authorize! context: {}`) wasn't considered during
|
75
|
+
policies memoization. Not this is fixed.
|
30
76
|
|
31
77
|
- Support composed matchers for authorization target testing. ([@palkan][])
|
32
78
|
|
33
|
-
|
79
|
+
Now you can write tests like this:
|
34
80
|
|
35
|
-
|
36
|
-
|
37
|
-
|
81
|
+
```ruby
|
82
|
+
expect { subject }.to be_authorized_to(:show?, an_instance_of(User))
|
83
|
+
```
|
38
84
|
|
39
85
|
## 0.3.4 (2019-11-27)
|
40
86
|
|
41
87
|
- Fix Rails generators. ([@palkan][])
|
42
88
|
|
43
|
-
|
44
|
-
|
89
|
+
Only invoke install generator if `application_policy.rb` is missing.
|
90
|
+
Fix hooking into test frameworks.
|
45
91
|
|
46
92
|
## 0.3.3 (2019-11-27)
|
47
93
|
|
48
94
|
- Improve pretty print functionality. ([@palkan][])
|
49
95
|
|
50
|
-
|
51
|
-
|
96
|
+
Colorize true/false values.
|
97
|
+
Handle multiline expressions and debug statements (i.e., `binding.pry`).
|
52
98
|
|
53
99
|
- Add Rails generators. ([@nicolas-brousse][])
|
54
100
|
|
55
|
-
|
101
|
+
Adds `action_policy:install` and `action_policy:policy MODEL` Rails generators.
|
56
102
|
|
57
103
|
- Optional authorization target. ([@somenugget][])
|
58
104
|
|
59
|
-
|
105
|
+
Allows making authorization context optional:
|
60
106
|
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
107
|
+
```ruby
|
108
|
+
class OptionalRolePolicy < ActionPolicy::Base
|
109
|
+
authorize :role, optional: true
|
110
|
+
end
|
65
111
|
|
66
|
-
|
67
|
-
|
68
|
-
|
112
|
+
policy = OptionalRolePolicy.new
|
113
|
+
policy.role #=> nil
|
114
|
+
```
|
69
115
|
|
70
116
|
## 0.3.2 (2019-05-26) 👶
|
71
117
|
|
72
118
|
- Fixed thread-safety issues with scoping configs. ([@palkan][])
|
73
119
|
|
74
|
-
|
120
|
+
Fixes [#75](https://github.com/palkan/action_policy/issues/75).
|
75
121
|
|
76
122
|
## 0.3.1 (2019-05-30)
|
77
123
|
|
78
124
|
- Fixed bug with missing implicit target and hash like scoping data. ([@palkan][])
|
79
125
|
|
80
|
-
|
126
|
+
Fixes [#70](https://github.com/palkan/action_policy/issues/70).
|
81
127
|
|
82
128
|
## 0.3.0 (2019-04-02)
|
83
129
|
|
84
130
|
- Added ActiveSupport-based instrumentation. ([@palkan][])
|
85
131
|
|
86
|
-
|
132
|
+
See [PR#4](https://github.com/palkan/action_policy/pull/4)
|
87
133
|
|
88
134
|
- Allow passing authorization context explicitly. ([@palkan][])
|
89
135
|
|
90
|
-
|
136
|
+
Closes [#3](https://github.com/palkan/action_policy/issues/3).
|
91
137
|
|
92
|
-
|
93
|
-
|
138
|
+
Now it's possible to override implicit authorization context
|
139
|
+
via `context` option:
|
94
140
|
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
141
|
+
```ruby
|
142
|
+
authorize! target, to: :show?, context: {user: another_user}
|
143
|
+
authorized_scope User.all, context: {user: another_user}
|
144
|
+
```
|
99
145
|
|
100
146
|
- Renamed `#authorized` to `#authorized_scope`. ([@palkan][])
|
101
147
|
|
102
|
-
|
148
|
+
**NOTE:** `#authorized` alias is also available.
|
103
149
|
|
104
150
|
- Added `Policy#pp(rule)` method to print annotated rule source code. ([@palkan][])
|
105
151
|
|
106
|
-
|
152
|
+
Example (debugging):
|
107
153
|
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
)
|
121
|
-
AND
|
122
|
-
(
|
123
|
-
admin? #=> false
|
124
|
-
OR
|
125
|
-
access_feed? #=> true
|
126
|
-
)
|
154
|
+
```ruby
|
155
|
+
def edit?
|
156
|
+
binding.pry # rubocop:disable Lint/Debugger
|
157
|
+
(user.name == "John") && (admin? || access_feed?)
|
158
|
+
end
|
159
|
+
```
|
160
|
+
|
161
|
+
```sh
|
162
|
+
pry> pp :edit?
|
163
|
+
MyPolicy#edit?
|
164
|
+
↳ (
|
165
|
+
user.name == "John" #=> false
|
127
166
|
)
|
128
|
-
|
167
|
+
AND
|
168
|
+
(
|
169
|
+
admin? #=> false
|
170
|
+
OR
|
171
|
+
access_feed? #=> true
|
172
|
+
)
|
173
|
+
)
|
174
|
+
```
|
129
175
|
|
130
|
-
|
176
|
+
See [PR#63](https://github.com/palkan/action_policy/pull/63)
|
131
177
|
|
132
178
|
- Added ability to provide additional failure reasons details. ([@palkan][])
|
133
179
|
|
134
|
-
|
180
|
+
Example:
|
135
181
|
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
end
|
182
|
+
```ruby
|
183
|
+
class ApplicantPolicy < ApplicationPolicy
|
184
|
+
def show?
|
185
|
+
allowed_to?(:show?, object.stage)
|
141
186
|
end
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
187
|
+
end
|
188
|
+
|
189
|
+
class StagePolicy < ApplicationPolicy
|
190
|
+
def show?
|
191
|
+
# Add stage title to the failure reason (if any)
|
192
|
+
# (could be used by client to show more descriptive message)
|
193
|
+
details[:title] = record.title
|
194
|
+
# then perform the checks
|
195
|
+
user.stages.where(id: record.id).exists?
|
151
196
|
end
|
197
|
+
end
|
152
198
|
|
153
|
-
|
154
|
-
|
155
|
-
|
199
|
+
# when accessing the reasons
|
200
|
+
p ex.result.reasons.details #=> { stage: [{show?: {title: "Onboarding"}] }
|
201
|
+
```
|
156
202
|
|
157
|
-
|
203
|
+
See https://github.com/palkan/action_policy/pull/58
|
158
204
|
|
159
205
|
- Ruby 2.4+ is required. ([@palkan][])
|
160
206
|
|
161
207
|
- Added RSpec DSL for writing policy specs. ([@palkan])
|
162
208
|
|
163
|
-
|
164
|
-
|
209
|
+
The goal of this DSL is to reduce the boilerplate when writing
|
210
|
+
policies specs.
|
165
211
|
|
166
|
-
|
212
|
+
Example:
|
167
213
|
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
214
|
+
```ruby
|
215
|
+
describe PostPolicy do
|
216
|
+
let(:user) { build_stubbed :user }
|
217
|
+
let(:record) { build_stubbed :post, draft: false }
|
172
218
|
|
173
|
-
|
219
|
+
let(:context) { {user: user} }
|
174
220
|
|
175
|
-
|
176
|
-
|
221
|
+
describe_rule :show? do
|
222
|
+
succeed "when post is published"
|
177
223
|
|
178
|
-
|
179
|
-
|
224
|
+
failed "when post is draft" do
|
225
|
+
before { post.draft = false }
|
180
226
|
|
181
|
-
|
182
|
-
|
183
|
-
end
|
227
|
+
succeed "when user is a manager" do
|
228
|
+
before { user.role = "manager" }
|
184
229
|
end
|
185
230
|
end
|
186
231
|
end
|
187
|
-
|
232
|
+
end
|
233
|
+
```
|
188
234
|
|
189
235
|
- Added I18n support ([@DmitryTsepelev][])
|
190
236
|
|
191
|
-
|
237
|
+
Example:
|
192
238
|
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
end
|
239
|
+
```ruby
|
240
|
+
class ApplicationController < ActionController::Base
|
241
|
+
rescue_from ActionPolicy::Unauthorized do |ex|
|
242
|
+
p ex.result.message #=> "You do not have access to the stage"
|
243
|
+
p ex.result.reasons.full_messages #=> ["You do not have access to the stage"]
|
199
244
|
end
|
200
|
-
|
245
|
+
end
|
246
|
+
```
|
201
247
|
|
202
248
|
- Added scope options to scopes. ([@korolvs][])
|
203
249
|
|
204
|
-
|
250
|
+
See [#47](https://github.com/palkan/action_policy/pull/47).
|
205
251
|
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
252
|
+
Example:
|
253
|
+
|
254
|
+
```ruby
|
255
|
+
# users_controller.rb
|
256
|
+
class UsersController < ApplicationController
|
257
|
+
def index
|
258
|
+
@user = authorized(User.all, scope_options: {with_deleted: true})
|
213
259
|
end
|
260
|
+
end
|
214
261
|
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
end
|
262
|
+
# user_policy.rb
|
263
|
+
describe UserPolicy < Application do
|
264
|
+
relation_scope do |relation, with_deleted: false|
|
265
|
+
rel = some_logic(relation)
|
266
|
+
with_deleted ? rel.with_deleted : rel
|
221
267
|
end
|
222
|
-
|
268
|
+
end
|
269
|
+
```
|
223
270
|
|
224
271
|
- Added Symbol lookup to the lookup chain ([@DmitryTsepelev][])
|
225
272
|
|
226
|
-
|
273
|
+
For instance, lookup will implicitly use `AdminPolicy` in a following case:
|
227
274
|
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
|
232
|
-
|
233
|
-
|
275
|
+
```ruby
|
276
|
+
# admin_controller.rb
|
277
|
+
class AdminController < ApplicationController
|
278
|
+
authorize! :admin, to: :update_settings
|
279
|
+
end
|
280
|
+
```
|
234
281
|
|
235
282
|
- Added testing for scopes. ([@palkan][])
|
236
283
|
|
237
|
-
|
284
|
+
Example:
|
238
285
|
|
239
|
-
|
240
|
-
|
241
|
-
|
242
|
-
|
243
|
-
|
244
|
-
end
|
286
|
+
```ruby
|
287
|
+
# users_controller.rb
|
288
|
+
class UsersController < ApplicationController
|
289
|
+
def index
|
290
|
+
@user = authorized(User.all)
|
245
291
|
end
|
246
|
-
|
247
|
-
|
248
|
-
|
249
|
-
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
|
292
|
+
end
|
293
|
+
|
294
|
+
# users_controller_spec.rb
|
295
|
+
describe UsersController do
|
296
|
+
subject { get :index }
|
297
|
+
it "has authorized scope" do
|
298
|
+
expect { subject }.to have_authorized_scope(:active_record_relation)
|
299
|
+
.with(PostPolicy)
|
254
300
|
end
|
255
|
-
|
301
|
+
end
|
302
|
+
```
|
256
303
|
|
257
304
|
- Added scoping support. ([@palkan][])
|
258
305
|
|
259
|
-
|
306
|
+
See [#5](https://github.com/palkan/action_policy/issues/5).
|
260
307
|
|
261
|
-
|
308
|
+
By "scoping" we mean an ability to use policies to _scope data_.
|
262
309
|
|
263
|
-
|
264
|
-
|
310
|
+
For example, when you want to _scope_ Active Record collections depending
|
311
|
+
on the current user permissions:
|
265
312
|
|
266
|
-
|
267
|
-
|
268
|
-
|
269
|
-
|
270
|
-
end
|
313
|
+
```ruby
|
314
|
+
class PostsController < ApplicationController
|
315
|
+
def index
|
316
|
+
@posts = authorized(Post.all)
|
271
317
|
end
|
318
|
+
end
|
272
319
|
|
273
|
-
|
274
|
-
|
275
|
-
|
276
|
-
|
277
|
-
end
|
320
|
+
class PostPolicy < ApplicationPolicy
|
321
|
+
relation_scope do |relation|
|
322
|
+
next relation if user.admin?
|
323
|
+
relation.where(user: user)
|
278
324
|
end
|
279
|
-
|
325
|
+
end
|
326
|
+
```
|
280
327
|
|
281
|
-
|
328
|
+
Action Policy provides a flexible mechanism to apply scopes to anything you want.
|
282
329
|
|
283
|
-
|
330
|
+
Read more in [docs](https://actionpolicy.evilmartians.io/).
|
284
331
|
|
285
332
|
- Added `#implicit_authorization_target`. ([@palkan][]).
|
286
333
|
|
287
|
-
|
334
|
+
See [#35](https://github.com/palkan/action_policy/issues/35).
|
288
335
|
|
289
|
-
|
336
|
+
Implicit authorization target (defined by `implicit_authorization_target`) is used when no target specified for `authorize!` call.
|
290
337
|
|
291
|
-
|
338
|
+
For example, for Rails controllers integration it's just `controller_name.classify.safe_constantize`.
|
292
339
|
|
293
340
|
- Consider `record#policy_name` when looking up for a policy class. ([@palkan][])
|
294
341
|
|
@@ -302,21 +349,21 @@
|
|
302
349
|
|
303
350
|
- Add ability to disable per-thread cache and disable it in test env by default. ([@palkan][])
|
304
351
|
|
305
|
-
|
352
|
+
You can control per-thread cache by setting:
|
306
353
|
|
307
|
-
|
308
|
-
|
309
|
-
|
354
|
+
```ruby
|
355
|
+
ActionPolicy::PerThreadCache.enabled = true # or false
|
356
|
+
```
|
310
357
|
|
311
358
|
## 0.2.3 (2018-07-03)
|
312
359
|
|
313
360
|
- [Fix [#16](https://github.com/palkan/action_policy/issues/16)] Add ability to disable namespace resolution cache. ([@palkan][])
|
314
361
|
|
315
|
-
|
362
|
+
We cache namespaced policy resolution for better performance (it could affect performance when we look up a policy from a deeply nested module context).
|
316
363
|
|
317
|
-
|
364
|
+
It could be disabled by setting `ActionPolicy::LookupChain.namespace_cache_enabled = false`. It's enabled by default unless `RACK_ENV` env var is specified and is not equal to `"production"` (e.g. when `RACK_ENV=test` the cache is disabled).
|
318
365
|
|
319
|
-
|
366
|
+
When using Rails it's enabled only in production mode but could be configured through setting the `config.action_policy.namespace_cache_enabled` parameter.
|
320
367
|
|
321
368
|
- [Fix [#18](https://github.com/palkan/action_policy/issues/18)] Clarify documentation around, and fix the way `resolve_rule` resolves rules and rule aliases when subclasses are involved. ([@brendon][])
|
322
369
|
|
@@ -324,11 +371,10 @@
|
|
324
371
|
|
325
372
|
- [Fix [#29](https://github.com/palkan/action_policy/issues/29)] Fix loading cache middleware. ([@palkan][])
|
326
373
|
|
327
|
-
|
328
374
|
- Use `send` instead of `public_send` to get the `authorization_context` so that contexts such as
|
329
375
|
`current_user` can be `private` in the controller. ([@brendon][])
|
330
376
|
|
331
|
-
- Fix railtie
|
377
|
+
- Fix railtie initialization for Rails < 5. ([@brendon][])
|
332
378
|
|
333
379
|
## 0.2.1 (yanked)
|
334
380
|
|
@@ -338,18 +384,18 @@
|
|
338
384
|
|
339
385
|
- Add `reasons.details`. ([@palkan][])
|
340
386
|
|
341
|
-
|
342
|
-
|
343
|
-
|
344
|
-
|
345
|
-
|
387
|
+
```ruby
|
388
|
+
rescue_from ActionPolicy::Unauthorized do |ex|
|
389
|
+
ex.result.reasons.details #=> { stage: [:show?] }
|
390
|
+
end
|
391
|
+
```
|
346
392
|
|
347
393
|
- Add `ExecutionResult`. ([@palkan][])
|
348
394
|
|
349
|
-
|
350
|
-
|
395
|
+
ExecutionResult contains all the rule application artifacts: the result (`true` / `false`),
|
396
|
+
failures reasons.
|
351
397
|
|
352
|
-
|
398
|
+
This value is now stored in a cache (if any) instead of just the call result (`true` / `false`).
|
353
399
|
|
354
400
|
- Add `Policy.identifier`. ([@palkan][])
|
355
401
|
|
@@ -382,3 +428,4 @@
|
|
382
428
|
[@korolvs]: https://github.com/korolvs
|
383
429
|
[@nicolas-brousse]: https://github.com/nicolas-brousse
|
384
430
|
[@somenugget]: https://github.com/somenugget
|
431
|
+
[@Be-ngt-oH]: https://github.com/Be-ngt-oH
|