action_policy 0.4.3 → 0.5.3

data/.rubocop.yml

@@ -1,54 +0,0 @@
-require:
-  - standard/cop/semantic_blocks
-  - rubocop-md
-
-inherit_gem:
-  standard: config/base.yml
-
-AllCops:
-  Exclude:
-    - 'bin/*'
-    - 'tmp/**/*'
-    - 'Gemfile'
-    - 'vendor/**/*'
-    - 'gemfiles/**/*'
-    - 'lib/generators/**/templates/**/*'
-  DisplayCopNames: true
-  TargetRubyVersion: 2.4
-
-Standard/SemanticBlocks:
-  Enabled: false
-
-Style/FrozenStringLiteralComment:
-  Enabled: true
-
-Style/TrailingCommaInArrayLiteral:
-  EnforcedStyleForMultiline: no_comma
-
-Style/TrailingCommaInHashLiteral:
-  EnforcedStyleForMultiline: no_comma
-
-Layout/AlignParameters:
-  EnforcedStyle: with_first_parameter
-
-Lint/Void:
-  Exclude:
-    - '**/*.md'
-
-# See https://github.com/rubocop-hq/rubocop/issues/4222
-Lint/AmbiguousBlockAssociation:
-  Exclude:
-    - 'spec/**/*'
-    - '**/*.md'
-
-Lint/DuplicateMethods:
-  Exclude:
-    - '**/*.md'
-
-Naming/FileName:
-  Exclude:
-   - '**/*.md'
-
-Layout/InitialIndentation:
-  Exclude:
-    - 'CHANGELOG.md'

data/.tidelift.yml

@@ -1,6 +0,0 @@
-ci:
-  type:
-    development:
-      tests:
-        unlicensed: skip
-        outdated: skip

data/.travis.yml

@@ -1,31 +0,0 @@
-sudo: false
-language: ruby
-cache: bundler
-notifications:
-  email: false
-
-before_install:
-  - gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
-  - gem install bundler -v '< 2'
-
-script:
-  - bundle exec rake test:ci
-
-matrix:
-  fast_finish: true
-  include:
-    - rvm: ruby-head
-      gemfile: gemfiles/railsmaster.gemfile
-    - rvm: jruby-9.2.8.0
-      gemfile: gemfiles/jruby.gemfile
-    - rvm: 2.6.5
-      gemfile: gemfiles/rails6.gemfile
-    - rvm: 2.5.3
-      gemfile: Gemfile
-    - rvm: 2.5.3
-      gemfile: gemfiles/rails42.gemfile
-  allow_failures:
-    - rvm: ruby-head
-      gemfile: gemfiles/railsmaster.gemfile
-    - rvm: jruby-9.2.8.0
-      gemfile: gemfiles/jruby.gemfile

data/Gemfile

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-
-source "https://rubygems.org"
-
-gemspec
-
-gem "pry-byebug", platform: :mri
-
-gem "method_source"
-gem "unparser"
-
-gem 'sqlite3', "~> 1.3.0", platform: :mri
-gem 'activerecord-jdbcsqlite3-adapter', '~> 50.0', platform: :jruby
-gem 'jdbc-sqlite3', platform: :jruby
-
-local_gemfile = File.join(__dir__, "Gemfile.local")
-
-if File.exist?(local_gemfile)
-  eval(File.read(local_gemfile)) # rubocop:disable Security/Eval
-else
-  gem "rails", "~> 5.0"
-end

data/Rakefile

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-require "rake/testtask"
-require "rubocop/rake_task"
-require "rspec/core/rake_task"
-
-RuboCop::RakeTask.new
-
-RSpec::Core::RakeTask.new(:spec)
-
-Rake::TestTask.new(:test) do |t|
-  t.libs << "test"
-  t.libs << "lib"
-  t.test_files = FileList["test/**/*_test.rb"]
-end
-
-namespace :test do
-  task :isolated do
-    Dir.glob("test/**/*_test.rb").all? do |file|
-      sh(Gem.ruby, "-w", "-Ilib:test", file)
-    end || raise("Failures")
-  end
-
-  task ci: %w[rubocop test:isolated spec]
-end
-
-task default: [:rubocop, :test, :spec]

data/action_policy.gemspec

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-
-lib = File.expand_path("lib", __dir__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require "action_policy/version"
-
-Gem::Specification.new do |spec|
-  spec.name          = "action_policy"
-  spec.version       = ActionPolicy::VERSION
-  spec.authors       = ["Vladimir Dementyev"]
-  spec.email         = ["dementiev.vm@gmail.com"]
-
-  spec.summary       = "Authorization framework for Ruby/Rails application"
-  spec.description   = "Authorization framework for Ruby/Rails application"
-  spec.homepage      = "https://github.com/palkan/action_policy"
-  spec.license       = "MIT"
-
-  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
-    f.match(%r{^(test|spec|features)/})
-  end
-
-  spec.metadata = {
-    "bug_tracker_uri" => "http://github.com/palkan/action_policy/issues",
-    "changelog_uri" => "https://github.com/palkan/action_policy/blob/master/CHANGELOG.md",
-    "documentation_uri" => "https://actionpolicy.evilmartians.io/",
-    "homepage_uri" => "https://actionpolicy.evilmartians.io/",
-    "source_code_uri" => "http://github.com/palkan/action_policy"
-  }
-
-  spec.require_paths = ["lib"]
-
-  spec.required_ruby_version = ">= 2.4.0"
-
-  spec.add_development_dependency "ammeter", "~> 1.1.3"
-  spec.add_development_dependency "bundler", ">= 1.15"
-  spec.add_development_dependency "minitest", "~> 5.0"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec", "~> 3.3"
-  spec.add_development_dependency "rubocop", "~> 0.67.0"
-  spec.add_development_dependency "rubocop-md", "~> 0.2"
-  spec.add_development_dependency "standard", "~> 0.0.39"
-  spec.add_development_dependency "benchmark-ips", "~> 2.7.0"
-  spec.add_development_dependency "i18n"
-end

data/benchmarks/namespaced_lookup_cache.rb

@@ -1,71 +0,0 @@
-# frozen_string_literal: true
-
-#
-# This benchmark measures the efficiency of NamespaceCache.
-#
-# Run it multiple times with cache on/off to see the results:
-#
-#   $ bundle exec ruby namespaced_lookup_cache.rb
-#   $ bundle exec ruby namespaced_lookup_cache.rb
-#   $ NO_CACHE=1 bundle exec ruby namespaced_lookup_cache.rb
-#   $ NO_CACHE=1 bundle exec ruby namespaced_lookup_cache.rb
-#
-
-$LOAD_PATH.unshift File.expand_path("../lib", __dir__)
-
-require "action_policy"
-require "benchmark/ips"
-
-GC.disable
-
-class A; end
-
-class B; end
-
-module X
-  class BPolicy < ActionPolicy::Base; end
-
-  module Y
-    module Z
-      class APolicy < ActionPolicy::Base; end
-    end
-  end
-end
-
-a = A.new
-b = B.new
-
-if ENV["NO_CACHE"]
-  ActionPolicy::LookupChain.namespace_cache_enabled = false
-end
-
-Benchmark.ips do |x|
-  x.warmup = 0
-
-  x.report("cache A") do
-    ActionPolicy.lookup(a, namespace: X::Y::Z)
-  end
-
-  x.report("cache B") do
-    ActionPolicy.lookup(b, namespace: X::Y::Z)
-  end
-
-  x.report("no cache A") do
-    ActionPolicy.lookup(a, namespace: X::Y::Z)
-  end
-
-  x.report("no cache B") do
-    ActionPolicy.lookup(b, namespace: X::Y::Z)
-  end
-
-  x.hold! "temp_results"
-
-  x.compare!
-end
-
-#
-# Comparison:
-#             cache B:   178577.4 i/s
-#             cache A:   173061.4 i/s - same-ish: difference falls within error
-#         no cache A:    97991.7 i/s - same-ish: difference falls within error
-#         no cache B:    42505.4 i/s - 4.20x  slower

data/bin/console

@@ -1,14 +0,0 @@
-#!/usr/bin/env ruby
-
-require "bundler/setup"
-require "action_policy"
-
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
-
-# (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
-# Pry.start
-
-require "irb"
-IRB.start(__FILE__)

data/bin/setup

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-IFS=$'\n\t'
-set -vx
-
-bundle install
-
-# Do any other automated setup that you need to do here

data/docs/CNAME

@@ -1 +0,0 @@
-actionpolicy.evilmartians.io

data/docs/README.md

@@ -1,79 +0,0 @@
-[![Gem Version](https://badge.fury.io/rb/action_policy.svg)](https://badge.fury.io/rb/action_policy)
-[![Build Status](https://travis-ci.org/palkan/action_policy.svg?branch=master)](https://travis-ci.org/palkan/action_policy)
-
-## Action Policy
-
-> Authorization framework for Ruby and Rails.
-<br>Composable. Extensible. Performant.
-
-**NOTE:** this documentation is for the version "0.3.0+".
-
-## What is it?
-
-_Authorization_ is an act of giving **someone** official
-permission to **do something** (to not be confused with [_authentication_](https://en.wikipedia.org/wiki/Authentication)).
-
-Action Policy provides flexible tools to build an _authorization layer_ for your application.
-
-<div class="chart-container">
-  <img src="assets/images/layer.svg" alt="Authorization layer" width="80%">
-</div>
-
-**NOTE:** Action Policy does not force you to use a specific authorization model (i.e., roles, permissions, etc.) and does not provide one. It only answers a single question: **How to verify access?**
-
-## Where to go from here?
-- [Quick start](./quick_start.md)
-- [Using with Rails](./rails.md)
-- [Using with other Ruby frameworks](./non_rails.md)
-- [Using with GraphQL Ruby](./graphql.md)
-
-## Project State
-
-The project is being used in production since mid 2018. Major features have been implemented, API has been stabilized. Check out our [development board](https://github.com/palkan/action_policy/projects/1) to see what's coming next.
-
-## History
-
-Action Policy gem is an _extraction_-kind of a library. Most of the code has been used in production for several years in different [Evil Martians][] projects.
-
-We have decided to collect all our authorization techniques and pack them into a standalone gem–and that is how Action Policy was born!
-
-## What about the existing solutions?
-
-Why did we decide to build our own authorization gem instead of using the existing solutions, such as [Pundit][] and [CanCanCan][]?
-
-**TL;DR they didn't solve all of our problems.**
-
-[Pundit][] has been our framework of choice for a long time. Being too _dead-simple_, it required a lot of hacking to fulfill business logic requirements.
-
-These _hacks_ later became Action Policy (initially, we even called it "Pundit, re-visited").
-
-We also took a few ideas from [CanCanCan][]—such as [default rules and rule aliases](./aliases.md).
-
-It is also worth noting that Action Policy (despite having a _Railsy_ name) is designed to be **Rails-free**. On the other hand, it contains some Rails-specific extensions and seamlessly integrates into the framework.
-
-So, what are the main reasons to consider Action Policy as your authorization tool?
-
-- **Performance**: multiple [caching strategies](./caching.md) out-of-the-box make authorization overhead as small as possible–especially useful when your rules involve DB queries; you can also monitor the performance and detect the bottlenecks using the built-in [instrumentation](./instrumentation) features.
-
-- **Composition & Customization**: use [only the features you need](./custom_policy.md) or easily extend the functionality–it's just Ruby classes and modules, (almost) zero magic! And you can add authorization [anywhere in your code](./non_rails.md), not only in controllers.
-
-- **Code Organization**: use [namespaces](./namespaces.md) to organize your policies (for example, when you have multiple authorization strategies); add [pre-checks](./pre_checks.md) to make rules more readable and better express your business-logic.
-
-- **...and more**: [testability](./testing.md), [i18n](./i18n.md) integrations, [actionable errors](./reasons.md).
-
-Learn more about the motivation behind the Action Policy and its features by watching this [RailsConf talk](https://www.youtube.com/watch?v=NVwx0DARDis).
-
-## Resources
-
-- RubyRussia, 2019 "Welcome, or access denied?" talk ([video](https://www.youtube.com/watch?v=y15a2g7v8i0) [RU], [slides](https://speakerdeck.com/palkan/rubyrussia-2019-welcome-or-access-denied))
-
-- Seattle.rb, 2019 "A Denial!" talk [[slides](https://speakerdeck.com/palkan/seattle-dot-rb-2019-a-denial)]
-
-- RailsConf, 2018 "Access Denied" talk [[video](https://www.youtube.com/watch?v=NVwx0DARDis), [slides](https://speakerdeck.com/palkan/railsconf-2018-access-denied-the-missing-guide-to-authorization-in-rails)]
-
-<a href="https://evilmartians.com/?utm_source=action_policy">
-<img src="https://evilmartians.com/badges/sponsored-by-evil-martians.svg" alt="Sponsored by Evil Martians" width="236" height="54"></a>
-
-[CanCanCan]: https://github.com/CanCanCommunity/cancancan
-[Pundit]: https://github.com/varvet/pundit
-[Evil Martians]: https://evilmartians.com

data/docs/_sidebar.md

@@ -1,27 +0,0 @@
-* Getting Started
-  * [Quick Start](quick_start.md)
-  * [Writing Policies](writing_policies.md)
-  * [Rails Integration](rails.md)
-  * [Non-Rails Usage](non_rails.md)
-  * [GraphQL Integration](graphql.md)
-  * [Testing](testing.md)
-* Features
-  * [Authorization Behaviour](behaviour.md)
-  * [Policy Lookup](lookup_chain.md)
-  * [Authorization Context](authorization_context.md)
-  * [Aliases](aliases.md)
-  * [Pre-Checks](pre_checks.md)
-  * [Scoping](scoping.md)
-  * [Caching](caching.md)
-  * [Namespaces](namespaces.md)
-  * [Failure Reasons](reasons.md)
-  * [Instrumentation](instrumentation.md)
-  * [I18n Support](i18n.md)
-  * [Debugging](debugging.md)
-* Tips & Tricks
-  * [From Pundit to Action Policy](./pundit_migration.md)
-  * [Dealing with Decorators](./decorators.md)
-  * [Controller Action Aliases](controller_action_aliases.md)
-* Customize
-  * [Base Policy](custom_policy.md)
-  * [Lookup Chain](custom_lookup_chain.md)

data/docs/aliases.md

@@ -1,122 +0,0 @@
-# Rule Aliases
-
-Action Policy allows you to add rule aliases. It is useful when you rely on _implicit_ rules in controllers. For example:
-
-```ruby
-class PostsController < ApplicationController
-  before_action :load_post, only: [:edit, :update, :destroy]
-
-  private
-
-  def load_post
-    @post = Post.find(params[:id])
-    # depending on action, an `edit?`, `update?` or `destroy?`
-    # rule would be applied
-    authorize! @post
-  end
-end
-```
-
-In your policy, you can create aliases to avoid duplication:
-
-```ruby
-class PostPolicy < ApplicationPolicy
-  alias_rule :edit?, :destroy?, to: :update?
-end
-```
-
-**NOTE**: `alias_rule` is available only if you inherit from `ActionPolicy::Base` or include `ActionPolicy::Policy::Aliases` into your `ApplicationPolicy`.
-
-**Why not just use Ruby's `alias`?**
-
-An alias created with `alias_rule` is resolved at _authorization time_ (during an `authorize!` or `allowed_to?` call), and it does not add an alias method to the class.
-
-That allows us to write tests easier, as we should only test the rule, not the alias–and to leverage [caching](caching.md) better.
-
-By default, `ActionPolicy::Base` adds one alias: `alias_rule :new?, to: :create?`.
-
-## Default rule
-
-You can add a _default_ rule–the rule that would be applied if the rule specified during authorization is missing (like a "wildcard" alias):
-
-```ruby
-class PostPolicy < ApplicationPolicy
-  # For an ApplicationPolicy, makes :manage? match anything that is
-  # not :index?, :create? or :new?
-  default_rule :manage?
-
-  # If you want manage? to catch really everything, place this alias
-  #alias_rule :index?, :create?, :new?, to: :manage?
-  def manage?
-    # ...
-  end
-end
-```
-
-Now when you call `authorize! post` with any rule not defined in the policy class, the `manage?` rule is applied.  Note that `index?` `create?` and `new?` are already defined in the [superclass by default](custom_policy.md) (returning `false`) - if you want the same behaviour for *all* actions, define aliases like in the example above (commented out).
-
-By default, `ActionPolicy::Base` sets `manage?` as a default rule.
-
-## Aliases and Private Methods
-
-Rules in `action_policy` can only be public methods. Trying to use a private method as a rule will raise an error. Thus, aliases can also only point to public methods.
-
-## Rule resolution with subclasses
-
-Here's the order in which aliases and concrete rule methods are resolved in regards to subclasses:
-
-1. If there is a concrete rule method on the subclass, this is called, else
-2. If there is a matching alias then this is called, else
-  * When aliases are defined on the subclass they will overwrite matching aliases on the superclass.
-3. If there is a concrete rule method on the superclass, then this is called, else
-4. If there is a default rule defined, then this is called, else
-5. `ActionPolicy::UnknownRule` is raised.
-
-Here's an example with the expected results:
-
-```ruby
-class SuperPolicy < ApplicationPolicy
-  default_rule :manage?
-
-  alias_rule :update?, :destroy?, :create?, to: :edit?
-
-  def manage?
-  end
-
-  def edit?
-  end
-
-  def index?
-  end
-end
-
-class SubPolicy < AbstractPolicy
-  default_rule nil
-
-  alias_rule :index?, :update?, to: :manage?
-
-  def create?
-  end
-end
-```
-
-Authorizing against the SuperPolicy:
-
-* `update?` will resolve to `edit?`
-* `destroy?` will resolve to `edit?`
-* `create?` will resolve to `edit?`
-* `manage?` will resolve to `manage?`
-* `edit?` will resolve to `edit?`
-* `index?` will resolve to `index?`
-* `something?` will resolve to `manage?`
-
-Authorizing against the SubPolicy:
-
-* `index?` will resolve to `manage?`
-* `update?` will resolve to `manage?`
-* `create?` will resolve to `create?`
-* `destroy?` will resolve to `edit?`
-* `manage?` will resolve to `manage?`
-* `edit?` will resolve to `edit?`
-* `index?` will resolve to `manage?`
-* `something?` will raise `ActionPolicy::UnknownRule`