action_policy 0.4.4 → 0.5.0

data/.gitignore

@@ -1,15 +0,0 @@
-/.bundle/
-/.yardoc
-/Gemfile.lock
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/tmp/
-Gemfile.local
-
-spec/dummy/log/*
-spec/dummy/db/*.sqlite3
-spec/dummy/db/*.sqlite3-journal
-spec/dummy/tmp/

data/.rubocop.yml

@@ -1,54 +0,0 @@
-require:
-  - standard/cop/semantic_blocks
-  - rubocop-md
-
-inherit_gem:
-  standard: config/base.yml
-
-AllCops:
-  Exclude:
-    - 'bin/*'
-    - 'tmp/**/*'
-    - 'Gemfile'
-    - 'vendor/**/*'
-    - 'gemfiles/**/*'
-    - 'lib/generators/**/templates/**/*'
-  DisplayCopNames: true
-  TargetRubyVersion: 2.4
-
-Standard/SemanticBlocks:
-  Enabled: false
-
-Style/FrozenStringLiteralComment:
-  Enabled: true
-
-Style/TrailingCommaInArrayLiteral:
-  EnforcedStyleForMultiline: no_comma
-
-Style/TrailingCommaInHashLiteral:
-  EnforcedStyleForMultiline: no_comma
-
-Layout/AlignParameters:
-  EnforcedStyle: with_first_parameter
-
-Lint/Void:
-  Exclude:
-    - '**/*.md'
-
-# See https://github.com/rubocop-hq/rubocop/issues/4222
-Lint/AmbiguousBlockAssociation:
-  Exclude:
-    - 'spec/**/*'
-    - '**/*.md'
-
-Lint/DuplicateMethods:
-  Exclude:
-    - '**/*.md'
-
-Naming/FileName:
-  Exclude:
-   - '**/*.md'
-
-Layout/InitialIndentation:
-  Exclude:
-    - 'CHANGELOG.md'

data/.tidelift.yml

@@ -1,6 +0,0 @@
-ci:
-  type:
-    development:
-      tests:
-        unlicensed: skip
-        outdated: skip

data/.travis.yml

@@ -1,31 +0,0 @@
-sudo: false
-language: ruby
-cache: bundler
-notifications:
-  email: false
-
-before_install:
-  - gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true
-  - gem install bundler -v '< 2'
-
-script:
-  - bundle exec rake test:ci
-
-matrix:
-  fast_finish: true
-  include:
-    - rvm: ruby-head
-      gemfile: gemfiles/railsmaster.gemfile
-    - rvm: jruby-9.2.8.0
-      gemfile: gemfiles/jruby.gemfile
-    - rvm: 2.6.5
-      gemfile: gemfiles/rails6.gemfile
-    - rvm: 2.5.3
-      gemfile: Gemfile
-    - rvm: 2.5.3
-      gemfile: gemfiles/rails42.gemfile
-  allow_failures:
-    - rvm: ruby-head
-      gemfile: gemfiles/railsmaster.gemfile
-    - rvm: jruby-9.2.8.0
-      gemfile: gemfiles/jruby.gemfile

data/Gemfile

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-
-source "https://rubygems.org"
-
-gemspec
-
-gem "pry-byebug", platform: :mri
-
-gem "method_source"
-gem "unparser"
-
-gem 'sqlite3', "~> 1.3.0", platform: :mri
-gem 'activerecord-jdbcsqlite3-adapter', '~> 50.0', platform: :jruby
-gem 'jdbc-sqlite3', platform: :jruby
-
-local_gemfile = File.join(__dir__, "Gemfile.local")
-
-if File.exist?(local_gemfile)
-  eval(File.read(local_gemfile)) # rubocop:disable Security/Eval
-else
-  gem "rails", "~> 5.0"
-end

data/Rakefile

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-require "rake/testtask"
-require "rubocop/rake_task"
-require "rspec/core/rake_task"
-
-RuboCop::RakeTask.new
-
-RSpec::Core::RakeTask.new(:spec)
-
-Rake::TestTask.new(:test) do |t|
-  t.libs << "test"
-  t.libs << "lib"
-  t.test_files = FileList["test/**/*_test.rb"]
-end
-
-namespace :test do
-  task :isolated do
-    Dir.glob("test/**/*_test.rb").all? do |file|
-      sh(Gem.ruby, "-w", "-Ilib:test", file)
-    end || raise("Failures")
-  end
-
-  task ci: %w[rubocop test:isolated spec]
-end
-
-task default: [:rubocop, :test, :spec]

data/action_policy.gemspec

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-
-lib = File.expand_path("lib", __dir__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require "action_policy/version"
-
-Gem::Specification.new do |spec|
-  spec.name          = "action_policy"
-  spec.version       = ActionPolicy::VERSION
-  spec.authors       = ["Vladimir Dementyev"]
-  spec.email         = ["dementiev.vm@gmail.com"]
-
-  spec.summary       = "Authorization framework for Ruby/Rails application"
-  spec.description   = "Authorization framework for Ruby/Rails application"
-  spec.homepage      = "https://github.com/palkan/action_policy"
-  spec.license       = "MIT"
-
-  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
-    f.match(%r{^(test|spec|features)/})
-  end
-
-  spec.metadata = {
-    "bug_tracker_uri" => "http://github.com/palkan/action_policy/issues",
-    "changelog_uri" => "https://github.com/palkan/action_policy/blob/master/CHANGELOG.md",
-    "documentation_uri" => "https://actionpolicy.evilmartians.io/",
-    "homepage_uri" => "https://actionpolicy.evilmartians.io/",
-    "source_code_uri" => "http://github.com/palkan/action_policy"
-  }
-
-  spec.require_paths = ["lib"]
-
-  spec.required_ruby_version = ">= 2.4.0"
-
-  spec.add_development_dependency "ammeter", "~> 1.1.3"
-  spec.add_development_dependency "bundler", ">= 1.15"
-  spec.add_development_dependency "minitest", "~> 5.0"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec", "~> 3.3"
-  spec.add_development_dependency "rubocop", "~> 0.67.0"
-  spec.add_development_dependency "rubocop-md", "~> 0.2"
-  spec.add_development_dependency "standard", "~> 0.0.39"
-  spec.add_development_dependency "benchmark-ips", "~> 2.7.0"
-  spec.add_development_dependency "i18n"
-end

data/benchmarks/namespaced_lookup_cache.rb

@@ -1,74 +0,0 @@
-# frozen_string_literal: true
-
-#
-# This benchmark measures the efficiency of NamespaceCache.
-#
-# Run it multiple times with cache on/off to see the results:
-#
-#   $ bundle exec ruby namespaced_lookup_cache.rb
-#   $ bundle exec ruby namespaced_lookup_cache.rb
-#   $ NO_CACHE=1 bundle exec ruby namespaced_lookup_cache.rb
-#   $ NO_CACHE=1 bundle exec ruby namespaced_lookup_cache.rb
-#
-
-$LOAD_PATH.unshift File.expand_path("../lib", __dir__)
-
-require "action_policy"
-require "benchmark/ips"
-
-GC.disable
-
-class A; end
-
-class B; end
-
-module X
-  class BPolicy < ActionPolicy::Base; end
-
-  module Y
-    module Z
-      class APolicy < ActionPolicy::Base; end
-    end
-  end
-end
-
-a = A.new
-b = B.new
-
-if ENV["NO_CACHE"]
-  ActionPolicy::LookupChain.namespace_cache_enabled = false
-end
-
-results_path = File.join(__dir__, "../tmp/#{__FILE__.sub(/\.rb$/, ".txt")}")
-FileUtils.mkdir_p File.dirname(results_path)
-
-Benchmark.ips do |x|
-  x.warmup = 0
-
-  x.report("cache A") do
-    ActionPolicy.lookup(a, namespace: X::Y::Z)
-  end
-
-  x.report("cache B") do
-    ActionPolicy.lookup(b, namespace: X::Y::Z)
-  end
-
-  x.report("no cache A") do
-    ActionPolicy.lookup(a, namespace: X::Y::Z)
-  end
-
-  x.report("no cache B") do
-    ActionPolicy.lookup(b, namespace: X::Y::Z)
-  end
-
-  x.hold! results_path
-
-  x.compare!
-end
-
-#
-# Comparison:
-#             cache A:   204788.3 i/s
-#             cache B:   202536.9 i/s - same-ish: difference falls within error
-#          no cache A:   127772.8 i/s - same-ish: difference falls within error
-#          no cache B:    63487.2 i/s - 3.23x  slower

data/benchmarks/pre_checks.rb

@@ -1,73 +0,0 @@
-# frozen_string_literal: true
-
-# This benchmark measures the difference between catch/throw and jump-less implementation.
-
-$LOAD_PATH.unshift File.expand_path("../lib", __dir__)
-
-require "action_policy"
-require "benchmark/ips"
-
-GC.disable
-
-class A; end
-
-class B; end
-
-class APolicy < ActionPolicy::Base
-  authorize :user, optional: true
-
-  pre_check :do_nothing, :deny_all
-
-  def show?
-    true
-  end
-
-  def do_nothing
-  end
-
-  def deny_all
-    deny!
-  end
-end
-
-class BPolicy < APolicy
-  def run_pre_checks(rule)
-    catch :policy_fulfilled do
-      self.class.pre_checks.each do |check|
-        next unless check.applicable?(rule)
-        check.call(self)
-      end
-
-      return yield if block_given?
-    end
-
-    result.value
-  end
-
-  def deny!
-    result.load false
-    throw :policy_fulfilled
-  end
-end
-
-a = A.new
-
-(APolicy.new(record: a).apply(:show?) == BPolicy.new(record: a).apply(:show?)) || raise("Implementations are not equal")
-
-Benchmark.ips do |x|
-  x.warmup = 0
-
-  x.report("loop pre-check") do
-    APolicy.new(record: a).apply(:show?)
-  end
-
-  x.report("catch/throw pre-check") do
-    BPolicy.new(record: a).apply(:show?)
-  end
-
-  x.compare!
-end
-
-# Comparison:
-# catch/throw pre-check:   286094.2 i/s
-#      loop pre-check:   184786.1 i/s - 1.55x  slower

data/bin/console

@@ -1,14 +0,0 @@
-#!/usr/bin/env ruby
-
-require "bundler/setup"
-require "action_policy"
-
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
-
-# (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
-# Pry.start
-
-require "irb"
-IRB.start(__FILE__)

data/bin/setup

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-IFS=$'\n\t'
-set -vx
-
-bundle install
-
-# Do any other automated setup that you need to do here

data/docs/CNAME

@@ -1 +0,0 @@
-actionpolicy.evilmartians.io

data/docs/README.md

@@ -1,79 +0,0 @@
-[![Gem Version](https://badge.fury.io/rb/action_policy.svg)](https://badge.fury.io/rb/action_policy)
-[![Build Status](https://travis-ci.org/palkan/action_policy.svg?branch=master)](https://travis-ci.org/palkan/action_policy)
-
-## Action Policy
-
-> Authorization framework for Ruby and Rails.
-<br>Composable. Extensible. Performant.
-
-**NOTE:** this documentation is for the version "0.3.0+".
-
-## What is it?
-
-_Authorization_ is an act of giving **someone** official
-permission to **do something** (to not be confused with [_authentication_](https://en.wikipedia.org/wiki/Authentication)).
-
-Action Policy provides flexible tools to build an _authorization layer_ for your application.
-
-<div class="chart-container">
-  <img src="assets/images/layer.svg" alt="Authorization layer" width="80%">
-</div>
-
-**NOTE:** Action Policy does not force you to use a specific authorization model (i.e., roles, permissions, etc.) and does not provide one. It only answers a single question: **How to verify access?**
-
-## Where to go from here?
-- [Quick start](./quick_start.md)
-- [Using with Rails](./rails.md)
-- [Using with other Ruby frameworks](./non_rails.md)
-- [Using with GraphQL Ruby](./graphql.md)
-
-## Project State
-
-The project is being used in production since mid 2018. Major features have been implemented, API has been stabilized. Check out our [development board](https://github.com/palkan/action_policy/projects/1) to see what's coming next.
-
-## History
-
-Action Policy gem is an _extraction_-kind of a library. Most of the code has been used in production for several years in different [Evil Martians][] projects.
-
-We have decided to collect all our authorization techniques and pack them into a standalone gem–and that is how Action Policy was born!
-
-## What about the existing solutions?
-
-Why did we decide to build our own authorization gem instead of using the existing solutions, such as [Pundit][] and [CanCanCan][]?
-
-**TL;DR they didn't solve all of our problems.**
-
-[Pundit][] has been our framework of choice for a long time. Being too _dead-simple_, it required a lot of hacking to fulfill business logic requirements.
-
-These _hacks_ later became Action Policy (initially, we even called it "Pundit, re-visited").
-
-We also took a few ideas from [CanCanCan][]—such as [default rules and rule aliases](./aliases.md).
-
-It is also worth noting that Action Policy (despite having a _Railsy_ name) is designed to be **Rails-free**. On the other hand, it contains some Rails-specific extensions and seamlessly integrates into the framework.
-
-So, what are the main reasons to consider Action Policy as your authorization tool?
-
-- **Performance**: multiple [caching strategies](./caching.md) out-of-the-box make authorization overhead as small as possible–especially useful when your rules involve DB queries; you can also monitor the performance and detect the bottlenecks using the built-in [instrumentation](./instrumentation) features.
-
-- **Composition & Customization**: use [only the features you need](./custom_policy.md) or easily extend the functionality–it's just Ruby classes and modules, (almost) zero magic! And you can add authorization [anywhere in your code](./non_rails.md), not only in controllers.
-
-- **Code Organization**: use [namespaces](./namespaces.md) to organize your policies (for example, when you have multiple authorization strategies); add [pre-checks](./pre_checks.md) to make rules more readable and better express your business-logic.
-
-- **...and more**: [testability](./testing.md), [i18n](./i18n.md) integrations, [actionable errors](./reasons.md).
-
-Learn more about the motivation behind the Action Policy and its features by watching this [RailsConf talk](https://www.youtube.com/watch?v=NVwx0DARDis).
-
-## Resources
-
-- RubyRussia, 2019 "Welcome, or access denied?" talk ([video](https://www.youtube.com/watch?v=y15a2g7v8i0) [RU], [slides](https://speakerdeck.com/palkan/rubyrussia-2019-welcome-or-access-denied))
-
-- Seattle.rb, 2019 "A Denial!" talk [[slides](https://speakerdeck.com/palkan/seattle-dot-rb-2019-a-denial)]
-
-- RailsConf, 2018 "Access Denied" talk [[video](https://www.youtube.com/watch?v=NVwx0DARDis), [slides](https://speakerdeck.com/palkan/railsconf-2018-access-denied-the-missing-guide-to-authorization-in-rails)]
-
-<a href="https://evilmartians.com/?utm_source=action_policy">
-<img src="https://evilmartians.com/badges/sponsored-by-evil-martians.svg" alt="Sponsored by Evil Martians" width="236" height="54"></a>
-
-[CanCanCan]: https://github.com/CanCanCommunity/cancancan
-[Pundit]: https://github.com/varvet/pundit
-[Evil Martians]: https://evilmartians.com