action_policy 0.4.4 → 0.5.0

data/docs/assets/vue.min.css

@@ -1 +0,0 @@
-@import url("https://fonts.googleapis.com/css?family=Roboto+Mono|Source+Sans+Pro:300,400,600");*{-webkit-font-smoothing:antialiased;-webkit-overflow-scrolling:touch;-webkit-tap-highlight-color:rgba(0,0,0,0);-webkit-text-size-adjust:none;-webkit-touch-callout:none;box-sizing:border-box}body:not(.ready){overflow:hidden}body:not(.ready) .app-nav,body:not(.ready)>nav,body:not(.ready) [data-cloak]{display:none}div#app{font-size:30px;font-weight:lighter;margin:40vh auto;text-align:center}div#app:empty:before{content:"Loading..."}.emoji{height:1.2rem;vertical-align:middle}.progress{background-color:var(--theme-color,#42b983);height:2px;left:0;position:fixed;right:0;top:0;transition:width .2s,opacity .4s;width:0;z-index:5}.search .search-keyword,.search a:hover{color:var(--theme-color,#42b983)}.search .search-keyword{font-style:normal;font-weight:700}body,html{height:100%}body{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;color:#34495e;font-family:Source Sans Pro,Helvetica Neue,Arial,sans-serif;font-size:15px;letter-spacing:0;margin:0;overflow-x:hidden}img{max-width:100%}a[disabled]{cursor:not-allowed;opacity:.6}kbd{border:1px solid #ccc;border-radius:3px;display:inline-block;font-size:12px!important;line-height:12px;margin-bottom:3px;padding:3px 5px;vertical-align:middle}.task-list-item{list-style-type:none}li input[type=checkbox]{margin:0 .2em .25em -1.6em;vertical-align:middle}.app-nav{margin:25px 60px 0 0;position:absolute;right:0;text-align:right;z-index:2}.app-nav.no-badge{margin-right:25px}.app-nav p{margin:0}.app-nav>a{margin:0 1rem;padding:5px 0}.app-nav li,.app-nav ul{display:inline-block;list-style:none;margin:0}.app-nav a{color:inherit;font-size:16px;text-decoration:none;transition:color .3s}.app-nav a.active,.app-nav a:hover{color:var(--theme-color,#42b983)}.app-nav a.active{border-bottom:2px solid var(--theme-color,#42b983)}.app-nav li{display:inline-block;margin:0 1rem;padding:5px 0;position:relative}.app-nav li ul{background-color:#fff;border:1px solid #ddd;border-bottom-color:#ccc;border-radius:4px;box-sizing:border-box;display:none;max-height:calc(100vh - 61px);overflow-y:auto;padding:10px 0;position:absolute;right:-15px;text-align:left;top:100%;white-space:nowrap}.app-nav li ul li{display:block;font-size:14px;line-height:1rem;margin:0;margin:8px 14px;white-space:nowrap}.app-nav li ul a{display:block;font-size:inherit;margin:0;padding:0}.app-nav li ul a.active{border-bottom:0}.app-nav li:hover ul{display:block}.github-corner{border-bottom:0;position:fixed;right:0;text-decoration:none;top:0;z-index:1}.github-corner:hover .octo-arm{animation:a .56s ease-in-out}.github-corner svg{color:#fff;fill:var(--theme-color,#42b983);height:80px;width:80px}main{display:block;position:relative;width:100vw;height:100%;z-index:0}main.hidden{display:none}.anchor{display:inline-block;text-decoration:none;transition:all .3s}.anchor span{color:#34495e}.anchor:hover{text-decoration:underline}.sidebar{border-right:1px solid rgba(0,0,0,.07);overflow-y:auto;padding:40px 0 0;position:absolute;top:0;bottom:0;left:0;transition:transform .25s ease-out;width:300px;z-index:3}.sidebar>h1{margin:0 auto 1rem;font-size:1.5rem;font-weight:300;text-align:center}.sidebar>h1 a{color:inherit;text-decoration:none}.sidebar>h1 .app-nav{display:block;position:static}.sidebar .sidebar-nav{line-height:2em;padding-bottom:40px}.sidebar li.collapse .app-sub-sidebar{display:none}.sidebar ul{margin:0;padding:0}.sidebar li>p{font-weight:700;margin:0}.sidebar ul,.sidebar ul li{list-style:none}.sidebar ul li a{border-bottom:none;display:block}.sidebar ul li ul{padding-left:20px}.sidebar::-webkit-scrollbar{width:4px}.sidebar::-webkit-scrollbar-thumb{background:transparent;border-radius:4px}.sidebar:hover::-webkit-scrollbar-thumb{background:hsla(0,0%,53%,.4)}.sidebar:hover::-webkit-scrollbar-track{background:hsla(0,0%,53%,.1)}.sidebar-toggle{background-color:transparent;background-color:hsla(0,0%,100%,.8);border:0;outline:none;padding:10px;position:absolute;bottom:0;left:0;text-align:center;transition:opacity .3s;width:284px;z-index:4}.sidebar-toggle .sidebar-toggle-button:hover{opacity:.4}.sidebar-toggle span{background-color:var(--theme-color,#42b983);display:block;margin-bottom:4px;width:16px;height:2px}body.sticky .sidebar,body.sticky .sidebar-toggle{position:fixed}.content{padding-top:60px;position:absolute;top:0;right:0;bottom:0;left:300px;transition:left .25s ease}.markdown-section{margin:0 auto;max-width:800px;padding:30px 15px 40px;position:relative}.markdown-section>*{box-sizing:border-box;font-size:inherit}.markdown-section>:first-child{margin-top:0!important}.markdown-section hr{border:none;border-bottom:1px solid #eee;margin:2em 0}.markdown-section iframe{border:1px solid #eee}.markdown-section table{border-collapse:collapse;border-spacing:0;display:block;margin-bottom:1rem;overflow:auto;width:100%}.markdown-section th{font-weight:700}.markdown-section td,.markdown-section th{border:1px solid #ddd;padding:6px 13px}.markdown-section tr{border-top:1px solid #ccc}.markdown-section p.tip,.markdown-section tr:nth-child(2n){background-color:#f8f8f8}.markdown-section p.tip{border-bottom-right-radius:2px;border-left:4px solid #f66;border-top-right-radius:2px;margin:2em 0;padding:12px 24px 12px 30px;position:relative}.markdown-section p.tip:before{background-color:#f66;border-radius:100%;color:#fff;content:"!";font-family:Dosis,Source Sans Pro,Helvetica Neue,Arial,sans-serif;font-size:14px;font-weight:700;left:-12px;line-height:20px;position:absolute;height:20px;width:20px;text-align:center;top:14px}.markdown-section p.tip code{background-color:#efefef}.markdown-section p.tip em{color:#34495e}.markdown-section p.warn{background:rgba(66,185,131,.1);border-radius:2px;padding:1rem}body.close .sidebar{transform:translateX(-300px)}body.close .sidebar-toggle{width:auto}body.close .content{left:0}@media print{.app-nav,.github-corner,.sidebar,.sidebar-toggle{display:none}}@media screen and (max-width:768px){.github-corner,.sidebar,.sidebar-toggle{position:fixed}.app-nav{margin-top:16px}.app-nav li ul{top:30px}main{height:auto;overflow-x:hidden}.sidebar{left:-300px;transition:transform .25s ease-out}.content{left:0;max-width:100vw;position:static;padding-top:20px;transition:transform .25s ease}.app-nav,.github-corner{transition:transform .25s ease-out}.sidebar-toggle{background-color:transparent;width:auto;padding:30px 30px 10px 10px}body.close .sidebar{transform:translateX(300px)}body.close .sidebar-toggle{background-color:hsla(0,0%,100%,.8);transition:background-color 1s;width:284px;padding:10px}body.close .content{transform:translateX(300px)}body.close .app-nav,body.close .github-corner{display:none}.github-corner:hover .octo-arm{animation:none}.github-corner .octo-arm{animation:a .56s ease-in-out}}@keyframes a{0%,to{transform:rotate(0)}20%,60%{transform:rotate(-25deg)}40%,80%{transform:rotate(10deg)}}section.cover{-ms-flex-align:center;align-items:center;background-position:50%;background-repeat:no-repeat;background-size:cover;height:100vh;display:none}section.cover.show{display:-ms-flexbox;display:flex}section.cover.has-mask .mask{background-color:#fff;opacity:.8;position:absolute;top:0;height:100%;width:100%}section.cover .cover-main{-ms-flex:1;flex:1;margin:-20px 16px 0;text-align:center;z-index:1}section.cover a{color:inherit}section.cover a,section.cover a:hover{text-decoration:none}section.cover p{line-height:1.5rem;margin:1em 0}section.cover h1{color:inherit;font-size:2.5rem;font-weight:300;margin:.625rem 0 2.5rem;position:relative;text-align:center}section.cover h1 a{display:block}section.cover h1 small{bottom:-.4375rem;font-size:1rem;position:absolute}section.cover blockquote{font-size:1.5rem;text-align:center}section.cover ul{line-height:1.8;list-style-type:none;margin:1em auto;max-width:500px;padding:0}section.cover .cover-main>p:last-child a{border:1px solid var(--theme-color,#42b983);border-radius:2rem;box-sizing:border-box;color:var(--theme-color,#42b983);display:inline-block;font-size:1.05rem;letter-spacing:.1rem;margin:.5rem 1rem;padding:.75em 2rem;text-decoration:none;transition:all .15s ease}section.cover .cover-main>p:last-child a:last-child{background-color:var(--theme-color,#42b983);color:#fff}section.cover .cover-main>p:last-child a:last-child:hover{color:inherit;opacity:.8}section.cover .cover-main>p:last-child a:hover{color:inherit}section.cover blockquote>p>a{border-bottom:2px solid var(--theme-color,#42b983);transition:color .3s}section.cover blockquote>p>a:hover{color:var(--theme-color,#42b983)}.sidebar,body{background-color:#fff}.sidebar{color:#364149}.sidebar li{margin:6px 0 6px 15px}.sidebar ul li a{color:#505d6b;font-size:14px;font-weight:400;overflow:hidden;text-decoration:none;text-overflow:ellipsis;white-space:nowrap}.sidebar ul li a:hover{text-decoration:underline}.sidebar ul li ul{padding:0}.sidebar ul li.active>a{border-right:2px solid;color:var(--theme-color,#42b983);font-weight:600}.app-sub-sidebar li:before{content:"-";padding-right:4px;float:left}.markdown-section h1,.markdown-section h2,.markdown-section h3,.markdown-section h4,.markdown-section strong{color:#2c3e50;font-weight:600}.markdown-section a{color:var(--theme-color,#42b983);font-weight:600}.markdown-section h1{font-size:2rem;margin:0 0 1rem}.markdown-section h2{font-size:1.75rem;margin:45px 0 .8rem}.markdown-section h3{font-size:1.5rem;margin:40px 0 .6rem}.markdown-section h4{font-size:1.25rem}.markdown-section h5{font-size:1rem}.markdown-section h6{color:#777;font-size:1rem}.markdown-section figure,.markdown-section p{margin:1.2em 0}.markdown-section ol,.markdown-section p,.markdown-section ul{line-height:1.6rem;word-spacing:.05rem}.markdown-section ol,.markdown-section ul{padding-left:1.5rem}.markdown-section blockquote{border-left:4px solid var(--theme-color,#42b983);color:#858585;margin:2em 0;padding-left:20px}.markdown-section blockquote p{font-weight:600;margin-left:0}.markdown-section iframe{margin:1em 0}.markdown-section em{color:#7f8c8d}.markdown-section code{border-radius:2px;color:#e96900;font-size:.8rem;margin:0 2px;padding:3px 5px;white-space:pre-wrap}.markdown-section code,.markdown-section pre{background-color:#f8f8f8;font-family:Roboto Mono,Monaco,courier,monospace}.markdown-section pre{-moz-osx-font-smoothing:initial;-webkit-font-smoothing:initial;line-height:1.5rem;margin:1.2em 0;overflow:auto;padding:0 1.4rem;position:relative;word-wrap:normal}.token.cdata,.token.comment,.token.doctype,.token.prolog{color:#8e908c}.token.namespace{opacity:.7}.token.boolean,.token.number{color:#c76b29}.token.punctuation{color:#525252}.token.property{color:#c08b30}.token.tag{color:#2973b7}.token.string{color:var(--theme-color,#42b983)}.token.selector{color:#6679cc}.token.attr-name{color:#2973b7}.language-css .token.string,.style .token.string,.token.entity,.token.url{color:#22a2c9}.token.attr-value,.token.control,.token.directive,.token.unit{color:var(--theme-color,#42b983)}.token.keyword{color:#e96900}.token.atrule,.token.regex,.token.statement{color:#22a2c9}.token.placeholder,.token.variable{color:#3d8fd1}.token.deleted{text-decoration:line-through}.token.inserted{border-bottom:1px dotted #202746;text-decoration:none}.token.italic{font-style:italic}.token.bold,.token.important{font-weight:700}.token.important{color:#c94922}.token.entity{cursor:help}.markdown-section pre>code{-moz-osx-font-smoothing:initial;-webkit-font-smoothing:initial;background-color:#f8f8f8;border-radius:2px;color:#525252;display:block;font-family:Roboto Mono,Monaco,courier,monospace;font-size:.8rem;line-height:inherit;margin:0 2px;max-width:inherit;overflow:inherit;padding:2.2em 5px;white-space:inherit}.markdown-section code:after,.markdown-section code:before{letter-spacing:.05rem}code .token{-moz-osx-font-smoothing:initial;-webkit-font-smoothing:initial;min-height:1.5rem}pre:after{color:#ccc;content:attr(data-lang);font-size:.6rem;font-weight:600;height:15px;line-height:15px;padding:5px 10px 0;position:absolute;right:0;text-align:right;top:0}

data/docs/authorization_context.md

@@ -1,92 +0,0 @@
-# Authorization Context
-
-_Authorization context_ contains information about the acting subject.
-
-In most cases, it is just a _user_, but sometimes it could be a composition of subjects.
-
-You must configure authorization context in **two places**: in the policy itself and in the place where you perform the authorization (e.g., controllers).
-
-By default, `ActionPolicy::Base` includes `user` as authorization context. If you don't need it, you have to [build your own base policy](custom_policy.md).
-
-To specify additional contexts, you should use the `authorize` method:
-
-```ruby
-class ApplicationPolicy < ActionPolicy::Base
-  authorize :account
-end
-```
-
-Now you must provide `account` during policy initialization. When authorization key is missing or equals to `nil`, `ActionPolicy::AuthorizationContextMissing` error is raised.
-
-**NOTE:** if you want to allow passing `nil` as `account` value, you must add `allow_nil: true` option to `authorize`.
-If you want to be able not to pass `account` at all, you must add `optional: true`
-
-To do that automatically in your `authorize!` and `allowed_to?` calls, you must also configure authorization context. For example, in your controller:
-
-```ruby
-class ApplicationController < ActionController::Base
-  # First argument should be the same as in the policy.
-  # `through` specifies the method name to be called to
-  # get the required context object
-  # (equals to the context name itself by default, i.e. `account`)
-  authorize :account, through: :current_account
-end
-```
-
-## Nested Policies vs Contexts
-
-See also: [action_policy#36](https://github.com/palkan/action_policy/issues/36) and [action_policy#37](https://github.com/palkan/action_policy/pull/37)
-
-When you call another policy from the policy object (e.g. via `allowed_to?` method),
-the context of the current policy is passed to the _nested_ policy.
-
-That means that if the nested policy has a different authorization context, we won't be able
-to build it (event if you configure all the required keys in the controller).
-
-For example:
-
-```ruby
-class UserPolicy < ActionPolicy::Base
-  authorize :user
-
-  def show?
-    allowed_to?(:show?, record.profile)
-  end
-end
-
-class ProfilePolicy < ActionPolicy::Base
-  authorize :user, :account
-end
-
-class ApplicationController < ActionController::Base
-  authorize :user, through: :current_user
-  authorize :account, through: :current_account
-end
-
-class UsersController < ApplicationController
-  def show
-    user = User.find(params[:id])
-
-    authorize! user #=> raises "Missing policy authorization context: account"
-  end
-end
-```
-
-That means that **all the policies that could be used together MUST share the same set of authorization contexts** (or at least the _parent_ policies contexts must be subsets of the nested policies contexts).
-
-
-## Explicit context
-
-You can override the _implicit_ authorization context (generated with `authorize` method) in-place
-by passing the `context` option:
-
-```ruby
-def show
-  user = User.find(params[:id])
-
-  authorize! user, context: {account: user.account}
-end
-```
-
-**NOTE:** the explictly provided context is merged with the implicit one (i.e. you can specify
-only the keys you want to override).

data/docs/behaviour.md

@@ -1,113 +0,0 @@
-# Action Policy Behaviour
-
-Action Policy provides a mixin called `ActionPolicy::Behaviour` which adds authorization methods to your classes.
-
-## Usage
-
-Let's make our custom _service_ object aware of authorization:
-
-```ruby
-class PostUpdateAction
-  # First, we should include the behaviour
-  include ActionPolicy::Behaviour
-
-  # Secondly, provide authorization subject (performer)
-  authorize :user
-
-  attr_reader :user
-
-  def initialize(user)
-    @user = user
-  end
-
-  def call(post, params)
-    # Now we can use authorization methods
-    authorize! post, to: :update?
-
-    post.update!(params)
-  end
-end
-```
-
-`ActionPolicy::Behaviour` provides `authorize` class-level method to configure [authorization context](authorization_context.md) and the instance-level methods: `authorize!`, `allowed_to?` and `authorized`:
-
-### `authorize!`
-
-This is a _guard-method_ which raises an `ActionPolicy::Unauthorized` exception
-if authorization failed (i.e. policy rule returns false):
-
-```ruby
-# `to` is a name of the policy rule to apply
-authorize! post, to: :update?
-```
-
-### `allowed_to?`
-
-This is a _predicate_ version of `authorize!`: it returns true if authorization succeed and false otherwise:
-
-```ruby
-# the first argument is the rule to apply
-# the second one is the target
-if allowed_to?(:edit?, post)
-  # ...
-end
-```
-
-### `authorized`
-
-See [scoping](./scoping.md) docs.
-
-## Policy lookup
-
-All three instance methods (`authorize!`, `allowed_to?`, `authorized`) uses the same
-`policy_for` to lookup a policy class for authorization target. So, you can provide additional options to control the policy lookup process:
-
-- Explicitly specify policy class using `with` option:
-
-```ruby
-allowed_to?(:edit?, post, with: SpecialPostPolicy)
-```
-
-- Provide a [namespace](./namespaces.md):
-
-```ruby
-# Would try to lookup Admin::PostPolicy first
-authorize! post, to: :destroy?, namespace: Admin
-```
-
-## Implicit authorization target
-
-You can omit the authorization target for all the methods by defining an _implicit authorization target_:
-
-```ruby
-class PostActions
-  include ActionPolicy::Behaviour
-
-  authorize :user
-
-  attr_reader :user, :post
-
-  def initialize(user, post)
-    @user = user
-    @post = post
-  end
-
-  def update(params)
-    # post is used here implicitly as a target
-    authorize! to: :update
-
-    post.update!(params)
-  end
-
-  def destroy
-    # post is used here implicitly as a target
-    authorize! to: :destroy
-
-    post.destroy!
-  end
-
-  def implicit_authorization_target
-    post
-  end
-end
-```

data/docs/caching.md

@@ -1,291 +0,0 @@
-# Caching
-
-Action Policy aims to be as performant as possible. One of the ways to accomplish that is to include a comprehensive caching system.
-
-There are several cache layers available: rule-level memoization, local (instance-level) memoization, and _external_ cache (through cache stores).
-
-<div class="chart-container">
-  <img src="assets/images/cache.svg" alt="Cache layers" width="60%">
-</div>
-
-## Policy memoization
-
-### Per-instance
-
-There could be a situation when you need to apply the same policy to the same record multiple times during the action (e.g., request). For example:
-
-```ruby
-# app/controllers/posts_controller.rb
-class PostsController < ApplicationController
-  def show
-    @post = Post.find(params[:id])
-    authorize! @post
-    render :show
-  end
-end
-```
-
-```erb
-# app/views/posts/show.html.erb
-<h1><%= @post.title %>
-
-<% if allowed_to?(:edit?, @post) %>
-  <%= link_to "Edit", @post %>
-<% end %>
-
-<% if allowed_to?(:destroy?, @post) %>
-  <%= link_to "Delete", @post, method: :delete %>
-<% end %>
-```
-
-In the above example, we need to use the same policy three times. Action Policy re-uses the policy instance to avoid unnecessary object allocation.
-
-We rely on the following assumptions:
-- parent object (e.g., a controller instance) is _ephemeral_, i.e., it is a short-lived object
-- all authorizations use the same [authorization context](authorization_context.md).
-
-We use `record.policy_cache_key` with fallback to `record.cache_key` or `record.object_id` as a part of policy identifier in the local store.
-
-**NOTE**: policies memoization is an extension for `ActionPolicy::Behaviour` and could be included with `ActionPolicy::Behaviours::Memoized`.
-
-**NOTE**: memoization is automatically included into Rails controllers integration, but not included into channels integration, since channels are long-lived objects.
-
-### Per-thread
-
-Consider a more complex situation:
-
-```ruby
-# app/controllers/comments_controller.rb
-class CommentsController < ApplicationController
-  def index
-    # all comments for all posts
-    @comments = Comment.all
-  end
-end
-```
-
-```erb
-# app/views/comments/index.html.erb
-<% @comments.each do |comment| %>
-  <li><%= comment.text %>
-    <% if allowed_to?(:edit?, comment) %>
-      <%= link_to comment, "Edit" %>
-    <% end %>
-  </li>
-<% end %>
-```
-
-```ruby
-# app/policies/comment_policy.rb
-class CommentPolicy < ApplicationPolicy
-  def edit?
-    user.admin? || (user.id == record.id) ||
-      allowed_to?(:manage?, record.post)
-  end
-end
-```
-
-In some cases, we have to initialize **two** policies for each comment: one for the comment itself and one for the comment's post (in the `allowed_to?` call).
-
-That is an example of a _N+1 authorization_ problem, which in its turn could easily cause a _N+1 query_ problem (if `PostPolicy#manage?` makes database queries). Sounds terrible, doesn't it?
-
-It is likely that many comments belong to the same post. If so, we can move our memoization one level up and use local thread store.
-
-Action Policy provides `ActionPolicy::Behaviours::ThreadMemoized` module with this functionality (included into Rails controllers integration by default).
-
-If you want to add this behavior to your custom authorization-aware class, you should care about cleaning up the thread store manually (by calling `ActionPolicy::PerThreadCache.clear_all`).
-
-**NOTE:** per-thread cache is disabled by default in test environment (when either `RACK_ENV` or `RAILS_ENV` environment variable is equal to "test").
-You can turn it on (or off) by setting:
-
-```ruby
-ActionPolicy::PerThreadCache.enabled = true # or false to disable
-```
-
-## Rule cache
-
-### Per-instance
-
-There could be a situation when the same rule is called multiple times for the same policy instance (for example, when using [aliases](aliases.md)).
-
-In that case, Action Policy invokes the rule method only once, remembers the result, and returns it immediately for the subsequent calls.
-
-**NOTE**: rule results memoization is available only if you inherit from `ActionPolicy::Base` or include `ActionPolicy::Policy::CachedApply` into your `ApplicationPolicy`.
-
-### Using the cache store
-
-Some policy rules might be _performance-heavy_, e.g., make complex database queries.
-
-In that case, it makes sense to cache the rule application result for a long time (not just for the duration of a request).
-
-Action Policy provides a way to use _cache stores_ for that. You have to explicitly define which rules you want to cache in your policy class. For example:
-
-```ruby
-class StagePolicy < ApplicationPolicy
-  # mark show? rule to be cached
-  cache :show?
-  # you can also provide store-specific options
-  # cache :show?, expires_in: 1.hour
-
-  def show?
-    full_access? ||
-      user.stage_permissions.where(
-        stage_id: record.id
-      ).exists?
-  end
-
-  private
-
-  def full_access?
-    !record.funnel.is_private? ||
-      user.permissions
-        .where(
-          funnel_id: record.funnel_id,
-          full_access: true
-        ).exists?
-  end
-end
-```
-
-You must configure a cache store to use this feature:
-
-```ruby
-ActionPolicy.cache_store = MyCacheStore.new
-```
-
-Or, in Rails:
-
-```ruby
-# config/application.rb (or config/environments/<environment>.rb)
-Rails.application.configure do |config|
-  config.action_policy.cache_store = :redis_cache_store
-end
-```
-
-Cache store must provide at least a `#read(key)` and `#write(key, value, **options)` methods.
-
-**NOTE:** cache store also should take care of serialiation/deserialization since the `value` is `ExecutionResult` instance (which contains also some additional information, e.g. failure reasons). Rails cache store supports serialization/deserialization out-of-the-box.
-
-By default, Action Policy builds a cache key using the following scheme (defined in `#rule_cache_key(rule)` method):
-
-```ruby
-"#{cache_namespace}/#{context_cache_key}" \
-"/#{record.policy_cache_key}/#{policy.class.name}/#{rule}"
-```
-
-Where `cache_namespace` is equal to `"acp:#{MAJOR_GEM_VERSION}.#{MINOR_GEM_VERSION}"`, and `context_cache_key` is a concatenation of all authorization contexts cache keys (in the same order as they are defined in the policy class).
-
-If any object does not respond to `#policy_cache_key`, we fallback to `#cache_key` (or `#cache_key_with_version` for modern Rails versions). If `#cache_key` is not defined, an `ArgumentError` is raised.
-
-**NOTE:** if your `#cache_key` method is performance-heavy (e.g. like the `ActiveRecord::Relation`'s one), we recommend to explicitly define the `#policy_cache_key` method on the corresponding class to avoid unnecessary load. See also [action_policy#55](https://github.com/palkan/action_policy/issues/55).
-
-You can define your own `rule_cache_key` / `cache_namespace` / `context_cache_key` methods for policy class to override this logic.
-
-You can also use the `#cache` instance method to cache arbitrary values in you policies:
-
-```ruby
-class ApplicationPolicy < ActionPolicy::Base
-  # Suppose that a user has many roles each having an array of permissions
-  def permissions
-    cache(user) { user.roles.pluck(:permissions).flatten.uniq }
-  end
-
-  # You can pass multiple cache key "parts"
-  def account_permissions(account)
-    cache(user, account) { user.account_roles.where(account: account).pluck(:permissions).flatten.uniq }
-  end
-end
-```
-
-**NOTE:** `#cache` method uses the same cache key generation logic as rules caching (described above).
-
-#### Invalidation
-
-There no one-size-fits-all solution for invalidation. It highly depends on your business logic.
-
-**Case \#1**: no invalidation required.
-
-First of all, you should try to avoid manual invalidation at all. That could be achieved by using elaborate cache keys.
-
-Let's consider an example.
-
-Suppose that your users have _roles_ (i.e. `User.belongs_to :role`) and you give access to resources through the `Access` model (i.e. `Resource.has_many :accesses`).
-
-Then you can do the following:
-- Keep tracking the last `Access` added/updated/deleted for resource (e.g. `Access.belongs_to :accessessable, touch: :access_updated_at`)
-- Use the following cache keys:
-
-```ruby
-class User
-  def policy_cache_key
-    "user::#{id}::#{role_id}"
-  end
-end
-
-class Resource
-  def policy_cache_key
-    "#{resource.class.name}::#{id}::#{access_updated_at}"
-  end
-end
-```
-
-**Case \#2**: discarding all cache at once.
-
-That's pretty easy: just override `cache_namespace` method in your `ApplicationPolicy` with the new value:
-
-```ruby
-class ApplicationPolicy < ActionPolicy::Base
-  # It's a good idea to store the changing part in the constant
-  CACHE_VERSION = "v2".freeze
-
-  # or even from the env variable
-  # CACHE_VERSION = ENV.fetch("POLICY_CACHE_VERSION", "v2").freeze
-
-  def cache_namespace
-    "action_policy::#{CACHE_VERSION}"
-  end
-end
-```
-
-**Case \#3**: discarding some keys.
-
-That is an alternative approach to _crafting_ cache keys.
-
-If you have a limited number of places in your application where you update access control,
-you can invalidate policies cache manually. If your cache store supports `delete_matched` command (deleting keys using a wildcard), you can try the following:
-
-```ruby
-class ApplicationPolicy < ActionPolicy::Base
-  # Define custom cache key generator
-  def cache_key(rule)
-    "policy_cache/#{user.id}/#{self.class.name}/#{record.id}/#{rule}"
-  end
-end
-
-class Access < ApplicationRecord
-  belongs_to :resource
-  belongs_to :user
-
-  after_commit :cleanup_policy_cache, on: [:create, :destroy]
-
-  def cleanup_policy_cache
-    # Clear cache for the corresponding user-record pair
-    ActionPolicy.cache_store.delete_matched(
-      "policy_cache/#{user_id}/#{ResourcePolicy.name}/#{resource_id}/*"
-    )
-  end
-end
-
-class User < ApplicationRecord
-  belongs_to :role
-
-  after_commit :cleanup_policy_cache, on: [:update], if: :role_id_changed?
-
-  def cleanup_policy_cache
-    # Clear all policies cache for user
-    ActionPolicy.cache_store.delete_matched(
-      "policy_cache/#{user_id}/*"
-    )
-  end
-end
-```