action_policy 0.5.0 → 0.5.1

data/lib/.rbnext/3.0/action_policy/behaviours/scoping.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Behaviours
+    # Adds `authorized_scop` method to behaviour
+    module Scoping
+      # Apply scope to the target of the specified type.
+      #
+      # NOTE: policy lookup consists of the following steps:
+      #   - first, check whether `with` option is present
+      #   - secondly, try to infer policy class from `target` (non-raising lookup)
+      #   - use `implicit_authorization_target` if none of the above works.
+      def authorized_scope(target, type: nil, as: :default, scope_options: nil, **options)
+        options[:context] && (options[:context] = authorization_context.merge(options[:context]))
+
+        policy = policy_for(record: target, allow_nil: true, **options)
+        policy ||= policy_for(record: implicit_authorization_target!, **options)
+
+        type ||= authorization_scope_type_for(policy, target)
+        name = as
+
+        Authorizer.scopify(target, policy, **{type: type, name: name, scope_options: scope_options})
+      end
+
+      # For backward compatibility
+      alias authorized authorized_scope
+
+      # Infer scope type for target if none provided.
+      # Raises an exception if type couldn't be inferred.
+      def authorization_scope_type_for(policy, target)
+        policy.resolve_scope_type(target)
+      end
+    end
+  end
+end

data/lib/.rbnext/3.0/action_policy/behaviours/thread_memoized.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module PerThreadCache # :nodoc:
+    CACHE_KEY = "action_policy.per_thread_cache"
+
+    class << self
+      attr_writer :enabled
+
+      def enabled?() ;  @enabled == true; end
+
+      def fetch(key)
+        return yield unless enabled?
+
+        store = (Thread.current[CACHE_KEY] ||= {})
+
+        return store[key] if store.key?(key)
+
+        store[key] = yield
+      end
+
+      def clear_all
+        Thread.current[CACHE_KEY] = {}
+      end
+    end
+
+    # Turn off by default in test env
+    self.enabled = !(ENV["RAILS_ENV"] == "test" || ENV["RACK_ENV"] == "test")
+  end
+
+  module Behaviours
+    # Per-thread memoization for policies.
+    #
+    # Used by `policy_for` to re-use policy object for records.
+    #
+    # NOTE: don't forget to clear thread cache with ActionPolicy::PerThreadCache.clear_all
+    module ThreadMemoized
+      class << self
+        def prepended(base)
+          base.prepend InstanceMethods
+        end
+
+        alias included prepended
+      end
+
+      module InstanceMethods # :nodoc:
+        def policy_for(record:, **opts)
+          __policy_thread_memoize__(record, **opts) { super(record: record, **opts) }
+        end
+      end
+
+      def __policy_thread_memoize__(record, **options)
+        cache_key = policy_for_cache_key(record: record, **options)
+
+        ActionPolicy::PerThreadCache.fetch(cache_key) { yield }
+      end
+    end
+  end
+end

data/lib/.rbnext/3.0/action_policy/ext/policy_cache_key.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Ext
+    # Adds #_policy_cache_key method to Object,
+    # which just call #policy_cache_key or #cache_key
+    # or #object_id (if `use_object_id` parameter is set to true).
+    #
+    # For other core classes returns string representation.
+    #
+    # Raises ArgumentError otherwise.
+    module PolicyCacheKey # :nodoc: all
+      module ObjectExt
+        def _policy_cache_key(use_object_id: false)
+          return policy_cache_key if respond_to?(:policy_cache_key)
+          return cache_key_with_version if respond_to?(:cache_key_with_version)
+          return cache_key if respond_to?(:cache_key)
+
+          return object_id.to_s if use_object_id == true
+
+          raise ArgumentError, "object is not cacheable"
+        end
+      end
+
+      refine Object do
+        include ObjectExt
+      end
+
+      refine NilClass do
+        def _policy_cache_key(*) ;  ""; end
+      end
+
+      refine TrueClass do
+        def _policy_cache_key(*) ;  "t"; end
+      end
+
+      refine FalseClass do
+        def _policy_cache_key(*) ;  "f"; end
+      end
+
+      refine String do
+        def _policy_cache_key(*) ;  self; end
+      end
+
+      refine Symbol do
+        def _policy_cache_key(*) ;  to_s; end
+      end
+
+      if RUBY_PLATFORM.match?(/java/i)
+        refine Integer do
+          def _policy_cache_key(*) ;  to_s; end
+        end
+
+        refine Float do
+          def _policy_cache_key(*) ;  to_s; end
+        end
+      else
+        refine Numeric do
+          def _policy_cache_key(*) ;  to_s; end
+        end
+      end
+
+      refine Time do
+        def _policy_cache_key(*) ;  to_s; end
+      end
+
+      refine Module do
+        def _policy_cache_key(*) ;  name; end
+      end
+    end
+  end
+end

data/lib/.rbnext/3.0/action_policy/policy/aliases.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Policy
+    # Adds rules aliases support and ability to specify
+    # the default rule.
+    #
+    #   class ApplicationPolicy
+    #     include ActionPolicy::Policy::Core
+    #     include ActionPolicy::Policy::Aliases
+    #
+    #     # define which rule to use if `authorize!` called with
+    #     # unknown rule
+    #     default_rule :manage?
+    #
+    #     alias_rule :publish?, :unpublish?, to: :update?
+    #   end
+    #
+    # Aliases are used only during `authorize!` call (and do not act like _real_ aliases).
+    #
+    # Aliases useful when combined with `CachedApply` (since we can cache only the target rule).
+    module Aliases
+      DEFAULT = :__default__
+
+      class << self
+        def included(base)
+          base.extend ClassMethods
+        end
+      end
+
+      def resolve_rule(activity)
+        self.class.lookup_alias(activity) ||
+          (activity if respond_to?(activity)) ||
+          self.class.lookup_default_rule ||
+          super
+      end
+
+      module ClassMethods # :nodoc:
+        def default_rule(val)
+          rules_aliases[DEFAULT] = val
+        end
+
+        def alias_rule(*rules, to:)
+          rules.each do |rule|
+            rules_aliases[rule] = to
+          end
+        end
+
+        def lookup_alias(rule) ;  rules_aliases[rule]; end
+
+        def lookup_default_rule() ;  rules_aliases[DEFAULT]; end
+
+        def rules_aliases
+          return @rules_aliases if instance_variable_defined?(:@rules_aliases)
+
+          @rules_aliases = if superclass.respond_to?(:rules_aliases)
+            superclass.rules_aliases.dup
+          else
+            {}
+          end
+        end
+
+        def method_added(name)
+          rules_aliases.delete(name) if public_method_defined?(name)
+        end
+      end
+    end
+  end
+end

data/lib/.rbnext/3.0/action_policy/policy/authorization.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  class AuthorizationContextMissing < Error # :nodoc:
+    MESSAGE_TEMPLATE = "Missing policy authorization context: %s"
+
+    attr_reader :message
+
+    def initialize(id)
+      @message = MESSAGE_TEMPLATE % id
+    end
+  end
+
+  module Policy
+    # Authorization context could include multiple parameters.
+    #
+    # It is possible to provide more verificatio contexts, by specifying them in the policy and
+    # providing them at the authorization step.
+    #
+    # For example:
+    #
+    #   class ApplicationPolicy < ActionPolicy::Base
+    #     # Add user and account to the context; it's required to be passed
+    #     # to a policy constructor and be not nil
+    #     authorize :user, :account
+    #
+    #     # you can skip non-nil check if you want
+    #     # authorize :account, allow_nil: true
+    #
+    #     def manage?
+    #       # available as a simple accessor
+    #       account.enabled?
+    #     end
+    #   end
+    #
+    #   ApplicantPolicy.new(user: user, account: account)
+    module Authorization
+      class << self
+        def included(base)
+          base.extend ClassMethods
+        end
+      end
+
+      attr_reader :authorization_context
+
+      def initialize(record = nil, **params)
+        super(record)
+
+        @authorization_context = {}
+
+        self.class.authorization_targets.each do |id, opts|
+          raise AuthorizationContextMissing, id unless params.key?(id) || opts[:optional]
+
+          val = params.fetch(id, nil)
+
+          raise AuthorizationContextMissing, id if val.nil? && opts[:allow_nil] != true
+
+          authorization_context[id] = instance_variable_set("@#{id}", val)
+        end
+
+        authorization_context.freeze
+      end
+
+      module ClassMethods # :nodoc:
+        def authorize(*ids, allow_nil: false, optional: false)
+          allow_nil ||= optional
+
+          ids.each do |id|
+            authorization_targets[id] = {allow_nil: allow_nil, optional: optional}
+          end
+
+          attr_reader(*ids)
+        end
+
+        def authorization_targets
+          return @authorization_targets if instance_variable_defined?(:@authorization_targets)
+
+          @authorization_targets = if superclass.respond_to?(:authorization_targets)
+            superclass.authorization_targets.dup
+          else
+            {}
+          end
+        end
+      end
+    end
+  end
+end

data/lib/.rbnext/3.0/action_policy/policy/cache.rb

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+require "action_policy/version"
+
+module ActionPolicy # :nodoc:
+  using RubyNext
+
+  # By default cache namespace (or prefix) contains major and minor version of the gem
+  CACHE_NAMESPACE = "acp:#{ActionPolicy::VERSION.split(".").take(2).join(".")}"
+
+  require "action_policy/ext/policy_cache_key"
+
+  using ActionPolicy::Ext::PolicyCacheKey
+
+  module Policy
+    # Provides long-lived cache through ActionPolicy.cache_store.
+    #
+    # NOTE: if cache_store is nil then we silently skip all the caching.
+    module Cache
+      class << self
+        def included(base)
+          base.extend ClassMethods
+        end
+      end
+
+      def cache_namespace() ;  ActionPolicy::CACHE_NAMESPACE; end
+
+      def cache_key(*parts)
+        [
+          cache_namespace,
+          *parts
+        ].map { _1._policy_cache_key }.join("/")
+      end
+
+      def rule_cache_key(rule)
+        cache_key(
+          context_cache_key,
+          record,
+          self.class,
+          rule
+        )
+      end
+
+      def context_cache_key
+        authorization_context.map { _2._policy_cache_key.to_s }.join("/")
+      end
+
+      def apply_with_cache(rule)
+        options = self.class.cached_rules.fetch(rule)
+        key = rule_cache_key(rule)
+
+        ActionPolicy.cache_store.then do |store|
+          @result = store.read(key)
+          unless result.nil?
+            result.cached!
+            next result.value
+          end
+          yield
+          store.write(key, result, options)
+          result.value
+        end
+      end
+
+      def apply(rule)
+        return super if ActionPolicy.cache_store.nil? ||
+          !self.class.cached_rules.key?(rule)
+
+        apply_with_cache(rule) { super }
+      end
+
+      def cache(*parts, **options)
+        key = cache_key(*parts)
+        ActionPolicy.cache_store.then do |store|
+          res = store.read(key)
+          next res unless res.nil?
+          res = yield
+          store.write(key, res, options)
+          res
+        end
+      end
+
+      module ClassMethods # :nodoc:
+        def cache(*rules, **options)
+          rules.each do |rule|
+            cached_rules[rule] = options
+          end
+        end
+
+        def cached_rules
+          return @cached_rules if instance_variable_defined?(:@cached_rules)
+
+          @cached_rules = if superclass.respond_to?(:cached_rules)
+            superclass.cached_rules.dup
+          else
+            {}
+          end
+        end
+      end
+    end
+  end
+end

data/lib/.rbnext/3.0/action_policy/policy/core.rb

@@ -0,0 +1,161 @@
+# frozen_string_literal: true
+
+require "action_policy/behaviours/policy_for"
+require "action_policy/policy/execution_result"
+require "action_policy/utils/suggest_message"
+require "action_policy/utils/pretty_print"
+
+unless "".respond_to?(:underscore)
+  require "action_policy/ext/string_underscore"
+  using ActionPolicy::Ext::StringUnderscore
+end
+
+module ActionPolicy
+  using RubyNext
+
+  # Raised when `resolve_rule` failed to find an approriate
+  # policy rule method for the activity
+  class UnknownRule < Error
+    include ActionPolicy::SuggestMessage
+
+    attr_reader :policy, :rule, :message
+
+    def initialize(policy, rule)
+      @policy = policy.class
+      @rule = rule
+      @message =
+        "Couldn't find rule '#{@rule}' for #{@policy}" \
+        "#{suggest(@rule, @policy.instance_methods - Object.instance_methods)}"
+    end
+  end
+
+  module Policy
+    # Core policy API
+    module Core
+      class << self
+        def included(base)
+          base.extend ClassMethods
+
+          # Generate a new class for each _policy chain_
+          # in order to extend it independently
+          base.module_eval do
+            @result_class = Class.new(ExecutionResult)
+
+            # we need to make this class _named_,
+            # 'cause anonymous classes couldn't be marshalled
+            base.const_set(:APR, @result_class)
+          end
+        end
+      end
+
+      module ClassMethods # :nodoc:
+        attr_writer :identifier
+
+        def result_class
+          return @result_class if instance_variable_defined?(:@result_class)
+          @result_class = superclass.result_class
+        end
+
+        def identifier
+          return @identifier if instance_variable_defined?(:@identifier)
+
+          @identifier = name.sub(/Policy$/, "").underscore.to_sym
+        end
+      end
+
+      include ActionPolicy::Behaviours::PolicyFor
+
+      attr_reader :record, :result
+
+      # NEXT_RELEASE: deprecate `record` arg, migrate to `record: nil`
+      def initialize(record = nil, *)
+        @record = record
+      end
+
+      # Returns a result of applying the specified rule (true of false).
+      # Unlike simply calling a predicate rule (`policy.manage?`),
+      # `apply` also calls pre-checks.
+      def apply(rule)
+        @result = self.class.result_class.new(self.class, rule)
+
+        catch :policy_fulfilled do
+          result.load __apply__(rule)
+        end
+
+        result.value
+      end
+
+      def deny!
+        result&.load false
+        throw :policy_fulfilled
+      end
+
+      def allow!
+        result&.load true
+        throw :policy_fulfilled
+      end
+
+      # This method performs the rule call.
+      # Override or extend it to provide custom functionality
+      # (such as caching, pre checks, etc.)
+      def __apply__(rule) ;  public_send(rule); end
+
+      # Wrap code that could modify result
+      # to prevent the current result modification
+      def with_clean_result # :nodoc:
+        was_result = @result
+        yield
+        @result
+      ensure
+        @result = was_result
+      end
+
+      # Returns a result of applying the specified rule to the specified record.
+      # Under the hood a policy class for record is resolved
+      # (unless it's explicitly set through `with` option).
+      #
+      # If record is `nil` then we uses the current policy.
+      def allowed_to?(rule, record = :__undef__, **options)
+        if (record == :__undef__ || record == self.record) && options.empty?
+          __apply__(resolve_rule(rule))
+        else
+          policy_for(record: record, **options).then do |policy|
+            policy.apply(policy.resolve_rule(rule))
+          end
+        end
+      end
+
+      # An alias for readability purposes
+      def check?(*args) ;  allowed_to?(*args); end
+
+      # Returns a rule name (policy method name) for activity.
+      #
+      # By default, rule name is equal to activity name.
+      #
+      # Raises ActionPolicy::UknownRule when rule is not found in policy.
+      def resolve_rule(activity)
+        raise UnknownRule.new(self, activity) unless
+          respond_to?(activity)
+        activity
+      end
+
+      # Return annotated source code for the rule
+      # NOTE: require "method_source" and "unparser" gems to be installed.
+      # Otherwise returns empty string.
+      def inspect_rule(rule) ;  PrettyPrint.print_method(self, rule); end
+
+      # Helper for printing the annotated rule source.
+      # Useful for debugging: type `pp :show?` within the context of the policy
+      # to preview the rule.
+      def pp(rule)
+        with_clean_result do
+          # We need result to exist for `allowed_to?` to work correctly
+          @result = self.class.result_class.new(self.class, rule)
+          header = "#{self.class.name}##{rule}"
+          source = inspect_rule(rule)
+          $stdout.puts "#{header}\n#{source}"
+        end
+      end
+    end
+  end
+end