action_policy 0.5.0 → 0.5.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4fc0130963013d2a27c7abf48817dba07345f15fde792a1d9b55633de820c318
-  data.tar.gz: 238306ff0b289bbe89e69c7805c57cee46d1f1bfb89479bc35b34c801dad6994
+  metadata.gz: 939f6e73eca2c33b4f9d3575fde063ac346e46bcda7ab05c062ea9a35edf7252
+  data.tar.gz: 8c200d093dd9efa19d6cabd811c4ce29f7c4420efd3e8052c863adbf43c2a632
 SHA512:
-  metadata.gz: 192f5beabda0c3d0ad49deee958107b919e50eb1dc20e79df3fc96f8ee59f274eedb93e96f4d18614a58dc3df57b4f363ec360d40c3dfe42a2d0b2fca0eb6f81
-  data.tar.gz: ce790734997fbb3f6ac38bf9dea4aee0fd9a5c6dbe8442bb48fe2724f6e77574823d512444f398a5a2ad06b5b302d1a8ac031e50a62ea13830e6c38f2f75cd60
+  metadata.gz: 380f476a6716d6fc096d1b6abb6ef68eba62c4ad5fb761427754870582550a25394f24c0b29bab711785ab4806812b9c20ca0ec26f0f4efe7ddca11b762a9585
+  data.tar.gz: 0a63c058b49e2063af867ee74a78066e1e39f5a22d226748ee5780543e40287d672bfc177bedaf91f7036168ac72746a9128dc222a4d8a7bfe0690cdda7b5b49

data/CHANGELOG.md

@@ -2,6 +2,16 @@
 
 ## master
 
+## 0.5.5 (2020-12-28)
+
+- Upgrade to Ruby 3.0. ([@palkan][])
+
+## 0.5.4 (2020-12-09)
+
+- Add support for RSpec aliases detection when linting policy specs with `rubocop-rspec` 2.0 ([@pirj][])
+
+- Fix `strict_namespace: true` lookup option not finding policies in global namespace ([@Be-ngt-oH][])
+
 ## 0.5.0 (2020-09-29)
 
 - Move `deny!` / `allow!` to core. ([@palkan][])
@@ -37,7 +47,7 @@ This method is similar to `allowed_to?` but returns an authorization result obje
 
 Fixes [#122](https://github.com/palkan/action_policy/issues/122).
 
-- Separated `#classify`-based and `#camelize`-based symbol lookups. ([Be-ngt-oH][])
+- Separated `#classify`-based and `#camelize`-based symbol lookups. ([@Be-ngt-oH][])
 
 Only affects Rails apps. Now lookup for `:users` tries to find `UsersPolicy` first (camelize),
 and only then search for `UserPolicy` (classify).
@@ -425,7 +435,8 @@ This value is now stored in a cache (if any) instead of just the call result (`t
 [@ilyasgaraev]: https://github.com/ilyasgaraev
 [@brendon]: https://github.com/brendon
 [@DmitryTsepelev]: https://github.com/DmitryTsepelev
-[@korolvs]: https://github.com/korolvs
+[@korolvs]: https://github.com/slavadev
 [@nicolas-brousse]: https://github.com/nicolas-brousse
 [@somenugget]: https://github.com/somenugget
 [@Be-ngt-oH]: https://github.com/Be-ngt-oH
+[@pirj]: https://github.com/pirj

data/config/rubocop-rspec.yml

@@ -0,0 +1,17 @@
+RSpec:
+  Language:
+    ExampleGroups:
+      Regular:
+        - describe_rule
+      Focused:
+        - fdescribe_rule
+      Skipped:
+        - xdescribe_rule
+    Includes:
+      Examples:
+        - succeed
+        - failed
+        - fsucceed
+        - ffailed
+        - xsucceed
+        - xfailed

data/lib/.rbnext/1995.next/action_policy/behaviours/policy_for.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Behaviours
+    # Adds `policy_for` method
+    module PolicyFor
+      require "action_policy/ext/policy_cache_key"
+      using ActionPolicy::Ext::PolicyCacheKey
+
+      # Returns policy instance for the record.
+      def policy_for(record:, with: nil, namespace: authorization_namespace, context: authorization_context, allow_nil: false, default: default_authorization_policy_class)
+        policy_class = with || ::ActionPolicy.lookup(
+          record,
+          namespace: namespace, context: context, allow_nil: allow_nil, default: default
+        )
+        policy_class&.new(record, **context)
+      end
+
+      def authorization_context
+        raise NotImplementedError, "Please, define `authorization_context` method!"
+      end
+
+      def authorization_namespace
+        # override to provide specific authorization namespace
+      end
+
+      def default_authorization_policy_class
+        # override to provide a policy class use when no policy found
+      end
+
+      # Override this method to provide implicit authorization target
+      # that would be used in case `record` is not specified in
+      # `authorize!` and `allowed_to?` call.
+      #
+      # It is also used to infer a policy for scoping (in `authorized_scope` method).
+      def implicit_authorization_target
+        # no-op
+      end
+
+      # Return implicit authorization target or raises an exception if it's nil
+      def implicit_authorization_target!
+        implicit_authorization_target || raise(
+          NotFound,
+          [
+            self,
+            "Couldn't find implicit authorization target " \
+            "for #{self.class}. " \
+            "Please, provide policy class explicitly using `with` option or " \
+            "define the `implicit_authorization_target` method."
+          ]
+        )
+      end
+
+      def policy_for_cache_key(record:, with: nil, namespace: nil, context: authorization_context, **)
+        record_key = record._policy_cache_key(use_object_id: true)
+        context_key = context.values.map { _1._policy_cache_key(use_object_id: true) }.join(".")
+
+        "#{namespace}/#{with}/#{context_key}/#{record_key}"
+      end
+    end
+  end
+end

data/lib/.rbnext/1995.next/action_policy/behaviours/scoping.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Behaviours
+    # Adds `authorized_scop` method to behaviour
+    module Scoping
+      # Apply scope to the target of the specified type.
+      #
+      # NOTE: policy lookup consists of the following steps:
+      #   - first, check whether `with` option is present
+      #   - secondly, try to infer policy class from `target` (non-raising lookup)
+      #   - use `implicit_authorization_target` if none of the above works.
+      def authorized_scope(target, type: nil, as: :default, scope_options: nil, **options)
+        options[:context] && (options[:context] = authorization_context.merge(options[:context]))
+
+        policy = policy_for(record: target, allow_nil: true, **options)
+        policy ||= policy_for(record: implicit_authorization_target!, **options)
+
+        type ||= authorization_scope_type_for(policy, target)
+        name = as
+
+        Authorizer.scopify(target, policy, type: type, name: name, scope_options: scope_options)
+      end
+
+      # For backward compatibility
+      alias_method :authorized, :authorized_scope
+
+      # Infer scope type for target if none provided.
+      # Raises an exception if type couldn't be inferred.
+      def authorization_scope_type_for(policy, target)
+        policy.resolve_scope_type(target)
+      end
+    end
+  end
+end

data/lib/.rbnext/1995.next/action_policy/policy/authorization.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  class AuthorizationContextMissing < Error # :nodoc:
+    MESSAGE_TEMPLATE = "Missing policy authorization context: %s"
+
+    attr_reader :message
+
+    def initialize(id)
+      @message = MESSAGE_TEMPLATE % id
+    end
+  end
+
+  module Policy
+    # Authorization context could include multiple parameters.
+    #
+    # It is possible to provide more verificatio contexts, by specifying them in the policy and
+    # providing them at the authorization step.
+    #
+    # For example:
+    #
+    #   class ApplicationPolicy < ActionPolicy::Base
+    #     # Add user and account to the context; it's required to be passed
+    #     # to a policy constructor and be not nil
+    #     authorize :user, :account
+    #
+    #     # you can skip non-nil check if you want
+    #     # authorize :account, allow_nil: true
+    #
+    #     def manage?
+    #       # available as a simple accessor
+    #       account.enabled?
+    #     end
+    #   end
+    #
+    #   ApplicantPolicy.new(user: user, account: account)
+    module Authorization
+      class << self
+        def included(base)
+          base.extend ClassMethods
+        end
+      end
+
+      attr_reader :authorization_context
+
+      def initialize(record = nil, **params)
+        super(record)
+
+        @authorization_context = {}
+
+        self.class.authorization_targets.each do |id, opts|
+          raise AuthorizationContextMissing, id unless params.key?(id) || opts[:optional]
+
+          val = params.fetch(id, nil)
+
+          raise AuthorizationContextMissing, id if val.nil? && opts[:allow_nil] != true
+
+          authorization_context[id] = instance_variable_set("@#{id}", val)
+        end
+
+        authorization_context.freeze
+      end
+
+      module ClassMethods # :nodoc:
+        def authorize(*ids, allow_nil: false, optional: false)
+          allow_nil ||= optional
+
+          ids.each do |id|
+            authorization_targets[id] = {allow_nil: allow_nil, optional: optional}
+          end
+
+          attr_reader(*ids)
+        end
+
+        def authorization_targets
+          return @authorization_targets if instance_variable_defined?(:@authorization_targets)
+
+          @authorization_targets = if superclass.respond_to?(:authorization_targets)
+            superclass.authorization_targets.dup
+          else
+            {}
+          end
+        end
+      end
+    end
+  end
+end

data/lib/.rbnext/1995.next/action_policy/utils/pretty_print.rb

@@ -0,0 +1,159 @@
+# frozen_string_literal: true
+
+old_verbose = $VERBOSE
+
+begin
+  require "method_source"
+  # Ignore parse warnings when patch
+  # Ruby version mismatches
+  $VERBOSE = nil
+  require "parser/current"
+  require "unparser"
+rescue LoadError
+  # do nothing
+ensure
+  $VERBOSE = old_verbose
+end
+
+module ActionPolicy
+  using RubyNext
+
+  # Takes the object and a method name,
+  # and returns the "annotated" source code for the method:
+  # code is split into parts by logical operators and each
+  # part is evaluated separately.
+  #
+  # Example:
+  #
+  #  class MyClass
+  #    def access?
+  #      admin? && access_feed?
+  #    end
+  #  end
+  #
+  #  puts PrettyPrint.format_method(MyClass.new, :access?)
+  #
+  #  #=> MyClass#access?
+  #  #=> ↳ admin? #=> false
+  #  #=> AND
+  #  #=> access_feed? #=> true
+  module PrettyPrint
+    TRUE = "\e[32mtrue\e[0m"
+    FALSE = "\e[31mfalse\e[0m"
+
+    class Visitor
+      attr_reader :lines, :object
+      attr_accessor :indent
+
+      def initialize(object)
+        @object = object
+      end
+
+      def collect(ast)
+        @lines = []
+        @indent = 0
+
+        visit_node(ast)
+
+        lines.join("\n")
+      end
+
+      def visit_node(ast)
+        if respond_to?("visit_#{ast.type}")
+          send("visit_#{ast.type}", ast)
+        else
+          visit_missing ast
+        end
+      end
+
+      def expression_with_result(sexp)
+        expression = Unparser.unparse(sexp)
+        "#{expression} #=> #{PrettyPrint.colorize(eval_exp(expression))}"
+      end
+
+      def eval_exp(exp)
+        return "<skipped>" if ignore_exp?(exp)
+        object.instance_eval(exp)
+      rescue => e
+        "Failed: #{e.message}"
+      end
+
+      def visit_and(ast)
+        visit_node(ast.children[0])
+        lines << indented("AND")
+        visit_node(ast.children[1])
+      end
+
+      def visit_or(ast)
+        visit_node(ast.children[0])
+        lines << indented("OR")
+        visit_node(ast.children[1])
+      end
+
+      def visit_begin(ast)
+        #  Parens
+        if ast.children.size == 1
+          lines << indented("(")
+          self.indent += 2
+          visit_node(ast.children[0])
+          self.indent -= 2
+          lines << indented(")")
+        else
+          # Multiple expressions
+          ast.children.each do |node|
+            visit_node(node)
+            # restore indent after each expression
+            self.indent -= 2
+          end
+        end
+      end
+
+      def visit_missing(ast)
+        lines << indented(expression_with_result(ast))
+      end
+
+      def indented(str)
+        "#{indent.zero? ? "↳ " : ""}#{" " * indent}#{str}".tap do
+          # increase indent after the first expression
+          self.indent += 2 if indent.zero?
+        end
+      end
+
+      # Some lines should not be evaled
+      def ignore_exp?(exp)
+        PrettyPrint.ignore_expressions.any? { exp.match?(_1) }
+      end
+    end
+
+    class << self
+      attr_accessor :ignore_expressions
+
+      if defined?(::Unparser) && defined?(::MethodSource)
+        def available?() = true
+
+        def print_method(object, method_name)
+          ast = object.method(method_name).source.then(&Unparser.method(:parse))
+          # outer node is a method definition itself
+          body = ast.children[2]
+
+          Visitor.new(object).collect(body)
+        end
+      else
+        def available?() = false
+
+        def print_method(_, _) = ""
+      end
+
+      def colorize(val)
+        return val unless $stdout.isatty
+        return TRUE if val.eql?(true)
+        return FALSE if val.eql?(false)
+        val
+      end
+    end
+
+    self.ignore_expressions = [
+      /^\s*binding\.(pry|irb)\s*$/s
+    ]
+  end
+end

data/lib/.rbnext/2.7/action_policy/behaviours/policy_for.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Behaviours
+    # Adds `policy_for` method
+    module PolicyFor
+      require "action_policy/ext/policy_cache_key"
+      using ActionPolicy::Ext::PolicyCacheKey
+
+      # Returns policy instance for the record.
+      def policy_for(record:, with: nil, namespace: authorization_namespace, context: authorization_context, allow_nil: false, default: default_authorization_policy_class)
+        policy_class = with || ::ActionPolicy.lookup(
+          record,
+          namespace: namespace, context: context, allow_nil: allow_nil, default: default
+        )
+        policy_class&.new(record, **context)
+      end
+
+      def authorization_context
+        raise NotImplementedError, "Please, define `authorization_context` method!"
+      end
+
+      def authorization_namespace
+        # override to provide specific authorization namespace
+      end
+
+      def default_authorization_policy_class
+        # override to provide a policy class use when no policy found
+      end
+
+      # Override this method to provide implicit authorization target
+      # that would be used in case `record` is not specified in
+      # `authorize!` and `allowed_to?` call.
+      #
+      # It is also used to infer a policy for scoping (in `authorized_scope` method).
+      def implicit_authorization_target
+        # no-op
+      end
+
+      # Return implicit authorization target or raises an exception if it's nil
+      def implicit_authorization_target!
+        implicit_authorization_target || raise(
+          NotFound,
+          [
+            self,
+            "Couldn't find implicit authorization target " \
+            "for #{self.class}. " \
+            "Please, provide policy class explicitly using `with` option or " \
+            "define the `implicit_authorization_target` method."
+          ]
+        )
+      end
+
+      def policy_for_cache_key(record:, with: nil, namespace: nil, context: authorization_context, **)
+        record_key = record._policy_cache_key(use_object_id: true)
+        context_key = context.values.map { |_1| _1._policy_cache_key(use_object_id: true) }.join(".")
+
+        "#{namespace}/#{with}/#{context_key}/#{record_key}"
+      end
+    end
+  end
+end