action_policy 0.5.4 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 911b1f7b929d458ae0bb95eb22fa11ff2a17925d9c797b626664bdad82b7abbc
-  data.tar.gz: 69bc6ead609db7cbcdc3d31455e7e17b88bf9037a51a8b1722e414a7e50c41e4
+  metadata.gz: 0fe2b2b40f6a3bd85c312495209382b1ee72950072257e676be008e2ef8d77c5
+  data.tar.gz: f0c9b0cb38bc130cdb8c7f3f4cfba3adcc326f25c6435fe75723e8c0d3ba3fe9
 SHA512:
-  metadata.gz: e3cf8e4bd9347f052a34cee11fad004030ee80d9281c6bbbb9fe99b8f6665b0c611661d6ce3be8578345ef3171ad35d2c38fff8936bdd47efef48bb137a5a415
-  data.tar.gz: 63c4444667971ee445b60e2d9ffee89402021151ac730f00063f2066984c1ca75c15ae40b45fbce60ce9c4201826116bb417f6e62dbfd91f96a3f3974e26a458
+  metadata.gz: f49f02d335942aa0a100e681f7570c1b6d042e68d1ed9d02012ec84b9f354b5c0a1d7a42ba15fbd3c84c84536e444af95057a09ef00cdc6ae3c2f5d0b24dd3a6
+  data.tar.gz: 2eced066c406feb11e8cdf99113fa8d27f8fe73ff015bcc1d2958c0a657540d195b25a8328dee02206b8539e55d16278f531dcde6b9567fef95ec1bead92cda0

data/CHANGELOG.md

@@ -2,6 +2,26 @@
 
 ## master
 
+## 0.6.0 (2021-09-02)
+
+- Drop Ruby 2.5 support.
+- [Closes [#186](https://github.com/palkan/action_policy/issues/186)] Add `inline_reasons: true` option to `allowed_to?` to avoid wrapping reasons. ([@palkan][])
+- [Fixes [#173](https://github.com/palkan/action_policy/issues/173)] Explicit context were not merged with implicit one within policy classes. ([@palkan][])
+- Add `strict_namespace:` option to policy_for behaviour ([@kevynlebouille][])
+- Prevent possible side effects in policy lookup ([@tomdalling][])
+
+## 0.5.7 (2021-03-03)
+
+The previous release had incorrect dependencies (due to the missing transpiled files).
+
+## ~~0.5.6 (2021-03-03)~~
+
+- Add `ActionPolicy.enforce_predicate_rules_naming` config to catch rule missing question mark ([@skojin][])
+
+## 0.5.5 (2020-12-28)
+
+- Upgrade to Ruby 3.0. ([@palkan][])
+
 ## 0.5.4 (2020-12-09)
 
 - Add support for RSpec aliases detection when linting policy specs with `rubocop-rspec` 2.0 ([@pirj][])
@@ -431,8 +451,10 @@ This value is now stored in a cache (if any) instead of just the call result (`t
 [@ilyasgaraev]: https://github.com/ilyasgaraev
 [@brendon]: https://github.com/brendon
 [@DmitryTsepelev]: https://github.com/DmitryTsepelev
-[@korolvs]: https://github.com/korolvs
+[@korolvs]: https://github.com/slavadev
 [@nicolas-brousse]: https://github.com/nicolas-brousse
 [@somenugget]: https://github.com/somenugget
 [@Be-ngt-oH]: https://github.com/Be-ngt-oH
 [@pirj]: https://github.com/pirj
+[@skojin]: https://github.com/skojin
+[@tomdalling]: https://github.com/tomdalling

data/LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2018-2020 Vladimir Dementyev
+Copyright (c) 2018-2021 Vladimir Dementyev
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -31,7 +31,7 @@ Composable. Extensible. Performant.
 Add this line to your application's `Gemfile`:
 
 ```ruby
-gem "action_policy", "~> 0.4.0"
+gem "action_policy"
 ```
 
 And then execute:

data/lib/.rbnext/{3.0 → 1995.next}/action_policy/behaviours/policy_for.rb

@@ -8,16 +8,18 @@ module ActionPolicy
       using ActionPolicy::Ext::PolicyCacheKey
 
       # Returns policy instance for the record.
-      def policy_for(record:, with: nil, namespace: authorization_namespace, context: authorization_context, allow_nil: false, default: default_authorization_policy_class)
+      def policy_for(record:, with: nil, namespace: authorization_namespace, context: nil, allow_nil: false, default: default_authorization_policy_class, strict_namespace: authorization_strict_namespace)
+        context = context ? authorization_context.merge(context) : authorization_context
+
         policy_class = with || ::ActionPolicy.lookup(
           record,
-          **{namespace: namespace, context: context, allow_nil: allow_nil, default: default}
+          namespace: namespace, context: context, allow_nil: allow_nil, default: default, strict_namespace: strict_namespace
         )
         policy_class&.new(record, **context)
       end
 
       def authorization_context
-        raise NotImplementedError, "Please, define `authorization_context` method!"
+        Kernel.raise NotImplementedError, "Please, define `authorization_context` method!"
       end
 
       def authorization_namespace
@@ -28,6 +30,10 @@ module ActionPolicy
         # override to provide a policy class use when no policy found
       end
 
+      def authorization_strict_namespace
+        # override to provide strict namespace lookup option
+      end
+
       # Override this method to provide implicit authorization target
       # that would be used in case `record` is not specified in
       # `authorize!` and `allowed_to?` call.
@@ -39,7 +45,7 @@ module ActionPolicy
 
       # Return implicit authorization target or raises an exception if it's nil
       def implicit_authorization_target!
-        implicit_authorization_target || raise(
+        implicit_authorization_target || Kernel.raise(
           NotFound,
           [
             self,

data/lib/.rbnext/{3.0 → 1995.next}/action_policy/behaviours/scoping.rb

@@ -19,11 +19,11 @@ module ActionPolicy
         type ||= authorization_scope_type_for(policy, target)
         name = as
 
-        Authorizer.scopify(target, policy, **{type: type, name: name, scope_options: scope_options})
+        Authorizer.scopify(target, policy, type: type, name: name, scope_options: scope_options)
       end
 
       # For backward compatibility
-      alias authorized authorized_scope
+      alias_method :authorized, :authorized_scope
 
       # Infer scope type for target if none provided.
       # Raises an exception if type couldn't be inferred.

data/lib/.rbnext/1995.next/action_policy/utils/pretty_print.rb

@@ -0,0 +1,159 @@
+# frozen_string_literal: true
+
+old_verbose = $VERBOSE
+
+begin
+  require "method_source"
+  # Ignore parse warnings when patch
+  # Ruby version mismatches
+  $VERBOSE = nil
+  require "parser/current"
+  require "unparser"
+rescue LoadError
+  # do nothing
+ensure
+  $VERBOSE = old_verbose
+end
+
+module ActionPolicy
+  using RubyNext
+
+  # Takes the object and a method name,
+  # and returns the "annotated" source code for the method:
+  # code is split into parts by logical operators and each
+  # part is evaluated separately.
+  #
+  # Example:
+  #
+  #  class MyClass
+  #    def access?
+  #      admin? && access_feed?
+  #    end
+  #  end
+  #
+  #  puts PrettyPrint.format_method(MyClass.new, :access?)
+  #
+  #  #=> MyClass#access?
+  #  #=> ↳ admin? #=> false
+  #  #=> AND
+  #  #=> access_feed? #=> true
+  module PrettyPrint
+    TRUE = "\e[32mtrue\e[0m"
+    FALSE = "\e[31mfalse\e[0m"
+
+    class Visitor
+      attr_reader :lines, :object
+      attr_accessor :indent
+
+      def initialize(object)
+        @object = object
+      end
+
+      def collect(ast)
+        @lines = []
+        @indent = 0
+
+        visit_node(ast)
+
+        lines.join("\n")
+      end
+
+      def visit_node(ast)
+        if respond_to?("visit_#{ast.type}")
+          send("visit_#{ast.type}", ast)
+        else
+          visit_missing ast
+        end
+      end
+
+      def expression_with_result(sexp)
+        expression = Unparser.unparse(sexp)
+        "#{expression} #=> #{PrettyPrint.colorize(eval_exp(expression))}"
+      end
+
+      def eval_exp(exp)
+        return "<skipped>" if ignore_exp?(exp)
+        object.instance_eval(exp)
+      rescue => e
+        "Failed: #{e.message}"
+      end
+
+      def visit_and(ast)
+        visit_node(ast.children[0])
+        lines << indented("AND")
+        visit_node(ast.children[1])
+      end
+
+      def visit_or(ast)
+        visit_node(ast.children[0])
+        lines << indented("OR")
+        visit_node(ast.children[1])
+      end
+
+      def visit_begin(ast)
+        #  Parens
+        if ast.children.size == 1
+          lines << indented("(")
+          self.indent += 2
+          visit_node(ast.children[0])
+          self.indent -= 2
+          lines << indented(")")
+        else
+          # Multiple expressions
+          ast.children.each do |node|
+            visit_node(node)
+            # restore indent after each expression
+            self.indent -= 2
+          end
+        end
+      end
+
+      def visit_missing(ast)
+        lines << indented(expression_with_result(ast))
+      end
+
+      def indented(str)
+        "#{indent.zero? ? "↳ " : ""}#{" " * indent}#{str}".tap do
+          # increase indent after the first expression
+          self.indent += 2 if indent.zero?
+        end
+      end
+
+      # Some lines should not be evaled
+      def ignore_exp?(exp)
+        PrettyPrint.ignore_expressions.any? { exp.match?(_1) }
+      end
+    end
+
+    class << self
+      attr_accessor :ignore_expressions
+
+      if defined?(::Unparser) && defined?(::MethodSource)
+        def available?() = true
+
+        def print_method(object, method_name)
+          ast = object.method(method_name).source.then(&Unparser.method(:parse))
+          # outer node is a method definition itself
+          body = ast.children[2]
+
+          Visitor.new(object).collect(body)
+        end
+      else
+        def available?() = false
+
+        def print_method(_, _) = ""
+      end
+
+      def colorize(val)
+        return val unless $stdout.isatty
+        return TRUE if val.eql?(true) # rubocop:disable Lint/DeprecatedConstants
+        return FALSE if val.eql?(false) # rubocop:disable Lint/DeprecatedConstants
+        val
+      end
+    end
+
+    self.ignore_expressions = [
+      /^\s*binding\.(pry|irb)\s*$/s
+    ]
+  end
+end

data/lib/.rbnext/2.7/action_policy/behaviours/policy_for.rb

@@ -8,16 +8,18 @@ module ActionPolicy
       using ActionPolicy::Ext::PolicyCacheKey
 
       # Returns policy instance for the record.
-      def policy_for(record:, with: nil, namespace: authorization_namespace, context: authorization_context, allow_nil: false, default: default_authorization_policy_class)
+      def policy_for(record:, with: nil, namespace: authorization_namespace, context: nil, allow_nil: false, default: default_authorization_policy_class, strict_namespace: authorization_strict_namespace)
+        context = context ? authorization_context.merge(context) : authorization_context
+
         policy_class = with || ::ActionPolicy.lookup(
           record,
-          **{namespace: namespace, context: context, allow_nil: allow_nil, default: default}
+          namespace: namespace, context: context, allow_nil: allow_nil, default: default, strict_namespace: strict_namespace
         )
         policy_class&.new(record, **context)
       end
 
       def authorization_context
-        raise NotImplementedError, "Please, define `authorization_context` method!"
+        Kernel.raise NotImplementedError, "Please, define `authorization_context` method!"
       end
 
       def authorization_namespace
@@ -28,6 +30,10 @@ module ActionPolicy
         # override to provide a policy class use when no policy found
       end
 
+      def authorization_strict_namespace
+        # override to provide strict namespace lookup option
+      end
+
       # Override this method to provide implicit authorization target
       # that would be used in case `record` is not specified in
       # `authorize!` and `allowed_to?` call.
@@ -39,7 +45,7 @@ module ActionPolicy
 
       # Return implicit authorization target or raises an exception if it's nil
       def implicit_authorization_target!
-        implicit_authorization_target || raise(
+        implicit_authorization_target || Kernel.raise(
           NotFound,
           [
             self,

data/lib/.rbnext/2.7/action_policy/utils/pretty_print.rb

@@ -146,8 +146,8 @@ module ActionPolicy
 
       def colorize(val)
         return val unless $stdout.isatty
-        return TRUE if val.eql?(true)
-        return FALSE if val.eql?(false)
+        return TRUE if val.eql?(true) # rubocop:disable Lint/DeprecatedConstants
+        return FALSE if val.eql?(false) # rubocop:disable Lint/DeprecatedConstants
         val
       end
     end

data/lib/.rbnext/3.0/action_policy/behaviours/thread_memoized.rb

@@ -40,7 +40,7 @@ module ActionPolicy
           base.prepend InstanceMethods
         end
 
-        alias included prepended
+        alias_method :included, :prepended
       end
 
       module InstanceMethods # :nodoc:

data/lib/.rbnext/3.0/action_policy/policy/aliases.rb

@@ -31,10 +31,18 @@ module ActionPolicy
       def resolve_rule(activity)
         self.class.lookup_alias(activity) ||
           (activity if respond_to?(activity)) ||
+          (check_rule_naming(activity) if ActionPolicy.enforce_predicate_rules_naming) ||
           self.class.lookup_default_rule ||
           super
       end
 
+      private def check_rule_naming(activity)
+        unless activity[-1] == "?"
+          raise NonPredicateRule.new(self, activity)
+        end
+        nil
+      end
+
       module ClassMethods # :nodoc:
         def default_rule(val)
           rules_aliases[DEFAULT] = val

data/lib/.rbnext/3.0/action_policy/policy/core.rb

@@ -23,12 +23,19 @@ module ActionPolicy
     def initialize(policy, rule)
       @policy = policy.class
       @rule = rule
-      @message =
-        "Couldn't find rule '#{@rule}' for #{@policy}" \
+      @message = "Couldn't find rule '#{@rule}' for #{@policy}" \
         "#{suggest(@rule, @policy.instance_methods - Object.instance_methods)}"
     end
   end
 
+  class NonPredicateRule < UnknownRule
+    def initialize(policy, rule)
+      @policy = policy.class
+      @rule = rule
+      @message = "The rule '#{@rule}' of '#{@policy}' must ends with ? (question mark)\nDid you mean? #{@rule}?"
+    end
+  end
+
   module Policy
     # Core policy API
     module Core
@@ -126,7 +133,7 @@ module ActionPolicy
       end
 
       # An alias for readability purposes
-      def check?(*args) ;  allowed_to?(*args); end
+      def check?(*args, **hargs) ;  allowed_to?(*args, **hargs); end
 
       # Returns a rule name (policy method name) for activity.
       #

data/lib/.rbnext/3.0/action_policy/policy/reasons.rb

@@ -31,6 +31,20 @@ module ActionPolicy
 
       def present?() ;  !empty?; end
 
+      def merge(other)
+        other.reasons.each do |policy_class, rules|
+          reasons[policy_class] ||= []
+
+          rules.each do |rule|
+            if rule.is_a?(::Hash)
+              add_detailed_reason(reasons[policy_class], rule)
+            else
+              add_non_detailed_reason(reasons[policy_class], rule)
+            end
+          end
+        end
+      end
+
       private
 
       def add_non_detailed_reason(store, rule)
@@ -182,7 +196,7 @@ module ActionPolicy
         result.details ||= {}
       end
 
-      def allowed_to?(rule, record = :__undef__, **options)
+      def allowed_to?(rule, record = :__undef__, inline_reasons: false, **options)
         res =
           if (record == :__undef__ || record == self.record) && options.empty?
             rule = resolve_rule(rule)
@@ -196,7 +210,9 @@ module ActionPolicy
             policy.result
           end
 
-        result&.reasons&.add(policy, rule, res.details) if res.fail?
+        if res.fail? && result&.reasons
+          inline_reasons ? result.reasons.merge(res.reasons) : result.reasons.add(policy, rule, res.details)
+        end
 
         res.clear_details
 

data/lib/.rbnext/3.0/action_policy/utils/pretty_print.rb

@@ -146,8 +146,8 @@ module ActionPolicy
 
       def colorize(val)
         return val unless $stdout.isatty
-        return TRUE if val.eql?(true)
-        return FALSE if val.eql?(false)
+        return TRUE if val.eql?(true) # rubocop:disable Lint/DeprecatedConstants
+        return FALSE if val.eql?(false) # rubocop:disable Lint/DeprecatedConstants
         val
       end
     end

data/lib/action_policy/behaviour.rb

@@ -74,10 +74,8 @@ module ActionPolicy
     end
 
     def lookup_authorization_policy(record, **options) # :nodoc:
-      record = implicit_authorization_target! if record == :__undef__
-      raise ArgumentError, "Record must be specified" if record.nil?
-
-      options[:context] && (options[:context] = authorization_context.merge(options[:context]))
+      record = implicit_authorization_target! if :__undef__ == record # rubocop:disable Style/YodaCondition See https://github.com/palkan/action_policy/pull/180
+      Kernel.raise ArgumentError, "Record must be specified" if record.nil?
 
       policy_for(record: record, **options)
     end
@@ -104,11 +102,11 @@ module ActionPolicy
       def authorization_targets
         return @authorization_targets if instance_variable_defined?(:@authorization_targets)
 
-        if superclass.respond_to?(:authorization_targets)
+        @authorization_targets = if superclass.respond_to?(:authorization_targets)
           superclass.authorization_targets.dup
         else
           {}
-        end => @authorization_targets
+        end
       end
     end
   end

data/lib/action_policy/behaviours/memoized.rb

@@ -24,7 +24,7 @@ module ActionPolicy
           base.prepend InstanceMethods
         end
 
-        alias included prepended
+        alias_method :included, :prepended
       end
 
       module InstanceMethods # :nodoc:

data/lib/action_policy/behaviours/namespaced.rb

@@ -66,7 +66,7 @@ module ActionPolicy
           base.prepend InstanceMethods
         end
 
-        alias included prepended
+        alias_method :included, :prepended
       end
 
       module InstanceMethods # :nodoc:

data/lib/action_policy/behaviours/policy_for.rb

@@ -8,16 +8,18 @@ module ActionPolicy
       using ActionPolicy::Ext::PolicyCacheKey
 
       # Returns policy instance for the record.
-      def policy_for(record:, with: nil, namespace: authorization_namespace, context: authorization_context, allow_nil: false, default: default_authorization_policy_class)
+      def policy_for(record:, with: nil, namespace: authorization_namespace, context: nil, allow_nil: false, default: default_authorization_policy_class, strict_namespace: authorization_strict_namespace)
+        context = context ? authorization_context.merge(context) : authorization_context
+
         policy_class = with || ::ActionPolicy.lookup(
           record,
-          **{namespace, context, allow_nil, default}
+          namespace:, context:, allow_nil:, default:, strict_namespace:
         )
         policy_class&.new(record, **context)
       end
 
       def authorization_context
-        raise NotImplementedError, "Please, define `authorization_context` method!"
+        Kernel.raise NotImplementedError, "Please, define `authorization_context` method!"
       end
 
       def authorization_namespace
@@ -28,6 +30,10 @@ module ActionPolicy
         # override to provide a policy class use when no policy found
       end
 
+      def authorization_strict_namespace
+        # override to provide strict namespace lookup option
+      end
+
       # Override this method to provide implicit authorization target
       # that would be used in case `record` is not specified in
       # `authorize!` and `allowed_to?` call.
@@ -39,7 +45,7 @@ module ActionPolicy
 
       # Return implicit authorization target or raises an exception if it's nil
       def implicit_authorization_target!
-        implicit_authorization_target || raise(
+        implicit_authorization_target || Kernel.raise(
           NotFound,
           [
             self,

data/lib/action_policy/behaviours/scoping.rb

@@ -19,11 +19,11 @@ module ActionPolicy
         type ||= authorization_scope_type_for(policy, target)
         name = as
 
-        Authorizer.scopify(target, policy, **{type, name, scope_options})
+        Authorizer.scopify(target, policy, type:, name:, scope_options:)
       end
 
       # For backward compatibility
-      alias authorized authorized_scope
+      alias_method :authorized, :authorized_scope
 
       # Infer scope type for target if none provided.
       # Raises an exception if type couldn't be inferred.

data/lib/action_policy/behaviours/thread_memoized.rb

@@ -40,7 +40,7 @@ module ActionPolicy
           base.prepend InstanceMethods
         end
 
-        alias included prepended
+        alias_method :included, :prepended
       end
 
       module InstanceMethods # :nodoc:

data/lib/action_policy/lookup_chain.rb

@@ -52,7 +52,7 @@ module ActionPolicy
     class << self
       attr_accessor :chain, :namespace_cache_enabled
 
-      alias namespace_cache_enabled? namespace_cache_enabled
+      alias_method :namespace_cache_enabled?, :namespace_cache_enabled
 
       def call(record, **opts)
         chain.each do |probe|

data/lib/action_policy/policy/aliases.rb

@@ -31,10 +31,18 @@ module ActionPolicy
       def resolve_rule(activity)
         self.class.lookup_alias(activity) ||
           (activity if respond_to?(activity)) ||
+          (check_rule_naming(activity) if ActionPolicy.enforce_predicate_rules_naming) ||
           self.class.lookup_default_rule ||
           super
       end
 
+      private def check_rule_naming(activity)
+        unless activity[-1] == "?"
+          raise NonPredicateRule.new(self, activity)
+        end
+        nil
+      end
+
       module ClassMethods # :nodoc:
         def default_rule(val)
           rules_aliases[DEFAULT] = val
@@ -53,11 +61,11 @@ module ActionPolicy
         def rules_aliases
           return @rules_aliases if instance_variable_defined?(:@rules_aliases)
 
-          if superclass.respond_to?(:rules_aliases)
+          @rules_aliases = if superclass.respond_to?(:rules_aliases)
             superclass.rules_aliases.dup
           else
             {}
-          end => @rules_aliases
+          end
         end
 
         def method_added(name)

data/lib/action_policy/policy/authorization.rb

@@ -75,11 +75,11 @@ module ActionPolicy
         def authorization_targets
           return @authorization_targets if instance_variable_defined?(:@authorization_targets)
 
-          if superclass.respond_to?(:authorization_targets)
+          @authorization_targets = if superclass.respond_to?(:authorization_targets)
             superclass.authorization_targets.dup
           else
             {}
-          end => @authorization_targets
+          end
         end
       end
     end

data/lib/action_policy/policy/cache.rb

@@ -89,11 +89,11 @@ module ActionPolicy # :nodoc:
         def cached_rules
           return @cached_rules if instance_variable_defined?(:@cached_rules)
 
-          if superclass.respond_to?(:cached_rules)
+          @cached_rules = if superclass.respond_to?(:cached_rules)
             superclass.cached_rules.dup
           else
             {}
-          end => @cached_rules
+          end
         end
       end
     end

data/lib/action_policy/policy/core.rb

@@ -23,12 +23,19 @@ module ActionPolicy
     def initialize(policy, rule)
       @policy = policy.class
       @rule = rule
-      @message =
-        "Couldn't find rule '#{@rule}' for #{@policy}" \
+      @message = "Couldn't find rule '#{@rule}' for #{@policy}" \
         "#{suggest(@rule, @policy.instance_methods - Object.instance_methods)}"
     end
   end
 
+  class NonPredicateRule < UnknownRule
+    def initialize(policy, rule)
+      @policy = policy.class
+      @rule = rule
+      @message = "The rule '#{@rule}' of '#{@policy}' must ends with ? (question mark)\nDid you mean? #{@rule}?"
+    end
+  end
+
   module Policy
     # Core policy API
     module Core
@@ -126,7 +133,7 @@ module ActionPolicy
       end
 
       # An alias for readability purposes
-      def check?(*args) = allowed_to?(*args)
+      def check?(*args, **hargs) = allowed_to?(*args, **hargs)
 
       # Returns a rule name (policy method name) for activity.
       #

data/lib/action_policy/policy/pre_check.rb

@@ -150,11 +150,11 @@ module ActionPolicy
         def pre_checks
           return @pre_checks if instance_variable_defined?(:@pre_checks)
 
-          if superclass.respond_to?(:pre_checks)
+          @pre_checks = if superclass.respond_to?(:pre_checks)
             superclass.pre_checks.dup
           else
             []
-          end => @pre_checks
+          end
         end
       end
     end

data/lib/action_policy/policy/reasons.rb

@@ -31,6 +31,20 @@ module ActionPolicy
 
       def present?() = !empty?
 
+      def merge(other)
+        other.reasons.each do |policy_class, rules|
+          reasons[policy_class] ||= []
+
+          rules.each do |rule|
+            if rule.is_a?(::Hash)
+              add_detailed_reason(reasons[policy_class], rule)
+            else
+              add_non_detailed_reason(reasons[policy_class], rule)
+            end
+          end
+        end
+      end
+
       private
 
       def add_non_detailed_reason(store, rule)
@@ -72,7 +86,7 @@ module ActionPolicy
       def all_details
         return @all_details if defined?(@all_details)
 
-        {}.tap do |all|
+        @all_details = {}.tap do |all|
           next unless defined?(@reasons)
 
           reasons.reasons.each_value do |rules|
@@ -84,7 +98,7 @@ module ActionPolicy
               all.merge!(details)
             end
           end
-        end => @all_details
+        end
       end
 
       # Add reasons to inspect
@@ -182,7 +196,7 @@ module ActionPolicy
         result.details ||= {}
       end
 
-      def allowed_to?(rule, record = :__undef__, **options)
+      def allowed_to?(rule, record = :__undef__, inline_reasons: false, **options)
         res =
           if (record == :__undef__ || record == self.record) && options.empty?
             rule = resolve_rule(rule)
@@ -196,7 +210,9 @@ module ActionPolicy
             policy.result
           end
 
-        result&.reasons&.add(policy, rule, res.details) if res.fail?
+        if res.fail? && result&.reasons
+          inline_reasons ? result.reasons.merge(res.reasons) : result.reasons.add(policy, rule, res.details)
+        end
 
         res.clear_details
 

data/lib/action_policy/policy/scoping.rb

@@ -148,11 +148,11 @@ module ActionPolicy
         def scope_matchers
           return @scope_matchers if instance_variable_defined?(:@scope_matchers)
 
-          if superclass.respond_to?(:scope_matchers)
+          @scope_matchers = if superclass.respond_to?(:scope_matchers)
             superclass.scope_matchers.dup
           else
             []
-          end => @scope_matchers
+          end
         end
       end
     end

data/lib/action_policy/rails/controller.rb

@@ -57,7 +57,7 @@ module ActionPolicy
     end
 
     def verify_authorized
-      raise UnauthorizedAction.new(controller_path, action_name) if
+      Kernel.raise UnauthorizedAction.new(controller_path, action_name) if
         authorize_count.zero? && !verify_authorized_skipped
     end
 

data/lib/action_policy/test_helper.rb

@@ -21,6 +21,7 @@ module ActionPolicy
         yield scopes.first.target
       end
     end
+
     # Asserts that the given policy was used to authorize the given target.
     #
     #   def test_authorize

data/lib/action_policy/utils/pretty_print.rb

@@ -146,8 +146,8 @@ module ActionPolicy
 
       def colorize(val)
         return val unless $stdout.isatty
-        return TRUE if val.eql?(true)
-        return FALSE if val.eql?(false)
+        return TRUE if val.eql?(true) # rubocop:disable Lint/DeprecatedConstants
+        return FALSE if val.eql?(false) # rubocop:disable Lint/DeprecatedConstants
         val
       end
     end

data/lib/action_policy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ActionPolicy
-  VERSION = "0.5.4"
+  VERSION = "0.6.0"
 end

data/lib/action_policy.rb

@@ -34,6 +34,8 @@ module ActionPolicy
   class << self
     attr_accessor :cache_store
 
+    attr_accessor :enforce_predicate_rules_naming
+
     # Find a policy class for a target
     def lookup(target, allow_nil: false, default: nil, **options)
       LookupChain.call(target, **options) ||

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: action_policy
 version: !ruby/object:Gem::Version
-  version: 0.5.4
+  version: 0.6.0
 platform: ruby
 authors:
 - Vladimir Dementyev
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-12-09 00:00:00.000000000 Z
+date: 2021-09-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ruby-next-core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.10.3
+        version: 0.11.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.10.3
+        version: 0.11.0
 - !ruby/object:Gem::Dependency
   name: ammeter
   requirement: !ruby/object:Gem::Requirement
@@ -133,6 +133,10 @@ files:
 - LICENSE.txt
 - README.md
 - config/rubocop-rspec.yml
+- lib/.rbnext/1995.next/action_policy/behaviours/policy_for.rb
+- lib/.rbnext/1995.next/action_policy/behaviours/scoping.rb
+- lib/.rbnext/1995.next/action_policy/policy/authorization.rb
+- lib/.rbnext/1995.next/action_policy/utils/pretty_print.rb
 - lib/.rbnext/2.7/action_policy/behaviours/policy_for.rb
 - lib/.rbnext/2.7/action_policy/i18n.rb
 - lib/.rbnext/2.7/action_policy/policy/cache.rb
@@ -140,20 +144,15 @@ files:
 - lib/.rbnext/2.7/action_policy/rspec/be_authorized_to.rb
 - lib/.rbnext/2.7/action_policy/rspec/have_authorized_scope.rb
 - lib/.rbnext/2.7/action_policy/utils/pretty_print.rb
-- lib/.rbnext/3.0/action_policy/behaviour.rb
-- lib/.rbnext/3.0/action_policy/behaviours/policy_for.rb
-- lib/.rbnext/3.0/action_policy/behaviours/scoping.rb
 - lib/.rbnext/3.0/action_policy/behaviours/thread_memoized.rb
 - lib/.rbnext/3.0/action_policy/ext/policy_cache_key.rb
 - lib/.rbnext/3.0/action_policy/policy/aliases.rb
-- lib/.rbnext/3.0/action_policy/policy/authorization.rb
 - lib/.rbnext/3.0/action_policy/policy/cache.rb
 - lib/.rbnext/3.0/action_policy/policy/core.rb
 - lib/.rbnext/3.0/action_policy/policy/defaults.rb
 - lib/.rbnext/3.0/action_policy/policy/execution_result.rb
 - lib/.rbnext/3.0/action_policy/policy/pre_check.rb
 - lib/.rbnext/3.0/action_policy/policy/reasons.rb
-- lib/.rbnext/3.0/action_policy/policy/scoping.rb
 - lib/.rbnext/3.0/action_policy/rspec/be_authorized_to.rb
 - lib/.rbnext/3.0/action_policy/rspec/have_authorized_scope.rb
 - lib/.rbnext/3.0/action_policy/utils/pretty_print.rb
@@ -223,7 +222,7 @@ metadata:
   documentation_uri: https://actionpolicy.evilmartians.io/
   homepage_uri: https://actionpolicy.evilmartians.io/
   source_code_uri: http://github.com/palkan/action_policy
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -231,15 +230,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.5.0
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
-signing_key: 
+rubygems_version: 3.2.15
+signing_key:
 specification_version: 4
 summary: Authorization framework for Ruby/Rails application
 test_files: []

data/lib/.rbnext/3.0/action_policy/behaviour.rb

@@ -1,115 +0,0 @@
-# frozen_string_literal: true
-
-require "action_policy/behaviours/policy_for"
-require "action_policy/behaviours/scoping"
-require "action_policy/behaviours/memoized"
-require "action_policy/behaviours/thread_memoized"
-require "action_policy/behaviours/namespaced"
-
-require "action_policy/authorizer"
-
-module ActionPolicy
-  # Provides `authorize!` and `allowed_to?` methods and
-  # `authorize` class method to define authorization context.
-  #
-  # Could be included anywhere to perform authorization.
-  module Behaviour
-    include ActionPolicy::Behaviours::PolicyFor
-    include ActionPolicy::Behaviours::Scoping
-
-    def self.included(base)
-      # Handle ActiveSupport::Concern differently
-      if base.respond_to?(:class_methods)
-        base.class_methods do
-          include ClassMethods
-        end
-      else
-        base.extend ClassMethods
-      end
-    end
-
-    # Authorize action against a policy.
-    #
-    # Policy is inferred from record
-    # (unless explicitly specified through `with` option).
-    #
-    # Raises `ActionPolicy::Unauthorized` if check failed.
-    def authorize!(record = :__undef__, to:, **options)
-      policy = lookup_authorization_policy(record, **options)
-
-      Authorizer.call(policy, authorization_rule_for(policy, to))
-    end
-
-    # Checks that an activity is allowed for the current context (e.g. user).
-    #
-    # Returns true of false.
-    def allowed_to?(rule, record = :__undef__, **options)
-      policy = lookup_authorization_policy(record, **options)
-
-      policy.apply(authorization_rule_for(policy, rule))
-    end
-
-    # Returns the authorization result object after applying a specified rule to a record.
-    def allowance_to(rule, record = :__undef__, **options)
-      policy = lookup_authorization_policy(record, **options)
-
-      policy.apply(authorization_rule_for(policy, rule))
-      policy.result
-    end
-
-    def authorization_context
-      return @__authorization_context if
-        instance_variable_defined?(:@__authorization_context)
-
-      @__authorization_context = self.class.authorization_targets
-        .each_with_object({}) do |(key, meth), obj|
-        obj[key] = send(meth)
-      end
-    end
-
-    # Check that rule is defined for policy,
-    # otherwise fallback to :manage? rule.
-    def authorization_rule_for(policy, rule)
-      policy.resolve_rule(rule)
-    end
-
-    def lookup_authorization_policy(record, **options) # :nodoc:
-      record = implicit_authorization_target! if record == :__undef__
-      raise ArgumentError, "Record must be specified" if record.nil?
-
-      options[:context] && (options[:context] = authorization_context.merge(options[:context]))
-
-      policy_for(record: record, **options)
-    end
-
-    module ClassMethods # :nodoc:
-      # Configure authorization context.
-      #
-      # For example:
-      #
-      #   class ApplicationController < ActionController::Base
-      #     # Pass the value of `current_user` to authorization as `user`
-      #     authorize :user, through: :current_user
-      #   end
-      #
-      #   # Assuming that in your ApplicationPolicy
-      #   class ApplicationPolicy < ActionPolicy::Base
-      #     authorize :user
-      #   end
-      def authorize(key, through: nil)
-        meth = through || key
-        authorization_targets[key] = meth
-      end
-
-      def authorization_targets
-        return @authorization_targets if instance_variable_defined?(:@authorization_targets)
-
-        @authorization_targets = if superclass.respond_to?(:authorization_targets)
-          superclass.authorization_targets.dup
-        else
-          {}
-        end
-      end
-    end
-  end
-end

data/lib/.rbnext/3.0/action_policy/policy/scoping.rb

@@ -1,160 +0,0 @@
-# frozen_string_literal: true
-
-require "action_policy/behaviours/scoping"
-
-require "action_policy/utils/suggest_message"
-
-module ActionPolicy
-  class UnknownScopeType < Error # :nodoc:
-    include ActionPolicy::SuggestMessage
-
-    MESSAGE_TEMPLATE = "Unknown policy scope type :%s for %s%s"
-
-    attr_reader :message
-
-    def initialize(policy_class, type)
-      @message = format(
-        MESSAGE_TEMPLATE,
-        type, policy_class,
-        suggest(type, policy_class.scoping_handlers.keys)
-      )
-    end
-  end
-
-  class UnknownNamedScope < Error # :nodoc:
-    include ActionPolicy::SuggestMessage
-
-    MESSAGE_TEMPLATE = "Unknown named scope :%s for type :%s for %s%s"
-
-    attr_reader :message
-
-    def initialize(policy_class, type, name)
-      @message = format(
-        MESSAGE_TEMPLATE, name, type, policy_class,
-        suggest(name, policy_class.scoping_handlers[type].keys)
-      )
-    end
-  end
-
-  class UnrecognizedScopeTarget < Error # :nodoc:
-    MESSAGE_TEMPLATE = "Couldn't infer scope type for %s instance"
-
-    attr_reader :message
-
-    def initialize(target)
-      target_class = target.is_a?(Module) ? target : target.class
-
-      @message = format(
-        MESSAGE_TEMPLATE, target_class
-      )
-    end
-  end
-
-  module Policy
-    # Scoping is used to modify the _object under authorization_.
-    #
-    # The most common situation is when you want to _scope_ the collection depending
-    # on the current user permissions.
-    #
-    # For example:
-    #
-    #   class ApplicationPolicy < ActionPolicy::Base
-    #     # Scoping only makes sense when you have the authorization context
-    #     authorize :user
-    #
-    #     # :relation here is a scoping type
-    #     scope_for :relation do |relation|
-    #       # authorization context is available within a scope
-    #       if user.admin?
-    #         relation
-    #       else
-    #         relation.publicly_visible
-    #       end
-    #     end
-    #   end
-    #
-    #   base_scope = User.all
-    #   authorized_scope = ApplicantPolicy.new(user: user)
-    #    .apply_scope(base_scope, type: :relation)
-    module Scoping
-      class << self
-        def included(base)
-          base.extend ClassMethods
-        end
-      end
-
-      include ActionPolicy::Behaviours::Scoping
-
-      # Pass target to the scope handler of the specified type and name.
-      # If `name` is not specified then `:default` name is used.
-      # If `type` is not specified then we try to infer the type from the
-      # target class.
-      def apply_scope(target, type:, name: :default, scope_options: nil)
-        raise ActionPolicy::UnknownScopeType.new(self.class, type) unless
-          self.class.scoping_handlers.key?(type)
-
-        raise ActionPolicy::UnknownNamedScope.new(self.class, type, name) unless
-          self.class.scoping_handlers[type].key?(name)
-
-        mid = :"__scoping__#{type}__#{name}"
-        scope_options ? send(mid, target, **scope_options) : send(mid, target)
-      end
-
-      def resolve_scope_type(target)
-        lookup_type_from_target(target) ||
-          raise(ActionPolicy::UnrecognizedScopeTarget, target)
-      end
-
-      def lookup_type_from_target(target)
-        self.class.scope_matchers.detect do |(_type, matcher)|
-          matcher === target
-        end&.first
-      end
-
-      module ClassMethods # :nodoc:
-        # Register a new scoping method for the `type`
-        def scope_for(type, name = :default, &block)
-          mid = :"__scoping__#{type}__#{name}"
-
-          define_method(mid, &block)
-
-          scoping_handlers[type][name] = mid
-        end
-
-        def scoping_handlers
-          return @scoping_handlers if instance_variable_defined?(:@scoping_handlers)
-
-          @scoping_handlers =
-            Hash.new { |h, k| h[k] = {} }.tap do |handlers|
-              if superclass.respond_to?(:scoping_handlers)
-                superclass.scoping_handlers.each do |k, v|
-                  handlers[k] = v.dup
-                end
-              end
-            end
-        end
-
-        # Define scope type matcher.
-        #
-        # Scope matcher is an object that implements `#===` (_case equality_) or a Proc.
-        #
-        # When no type is provided when applying a scope we try to infer a type
-        # from the target object by calling matchers one by one until we find a matching
-        # type (i.e. there is a matcher which returns `true` when applying it to the target).
-        def scope_matcher(type, class_or_proc)
-          scope_matchers << [type, class_or_proc]
-        end
-
-        def scope_matchers
-          return @scope_matchers if instance_variable_defined?(:@scope_matchers)
-
-          @scope_matchers = if superclass.respond_to?(:scope_matchers)
-            superclass.scope_matchers.dup
-          else
-            []
-          end
-        end
-      end
-    end
-  end
-end