action_policy 0.6.7 → 0.6.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: df57cf926c648dc59ed1a1afc44b352eb998f5bf03a9405127105611e641ffdb
-  data.tar.gz: 51a8e81c6479bf06894da3a2f8fa83c98ed25da678e73bf2462f029a75c55ec4
+  metadata.gz: ae3b29268276a0c189e7a2ce8d83e9a68f0de8a1da555de29549d6d7712bb6da
+  data.tar.gz: ff91808a4bf73e284ed2cc973de4e5d4eb76e9ffe18f4f987461e8fa531f9f5b
 SHA512:
-  metadata.gz: 6c55e23ffeff3a1d9800512759105e509abb6b51dabee1a984c56f04daa04e661ef37e056e2fee64b86a17bff8fab8167b557d8f5fe6bd9118febf0b116f7b3a
-  data.tar.gz: 8c1459872bb8daa8bca216c1ee342b9c8c4b4b6fb5654301765ec4d2c7f8ff6612ab784269a89920c29f575ee9ecd79b2a470a415f92246db70c0b9d7a3631b1
+  metadata.gz: e914fd53642a316240ff3f4ef8e51076080bd98780fa5116678a1bc87d7ad135a34ba5ab8eff3e125d73b993044b026cb232605cf21b9ec4cb8dbbf5b2cc2f71
+  data.tar.gz: 4be9b544ab2a48d7e3a4a94896b417159c17b69745980a460e1927e2d8aef35b946e5a980c16fd78f83138c413afe290d510a3942f7f2deae5c10f132b8934f2

data/CHANGELOG.md

@@ -2,6 +2,14 @@
 
 ## master
 
+## 0.6.9 (2024-04-19)
+
+- Add `.with_context` modifier to the `#have_authorized_scope` matcher. ([@killondark][])
+
+## 0.6.8 (2024-01-17)
+
+- Do not preload Rails base classes, use load hooks everywhere. ([@palkan][])
+
 ## 0.6.7 (2023-09-13)
 
 - Fix loading Rails extensions during eager load. ([@palkan][])
@@ -505,3 +513,4 @@ This value is now stored in a cache (if any) instead of just the call result (`t
 [@skojin]: https://github.com/skojin
 [@tomdalling]: https://github.com/tomdalling
 [@matsales28]: https://github.com/matsales28
+[@killondark]: https://github.com/killondark

data/LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2018-2023 Vladimir Dementyev
+Copyright (c) 2018-2024 Vladimir Dementyev
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/lib/.rbnext/2.7/action_policy/behaviours/policy_for.rb

@@ -57,7 +57,7 @@ module ActionPolicy
         )
       end
 
-      def policy_for_cache_key(record:, with: nil, namespace: nil, context: authorization_context, **)
+      def policy_for_cache_key(record:, with: nil, namespace: nil, context: authorization_context, **__kwrest__)
         record_key = record._policy_cache_key(use_object_id: true)
         context_key = context.values.map { |_1| _1._policy_cache_key(use_object_id: true) }.join(".")
 

data/lib/.rbnext/2.7/action_policy/rails/scope_matchers/action_controller_params.rb

@@ -12,8 +12,10 @@ module ActionPolicy
   end
 end
 
-# Register params scope matcher
-ActionPolicy::Base.scope_matcher :action_controller_params, ActionController::Parameters
-
 # Add alias to base policy
 ActionPolicy::Base.extend ActionPolicy::ScopeMatchers::ActionControllerParams
+
+ActiveSupport.on_load(:action_controller) do
+  # Register params scope matcher
+  ActionPolicy::Base.scope_matcher :action_controller_params, ActionController::Parameters
+end

data/lib/.rbnext/2.7/action_policy/rails/scope_matchers/active_record.rb

@@ -12,18 +12,20 @@ module ActionPolicy
   end
 end
 
-# Register relation scope matcher
-ActionPolicy::Base.scope_matcher :active_record_relation, ActiveRecord::Relation
-
 # Add alias to base policy
 ActionPolicy::Base.extend ActionPolicy::ScopeMatchers::ActiveRecord
 
-ActiveRecord::Relation.include(Module.new do
-  def policy_name
-    if model.respond_to?(:policy_name)
-      model.policy_name.to_s
-    else
-      "#{model}Policy"
+ActiveSupport.on_load(:active_record) do
+  # Register relation scope matcher
+  ActionPolicy::Base.scope_matcher :active_record_relation, ActiveRecord::Relation
+
+  ActiveRecord::Relation.include(Module.new do
+    def policy_name
+      if model.respond_to?(:policy_name)
+        model.policy_name.to_s
+      else
+        "#{model}Policy"
+      end
     end
-  end
-end)
+  end)
+end

data/lib/.rbnext/2.7/action_policy/rspec/be_authorized_to.rb

@@ -54,7 +54,7 @@ module ActionPolicy
         actual_calls.any? { |_1| _1.matches?(policy, rule, target, context) }
       end
 
-      def does_not_match?(*)
+      def does_not_match?(*__rest__)
         raise "This matcher doesn't support negation"
       end
 

data/lib/.rbnext/2.7/action_policy/rspec/have_authorized_scope.rb

@@ -21,7 +21,7 @@ module ActionPolicy
     #
     class HaveAuthorizedScope < ::RSpec::Matchers::BuiltIn::BaseMatcher
       attr_reader :type, :name, :policy, :scope_options, :actual_scopes,
-        :target_expectations
+        :target_expectations, :context
 
       def initialize(type)
         @type = type
@@ -49,6 +49,11 @@ module ActionPolicy
         self
       end
 
+      def with_context(context)
+        @context = context
+        self
+      end
+
       def match(_expected, actual)
         raise "This matcher only supports block expectations" unless actual.is_a?(Proc)
 
@@ -56,7 +61,7 @@ module ActionPolicy
 
         @actual_scopes = ActionPolicy::Testing::AuthorizeTracker.scopings
 
-        matching_scopes = actual_scopes.select { |_1| _1.matches?(policy, type, name, scope_options) }
+        matching_scopes = actual_scopes.select { |_1| _1.matches?(policy, type, name, scope_options, context) }
 
         return false if matching_scopes.empty?
 
@@ -71,7 +76,7 @@ module ActionPolicy
         true
       end
 
-      def does_not_match?(*)
+      def does_not_match?(*__rest__)
         raise "This matcher doesn't support negation"
       end
 
@@ -80,6 +85,7 @@ module ActionPolicy
       def failure_message
         "expected a scoping named :#{name} for type :#{type} " \
         "#{scope_options_message} " \
+        "#{context ? "and context #{context.inspect} " : ""}" \
         "from #{policy} to have been applied, " \
         "but #{actual_scopes_message}"
       end

data/lib/.rbnext/3.0/action_policy/ext/policy_cache_key.rb

@@ -27,45 +27,45 @@ module ActionPolicy
       end
 
       refine NilClass do
-        def _policy_cache_key(*) ;  ""; end
+        def _policy_cache_key(*__rest__) ;  ""; end
       end
 
       refine TrueClass do
-        def _policy_cache_key(*) ;  "t"; end
+        def _policy_cache_key(*__rest__) ;  "t"; end
       end
 
       refine FalseClass do
-        def _policy_cache_key(*) ;  "f"; end
+        def _policy_cache_key(*__rest__) ;  "f"; end
       end
 
       refine String do
-        def _policy_cache_key(*) ;  self; end
+        def _policy_cache_key(*__rest__) ;  self; end
       end
 
       refine Symbol do
-        def _policy_cache_key(*) ;  to_s; end
+        def _policy_cache_key(*__rest__) ;  to_s; end
       end
 
       if RUBY_PLATFORM.match?(/java/i)
         refine Integer do
-          def _policy_cache_key(*) ;  to_s; end
+          def _policy_cache_key(*__rest__) ;  to_s; end
         end
 
         refine Float do
-          def _policy_cache_key(*) ;  to_s; end
+          def _policy_cache_key(*__rest__) ;  to_s; end
         end
       else
         refine Numeric do
-          def _policy_cache_key(*) ;  to_s; end
+          def _policy_cache_key(*__rest__) ;  to_s; end
         end
       end
 
       refine Time do
-        def _policy_cache_key(*) ;  to_s; end
+        def _policy_cache_key(*__rest__) ;  to_s; end
       end
 
       refine Module do
-        def _policy_cache_key(*) ;  name; end
+        def _policy_cache_key(*__rest__) ;  name; end
       end
     end
   end

data/lib/.rbnext/3.0/action_policy/policy/core.rb

@@ -75,7 +75,7 @@ module ActionPolicy
       attr_reader :record, :result
 
       # NEXT_RELEASE: deprecate `record` arg, migrate to `record: nil`
-      def initialize(record = nil, *)
+      def initialize(record = nil, *__rest__)
         @record = record
       end
 

data/lib/.rbnext/3.0/action_policy/rspec/be_authorized_to.rb

@@ -54,7 +54,7 @@ module ActionPolicy
         actual_calls.any? { _1.matches?(policy, rule, target, context) }
       end
 
-      def does_not_match?(*)
+      def does_not_match?(*__rest__)
         raise "This matcher doesn't support negation"
       end
 

data/lib/.rbnext/3.0/action_policy/rspec/have_authorized_scope.rb

@@ -21,7 +21,7 @@ module ActionPolicy
     #
     class HaveAuthorizedScope < ::RSpec::Matchers::BuiltIn::BaseMatcher
       attr_reader :type, :name, :policy, :scope_options, :actual_scopes,
-        :target_expectations
+        :target_expectations, :context
 
       def initialize(type)
         @type = type
@@ -49,6 +49,11 @@ module ActionPolicy
         self
       end
 
+      def with_context(context)
+        @context = context
+        self
+      end
+
       def match(_expected, actual)
         raise "This matcher only supports block expectations" unless actual.is_a?(Proc)
 
@@ -56,7 +61,7 @@ module ActionPolicy
 
         @actual_scopes = ActionPolicy::Testing::AuthorizeTracker.scopings
 
-        matching_scopes = actual_scopes.select { _1.matches?(policy, type, name, scope_options) }
+        matching_scopes = actual_scopes.select { _1.matches?(policy, type, name, scope_options, context) }
 
         return false if matching_scopes.empty?
 
@@ -71,7 +76,7 @@ module ActionPolicy
         true
       end
 
-      def does_not_match?(*)
+      def does_not_match?(*__rest__)
         raise "This matcher doesn't support negation"
       end
 
@@ -80,6 +85,7 @@ module ActionPolicy
       def failure_message
         "expected a scoping named :#{name} for type :#{type} " \
         "#{scope_options_message} " \
+        "#{context ? "and context #{context.inspect} " : ""}" \
         "from #{policy} to have been applied, " \
         "but #{actual_scopes_message}"
       end

data/lib/.rbnext/3.0/action_policy/utils/suggest_message.rb

@@ -13,7 +13,7 @@ module ActionPolicy
         suggestion ? "\nDid you mean? #{suggestion}" : ""
       end
     else
-      def suggest(*) ;  ""; end
+      def suggest(*__rest__) ;  ""; end
     end
   end
 end

data/lib/.rbnext/3.1/action_policy/behaviours/policy_for.rb

@@ -57,7 +57,7 @@ module ActionPolicy
         )
       end
 
-      def policy_for_cache_key(record:, with: nil, namespace: nil, context: authorization_context, **)
+      def policy_for_cache_key(record:, with: nil, namespace: nil, context: authorization_context, **__kwrest__)
         record_key = record._policy_cache_key(use_object_id: true)
         context_key = context.values.map { _1._policy_cache_key(use_object_id: true) }.join(".")
 

data/lib/.rbnext/3.1/action_policy/ext/policy_cache_key.rb

@@ -27,45 +27,45 @@ module ActionPolicy
       end
 
       refine NilClass do
-        def _policy_cache_key(*) = ""
+        def _policy_cache_key(*__rest__) = ""
       end
 
       refine TrueClass do
-        def _policy_cache_key(*) = "t"
+        def _policy_cache_key(*__rest__) = "t"
       end
 
       refine FalseClass do
-        def _policy_cache_key(*) = "f"
+        def _policy_cache_key(*__rest__) = "f"
       end
 
       refine String do
-        def _policy_cache_key(*) = self
+        def _policy_cache_key(*__rest__) = self
       end
 
       refine Symbol do
-        def _policy_cache_key(*) = to_s
+        def _policy_cache_key(*__rest__) = to_s
       end
 
       if RUBY_PLATFORM.match?(/java/i)
         refine Integer do
-          def _policy_cache_key(*) = to_s
+          def _policy_cache_key(*__rest__) = to_s
         end
 
         refine Float do
-          def _policy_cache_key(*) = to_s
+          def _policy_cache_key(*__rest__) = to_s
         end
       else
         refine Numeric do
-          def _policy_cache_key(*) = to_s
+          def _policy_cache_key(*__rest__) = to_s
         end
       end
 
       refine Time do
-        def _policy_cache_key(*) = to_s
+        def _policy_cache_key(*__rest__) = to_s
       end
 
       refine Module do
-        def _policy_cache_key(*) = name
+        def _policy_cache_key(*__rest__) = name
       end
     end
   end

data/lib/.rbnext/3.2/action_policy/behaviours/policy_for.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Behaviours
+    # Adds `policy_for` method
+    module PolicyFor
+      require "action_policy/ext/policy_cache_key"
+      using ActionPolicy::Ext::PolicyCacheKey
+
+      # Returns policy instance for the record.
+      def policy_for(record:, with: nil, namespace: authorization_namespace, context: nil, allow_nil: false, default: default_authorization_policy_class, strict_namespace: authorization_strict_namespace)
+        context = context ? authorization_context.merge(context) : authorization_context
+
+        policy_class = with || ::ActionPolicy.lookup(
+          record,
+          namespace:, context:, allow_nil:, default:, strict_namespace:
+        )
+        policy_class&.new(record, **context)
+      end
+
+      def authorization_context
+        Kernel.raise NotImplementedError, "Please, define `authorization_context` method!"
+      end
+
+      def authorization_namespace
+        # override to provide specific authorization namespace
+      end
+
+      def default_authorization_policy_class
+        # override to provide a policy class use when no policy found
+      end
+
+      def authorization_strict_namespace
+        # override to provide strict namespace lookup option
+      end
+
+      # Override this method to provide implicit authorization target
+      # that would be used in case `record` is not specified in
+      # `authorize!` and `allowed_to?` call.
+      #
+      # It is also used to infer a policy for scoping (in `authorized_scope` method).
+      def implicit_authorization_target
+        # no-op
+      end
+
+      # Return implicit authorization target or raises an exception if it's nil
+      def implicit_authorization_target!
+        implicit_authorization_target || Kernel.raise(
+          NotFound,
+          [
+            self,
+            "Couldn't find implicit authorization target " \
+            "for #{self.class}. " \
+            "Please, provide policy class explicitly using `with` option or " \
+            "define the `implicit_authorization_target` method."
+          ]
+        )
+      end
+
+      def policy_for_cache_key(record:, with: nil, namespace: nil, context: authorization_context, **__kwrest__)
+        record_key = record._policy_cache_key(use_object_id: true)
+        context_key = context.values.map { _1._policy_cache_key(use_object_id: true) }.join(".")
+
+        "#{namespace}/#{with}/#{context_key}/#{record_key}"
+      end
+    end
+  end
+end

data/lib/.rbnext/3.2/action_policy/ext/policy_cache_key.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Ext
+    # Adds #_policy_cache_key method to Object,
+    # which just call #policy_cache_key or #cache_key
+    # or #object_id (if `use_object_id` parameter is set to true).
+    #
+    # For other core classes returns string representation.
+    #
+    # Raises ArgumentError otherwise.
+    module PolicyCacheKey # :nodoc: all
+      module ObjectExt
+        def _policy_cache_key(use_object_id: false)
+          return policy_cache_key if respond_to?(:policy_cache_key)
+          return cache_key_with_version if respond_to?(:cache_key_with_version)
+          return cache_key if respond_to?(:cache_key)
+
+          return object_id.to_s if use_object_id == true
+
+          raise ArgumentError, "object is not cacheable"
+        end
+      end
+
+      refine Object do
+        import_methods ObjectExt
+      end
+
+      refine NilClass do
+        def _policy_cache_key(*__rest__) = ""
+      end
+
+      refine TrueClass do
+        def _policy_cache_key(*__rest__) = "t"
+      end
+
+      refine FalseClass do
+        def _policy_cache_key(*__rest__) = "f"
+      end
+
+      refine String do
+        def _policy_cache_key(*__rest__) = self
+      end
+
+      refine Symbol do
+        def _policy_cache_key(*__rest__) = to_s
+      end
+
+      if RUBY_PLATFORM.match?(/java/i)
+        refine Integer do
+          def _policy_cache_key(*__rest__) = to_s
+        end
+
+        refine Float do
+          def _policy_cache_key(*__rest__) = to_s
+        end
+      else
+        refine Numeric do
+          def _policy_cache_key(*__rest__) = to_s
+        end
+      end
+
+      refine Time do
+        def _policy_cache_key(*__rest__) = to_s
+      end
+
+      refine Module do
+        def _policy_cache_key(*__rest__) = name
+      end
+    end
+  end
+end

data/lib/.rbnext/3.2/action_policy/lookup_chain.rb

@@ -0,0 +1,145 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  # LookupChain contains _resolvers_ to determine a policy
+  # for a record (with additional options).
+  #
+  # You can modify the `LookupChain.chain` (for example, to add
+  # custom resolvers).
+  module LookupChain
+    unless "".respond_to?(:safe_constantize)
+      require "action_policy/ext/string_constantize"
+      using ActionPolicy::Ext::StringConstantize
+    end
+
+    require "action_policy/ext/symbol_camelize"
+    using ActionPolicy::Ext::SymbolCamelize
+
+    require "action_policy/ext/module_namespace"
+    using ActionPolicy::Ext::ModuleNamespace
+
+    # Cache namespace resolving result for policies.
+    # @see benchmarks/namespaced_lookup_cache.rb
+    class NamespaceCache
+      class << self
+        attr_reader :store
+
+        def put_if_absent(scope, namespace, policy)
+          local_store = store[scope][namespace]
+          return local_store[policy] if local_store[policy]
+          local_store[policy] ||= yield
+        end
+
+        def fetch(namespace, policy, strict:, &block)
+          return yield unless LookupChain.namespace_cache_enabled?
+
+          if strict
+            put_if_absent(:strict, namespace, policy, &block)
+          else
+            put_if_absent(:flexible, namespace, policy, &block)
+          end
+        end
+
+        def clear
+          hash = Hash.new { |h, k| h[k] = {} }
+          @store = {strict: hash, flexible: hash.clone}
+        end
+      end
+
+      clear
+    end
+
+    class << self
+      attr_accessor :chain, :namespace_cache_enabled
+
+      alias_method :namespace_cache_enabled?, :namespace_cache_enabled
+
+      def call(record, **opts)
+        chain.each do |probe|
+          val = probe.call(record, **opts)
+          return val unless val.nil?
+        end
+        nil
+      end
+
+      private
+
+      def lookup_within_namespace(policy_name, namespace, strict: false)
+        NamespaceCache.fetch(namespace&.name || "Kernel", policy_name, strict: strict) do
+          mod = namespace
+          policy_class = nil
+
+          loop do
+            policy_class = [mod&.name, policy_name].compact.join("::").safe_constantize
+            break policy_class if policy_class || mod.nil?
+
+            mod = mod.namespace
+          end
+
+          next policy_class if !strict || namespace.nil? || policy_class.nil?
+
+          # If we're in the strict mode and the namespace boundary is provided,
+          # we must check that the found policy satisfies it
+          policy_class if policy_class.name.start_with?("#{namespace.name}::")
+        end
+      end
+
+      def policy_class_name_for(record)
+        return record.policy_name.to_s if record.respond_to?(:policy_name)
+
+        record_class = record.is_a?(Module) ? record : record.class
+
+        if record_class.respond_to?(:policy_name)
+          record_class.policy_name.to_s
+        else
+          "#{record_class}Policy"
+        end
+      end
+    end
+
+    # Enable namespace cache by default or
+    # if RACK_ENV provided and equal to "production"
+    self.namespace_cache_enabled =
+      (!ENV["RACK_ENV"].nil?) ? ENV["RACK_ENV"] == "production" : true
+
+    # By self `policy_class` method
+    INSTANCE_POLICY_CLASS = ->(record, **__kwrest__) {
+      record.policy_class if record.respond_to?(:policy_class)
+    }
+
+    # By record's class `policy_class` method
+    CLASS_POLICY_CLASS = ->(record, **__kwrest__) {
+      record.class.policy_class if record.class.respond_to?(:policy_class)
+    }
+
+    # Infer from class name
+    INFER_FROM_CLASS = ->(record, namespace: nil, strict_namespace: false, **__kwrest__) {
+      policy_name = policy_class_name_for(record)
+      lookup_within_namespace(policy_name, namespace, strict: strict_namespace)
+    }
+
+    # Infer from passed symbol
+    SYMBOL_LOOKUP = ->(record, namespace: nil, strict_namespace: false, **__kwrest__) {
+      next unless record.is_a?(Symbol)
+
+      policy_name = "#{record.camelize}Policy"
+      lookup_within_namespace(policy_name, namespace, strict: strict_namespace)
+    }
+
+    # (Optional) Infer using String#classify if available
+    CLASSIFY_SYMBOL_LOOKUP = ->(record, namespace: nil, strict_namespace: false, **__kwrest__) {
+      next unless record.is_a?(Symbol)
+
+      policy_name = "#{record.to_s.classify}Policy"
+      lookup_within_namespace(policy_name, namespace, strict: strict_namespace)
+    }
+
+    self.chain = [
+      SYMBOL_LOOKUP,
+      (CLASSIFY_SYMBOL_LOOKUP if String.method_defined?(:classify)),
+      INSTANCE_POLICY_CLASS,
+      CLASS_POLICY_CLASS,
+      INFER_FROM_CLASS
+    ].compact
+  end
+end