action_policy 0.6.7 → 0.6.9

data/lib/.rbnext/3.2/action_policy/policy/core.rb

@@ -0,0 +1,168 @@
+# frozen_string_literal: true
+
+require "action_policy/behaviours/policy_for"
+require "action_policy/policy/execution_result"
+require "action_policy/utils/suggest_message"
+require "action_policy/utils/pretty_print"
+
+unless "".respond_to?(:underscore)
+  require "action_policy/ext/string_underscore"
+  using ActionPolicy::Ext::StringUnderscore
+end
+
+module ActionPolicy
+  using RubyNext
+
+  # Raised when `resolve_rule` failed to find an approriate
+  # policy rule method for the activity
+  class UnknownRule < Error
+    include ActionPolicy::SuggestMessage
+
+    attr_reader :policy, :rule, :message
+
+    def initialize(policy, rule)
+      @policy = policy.class
+      @rule = rule
+      @message = "Couldn't find rule '#{@rule}' for #{@policy}" \
+        "#{suggest(@rule, @policy.instance_methods - Object.instance_methods)}"
+    end
+  end
+
+  class NonPredicateRule < UnknownRule
+    def initialize(policy, rule)
+      @policy = policy.class
+      @rule = rule
+      @message = "The rule '#{@rule}' of '#{@policy}' must ends with ? (question mark)\nDid you mean? #{@rule}?"
+    end
+  end
+
+  module Policy
+    # Core policy API
+    module Core
+      class << self
+        def included(base)
+          base.extend ClassMethods
+
+          # Generate a new class for each _policy chain_
+          # in order to extend it independently
+          base.module_eval do
+            @result_class = Class.new(ExecutionResult)
+
+            # we need to make this class _named_,
+            # 'cause anonymous classes couldn't be marshalled
+            base.const_set(:APR, @result_class)
+          end
+        end
+      end
+
+      module ClassMethods # :nodoc:
+        attr_writer :identifier
+
+        def result_class
+          return @result_class if instance_variable_defined?(:@result_class)
+          @result_class = superclass.result_class
+        end
+
+        def identifier
+          return @identifier if instance_variable_defined?(:@identifier)
+
+          @identifier = name.sub(/Policy$/, "").underscore.to_sym
+        end
+      end
+
+      include ActionPolicy::Behaviours::PolicyFor
+
+      attr_reader :record, :result
+
+      # NEXT_RELEASE: deprecate `record` arg, migrate to `record: nil`
+      def initialize(record = nil, *__rest__)
+        @record = record
+      end
+
+      # Returns a result of applying the specified rule (true of false).
+      # Unlike simply calling a predicate rule (`policy.manage?`),
+      # `apply` also calls pre-checks.
+      def apply(rule)
+        @result = self.class.result_class.new(self.class, rule)
+
+        catch :policy_fulfilled do
+          result.load __apply__(resolve_rule(rule))
+        end
+
+        result.value
+      end
+
+      def deny!
+        result&.load false
+        throw :policy_fulfilled
+      end
+
+      def allow!
+        result&.load true
+        throw :policy_fulfilled
+      end
+
+      # This method performs the rule call.
+      # Override or extend it to provide custom functionality
+      # (such as caching, pre checks, etc.)
+      def __apply__(rule) = public_send(rule)
+
+      # Wrap code that could modify result
+      # to prevent the current result modification
+      def with_clean_result # :nodoc:
+        was_result = @result
+        yield
+        @result
+      ensure
+        @result = was_result
+      end
+
+      # Returns a result of applying the specified rule to the specified record.
+      # Under the hood a policy class for record is resolved
+      # (unless it's explicitly set through `with` option).
+      #
+      # If record is `nil` then we uses the current policy.
+      def allowed_to?(rule, record = :__undef__, **options)
+        if (record == :__undef__ || record == self.record) && options.empty?
+          __apply__(resolve_rule(rule))
+        else
+          policy_for(record: record, **options).then do |policy|
+            policy.apply(policy.resolve_rule(rule))
+          end
+        end
+      end
+
+      # An alias for readability purposes
+      def check?(*args, **hargs) = allowed_to?(*args, **hargs)
+
+      # Returns a rule name (policy method name) for activity.
+      #
+      # By default, rule name is equal to activity name.
+      #
+      # Raises ActionPolicy::UnknownRule when rule is not found in policy.
+      def resolve_rule(activity)
+        raise UnknownRule.new(self, activity) unless
+          respond_to?(activity)
+        activity
+      end
+
+      # Return annotated source code for the rule
+      # NOTE: require "method_source" and "unparser" gems to be installed.
+      # Otherwise returns empty string.
+      def inspect_rule(rule) = PrettyPrint.print_method(self, rule)
+
+      # Helper for printing the annotated rule source.
+      # Useful for debugging: type `pp :show?` within the context of the policy
+      # to preview the rule.
+      def pp(rule)
+        with_clean_result do
+          # We need result to exist for `allowed_to?` to work correctly
+          @result = self.class.result_class.new(self.class, rule)
+          header = "#{self.class.name}##{rule}"
+          source = inspect_rule(rule)
+          $stdout.puts "#{header}\n#{source}"
+        end
+      end
+    end
+  end
+end

data/lib/.rbnext/3.2/action_policy/rspec/be_authorized_to.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+require "action_policy/testing"
+
+module ActionPolicy
+  module RSpec
+    # Authorization matcher `be_authorized_to`.
+    #
+    # Verifies that a block of code has been authorized using specific policy.
+    #
+    # Example:
+    #
+    #   # in controller/request specs
+    #   subject { patch :update, id: product.id }
+    #
+    #   it "is authorized" do
+    #     expect { subject }
+    #       .to be_authorized_to(:manage?, product)
+    #       .with(ProductPolicy)
+    #   end
+    #
+    class BeAuthorizedTo < ::RSpec::Matchers::BuiltIn::BaseMatcher
+      attr_reader :rule, :target, :policy, :actual_calls, :context
+
+      def initialize(rule, target)
+        @rule = rule
+        @target = target
+      end
+
+      def with(policy)
+        @policy = policy
+        self
+      end
+
+      def with_context(context)
+        @context = context
+        self
+      end
+
+      def match(_expected, actual)
+        raise "This matcher only supports block expectations" unless actual.is_a?(Proc)
+
+        @policy ||= ::ActionPolicy.lookup(target)
+        @context ||= nil
+
+        begin
+          ActionPolicy::Testing::AuthorizeTracker.tracking { actual.call }
+        rescue ActionPolicy::Unauthorized
+          # we don't want to care about authorization result
+        end
+
+        @actual_calls = ActionPolicy::Testing::AuthorizeTracker.calls
+
+        actual_calls.any? { _1.matches?(policy, rule, target, context) }
+      end
+
+      def does_not_match?(*__rest__)
+        raise "This matcher doesn't support negation"
+      end
+
+      def supports_block_expectations?() = true
+
+      def failure_message
+        "expected #{formatted_record} " \
+        "to be authorized with #{policy}##{rule}, " \
+        "#{context ? "and context #{context.inspect}, " : ""}" \
+        "but #{actual_calls_message}"
+      end
+
+      def actual_calls_message
+        if actual_calls.empty?
+          "no authorization calls have been made"
+        else
+          "the following calls were encountered:\n" \
+          "#{formatted_calls}"
+        end
+      end
+
+      def formatted_calls
+        actual_calls.map do
+          " - #{_1.inspect}"
+        end.join("\n")
+      end
+
+      def formatted_record(record = target) = ::RSpec::Support::ObjectFormatter.format(record)
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include(Module.new do
+    def be_authorized_to(rule, target)
+      ActionPolicy::RSpec::BeAuthorizedTo.new(rule, target)
+    end
+  end)
+end

data/lib/.rbnext/3.2/action_policy/rspec/have_authorized_scope.rb

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+
+require "action_policy/testing"
+
+module ActionPolicy
+  module RSpec
+    # Implements `have_authorized_scope` matcher.
+    #
+    # Verifies that a block of code applies authorization scoping using specific policy.
+    #
+    # Example:
+    #
+    #   # in controller/request specs
+    #   subject { get :index }
+    #
+    #   it "has authorized scope" do
+    #     expect { subject }
+    #       .to have_authorized_scope(:active_record_relation)
+    #       .with(ProductPolicy)
+    #   end
+    #
+    class HaveAuthorizedScope < ::RSpec::Matchers::BuiltIn::BaseMatcher
+      attr_reader :type, :name, :policy, :scope_options, :actual_scopes,
+        :target_expectations, :context
+
+      def initialize(type)
+        @type = type
+        @name = :default
+        @scope_options = nil
+      end
+
+      def with(policy)
+        @policy = policy
+        self
+      end
+
+      def as(name)
+        @name = name
+        self
+      end
+
+      def with_scope_options(scope_options)
+        @scope_options = scope_options
+        self
+      end
+
+      def with_target(&block)
+        @target_expectations = block
+        self
+      end
+
+      def with_context(context)
+        @context = context
+        self
+      end
+
+      def match(_expected, actual)
+        raise "This matcher only supports block expectations" unless actual.is_a?(Proc)
+
+        ActionPolicy::Testing::AuthorizeTracker.tracking { actual.call }
+
+        @actual_scopes = ActionPolicy::Testing::AuthorizeTracker.scopings
+
+        matching_scopes = actual_scopes.select { _1.matches?(policy, type, name, scope_options, context) }
+
+        return false if matching_scopes.empty?
+
+        return true unless target_expectations
+
+        if matching_scopes.size > 1
+          raise "Too many matching scopings (#{matching_scopes.size}), " \
+                "you can run `.with_target` only when there is the only one match"
+        end
+
+        target_expectations.call(matching_scopes.first.target)
+        true
+      end
+
+      def does_not_match?(*__rest__)
+        raise "This matcher doesn't support negation"
+      end
+
+      def supports_block_expectations?() = true
+
+      def failure_message
+        "expected a scoping named :#{name} for type :#{type} " \
+        "#{scope_options_message} " \
+        "#{context ? "and context #{context.inspect} " : ""}" \
+        "from #{policy} to have been applied, " \
+        "but #{actual_scopes_message}"
+      end
+
+      def scope_options_message
+        if scope_options
+          if defined?(::RSpec::Matchers::Composable) &&
+              scope_options.is_a?(::RSpec::Matchers::Composable)
+            "with scope options #{scope_options.description}"
+          else
+            "with scope options #{scope_options}"
+          end
+        else
+          "without scope options"
+        end
+      end
+
+      def actual_scopes_message
+        if actual_scopes.empty?
+          "no scopings have been made"
+        else
+          "the following scopings were encountered:\n" \
+          "#{formatted_scopings}"
+        end
+      end
+
+      def formatted_scopings
+        actual_scopes.map do
+          " - #{_1.inspect}"
+        end.join("\n")
+      end
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include(Module.new do
+    def have_authorized_scope(type)
+      ActionPolicy::RSpec::HaveAuthorizedScope.new(type)
+    end
+  end)
+end

data/lib/.rbnext/3.2/action_policy/utils/suggest_message.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  # Adds `suggest` method which uses did_you_mean
+  # to generate a suggestion message
+  module SuggestMessage
+    if defined?(::DidYouMean::SpellChecker)
+      def suggest(needle, heystack)
+        suggestion = ::DidYouMean::SpellChecker.new(
+          dictionary: heystack
+        ).correct(needle).first
+
+        suggestion ? "\nDid you mean? #{suggestion}" : ""
+      end
+    else
+      def suggest(*__rest__) = ""
+    end
+  end
+end

data/lib/action_policy/rails/scope_matchers/action_controller_params.rb

@@ -12,8 +12,10 @@ module ActionPolicy
   end
 end
 
-# Register params scope matcher
-ActionPolicy::Base.scope_matcher :action_controller_params, ActionController::Parameters
-
 # Add alias to base policy
 ActionPolicy::Base.extend ActionPolicy::ScopeMatchers::ActionControllerParams
+
+ActiveSupport.on_load(:action_controller) do
+  # Register params scope matcher
+  ActionPolicy::Base.scope_matcher :action_controller_params, ActionController::Parameters
+end

data/lib/action_policy/rails/scope_matchers/active_record.rb

@@ -12,18 +12,20 @@ module ActionPolicy
   end
 end
 
-# Register relation scope matcher
-ActionPolicy::Base.scope_matcher :active_record_relation, ActiveRecord::Relation
-
 # Add alias to base policy
 ActionPolicy::Base.extend ActionPolicy::ScopeMatchers::ActiveRecord
 
-ActiveRecord::Relation.include(Module.new do
-  def policy_name
-    if model.respond_to?(:policy_name)
-      model.policy_name.to_s
-    else
-      "#{model}Policy"
+ActiveSupport.on_load(:active_record) do
+  # Register relation scope matcher
+  ActionPolicy::Base.scope_matcher :active_record_relation, ActiveRecord::Relation
+
+  ActiveRecord::Relation.include(Module.new do
+    def policy_name
+      if model.respond_to?(:policy_name)
+        model.policy_name.to_s
+      else
+        "#{model}Policy"
+      end
     end
-  end
-end)
+  end)
+end

data/lib/action_policy/railtie.rb

@@ -74,8 +74,6 @@ module ActionPolicy # :nodoc:
         app.config.action_policy.namespace_cache_enabled
 
       ActiveSupport.on_load(:action_controller) do
-        require "action_policy/rails/scope_matchers/action_controller_params"
-
         next unless app.config.action_policy.auto_inject_into_controller
 
         ActionController::Base.include ActionPolicy::Controller
@@ -95,21 +93,12 @@ module ActionPolicy # :nodoc:
         ActionCable::Channel::Base.authorize :user, through: :current_user
       end
 
+      # Scope matchers
+      require "action_policy/rails/scope_matchers/action_controller_params"
+      require "action_policy/rails/scope_matchers/active_record"
+
       ActiveSupport.on_load(:active_record) do
         require "action_policy/rails/ext/active_record"
-        require "action_policy/rails/scope_matchers/active_record"
-      end
-
-      # Trigger load hooks of the components that extend ActionPolicy itself
-      # (e.g., scope matchers)
-      begin
-        ::ActionController::Base
-      rescue NameError
-      end
-
-      begin
-        ::ActiveRecord::Base
-      rescue NameError
       end
     end
   end

data/lib/action_policy/rspec/have_authorized_scope.rb

@@ -21,7 +21,7 @@ module ActionPolicy
     #
     class HaveAuthorizedScope < ::RSpec::Matchers::BuiltIn::BaseMatcher
       attr_reader :type, :name, :policy, :scope_options, :actual_scopes,
-        :target_expectations
+        :target_expectations, :context
 
       def initialize(type)
         @type = type
@@ -49,6 +49,11 @@ module ActionPolicy
         self
       end
 
+      def with_context(context)
+        @context = context
+        self
+      end
+
       def match(_expected, actual)
         raise "This matcher only supports block expectations" unless actual.is_a?(Proc)
 
@@ -56,7 +61,7 @@ module ActionPolicy
 
         @actual_scopes = ActionPolicy::Testing::AuthorizeTracker.scopings
 
-        matching_scopes = actual_scopes.select { _1.matches?(policy, type, name, scope_options) }
+        matching_scopes = actual_scopes.select { _1.matches?(policy, type, name, scope_options, context) }
 
         return false if matching_scopes.empty?
 
@@ -80,6 +85,7 @@ module ActionPolicy
       def failure_message
         "expected a scoping named :#{name} for type :#{type} " \
         "#{scope_options_message} " \
+        "#{context ? "and context #{context.inspect} " : ""}" \
         "from #{policy} to have been applied, " \
         "but #{actual_scopes_message}"
       end

data/lib/action_policy/test_helper.rb

@@ -82,7 +82,7 @@ module ActionPolicy
     #     end
     #   end
     #
-    def assert_have_authorized_scope(type:, with:, as: :default, scope_options: nil)
+    def assert_have_authorized_scope(type:, with:, as: :default, scope_options: nil, context: {})
       raise ArgumentError, "Block is required" unless block_given?
 
       policy = with
@@ -97,10 +97,13 @@ module ActionPolicy
         "without scope options"
       end
 
+      context_message = context.empty? ? "without context" : "with context: #{context}"
+
       assert(
-        actual_scopes.any? { |scope| scope.matches?(policy, type, as, scope_options) },
+        actual_scopes.any? { |scope| scope.matches?(policy, type, as, scope_options, context) },
         "Expected a scoping named :#{as} for :#{type} type " \
         "#{scope_options_message} " \
+        "and #{context_message} " \
         "from #{policy} to have been applied, " \
         "but no such scoping has been made.\n" \
         "Registered scopings: " \

data/lib/action_policy/testing.rb

@@ -5,7 +5,19 @@ module ActionPolicy
   module Testing
     # Collects all Authorizer calls
     module AuthorizeTracker
+      module Context
+        private
+
+        def context_matches?(context, actual)
+          return true unless context
+
+          context === actual || actual >= context
+        end
+      end
+
       class Call # :nodoc:
+        include Context
+
         attr_reader :policy, :rule
 
         def initialize(policy, rule)
@@ -23,17 +35,11 @@ module ActionPolicy
           "#{policy.record.inspect} was authorized with #{policy.class}##{rule} " \
             "and context #{policy.authorization_context.inspect}"
         end
-
-        private
-
-        def context_matches?(context, actual)
-          return true unless context
-
-          context === actual || actual >= context
-        end
       end
 
       class Scoping # :nodoc:
+        include Context
+
         attr_reader :policy, :target, :type, :name, :scope_options
 
         def initialize(policy, target, type, name, scope_options)
@@ -44,11 +50,12 @@ module ActionPolicy
           @scope_options = scope_options
         end
 
-        def matches?(policy_class, actual_type, actual_name, actual_scope_options)
+        def matches?(policy_class, actual_type, actual_name, actual_scope_options, actual_context)
           policy_class == policy.class &&
             type == actual_type &&
             name == actual_name &&
-            actual_scope_options === scope_options
+            actual_scope_options === scope_options &&
+            context_matches?(actual_context, policy.authorization_context)
         end
 
         def inspect

data/lib/action_policy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ActionPolicy
-  VERSION = "0.6.7"
+  VERSION = "0.6.9"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: action_policy
 version: !ruby/object:Gem::Version
-  version: 0.6.7
+  version: 0.6.9
 platform: ruby
 authors:
 - Vladimir Dementyev
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-09-14 00:00:00.000000000 Z
+date: 2024-04-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ruby-next-core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.14.0
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.14.0
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: ammeter
   requirement: !ruby/object:Gem::Requirement
@@ -162,6 +162,13 @@ files:
 - lib/.rbnext/3.1/action_policy/ext/module_namespace.rb
 - lib/.rbnext/3.1/action_policy/ext/policy_cache_key.rb
 - lib/.rbnext/3.1/action_policy/policy/authorization.rb
+- lib/.rbnext/3.2/action_policy/behaviours/policy_for.rb
+- lib/.rbnext/3.2/action_policy/ext/policy_cache_key.rb
+- lib/.rbnext/3.2/action_policy/lookup_chain.rb
+- lib/.rbnext/3.2/action_policy/policy/core.rb
+- lib/.rbnext/3.2/action_policy/rspec/be_authorized_to.rb
+- lib/.rbnext/3.2/action_policy/rspec/have_authorized_scope.rb
+- lib/.rbnext/3.2/action_policy/utils/suggest_message.rb
 - lib/action_policy.rb
 - lib/action_policy/authorizer.rb
 - lib/action_policy/base.rb
@@ -227,7 +234,7 @@ metadata:
   documentation_uri: https://actionpolicy.evilmartians.io/
   homepage_uri: https://actionpolicy.evilmartians.io/
   source_code_uri: http://github.com/palkan/action_policy
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -242,8 +249,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.8
-signing_key:
+rubygems_version: 3.4.19
+signing_key: 
 specification_version: 4
 summary: Authorization framework for Ruby/Rails application
 test_files: []