action_policy 0.7.2 → 0.7.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +14 -0
- data/lib/.rbnext/3.0/action_policy/policy/cache.rb +6 -6
- data/lib/.rbnext/3.0/action_policy/policy/core.rb +34 -16
- data/lib/.rbnext/3.0/action_policy/policy/pre_check.rb +0 -2
- data/lib/.rbnext/3.0/action_policy/policy/reasons.rb +4 -3
- data/lib/.rbnext/3.2/action_policy/policy/core.rb +34 -16
- data/lib/action_policy/authorizer.rb +8 -5
- data/lib/action_policy/behaviour.rb +7 -6
- data/lib/action_policy/policy/cache.rb +6 -6
- data/lib/action_policy/policy/cached_apply.rb +5 -8
- data/lib/action_policy/policy/core.rb +34 -16
- data/lib/action_policy/policy/pre_check.rb +0 -2
- data/lib/action_policy/policy/reasons.rb +4 -3
- data/lib/action_policy/rails/authorizer.rb +4 -4
- data/lib/action_policy/rails/controller.rb +4 -1
- data/lib/action_policy/rails/policy/instrumentation.rb +3 -3
- data/lib/action_policy/rspec/dsl.rb +1 -0
- data/lib/action_policy/version.rb +1 -1
- metadata +7 -14
- data/lib/.rbnext/2.7/action_policy/behaviours/policy_for.rb +0 -70
- data/lib/.rbnext/2.7/action_policy/i18n.rb +0 -56
- data/lib/.rbnext/2.7/action_policy/policy/cache.rb +0 -101
- data/lib/.rbnext/2.7/action_policy/policy/pre_check.rb +0 -162
- data/lib/.rbnext/2.7/action_policy/rspec/be_authorized_to.rb +0 -96
- data/lib/.rbnext/2.7/action_policy/rspec/have_authorized_scope.rb +0 -130
- data/lib/.rbnext/2.7/action_policy/utils/pretty_print.rb +0 -155
- /data/lib/.rbnext/{2.7 → 3.0}/action_policy/rails/scope_matchers/action_controller_params.rb +0 -0
- /data/lib/.rbnext/{2.7 → 3.0}/action_policy/rails/scope_matchers/active_record.rb +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c2ca6d3ab4293001cc4b07e7fe5503a8c06a8b72684c0f7a9c4e7a4ef8a32c89
|
4
|
+
data.tar.gz: f1e726704611a3bc9ade5d3466fd64c4a5c9faddf5aa8338f3179ec4da2381e5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: aa35a3efefa37fc64066a78899b9b03a2283e2458471425a2e7cc2bc0b4ff829e87beda744057866f661e37fc54f14d094ba0fc446ea155537042478109576a7
|
7
|
+
data.tar.gz: d90069b7a1b3bea22c2d5e6dd990231f1bf24f85fd50081a92a54bcd5c271faa42f40c9c526a8434abd793e6f4c928b5cb28d4dad3fbaeb2bf3701f67fd4fd21
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,18 @@
|
|
2
2
|
|
3
3
|
## master
|
4
4
|
|
5
|
+
## 0.7.4 (2025-03-12)
|
6
|
+
|
7
|
+
- Let authorize! return the policy record ([@sedubois][])
|
8
|
+
|
9
|
+
- Enable `allowance_to` as a helper method by default ([@stephannv][])
|
10
|
+
|
11
|
+
- Allow the `:through` option of `authorize` to be passed a proc ([@brendon][])
|
12
|
+
|
13
|
+
## 0.7.3 (2024-12-18)
|
14
|
+
|
15
|
+
- Fix keeping the result object in concurrent (Fiber-ed) execution environments. ([@palkan][])
|
16
|
+
|
5
17
|
## 0.7.2 (2024-11-21)
|
6
18
|
|
7
19
|
- Fix missing details in deny! message interpolation. ([@palkan][])
|
@@ -535,3 +547,5 @@ This value is now stored in a cache (if any) instead of just the call result (`t
|
|
535
547
|
[@matsales28]: https://github.com/matsales28
|
536
548
|
[@killondark]: https://github.com/killondark
|
537
549
|
[@Spone]: https://github.com/Spone
|
550
|
+
[@stephannv]: https://github.com/stephannv
|
551
|
+
[@sedubois]: https://github.com/sedubois
|
@@ -50,18 +50,18 @@ module ActionPolicy # :nodoc:
|
|
50
50
|
key = rule_cache_key(rule)
|
51
51
|
|
52
52
|
ActionPolicy.cache_store.then do |store|
|
53
|
-
|
53
|
+
result = store.read(key)
|
54
54
|
unless result.nil?
|
55
55
|
result.cached!
|
56
|
-
next result
|
56
|
+
next result
|
57
|
+
end
|
58
|
+
yield.tap do |result|
|
59
|
+
store.write(key, result, options)
|
57
60
|
end
|
58
|
-
yield
|
59
|
-
store.write(key, result, options)
|
60
|
-
result.value
|
61
61
|
end
|
62
62
|
end
|
63
63
|
|
64
|
-
def
|
64
|
+
def apply_r(rule)
|
65
65
|
return super if ActionPolicy.cache_store.nil? ||
|
66
66
|
!self.class.cached_rules.key?(rule)
|
67
67
|
|
@@ -72,7 +72,7 @@ module ActionPolicy
|
|
72
72
|
|
73
73
|
include ActionPolicy::Behaviours::PolicyFor
|
74
74
|
|
75
|
-
attr_reader :record
|
75
|
+
attr_reader :record
|
76
76
|
|
77
77
|
# NEXT_RELEASE: deprecate `record` arg, migrate to `record: nil`
|
78
78
|
def initialize(record = nil, *__rest__)
|
@@ -83,13 +83,23 @@ module ActionPolicy
|
|
83
83
|
# Unlike simply calling a predicate rule (`policy.manage?`),
|
84
84
|
# `apply` also calls pre-checks.
|
85
85
|
def apply(rule)
|
86
|
-
|
86
|
+
res = apply_r(rule)
|
87
87
|
|
88
|
-
|
89
|
-
|
90
|
-
|
88
|
+
# DEPRECATED (we still rely on it in tests)
|
89
|
+
@result = res
|
90
|
+
|
91
|
+
res.value
|
92
|
+
end
|
93
|
+
|
94
|
+
# NEXT_RELEASE: This is gonna be #apply in 1.0
|
95
|
+
def apply_r(rule) # :nodoc:
|
96
|
+
with_result(rule) do |result|
|
97
|
+
catch :policy_fulfilled do
|
98
|
+
result.load __apply__(resolve_rule(rule))
|
99
|
+
end
|
91
100
|
|
92
|
-
|
101
|
+
result
|
102
|
+
end
|
93
103
|
end
|
94
104
|
|
95
105
|
def deny!
|
@@ -107,14 +117,17 @@ module ActionPolicy
|
|
107
117
|
# (such as caching, pre checks, etc.)
|
108
118
|
def __apply__(rule) ; public_send(rule); end
|
109
119
|
|
110
|
-
#
|
111
|
-
#
|
112
|
-
def
|
113
|
-
|
114
|
-
|
115
|
-
|
120
|
+
# Prepare a new result object for the next rule application.
|
121
|
+
# It's stored in the thread-local storage to be accessible from within the policy.
|
122
|
+
def with_result(rule) # :nodoc:
|
123
|
+
result = self.class.result_class.new(self.class, rule)
|
124
|
+
|
125
|
+
Thread.current[:__action_policy_result__] ||= []
|
126
|
+
Thread.current[:__action_policy_result__] << result
|
127
|
+
|
128
|
+
yield result
|
116
129
|
ensure
|
117
|
-
|
130
|
+
Thread.current[:__action_policy_result__]&.pop
|
118
131
|
end
|
119
132
|
|
120
133
|
# Returns a result of applying the specified rule to the specified record.
|
@@ -146,6 +159,13 @@ module ActionPolicy
|
|
146
159
|
activity
|
147
160
|
end
|
148
161
|
|
162
|
+
# Returns the result object for the last rule application within the given
|
163
|
+
# execution context (Thread or Fiber)
|
164
|
+
def result
|
165
|
+
# FIXME: Remove ivar fallback after 1.0
|
166
|
+
Thread.current[:__action_policy_result__]&.last || @result
|
167
|
+
end
|
168
|
+
|
149
169
|
# Return annotated source code for the rule
|
150
170
|
# NOTE: require "method_source" and "prism" gems to be installed.
|
151
171
|
# Otherwise returns empty string.
|
@@ -155,9 +175,7 @@ module ActionPolicy
|
|
155
175
|
# Useful for debugging: type `pp :show?` within the context of the policy
|
156
176
|
# to preview the rule.
|
157
177
|
def pp(rule)
|
158
|
-
|
159
|
-
# We need result to exist for `allowed_to?` to work correctly
|
160
|
-
@result = self.class.result_class.new(self.class, rule)
|
178
|
+
with_result(rule) do
|
161
179
|
header = "#{self.class.name}##{rule}"
|
162
180
|
source = inspect_rule(rule)
|
163
181
|
$stdout.puts "#{header}\n#{source}"
|
@@ -27,6 +27,8 @@ module ActionPolicy
|
|
27
27
|
# { policy_identifier => [rules, ...] }
|
28
28
|
def details() ; reasons.transform_keys(&:identifier); end
|
29
29
|
|
30
|
+
alias_method :to_h, :details
|
31
|
+
|
30
32
|
def empty?() ; reasons.empty?; end
|
31
33
|
|
32
34
|
def present?() ; !empty?; end
|
@@ -201,13 +203,12 @@ module ActionPolicy
|
|
201
203
|
if (record == :__undef__ || record == self.record) && options.empty?
|
202
204
|
rule = resolve_rule(rule)
|
203
205
|
policy = self
|
204
|
-
|
206
|
+
apply_r(rule)
|
205
207
|
else
|
206
208
|
policy = policy_for(record: record, **options)
|
207
209
|
rule = policy.resolve_rule(rule)
|
208
210
|
|
209
|
-
policy.
|
210
|
-
policy.result
|
211
|
+
policy.apply_r(rule)
|
211
212
|
end
|
212
213
|
|
213
214
|
if res.fail? && result&.reasons
|
@@ -72,7 +72,7 @@ module ActionPolicy
|
|
72
72
|
|
73
73
|
include ActionPolicy::Behaviours::PolicyFor
|
74
74
|
|
75
|
-
attr_reader :record
|
75
|
+
attr_reader :record
|
76
76
|
|
77
77
|
# NEXT_RELEASE: deprecate `record` arg, migrate to `record: nil`
|
78
78
|
def initialize(record = nil, *__rest__)
|
@@ -83,13 +83,23 @@ module ActionPolicy
|
|
83
83
|
# Unlike simply calling a predicate rule (`policy.manage?`),
|
84
84
|
# `apply` also calls pre-checks.
|
85
85
|
def apply(rule)
|
86
|
-
|
86
|
+
res = apply_r(rule)
|
87
87
|
|
88
|
-
|
89
|
-
|
90
|
-
|
88
|
+
# DEPRECATED (we still rely on it in tests)
|
89
|
+
@result = res
|
90
|
+
|
91
|
+
res.value
|
92
|
+
end
|
93
|
+
|
94
|
+
# NEXT_RELEASE: This is gonna be #apply in 1.0
|
95
|
+
def apply_r(rule) # :nodoc:
|
96
|
+
with_result(rule) do |result|
|
97
|
+
catch :policy_fulfilled do
|
98
|
+
result.load __apply__(resolve_rule(rule))
|
99
|
+
end
|
91
100
|
|
92
|
-
|
101
|
+
result
|
102
|
+
end
|
93
103
|
end
|
94
104
|
|
95
105
|
def deny!
|
@@ -107,14 +117,17 @@ module ActionPolicy
|
|
107
117
|
# (such as caching, pre checks, etc.)
|
108
118
|
def __apply__(rule) = public_send(rule)
|
109
119
|
|
110
|
-
#
|
111
|
-
#
|
112
|
-
def
|
113
|
-
|
114
|
-
|
115
|
-
|
120
|
+
# Prepare a new result object for the next rule application.
|
121
|
+
# It's stored in the thread-local storage to be accessible from within the policy.
|
122
|
+
def with_result(rule) # :nodoc:
|
123
|
+
result = self.class.result_class.new(self.class, rule)
|
124
|
+
|
125
|
+
Thread.current[:__action_policy_result__] ||= []
|
126
|
+
Thread.current[:__action_policy_result__] << result
|
127
|
+
|
128
|
+
yield result
|
116
129
|
ensure
|
117
|
-
|
130
|
+
Thread.current[:__action_policy_result__]&.pop
|
118
131
|
end
|
119
132
|
|
120
133
|
# Returns a result of applying the specified rule to the specified record.
|
@@ -146,6 +159,13 @@ module ActionPolicy
|
|
146
159
|
activity
|
147
160
|
end
|
148
161
|
|
162
|
+
# Returns the result object for the last rule application within the given
|
163
|
+
# execution context (Thread or Fiber)
|
164
|
+
def result
|
165
|
+
# FIXME: Remove ivar fallback after 1.0
|
166
|
+
Thread.current[:__action_policy_result__]&.last || @result
|
167
|
+
end
|
168
|
+
|
149
169
|
# Return annotated source code for the rule
|
150
170
|
# NOTE: require "method_source" and "prism" gems to be installed.
|
151
171
|
# Otherwise returns empty string.
|
@@ -155,9 +175,7 @@ module ActionPolicy
|
|
155
175
|
# Useful for debugging: type `pp :show?` within the context of the policy
|
156
176
|
# to preview the rule.
|
157
177
|
def pp(rule)
|
158
|
-
|
159
|
-
# We need result to exist for `allowed_to?` to work correctly
|
160
|
-
@result = self.class.result_class.new(self.class, rule)
|
178
|
+
with_result(rule) do
|
161
179
|
header = "#{self.class.name}##{rule}"
|
162
180
|
source = inspect_rule(rule)
|
163
181
|
$stdout.puts "#{header}\n#{source}"
|
@@ -5,10 +5,11 @@ module ActionPolicy
|
|
5
5
|
class Unauthorized < Error
|
6
6
|
attr_reader :policy, :rule, :result
|
7
7
|
|
8
|
-
|
8
|
+
# NEXT_RELEASE: remove result fallback
|
9
|
+
def initialize(policy, rule, result = policy.result)
|
9
10
|
@policy = policy.class
|
10
11
|
@rule = rule
|
11
|
-
@result =
|
12
|
+
@result = result
|
12
13
|
|
13
14
|
super("Not authorized: #{@policy}##{@rule} returns false")
|
14
15
|
end
|
@@ -20,12 +21,14 @@ module ActionPolicy
|
|
20
21
|
class << self
|
21
22
|
# Performs authorization, raises an exception when check failed.
|
22
23
|
def call(policy, rule)
|
23
|
-
authorize(policy, rule)
|
24
|
-
|
24
|
+
res = authorize(policy, rule)
|
25
|
+
return if res.success?
|
26
|
+
|
27
|
+
raise(::ActionPolicy::Unauthorized.new(policy, rule, res))
|
25
28
|
end
|
26
29
|
|
27
30
|
def authorize(policy, rule)
|
28
|
-
policy.
|
31
|
+
policy.apply_r(rule)
|
29
32
|
end
|
30
33
|
|
31
34
|
# Applies scope to the target
|
@@ -33,11 +33,13 @@ module ActionPolicy
|
|
33
33
|
# Policy is inferred from record
|
34
34
|
# (unless explicitly specified through `with` option).
|
35
35
|
#
|
36
|
+
# @return the policy record
|
36
37
|
# Raises `ActionPolicy::Unauthorized` if check failed.
|
37
38
|
def authorize!(record = :__undef__, to:, **options)
|
38
39
|
policy = lookup_authorization_policy(record, **options)
|
39
40
|
|
40
41
|
Authorizer.call(policy, authorization_rule_for(policy, to))
|
42
|
+
policy.record
|
41
43
|
end
|
42
44
|
|
43
45
|
# Checks that an activity is allowed for the current context (e.g. user).
|
@@ -53,8 +55,7 @@ module ActionPolicy
|
|
53
55
|
def allowance_to(rule, record = :__undef__, **options)
|
54
56
|
policy = lookup_authorization_policy(record, **options)
|
55
57
|
|
56
|
-
policy.
|
57
|
-
policy.result
|
58
|
+
policy.apply_r(authorization_rule_for(policy, rule))
|
58
59
|
end
|
59
60
|
|
60
61
|
def authorization_context
|
@@ -63,8 +64,8 @@ module ActionPolicy
|
|
63
64
|
|
64
65
|
private def build_authorization_context
|
65
66
|
self.class.authorization_targets
|
66
|
-
.each_with_object({}) do |(key,
|
67
|
-
obj[key] = send(
|
67
|
+
.each_with_object({}) do |(key, method_or_proc), obj|
|
68
|
+
obj[key] = method_or_proc.is_a?(Proc) ? method_or_proc.call : send(method_or_proc)
|
68
69
|
end
|
69
70
|
end
|
70
71
|
|
@@ -104,8 +105,8 @@ module ActionPolicy
|
|
104
105
|
# authorize :user
|
105
106
|
# end
|
106
107
|
def authorize(key, through: nil)
|
107
|
-
|
108
|
-
authorization_targets[key] =
|
108
|
+
method_or_proc = through || key
|
109
|
+
authorization_targets[key] = method_or_proc
|
109
110
|
end
|
110
111
|
|
111
112
|
def authorization_targets
|
@@ -50,18 +50,18 @@ module ActionPolicy # :nodoc:
|
|
50
50
|
key = rule_cache_key(rule)
|
51
51
|
|
52
52
|
ActionPolicy.cache_store.then do |store|
|
53
|
-
|
53
|
+
result = store.read(key)
|
54
54
|
unless result.nil?
|
55
55
|
result.cached!
|
56
|
-
next result
|
56
|
+
next result
|
57
|
+
end
|
58
|
+
yield.tap do |result|
|
59
|
+
store.write(key, result, options)
|
57
60
|
end
|
58
|
-
yield
|
59
|
-
store.write(key, result, options)
|
60
|
-
result.value
|
61
61
|
end
|
62
62
|
end
|
63
63
|
|
64
|
-
def
|
64
|
+
def apply_r(rule)
|
65
65
|
return super if ActionPolicy.cache_store.nil? ||
|
66
66
|
!self.class.cached_rules.key?(rule)
|
67
67
|
|
@@ -7,19 +7,16 @@ module ActionPolicy
|
|
7
7
|
# When you call `apply` twice on the same policy and for the same rule,
|
8
8
|
# the check (and pre-checks) is only called once.
|
9
9
|
module CachedApply
|
10
|
-
def
|
10
|
+
def apply_r(rule)
|
11
11
|
@__rules_cache__ ||= {}
|
12
12
|
|
13
13
|
if @__rules_cache__.key?(rule)
|
14
|
-
|
15
|
-
return result.value
|
14
|
+
return @__rules_cache__[rule]
|
16
15
|
end
|
17
16
|
|
18
|
-
super
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
result.value
|
17
|
+
super.tap do |result|
|
18
|
+
@__rules_cache__[rule] = result
|
19
|
+
end
|
23
20
|
end
|
24
21
|
end
|
25
22
|
end
|
@@ -72,7 +72,7 @@ module ActionPolicy
|
|
72
72
|
|
73
73
|
include ActionPolicy::Behaviours::PolicyFor
|
74
74
|
|
75
|
-
attr_reader :record
|
75
|
+
attr_reader :record
|
76
76
|
|
77
77
|
# NEXT_RELEASE: deprecate `record` arg, migrate to `record: nil`
|
78
78
|
def initialize(record = nil, *)
|
@@ -83,13 +83,23 @@ module ActionPolicy
|
|
83
83
|
# Unlike simply calling a predicate rule (`policy.manage?`),
|
84
84
|
# `apply` also calls pre-checks.
|
85
85
|
def apply(rule)
|
86
|
-
|
86
|
+
res = apply_r(rule)
|
87
87
|
|
88
|
-
|
89
|
-
|
90
|
-
|
88
|
+
# DEPRECATED (we still rely on it in tests)
|
89
|
+
@result = res
|
90
|
+
|
91
|
+
res.value
|
92
|
+
end
|
93
|
+
|
94
|
+
# NEXT_RELEASE: This is gonna be #apply in 1.0
|
95
|
+
def apply_r(rule) # :nodoc:
|
96
|
+
with_result(rule) do |result|
|
97
|
+
catch :policy_fulfilled do
|
98
|
+
result.load __apply__(resolve_rule(rule))
|
99
|
+
end
|
91
100
|
|
92
|
-
|
101
|
+
result
|
102
|
+
end
|
93
103
|
end
|
94
104
|
|
95
105
|
def deny!
|
@@ -107,14 +117,17 @@ module ActionPolicy
|
|
107
117
|
# (such as caching, pre checks, etc.)
|
108
118
|
def __apply__(rule) = public_send(rule)
|
109
119
|
|
110
|
-
#
|
111
|
-
#
|
112
|
-
def
|
113
|
-
|
114
|
-
|
115
|
-
|
120
|
+
# Prepare a new result object for the next rule application.
|
121
|
+
# It's stored in the thread-local storage to be accessible from within the policy.
|
122
|
+
def with_result(rule) # :nodoc:
|
123
|
+
result = self.class.result_class.new(self.class, rule)
|
124
|
+
|
125
|
+
Thread.current[:__action_policy_result__] ||= []
|
126
|
+
Thread.current[:__action_policy_result__] << result
|
127
|
+
|
128
|
+
yield result
|
116
129
|
ensure
|
117
|
-
|
130
|
+
Thread.current[:__action_policy_result__]&.pop
|
118
131
|
end
|
119
132
|
|
120
133
|
# Returns a result of applying the specified rule to the specified record.
|
@@ -146,6 +159,13 @@ module ActionPolicy
|
|
146
159
|
activity
|
147
160
|
end
|
148
161
|
|
162
|
+
# Returns the result object for the last rule application within the given
|
163
|
+
# execution context (Thread or Fiber)
|
164
|
+
def result
|
165
|
+
# FIXME: Remove ivar fallback after 1.0
|
166
|
+
Thread.current[:__action_policy_result__]&.last || @result
|
167
|
+
end
|
168
|
+
|
149
169
|
# Return annotated source code for the rule
|
150
170
|
# NOTE: require "method_source" and "prism" gems to be installed.
|
151
171
|
# Otherwise returns empty string.
|
@@ -155,9 +175,7 @@ module ActionPolicy
|
|
155
175
|
# Useful for debugging: type `pp :show?` within the context of the policy
|
156
176
|
# to preview the rule.
|
157
177
|
def pp(rule)
|
158
|
-
|
159
|
-
# We need result to exist for `allowed_to?` to work correctly
|
160
|
-
@result = self.class.result_class.new(self.class, rule)
|
178
|
+
with_result(rule) do
|
161
179
|
header = "#{self.class.name}##{rule}"
|
162
180
|
source = inspect_rule(rule)
|
163
181
|
$stdout.puts "#{header}\n#{source}"
|
@@ -27,6 +27,8 @@ module ActionPolicy
|
|
27
27
|
# { policy_identifier => [rules, ...] }
|
28
28
|
def details() = reasons.transform_keys(&:identifier)
|
29
29
|
|
30
|
+
alias_method :to_h, :details
|
31
|
+
|
30
32
|
def empty?() = reasons.empty?
|
31
33
|
|
32
34
|
def present?() = !empty?
|
@@ -201,13 +203,12 @@ module ActionPolicy
|
|
201
203
|
if (record == :__undef__ || record == self.record) && options.empty?
|
202
204
|
rule = resolve_rule(rule)
|
203
205
|
policy = self
|
204
|
-
|
206
|
+
apply_r(rule)
|
205
207
|
else
|
206
208
|
policy = policy_for(record: record, **options)
|
207
209
|
rule = policy.resolve_rule(rule)
|
208
210
|
|
209
|
-
policy.
|
210
|
-
policy.result
|
211
|
+
policy.apply_r(rule)
|
211
212
|
end
|
212
213
|
|
213
214
|
if res.fail? && result&.reasons
|
@@ -9,10 +9,10 @@ module ActionPolicy # :nodoc:
|
|
9
9
|
def authorize(policy, rule)
|
10
10
|
event = {policy: policy.class.name, rule: rule.to_s}
|
11
11
|
ActiveSupport::Notifications.instrument(EVENT_NAME, event) do
|
12
|
-
|
13
|
-
event[:cached] =
|
14
|
-
event[:value] =
|
15
|
-
|
12
|
+
result = super
|
13
|
+
event[:cached] = result.cached?
|
14
|
+
event[:value] = result.value
|
15
|
+
result
|
16
16
|
end
|
17
17
|
end
|
18
18
|
end
|
@@ -26,6 +26,7 @@ module ActionPolicy
|
|
26
26
|
if respond_to?(:helper_method)
|
27
27
|
helper_method :allowed_to?
|
28
28
|
helper_method :authorized_scope
|
29
|
+
helper_method :allowance_to
|
29
30
|
end
|
30
31
|
|
31
32
|
attr_writer :authorize_count
|
@@ -44,13 +45,15 @@ module ActionPolicy
|
|
44
45
|
# If record is not provided, tries to infer the resource class
|
45
46
|
# from controller name (i.e. `controller_name.classify.safe_constantize`).
|
46
47
|
#
|
48
|
+
# @return the policy record
|
47
49
|
# Raises `ActionPolicy::Unauthorized` if check failed.
|
48
50
|
def authorize!(record = :__undef__, to: nil, **options)
|
49
51
|
to ||= :"#{action_name}?"
|
50
52
|
|
51
|
-
super
|
53
|
+
policy_record = super
|
52
54
|
|
53
55
|
self.authorize_count += 1
|
56
|
+
policy_record
|
54
57
|
end
|
55
58
|
|
56
59
|
# Tries to infer the resource class from controller name
|
@@ -16,13 +16,13 @@ module ActionPolicy # :nodoc:
|
|
16
16
|
ActiveSupport::Notifications.instrument(INIT_EVENT_NAME, event) { super }
|
17
17
|
end
|
18
18
|
|
19
|
-
def
|
19
|
+
def apply_r(rule)
|
20
20
|
event = {policy: self.class.name, rule: rule.to_s}
|
21
21
|
ActiveSupport::Notifications.instrument(APPLY_EVENT_NAME, event) do
|
22
|
-
|
22
|
+
result = super
|
23
23
|
event[:cached] = result.cached?
|
24
24
|
event[:value] = result.value
|
25
|
-
|
25
|
+
result
|
26
26
|
end
|
27
27
|
end
|
28
28
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: action_policy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.7.
|
4
|
+
version: 0.7.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Vladimir Dementyev
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2025-03-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ruby-next-core
|
@@ -133,15 +133,6 @@ files:
|
|
133
133
|
- LICENSE.txt
|
134
134
|
- README.md
|
135
135
|
- config/rubocop-rspec.yml
|
136
|
-
- lib/.rbnext/2.7/action_policy/behaviours/policy_for.rb
|
137
|
-
- lib/.rbnext/2.7/action_policy/i18n.rb
|
138
|
-
- lib/.rbnext/2.7/action_policy/policy/cache.rb
|
139
|
-
- lib/.rbnext/2.7/action_policy/policy/pre_check.rb
|
140
|
-
- lib/.rbnext/2.7/action_policy/rails/scope_matchers/action_controller_params.rb
|
141
|
-
- lib/.rbnext/2.7/action_policy/rails/scope_matchers/active_record.rb
|
142
|
-
- lib/.rbnext/2.7/action_policy/rspec/be_authorized_to.rb
|
143
|
-
- lib/.rbnext/2.7/action_policy/rspec/have_authorized_scope.rb
|
144
|
-
- lib/.rbnext/2.7/action_policy/utils/pretty_print.rb
|
145
136
|
- lib/.rbnext/3.0/action_policy/behaviours/policy_for.rb
|
146
137
|
- lib/.rbnext/3.0/action_policy/behaviours/thread_memoized.rb
|
147
138
|
- lib/.rbnext/3.0/action_policy/ext/policy_cache_key.rb
|
@@ -152,6 +143,8 @@ files:
|
|
152
143
|
- lib/.rbnext/3.0/action_policy/policy/execution_result.rb
|
153
144
|
- lib/.rbnext/3.0/action_policy/policy/pre_check.rb
|
154
145
|
- lib/.rbnext/3.0/action_policy/policy/reasons.rb
|
146
|
+
- lib/.rbnext/3.0/action_policy/rails/scope_matchers/action_controller_params.rb
|
147
|
+
- lib/.rbnext/3.0/action_policy/rails/scope_matchers/active_record.rb
|
155
148
|
- lib/.rbnext/3.0/action_policy/rspec/be_an_alias_of.rb
|
156
149
|
- lib/.rbnext/3.0/action_policy/rspec/be_authorized_to.rb
|
157
150
|
- lib/.rbnext/3.0/action_policy/rspec/have_authorized_scope.rb
|
@@ -234,7 +227,7 @@ metadata:
|
|
234
227
|
documentation_uri: https://actionpolicy.evilmartians.io/
|
235
228
|
homepage_uri: https://actionpolicy.evilmartians.io/
|
236
229
|
source_code_uri: http://github.com/palkan/action_policy
|
237
|
-
post_install_message:
|
230
|
+
post_install_message:
|
238
231
|
rdoc_options: []
|
239
232
|
require_paths:
|
240
233
|
- lib
|
@@ -250,7 +243,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
250
243
|
version: '0'
|
251
244
|
requirements: []
|
252
245
|
rubygems_version: 3.4.19
|
253
|
-
signing_key:
|
246
|
+
signing_key:
|
254
247
|
specification_version: 4
|
255
248
|
summary: Authorization framework for Ruby/Rails application
|
256
249
|
test_files: []
|