action_policy 0.7.2 → 0.7.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5c3b8d128bdf4e37224446e7c5a65698327a927c743e99757cf6f5363db93ff5
-  data.tar.gz: f046c13d93cff63aa06fd15f4d6375a8498c04d0637110df0ff86891a206fb84
+  metadata.gz: c2ca6d3ab4293001cc4b07e7fe5503a8c06a8b72684c0f7a9c4e7a4ef8a32c89
+  data.tar.gz: f1e726704611a3bc9ade5d3466fd64c4a5c9faddf5aa8338f3179ec4da2381e5
 SHA512:
-  metadata.gz: b66f496343688a55907070ba6b6e82e24a5d358934d6809e1577e80f2c67a81342fe449cbf46942c1e8ff064f79ae898235efa32b63e9fc402e5b416bc223efc
-  data.tar.gz: 57088a306e642a0dd22a68c4da019dbd8669e7fa63ec1e99fb7bb819a563ca514be2200c669486d40f5a4b152a325ee0adc3abcaa6187b45c1f0ef37ddcb7a86
+  metadata.gz: aa35a3efefa37fc64066a78899b9b03a2283e2458471425a2e7cc2bc0b4ff829e87beda744057866f661e37fc54f14d094ba0fc446ea155537042478109576a7
+  data.tar.gz: d90069b7a1b3bea22c2d5e6dd990231f1bf24f85fd50081a92a54bcd5c271faa42f40c9c526a8434abd793e6f4c928b5cb28d4dad3fbaeb2bf3701f67fd4fd21

data/CHANGELOG.md

@@ -2,6 +2,18 @@
 
 ## master
 
+## 0.7.4 (2025-03-12)
+
+- Let authorize! return the policy record ([@sedubois][])
+
+- Enable `allowance_to` as a helper method by default ([@stephannv][])
+
+- Allow the `:through` option of `authorize` to be passed a proc ([@brendon][])
+
+## 0.7.3 (2024-12-18)
+
+- Fix keeping the result object in concurrent (Fiber-ed) execution environments. ([@palkan][])
+
 ## 0.7.2 (2024-11-21)
 
 - Fix missing details in deny! message interpolation. ([@palkan][])
@@ -535,3 +547,5 @@ This value is now stored in a cache (if any) instead of just the call result (`t
 [@matsales28]: https://github.com/matsales28
 [@killondark]: https://github.com/killondark
 [@Spone]: https://github.com/Spone
+[@stephannv]: https://github.com/stephannv
+[@sedubois]: https://github.com/sedubois

data/lib/.rbnext/3.0/action_policy/policy/cache.rb

@@ -50,18 +50,18 @@ module ActionPolicy # :nodoc:
         key = rule_cache_key(rule)
 
         ActionPolicy.cache_store.then do |store|
-          @result = store.read(key)
+          result = store.read(key)
           unless result.nil?
             result.cached!
-            next result.value
+            next result
+          end
+          yield.tap do |result|
+            store.write(key, result, options)
           end
-          yield
-          store.write(key, result, options)
-          result.value
         end
       end
 
-      def apply(rule)
+      def apply_r(rule)
         return super if ActionPolicy.cache_store.nil? ||
           !self.class.cached_rules.key?(rule)
 

data/lib/.rbnext/3.0/action_policy/policy/core.rb

@@ -72,7 +72,7 @@ module ActionPolicy
 
       include ActionPolicy::Behaviours::PolicyFor
 
-      attr_reader :record, :result
+      attr_reader :record
 
       # NEXT_RELEASE: deprecate `record` arg, migrate to `record: nil`
       def initialize(record = nil, *__rest__)
@@ -83,13 +83,23 @@ module ActionPolicy
       # Unlike simply calling a predicate rule (`policy.manage?`),
       # `apply` also calls pre-checks.
       def apply(rule)
-        @result = self.class.result_class.new(self.class, rule)
+        res = apply_r(rule)
 
-        catch :policy_fulfilled do
-          result.load __apply__(resolve_rule(rule))
-        end
+        # DEPRECATED (we still rely on it in tests)
+        @result = res
+
+        res.value
+      end
+
+      # NEXT_RELEASE: This is gonna be #apply in 1.0
+      def apply_r(rule) # :nodoc:
+        with_result(rule) do |result|
+          catch :policy_fulfilled do
+            result.load __apply__(resolve_rule(rule))
+          end
 
-        result.value
+          result
+        end
       end
 
       def deny!
@@ -107,14 +117,17 @@ module ActionPolicy
       # (such as caching, pre checks, etc.)
       def __apply__(rule) ;  public_send(rule); end
 
-      # Wrap code that could modify result
-      # to prevent the current result modification
-      def with_clean_result # :nodoc:
-        was_result = @result
-        yield
-        @result
+      # Prepare a new result object for the next rule application.
+      # It's stored in the thread-local storage to be accessible from within the policy.
+      def with_result(rule) # :nodoc:
+        result = self.class.result_class.new(self.class, rule)
+
+        Thread.current[:__action_policy_result__] ||= []
+        Thread.current[:__action_policy_result__] << result
+
+        yield result
       ensure
-        @result = was_result
+        Thread.current[:__action_policy_result__]&.pop
       end
 
       # Returns a result of applying the specified rule to the specified record.
@@ -146,6 +159,13 @@ module ActionPolicy
         activity
       end
 
+      # Returns the result object for the last rule application within the given
+      # execution context (Thread or Fiber)
+      def result
+        # FIXME: Remove ivar fallback after 1.0
+        Thread.current[:__action_policy_result__]&.last || @result
+      end
+
       # Return annotated source code for the rule
       # NOTE: require "method_source" and "prism" gems to be installed.
       # Otherwise returns empty string.
@@ -155,9 +175,7 @@ module ActionPolicy
       # Useful for debugging: type `pp :show?` within the context of the policy
       # to preview the rule.
       def pp(rule)
-        with_clean_result do
-          # We need result to exist for `allowed_to?` to work correctly
-          @result = self.class.result_class.new(self.class, rule)
+        with_result(rule) do
           header = "#{self.class.name}##{rule}"
           source = inspect_rule(rule)
           $stdout.puts "#{header}\n#{source}"

data/lib/.rbnext/3.0/action_policy/policy/pre_check.rb

@@ -78,8 +78,6 @@ module ActionPolicy
 
           rebuild_filter
         end
-        # rubocop: enable
-        # rubocop: enable
 
         def dup
           self.class.new(

data/lib/.rbnext/3.0/action_policy/policy/reasons.rb

@@ -27,6 +27,8 @@ module ActionPolicy
       #   { policy_identifier => [rules, ...] }
       def details() ;  reasons.transform_keys(&:identifier); end
 
+      alias_method :to_h, :details
+
       def empty?() ;  reasons.empty?; end
 
       def present?() ;  !empty?; end
@@ -201,13 +203,12 @@ module ActionPolicy
           if (record == :__undef__ || record == self.record) && options.empty?
             rule = resolve_rule(rule)
             policy = self
-            with_clean_result { apply(rule) }
+            apply_r(rule)
           else
             policy = policy_for(record: record, **options)
             rule = policy.resolve_rule(rule)
 
-            policy.apply(rule)
-            policy.result
+            policy.apply_r(rule)
           end
 
         if res.fail? && result&.reasons

data/lib/.rbnext/3.2/action_policy/policy/core.rb

@@ -72,7 +72,7 @@ module ActionPolicy
 
       include ActionPolicy::Behaviours::PolicyFor
 
-      attr_reader :record, :result
+      attr_reader :record
 
       # NEXT_RELEASE: deprecate `record` arg, migrate to `record: nil`
       def initialize(record = nil, *__rest__)
@@ -83,13 +83,23 @@ module ActionPolicy
       # Unlike simply calling a predicate rule (`policy.manage?`),
       # `apply` also calls pre-checks.
       def apply(rule)
-        @result = self.class.result_class.new(self.class, rule)
+        res = apply_r(rule)
 
-        catch :policy_fulfilled do
-          result.load __apply__(resolve_rule(rule))
-        end
+        # DEPRECATED (we still rely on it in tests)
+        @result = res
+
+        res.value
+      end
+
+      # NEXT_RELEASE: This is gonna be #apply in 1.0
+      def apply_r(rule) # :nodoc:
+        with_result(rule) do |result|
+          catch :policy_fulfilled do
+            result.load __apply__(resolve_rule(rule))
+          end
 
-        result.value
+          result
+        end
       end
 
       def deny!
@@ -107,14 +117,17 @@ module ActionPolicy
       # (such as caching, pre checks, etc.)
       def __apply__(rule) = public_send(rule)
 
-      # Wrap code that could modify result
-      # to prevent the current result modification
-      def with_clean_result # :nodoc:
-        was_result = @result
-        yield
-        @result
+      # Prepare a new result object for the next rule application.
+      # It's stored in the thread-local storage to be accessible from within the policy.
+      def with_result(rule) # :nodoc:
+        result = self.class.result_class.new(self.class, rule)
+
+        Thread.current[:__action_policy_result__] ||= []
+        Thread.current[:__action_policy_result__] << result
+
+        yield result
       ensure
-        @result = was_result
+        Thread.current[:__action_policy_result__]&.pop
       end
 
       # Returns a result of applying the specified rule to the specified record.
@@ -146,6 +159,13 @@ module ActionPolicy
         activity
       end
 
+      # Returns the result object for the last rule application within the given
+      # execution context (Thread or Fiber)
+      def result
+        # FIXME: Remove ivar fallback after 1.0
+        Thread.current[:__action_policy_result__]&.last || @result
+      end
+
       # Return annotated source code for the rule
       # NOTE: require "method_source" and "prism" gems to be installed.
       # Otherwise returns empty string.
@@ -155,9 +175,7 @@ module ActionPolicy
       # Useful for debugging: type `pp :show?` within the context of the policy
       # to preview the rule.
       def pp(rule)
-        with_clean_result do
-          # We need result to exist for `allowed_to?` to work correctly
-          @result = self.class.result_class.new(self.class, rule)
+        with_result(rule) do
           header = "#{self.class.name}##{rule}"
           source = inspect_rule(rule)
           $stdout.puts "#{header}\n#{source}"

data/lib/action_policy/authorizer.rb

@@ -5,10 +5,11 @@ module ActionPolicy
   class Unauthorized < Error
     attr_reader :policy, :rule, :result
 
-    def initialize(policy, rule)
+    # NEXT_RELEASE: remove result fallback
+    def initialize(policy, rule, result = policy.result)
       @policy = policy.class
       @rule = rule
-      @result = policy.result
+      @result = result
 
       super("Not authorized: #{@policy}##{@rule} returns false")
     end
@@ -20,12 +21,14 @@ module ActionPolicy
     class << self
       # Performs authorization, raises an exception when check failed.
       def call(policy, rule)
-        authorize(policy, rule) ||
-          raise(::ActionPolicy::Unauthorized.new(policy, rule))
+        res = authorize(policy, rule)
+        return if res.success?
+
+        raise(::ActionPolicy::Unauthorized.new(policy, rule, res))
       end
 
       def authorize(policy, rule)
-        policy.apply(rule)
+        policy.apply_r(rule)
       end
 
       # Applies scope to the target

data/lib/action_policy/behaviour.rb

@@ -33,11 +33,13 @@ module ActionPolicy
     # Policy is inferred from record
     # (unless explicitly specified through `with` option).
     #
+    # @return the policy record
     # Raises `ActionPolicy::Unauthorized` if check failed.
     def authorize!(record = :__undef__, to:, **options)
       policy = lookup_authorization_policy(record, **options)
 
       Authorizer.call(policy, authorization_rule_for(policy, to))
+      policy.record
     end
 
     # Checks that an activity is allowed for the current context (e.g. user).
@@ -53,8 +55,7 @@ module ActionPolicy
     def allowance_to(rule, record = :__undef__, **options)
       policy = lookup_authorization_policy(record, **options)
 
-      policy.apply(authorization_rule_for(policy, rule))
-      policy.result
+      policy.apply_r(authorization_rule_for(policy, rule))
     end
 
     def authorization_context
@@ -63,8 +64,8 @@ module ActionPolicy
 
     private def build_authorization_context
       self.class.authorization_targets
-        .each_with_object({}) do |(key, meth), obj|
-        obj[key] = send(meth)
+        .each_with_object({}) do |(key, method_or_proc), obj|
+        obj[key] = method_or_proc.is_a?(Proc) ? method_or_proc.call : send(method_or_proc)
       end
     end
 
@@ -104,8 +105,8 @@ module ActionPolicy
       #     authorize :user
       #   end
       def authorize(key, through: nil)
-        meth = through || key
-        authorization_targets[key] = meth
+        method_or_proc = through || key
+        authorization_targets[key] = method_or_proc
       end
 
       def authorization_targets

data/lib/action_policy/policy/cache.rb

@@ -50,18 +50,18 @@ module ActionPolicy # :nodoc:
         key = rule_cache_key(rule)
 
         ActionPolicy.cache_store.then do |store|
-          @result = store.read(key)
+          result = store.read(key)
           unless result.nil?
             result.cached!
-            next result.value
+            next result
+          end
+          yield.tap do |result|
+            store.write(key, result, options)
           end
-          yield
-          store.write(key, result, options)
-          result.value
         end
       end
 
-      def apply(rule)
+      def apply_r(rule)
         return super if ActionPolicy.cache_store.nil? ||
           !self.class.cached_rules.key?(rule)
 

data/lib/action_policy/policy/cached_apply.rb

@@ -7,19 +7,16 @@ module ActionPolicy
     # When you call `apply` twice on the same policy and for the same rule,
     # the check (and pre-checks) is only called once.
     module CachedApply
-      def apply(rule)
+      def apply_r(rule)
         @__rules_cache__ ||= {}
 
         if @__rules_cache__.key?(rule)
-          @result = @__rules_cache__[rule]
-          return result.value
+          return @__rules_cache__[rule]
         end
 
-        super
-
-        @__rules_cache__[rule] = result
-
-        result.value
+        super.tap do |result|
+          @__rules_cache__[rule] = result
+        end
       end
     end
   end

data/lib/action_policy/policy/core.rb

@@ -72,7 +72,7 @@ module ActionPolicy
 
       include ActionPolicy::Behaviours::PolicyFor
 
-      attr_reader :record, :result
+      attr_reader :record
 
       # NEXT_RELEASE: deprecate `record` arg, migrate to `record: nil`
       def initialize(record = nil, *)
@@ -83,13 +83,23 @@ module ActionPolicy
       # Unlike simply calling a predicate rule (`policy.manage?`),
       # `apply` also calls pre-checks.
       def apply(rule)
-        @result = self.class.result_class.new(self.class, rule)
+        res = apply_r(rule)
 
-        catch :policy_fulfilled do
-          result.load __apply__(resolve_rule(rule))
-        end
+        # DEPRECATED (we still rely on it in tests)
+        @result = res
+
+        res.value
+      end
+
+      # NEXT_RELEASE: This is gonna be #apply in 1.0
+      def apply_r(rule) # :nodoc:
+        with_result(rule) do |result|
+          catch :policy_fulfilled do
+            result.load __apply__(resolve_rule(rule))
+          end
 
-        result.value
+          result
+        end
       end
 
       def deny!
@@ -107,14 +117,17 @@ module ActionPolicy
       # (such as caching, pre checks, etc.)
       def __apply__(rule) = public_send(rule)
 
-      # Wrap code that could modify result
-      # to prevent the current result modification
-      def with_clean_result # :nodoc:
-        was_result = @result
-        yield
-        @result
+      # Prepare a new result object for the next rule application.
+      # It's stored in the thread-local storage to be accessible from within the policy.
+      def with_result(rule) # :nodoc:
+        result = self.class.result_class.new(self.class, rule)
+
+        Thread.current[:__action_policy_result__] ||= []
+        Thread.current[:__action_policy_result__] << result
+
+        yield result
       ensure
-        @result = was_result
+        Thread.current[:__action_policy_result__]&.pop
       end
 
       # Returns a result of applying the specified rule to the specified record.
@@ -146,6 +159,13 @@ module ActionPolicy
         activity
       end
 
+      # Returns the result object for the last rule application within the given
+      # execution context (Thread or Fiber)
+      def result
+        # FIXME: Remove ivar fallback after 1.0
+        Thread.current[:__action_policy_result__]&.last || @result
+      end
+
       # Return annotated source code for the rule
       # NOTE: require "method_source" and "prism" gems to be installed.
       # Otherwise returns empty string.
@@ -155,9 +175,7 @@ module ActionPolicy
       # Useful for debugging: type `pp :show?` within the context of the policy
       # to preview the rule.
       def pp(rule)
-        with_clean_result do
-          # We need result to exist for `allowed_to?` to work correctly
-          @result = self.class.result_class.new(self.class, rule)
+        with_result(rule) do
           header = "#{self.class.name}##{rule}"
           source = inspect_rule(rule)
           $stdout.puts "#{header}\n#{source}"

data/lib/action_policy/policy/pre_check.rb

@@ -78,8 +78,6 @@ module ActionPolicy
 
           rebuild_filter
         end
-        # rubocop: enable
-        # rubocop: enable
 
         def dup
           self.class.new(

data/lib/action_policy/policy/reasons.rb

@@ -27,6 +27,8 @@ module ActionPolicy
       #   { policy_identifier => [rules, ...] }
       def details() = reasons.transform_keys(&:identifier)
 
+      alias_method :to_h, :details
+
       def empty?() = reasons.empty?
 
       def present?() = !empty?
@@ -201,13 +203,12 @@ module ActionPolicy
           if (record == :__undef__ || record == self.record) && options.empty?
             rule = resolve_rule(rule)
             policy = self
-            with_clean_result { apply(rule) }
+            apply_r(rule)
           else
             policy = policy_for(record: record, **options)
             rule = policy.resolve_rule(rule)
 
-            policy.apply(rule)
-            policy.result
+            policy.apply_r(rule)
           end
 
         if res.fail? && result&.reasons

data/lib/action_policy/rails/authorizer.rb

@@ -9,10 +9,10 @@ module ActionPolicy # :nodoc:
       def authorize(policy, rule)
         event = {policy: policy.class.name, rule: rule.to_s}
         ActiveSupport::Notifications.instrument(EVENT_NAME, event) do
-          res = super
-          event[:cached] = policy.result.cached?
-          event[:value] = policy.result.value
-          res
+          result = super
+          event[:cached] = result.cached?
+          event[:value] = result.value
+          result
         end
       end
     end

data/lib/action_policy/rails/controller.rb

@@ -26,6 +26,7 @@ module ActionPolicy
       if respond_to?(:helper_method)
         helper_method :allowed_to?
         helper_method :authorized_scope
+        helper_method :allowance_to
       end
 
       attr_writer :authorize_count
@@ -44,13 +45,15 @@ module ActionPolicy
     # If record is not provided, tries to infer the resource class
     # from controller name (i.e. `controller_name.classify.safe_constantize`).
     #
+    # @return the policy record
     # Raises `ActionPolicy::Unauthorized` if check failed.
     def authorize!(record = :__undef__, to: nil, **options)
       to ||= :"#{action_name}?"
 
-      super
+      policy_record = super
 
       self.authorize_count += 1
+      policy_record
     end
 
     # Tries to infer the resource class from controller name

data/lib/action_policy/rails/policy/instrumentation.rb

@@ -16,13 +16,13 @@ module ActionPolicy # :nodoc:
           ActiveSupport::Notifications.instrument(INIT_EVENT_NAME, event) { super }
         end
 
-        def apply(rule)
+        def apply_r(rule)
           event = {policy: self.class.name, rule: rule.to_s}
           ActiveSupport::Notifications.instrument(APPLY_EVENT_NAME, event) do
-            res = super
+            result = super
             event[:cached] = result.cached?
             event[:value] = result.value
-            res
+            result
           end
         end
       end

data/lib/action_policy/rspec/dsl.rb

@@ -39,6 +39,7 @@ module ActionPolicy
         super
       end
 
+      # FIXME(1.0): Update to use result object directly
       def formatted_policy(policy)
         "#{policy.result.inspect}\n#{policy.inspect_rule(policy.result.rule)}"
       end

data/lib/action_policy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ActionPolicy
-  VERSION = "0.7.2"
+  VERSION = "0.7.4"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: action_policy
 version: !ruby/object:Gem::Version
-  version: 0.7.2
+  version: 0.7.4
 platform: ruby
 authors:
 - Vladimir Dementyev
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-11-21 00:00:00.000000000 Z
+date: 2025-03-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ruby-next-core
@@ -133,15 +133,6 @@ files:
 - LICENSE.txt
 - README.md
 - config/rubocop-rspec.yml
-- lib/.rbnext/2.7/action_policy/behaviours/policy_for.rb
-- lib/.rbnext/2.7/action_policy/i18n.rb
-- lib/.rbnext/2.7/action_policy/policy/cache.rb
-- lib/.rbnext/2.7/action_policy/policy/pre_check.rb
-- lib/.rbnext/2.7/action_policy/rails/scope_matchers/action_controller_params.rb
-- lib/.rbnext/2.7/action_policy/rails/scope_matchers/active_record.rb
-- lib/.rbnext/2.7/action_policy/rspec/be_authorized_to.rb
-- lib/.rbnext/2.7/action_policy/rspec/have_authorized_scope.rb
-- lib/.rbnext/2.7/action_policy/utils/pretty_print.rb
 - lib/.rbnext/3.0/action_policy/behaviours/policy_for.rb
 - lib/.rbnext/3.0/action_policy/behaviours/thread_memoized.rb
 - lib/.rbnext/3.0/action_policy/ext/policy_cache_key.rb
@@ -152,6 +143,8 @@ files:
 - lib/.rbnext/3.0/action_policy/policy/execution_result.rb
 - lib/.rbnext/3.0/action_policy/policy/pre_check.rb
 - lib/.rbnext/3.0/action_policy/policy/reasons.rb
+- lib/.rbnext/3.0/action_policy/rails/scope_matchers/action_controller_params.rb
+- lib/.rbnext/3.0/action_policy/rails/scope_matchers/active_record.rb
 - lib/.rbnext/3.0/action_policy/rspec/be_an_alias_of.rb
 - lib/.rbnext/3.0/action_policy/rspec/be_authorized_to.rb
 - lib/.rbnext/3.0/action_policy/rspec/have_authorized_scope.rb
@@ -234,7 +227,7 @@ metadata:
   documentation_uri: https://actionpolicy.evilmartians.io/
   homepage_uri: https://actionpolicy.evilmartians.io/
   source_code_uri: http://github.com/palkan/action_policy
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -250,7 +243,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.4.19
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Authorization framework for Ruby/Rails application
 test_files: []