action_policy 0.7.2 → 0.7.4

data/lib/.rbnext/2.7/action_policy/behaviours/policy_for.rb

@@ -1,70 +0,0 @@
-# frozen_string_literal: true
-
-module ActionPolicy
-  module Behaviours
-    # Adds `policy_for` method
-    module PolicyFor
-      require "action_policy/ext/policy_cache_key"
-      using ActionPolicy::Ext::PolicyCacheKey
-
-      # Returns policy instance for the record.
-      def policy_for(record:, with: nil, namespace: authorization_namespace, context: nil, allow_nil: false, default: default_authorization_policy_class, strict_namespace: authorization_strict_namespace)
-        context = context ? build_authorization_context.merge(context) : authorization_context
-
-        policy_class = with || ::ActionPolicy.lookup(
-          record,
-          namespace: namespace, context: context, allow_nil: allow_nil, default: default, strict_namespace: strict_namespace
-        )
-        policy_class&.new(record, **context)
-      end
-
-      def authorization_context ;  @authorization_context ||= build_authorization_context; end
-
-      def build_authorization_context
-        Kernel.raise NotImplementedError, "Please, define `build_authorization_context` method!"
-      end
-
-      def authorization_namespace
-        # override to provide specific authorization namespace
-      end
-
-      def default_authorization_policy_class
-        # override to provide a policy class use when no policy found
-      end
-
-      def authorization_strict_namespace
-        # override to provide strict namespace lookup option
-      end
-
-      # Override this method to provide implicit authorization target
-      # that would be used in case `record` is not specified in
-      # `authorize!` and `allowed_to?` call.
-      #
-      # It is also used to infer a policy for scoping (in `authorized_scope` method).
-      def implicit_authorization_target
-        # no-op
-      end
-
-      # Return implicit authorization target or raises an exception if it's nil
-      def implicit_authorization_target!
-        implicit_authorization_target || Kernel.raise(
-          NotFound,
-          [
-            self,
-            "Couldn't find implicit authorization target " \
-            "for #{self.class}. " \
-            "Please, provide policy class explicitly using `with` option or " \
-            "define the `implicit_authorization_target` method."
-          ]
-        )
-      end
-
-      def policy_for_cache_key(record:, with: nil, namespace: nil, context: authorization_context, **__kwrest__)
-        record_key = record._policy_cache_key(use_object_id: true)
-        context_key = context.values.map { |_1| _1._policy_cache_key(use_object_id: true) }.join(".")
-
-        "#{namespace}/#{with}/#{context_key}/#{record_key}"
-      end
-    end
-  end
-end

data/lib/.rbnext/2.7/action_policy/i18n.rb

@@ -1,56 +0,0 @@
-# frozen_string_literal: true
-
-module ActionPolicy
-  module I18n # :nodoc:
-    DEFAULT_UNAUTHORIZED_MESSAGE = "You are not authorized to perform this action"
-
-    class << self
-      def full_message(policy_class, rule, details = nil)
-        candidates = candidates_for(policy_class, rule)
-
-        options = {scope: :action_policy}
-        options.merge!(details) unless details.nil?
-
-        ::I18n.t(
-          candidates.shift,
-          default: candidates,
-          **options
-        )
-      end
-
-      private
-
-      def candidates_for(policy_class, rule)
-        policy_hierarchy = policy_class.ancestors.select { |_1| _1.respond_to?(:identifier) }
-        [
-          *policy_hierarchy.map { |klass| :"policy.#{klass.identifier}.#{rule}" },
-          :"policy.#{rule}",
-          :unauthorized,
-          DEFAULT_UNAUTHORIZED_MESSAGE
-        ]
-      end
-    end
-
-    ActionPolicy::Policy::FailureReasons.prepend(Module.new do
-      def full_messages
-        reasons.flat_map do |policy_klass, rules|
-          rules.flat_map do |rule|
-            if rule.is_a?(::Hash)
-              rule.map do |key, details|
-                ActionPolicy::I18n.full_message(policy_klass, key, details)
-              end
-            else
-              ActionPolicy::I18n.full_message(policy_klass, rule)
-            end
-          end
-        end
-      end
-    end)
-
-    ActionPolicy::Policy::ExecutionResult.prepend(Module.new do
-      def message
-        ActionPolicy::I18n.full_message(policy, rule, details)
-      end
-    end)
-  end
-end

data/lib/.rbnext/2.7/action_policy/policy/cache.rb

@@ -1,101 +0,0 @@
-# frozen_string_literal: true
-
-require "action_policy/version"
-
-module ActionPolicy # :nodoc:
-  using RubyNext
-
-  # By default cache namespace (or prefix) contains major and minor version of the gem
-  CACHE_NAMESPACE = "acp:#{ActionPolicy::VERSION.split(".").take(2).join(".")}"
-
-  require "action_policy/ext/policy_cache_key"
-
-  using ActionPolicy::Ext::PolicyCacheKey
-
-  module Policy
-    # Provides long-lived cache through ActionPolicy.cache_store.
-    #
-    # NOTE: if cache_store is nil then we silently skip all the caching.
-    module Cache
-      class << self
-        def included(base)
-          base.extend ClassMethods
-        end
-      end
-
-      def cache_namespace() ;  ActionPolicy::CACHE_NAMESPACE; end
-
-      def cache_key(*parts)
-        [
-          cache_namespace,
-          *parts
-        ].map { |_1| _1._policy_cache_key }.join("/")
-      end
-
-      def rule_cache_key(rule)
-        cache_key(
-          context_cache_key,
-          record,
-          self.class,
-          rule
-        )
-      end
-
-      def context_cache_key
-        authorization_context.map { |_1, _2| _2._policy_cache_key.to_s }.join("/")
-      end
-
-      def apply_with_cache(rule)
-        options = self.class.cached_rules.fetch(rule)
-        key = rule_cache_key(rule)
-
-        ActionPolicy.cache_store.then do |store|
-          @result = store.read(key)
-          unless result.nil?
-            result.cached!
-            next result.value
-          end
-          yield
-          store.write(key, result, options)
-          result.value
-        end
-      end
-
-      def apply(rule)
-        return super if ActionPolicy.cache_store.nil? ||
-          !self.class.cached_rules.key?(rule)
-
-        apply_with_cache(rule) { super }
-      end
-
-      def cache(*parts, **options)
-        key = cache_key(*parts)
-        ActionPolicy.cache_store.then do |store|
-          res = store.read(key)
-          next res unless res.nil?
-          res = yield
-          store.write(key, res, options)
-          res
-        end
-      end
-
-      module ClassMethods # :nodoc:
-        def cache(*rules, **options)
-          rules.each do |rule|
-            cached_rules[rule] = options
-          end
-        end
-
-        def cached_rules
-          return @cached_rules if instance_variable_defined?(:@cached_rules)
-
-          @cached_rules = if superclass.respond_to?(:cached_rules)
-            superclass.cached_rules.dup
-          else
-            {}
-          end
-        end
-      end
-    end
-  end
-end

data/lib/.rbnext/2.7/action_policy/policy/pre_check.rb

@@ -1,162 +0,0 @@
-# frozen_string_literal: true
-
-module ActionPolicy
-  module Policy
-    # Adds callback-style checks to policies to
-    # extract common checks from rules.
-    #
-    #    class ApplicationPolicy < ActionPolicy::Base
-    #      authorize :user
-    #      pre_check :allow_admins
-    #
-    #      private
-    #        # Allow every action for admins
-    #        def allow_admins
-    #          allow! if user.admin?
-    #        end
-    #    end
-    #
-    # You can specify conditional pre-checks (through `except` / `only`) options
-    # and skip already defined pre-checks if necessary.
-    #
-    #    class UserPolicy < ApplicationPolicy
-    #      skip_pre_check :allow_admins, only: :destroy?
-    #
-    #      def destroy?
-    #        user.admin? && !record.admin?
-    #      end
-    #    end
-    module PreCheck
-      # Single pre-check instance.
-      #
-      # Implements filtering logic.
-      class Check
-        attr_reader :name, :policy_class
-
-        def initialize(policy, name, except: nil, only: nil)
-          if !except.nil? && !only.nil?
-            raise ArgumentError,
-              "Only one of `except` and `only` may be specified for pre-check"
-          end
-
-          @policy_class = policy
-          @name = name
-          @blacklist = Array(except) unless except.nil?
-          @whitelist = Array(only) unless only.nil?
-
-          rebuild_filter
-        end
-
-        def applicable?(rule)
-          return true if filter.nil?
-          filter.call(rule)
-        end
-
-        def call(policy) ;  policy.send(name); end
-
-        def skip!(except: nil, only: nil)
-          if !except.nil? && !only.nil?
-            raise ArgumentError,
-              "Only one of `except` and `only` may be specified when skipping pre-check"
-          end
-
-          if except.nil? && only.nil?
-            raise ArgumentError,
-              "At least one of `except` and `only` must be specified when skipping pre-check"
-          end
-
-          if except
-            @whitelist = Array(except)
-            @whitelist -= blacklist if blacklist
-            @blacklist = nil
-          else
-            # only
-            @blacklist += Array(only) if blacklist
-            @whitelist -= Array(only) if whitelist
-            @blacklist = Array(only) if filter.nil?
-          end
-
-          rebuild_filter
-        end
-        # rubocop: enable
-        # rubocop: enable
-
-        def dup
-          self.class.new(
-            policy_class,
-            name,
-            except: blacklist&.dup,
-            only: whitelist&.dup
-          )
-        end
-
-        private
-
-        attr_reader :whitelist, :blacklist, :filter
-
-        def rebuild_filter
-          @filter =
-            if whitelist
-              proc { |rule| whitelist.include?(rule) }
-            elsif blacklist
-              proc { |rule| !blacklist.include?(rule) }
-            end
-        end
-      end
-
-      class << self
-        def included(base)
-          base.extend ClassMethods
-        end
-      end
-
-      def run_pre_checks(rule)
-        self.class.pre_checks.each do |check|
-          next unless check.applicable?(rule)
-          check.call(self)
-        end
-
-        yield if block_given?
-      end
-
-      def __apply__(rule)
-        run_pre_checks(rule) { super }
-      end
-
-      module ClassMethods # :nodoc:
-        def pre_check(*names, **options)
-          names.each do |name|
-            # do not allow pre-check override
-            check = pre_checks.find { |_1| _1.name == name }
-            raise "Pre-check already defined: #{name}" unless check.nil?
-
-            pre_checks << Check.new(self, name, **options)
-          end
-        end
-
-        def skip_pre_check(*names, **options)
-          names.each do |name|
-            check = pre_checks.find { |_1| _1.name == name }
-            raise "Pre-check not found: #{name}" if check.nil?
-
-            # when no options provided we remove this check completely
-            next pre_checks.delete(check) if options.empty?
-
-            # otherwise duplicate and apply skip options
-            pre_checks[pre_checks.index(check)] = check.dup.tap { |_1| _1.skip!(**options) }
-          end
-        end
-
-        def pre_checks
-          return @pre_checks if instance_variable_defined?(:@pre_checks)
-
-          @pre_checks = if superclass.respond_to?(:pre_checks)
-            superclass.pre_checks.dup
-          else
-            []
-          end
-        end
-      end
-    end
-  end
-end

data/lib/.rbnext/2.7/action_policy/rspec/be_authorized_to.rb

@@ -1,96 +0,0 @@
-# frozen_string_literal: true
-
-require "action_policy/testing"
-
-module ActionPolicy
-  module RSpec
-    # Authorization matcher `be_authorized_to`.
-    #
-    # Verifies that a block of code has been authorized using specific policy.
-    #
-    # Example:
-    #
-    #   # in controller/request specs
-    #   subject { patch :update, id: product.id }
-    #
-    #   it "is authorized" do
-    #     expect { subject }
-    #       .to be_authorized_to(:manage?, product)
-    #       .with(ProductPolicy)
-    #   end
-    #
-    class BeAuthorizedTo < ::RSpec::Matchers::BuiltIn::BaseMatcher
-      attr_reader :rule, :target, :policy, :actual_calls, :context
-
-      def initialize(rule, target)
-        @rule = rule
-        @target = target
-      end
-
-      def with(policy)
-        @policy = policy
-        self
-      end
-
-      def with_context(context)
-        @context = context
-        self
-      end
-
-      def match(_expected, actual)
-        raise "This matcher only supports block expectations" unless actual.is_a?(Proc)
-
-        @policy ||= ::ActionPolicy.lookup(target)
-        @context ||= nil
-
-        begin
-          ActionPolicy::Testing::AuthorizeTracker.tracking { actual.call }
-        rescue ActionPolicy::Unauthorized
-          # we don't want to care about authorization result
-        end
-
-        @actual_calls = ActionPolicy::Testing::AuthorizeTracker.calls
-
-        actual_calls.any? { |_1| _1.matches?(policy, rule, target, context) }
-      end
-
-      def does_not_match?(*__rest__)
-        raise "This matcher doesn't support negation"
-      end
-
-      def supports_block_expectations?() ;  true; end
-
-      def failure_message
-        "expected #{formatted_record} " \
-        "to be authorized with #{policy}##{rule}, " \
-        "#{context ? "and context #{context.inspect}, " : ""}" \
-        "but #{actual_calls_message}"
-      end
-
-      def actual_calls_message
-        if actual_calls.empty?
-          "no authorization calls have been made"
-        else
-          "the following calls were encountered:\n" \
-          "#{formatted_calls}"
-        end
-      end
-
-      def formatted_calls
-        actual_calls.map do |_1|
-          " - #{_1.inspect}"
-        end.join("\n")
-      end
-
-      def formatted_record(record = target) ;  ::RSpec::Support::ObjectFormatter.format(record); end
-    end
-  end
-end
-
-RSpec.configure do |config|
-  config.include(Module.new do
-    def be_authorized_to(rule, target)
-      ActionPolicy::RSpec::BeAuthorizedTo.new(rule, target)
-    end
-  end)
-end

data/lib/.rbnext/2.7/action_policy/rspec/have_authorized_scope.rb

@@ -1,130 +0,0 @@
-# frozen_string_literal: true
-
-require "action_policy/testing"
-
-module ActionPolicy
-  module RSpec
-    # Implements `have_authorized_scope` matcher.
-    #
-    # Verifies that a block of code applies authorization scoping using specific policy.
-    #
-    # Example:
-    #
-    #   # in controller/request specs
-    #   subject { get :index }
-    #
-    #   it "has authorized scope" do
-    #     expect { subject }
-    #       .to have_authorized_scope(:active_record_relation)
-    #       .with(ProductPolicy)
-    #   end
-    #
-    class HaveAuthorizedScope < ::RSpec::Matchers::BuiltIn::BaseMatcher
-      attr_reader :type, :name, :policy, :scope_options, :actual_scopes,
-        :target_expectations, :context
-
-      def initialize(type)
-        @type = type
-        @name = :default
-        @scope_options = nil
-      end
-
-      def with(policy)
-        @policy = policy
-        self
-      end
-
-      def as(name)
-        @name = name
-        self
-      end
-
-      def with_scope_options(scope_options)
-        @scope_options = scope_options
-        self
-      end
-
-      def with_target(&block)
-        @target_expectations = block
-        self
-      end
-
-      def with_context(context)
-        @context = context
-        self
-      end
-
-      def match(_expected, actual)
-        raise "This matcher only supports block expectations" unless actual.is_a?(Proc)
-
-        ActionPolicy::Testing::AuthorizeTracker.tracking { actual.call }
-
-        @actual_scopes = ActionPolicy::Testing::AuthorizeTracker.scopings
-
-        matching_scopes = actual_scopes.select { |_1| _1.matches?(policy, type, name, scope_options, context) }
-
-        return false if matching_scopes.empty?
-
-        return true unless target_expectations
-
-        if matching_scopes.size > 1
-          raise "Too many matching scopings (#{matching_scopes.size}), " \
-                "you can run `.with_target` only when there is the only one match"
-        end
-
-        target_expectations.call(matching_scopes.first.target)
-        true
-      end
-
-      def does_not_match?(*__rest__)
-        raise "This matcher doesn't support negation"
-      end
-
-      def supports_block_expectations?() ;  true; end
-
-      def failure_message
-        "expected a scoping named :#{name} for type :#{type} " \
-        "#{scope_options_message} " \
-        "#{context ? "and context #{context.inspect} " : ""}" \
-        "from #{policy} to have been applied, " \
-        "but #{actual_scopes_message}"
-      end
-
-      def scope_options_message
-        if scope_options
-          if defined?(::RSpec::Matchers::Composable) &&
-              scope_options.is_a?(::RSpec::Matchers::Composable)
-            "with scope options #{scope_options.description}"
-          else
-            "with scope options #{scope_options}"
-          end
-        else
-          "without scope options"
-        end
-      end
-
-      def actual_scopes_message
-        if actual_scopes.empty?
-          "no scopings have been made"
-        else
-          "the following scopings were encountered:\n" \
-          "#{formatted_scopings}"
-        end
-      end
-
-      def formatted_scopings
-        actual_scopes.map do |_1|
-          " - #{_1.inspect}"
-        end.join("\n")
-      end
-    end
-  end
-end
-
-RSpec.configure do |config|
-  config.include(Module.new do
-    def have_authorized_scope(type)
-      ActionPolicy::RSpec::HaveAuthorizedScope.new(type)
-    end
-  end)
-end