action_policy 0.2.2 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5aa63f362aa8606be7d0ba77e1c78be9ed8c811eb57b06c38835ec4df24c9bf1
-  data.tar.gz: 9c704fda90d4735827eddfb78be38a6f2ea2a293f71165df1955cdd78a3e803d
+  metadata.gz: c211ebea84e0d55fb6691b9abd897cfd2f594299cd72b1f346b904af99eb192c
+  data.tar.gz: b56a427246d7ebd7d5b96660791af5254880ada1c8dc29566ce4114f97f9aac7
 SHA512:
-  metadata.gz: a0cd9a62e04d0dbf1263d5c30ba0e860930877e63dd5c3c93f0be327e204b5e66265b8d9ce264278e9b16bef1bff7924331c66f11f88012c0a26dca445ad51bd
-  data.tar.gz: eb7b6b92a10869ab50f71656b446d26199d339891f5336ca28f87918cfd8dad467498e0262011703662944f82c49927e0c26dc24c871c456813ca87397cc4786
+  metadata.gz: 4f2deff9d0ff76e5966e0a4abafc75772730369ac46d033636c26a2cfa236b113c6544ccd2338cdd9813177905f58b97fa6111515b27a3ba7e862fbf7845953d
+  data.tar.gz: be2bc03196ac2de3e2ede2d3ea9c995e29352fdf269f9814d1bfe0d8dd9e9a1a4429a10e68631030fd749492888b30de607ebd1748a1656a6e12e0e7fb8ccb14

data/.rubocop.yml

@@ -9,7 +9,6 @@ AllCops:
   Exclude:
     - 'bin/**/*'
     - 'gemfiles/**/*'
-    - 'test/dummy/**/*'
     - 'vendor/**/*'
     - 'tmp/**/*'
   DisplayCopNames: true

data/CHANGELOG.md

@@ -1,9 +1,22 @@
 ## master
 
+## 0.2.3 (2018-07-03)
+
+- [Fix [#16](https://github.com/palkan/action_policy/issues/16)] Add ability to disable namespace resolution cache. ([@palkan][])
+
+  We cache namespaced policy resolution for better performance (it could affect performance when we look up a policy from a deeply nested module context).
+
+  It could be disabled by setting `ActionPolicy::LookupChain.namespace_cache_enabled = false`. It's enabled by default unless `RACK_ENV` env var is specified and is not equal to `"production"` (e.g. when `RACK_ENV=test` the cache is disabled).
+
+  When using Rails it's enabled only in production mode but could be configured through setting the `config.config.action_policy.namespace_cache_enabled` parameter.
+
+- [Fix [#18](https://github.com/palkan/action_policy/issues/18)] Clarify documentation around, and fix the way `resolve_rule` resolves rules and rule aliases when subclasses are involved. ([@brendon][])
+
 ## 0.2.2 (2018-07-01)
 
 - [Fix [#29](https://github.com/palkan/action_policy/issues/29)] Fix loading cache middleware. ([@palkan][])
 
+
 - Use `send` instead of `public_send` to get the `authorization_context` so that contexts such as
   `current_user` can be `private` in the controller. ([@brendon][])
 

data/docs/aliases.md

@@ -52,3 +52,63 @@ end
 Now when you call `authorize! post` with any rule not explicitly defined in policy class, the `manage?` rule is applied.
 
 By default, `ActionPolicy::Base` sets `manage?` as a default rule.
+
+## Aliases and Private Methods
+
+Rules in `action_policy` can only be public methods. Trying to use a private method as a rule will raise an error. Thus, aliases can also only point to public methods.
+
+## Rule resolution with subclasses
+
+Here's the order in which aliases and concrete rule methods are resolved in regards to subclasses:
+
+1. If there is a concrete rule method on the subclass, this is called, else
+2. If there is a matching alias then this is called, else
+  * When aliases are defined on the subclass they will overwrite matching aliases on the superclass.
+3. If there is a concrete rule method on the superclass, then this is called, else
+4. If there is a default rule defined, then this is called, else
+5. `ActionPolicy::UnknownRule` is raised.
+
+Here's an example with the expected results:
+
+```ruby
+class SuperPolicy < ApplicationPolicy
+  default_rule :manage?
+
+  alias_rule :update?, :destroy?, :create?, to: :edit?
+
+  def manage?; end
+
+  def edit?; end
+
+  def index?; end
+end
+
+class SubPolicy < AbstractPolicy
+  default_rule nil
+
+  alias_rule :index?, :update?, to: :manage?
+
+  def create?; end
+end
+```
+
+Authorizing against the SuperPolicy:
+
+* `update?` will resolve to `edit?`
+* `destroy?` will resolve to `edit?`
+* `create?` will resolve to `edit?`
+* `manage?` will resolve to `manage?`
+* `edit?` will resolve to `edit?`
+* `index?` will resolve to `index?`
+* `something?` will resolve to `manage?`
+
+Authorizing against the SuBPolicy:
+
+* `index?` will resolve to `manage?`
+* `update?` will resolve to `manage?`
+* `create?` will resolve to `create?`
+* `destroy?` will resolve to `edit?`
+* `manage?` will resolve to `manage?`
+* `edit?` will resolve to `edit?`
+* `index?` will resolve to `manage?`
+* `something?` will raise `ActionPolicy::UnknownRule`

data/docs/namespaces.md

@@ -67,3 +67,11 @@ end
 ```
 
 **NOTE**: namespace support is an extension for `ActionPolicy::Behaviour` and could be included with `ActionPolicy::Behaviours::Namespaced` (included into Rails controllers and channel integrations by default).
+
+## Namespace resultion cache
+
+We cache namespaced policy resolution for better performance (it could affect performance when we look up a policy from a deeply nested module context, see the [benchmark](https://github.com/palkan/action_policy/blob/master/benchmarks/namespaced_lookup_cache.rb)).
+
+It could be disabled by setting `ActionPolicy::LookupChain.namespace_cache_enabled = false`. It's enabled by default unless `RACK_ENV` env var is specified and is not equal to `"production"` (e.g. when `RACK_ENV=test` the cache is disabled).
+
+When using Rails it's enabled only in production mode but could be configured through setting the `config.config.action_policy.namespace_cache_enabled` parameter.

data/docs/quick_start.md

@@ -36,6 +36,8 @@ end
 
 **NOTE:** it is not necessary to inherit from `ActionPolicy::Base`; instead, you can [construct basic policy](custom_policy.md) choosing only the components you need.
 
+Rules must be public methods on the class. Using private methods as rules will raise an error.
+
 Consider a simple example:
 
 ```ruby

data/lib/action_policy/lookup_chain.rb

@@ -22,7 +22,7 @@ module ActionPolicy
         attr_reader :store
 
         def fetch(namespace, policy)
-          return yield unless LookupChain.namespace_cache_enabled
+          return yield unless LookupChain.namespace_cache_enabled?
           return store[namespace][policy] if store[namespace].key?(policy)
           store[namespace][policy] ||= yield
         end
@@ -38,6 +38,8 @@ module ActionPolicy
     class << self
       attr_accessor :chain, :namespace_cache_enabled
 
+      alias namespace_cache_enabled? namespace_cache_enabled
+
       def call(record, **opts)
         chain.each do |probe|
           val = probe.call(record, opts)
@@ -76,8 +78,10 @@ module ActionPolicy
       end
     end
 
-    # Enable namespace cache by default
-    self.namespace_cache_enabled = true
+    # Enable namespace cache by default or
+    # if RACK_ENV provided and equal to "production"
+    self.namespace_cache_enabled =
+      !ENV["RACK_ENV"].nil? ? ENV["RACK_ENV"] == "production" : true
 
     # By self `policy_class` method
     INSTANCE_POLICY_CLASS = ->(record, _) {

data/lib/action_policy/policy/aliases.rb

@@ -29,8 +29,10 @@ module ActionPolicy
       end
 
       def resolve_rule(activity)
-        return activity if respond_to?(activity)
-        self.class.lookup_alias(activity) || super
+        self.class.lookup_alias(activity) ||
+          (activity if respond_to?(activity)) ||
+          self.class.lookup_default_rule ||
+          super
       end
 
       module ClassMethods # :nodoc:
@@ -45,7 +47,11 @@ module ActionPolicy
         end
 
         def lookup_alias(rule)
-          rules_aliases.fetch(rule, rules_aliases[DEFAULT])
+          rules_aliases[rule]
+        end
+
+        def lookup_default_rule
+          rules_aliases[DEFAULT]
         end
 
         def rules_aliases
@@ -58,6 +64,10 @@ module ActionPolicy
               {}
             end
         end
+
+        def method_added(name)
+          rules_aliases.delete(name) if public_method_defined?(name)
+        end
       end
     end
   end

data/lib/action_policy/railtie.rb

@@ -25,6 +25,11 @@ module ActionPolicy # :nodoc:
         # the default authorization context in channels
         attr_accessor :channel_authorize_current_user
 
+        # Define whether to cache namespaced policy resolution
+        # result (e.g. in controllers).
+        # Enabled only in production by default.
+        attr_accessor :namespace_cache_enabled
+
         def cache_store=(store, *args)
           if store.is_a?(Symbol)
             store = ActiveSupport::Cache.lookup_store(
@@ -40,6 +45,7 @@ module ActionPolicy # :nodoc:
       self.controller_authorize_current_user = true
       self.auto_inject_into_channel = true
       self.channel_authorize_current_user = true
+      self.namespace_cache_enabled = Rails.env.production?
     end
 
     config.action_policy = Config
@@ -50,11 +56,14 @@ module ActionPolicy # :nodoc:
         app.executor.to_complete { ActionPolicy::PerThreadCache.clear_all }
       else
         require "action_policy/cache_middleware"
-        app_middleware.use ActionPolicy::CacheMiddleware
+        app.middleware.use ActionPolicy::CacheMiddleware
       end
     end
 
     config.to_prepare do |_app|
+      ActionPolicy::LookupChain.namespace_cache_enabled =
+        Rails.application.config.action_policy.namespace_cache_enabled
+
       ActiveSupport.on_load(:action_controller) do
         next unless Rails.application.config.action_policy.auto_inject_into_controller
 

data/lib/action_policy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ActionPolicy
-  VERSION = "0.2.2"
+  VERSION = "0.2.3"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: action_policy
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.2.3
 platform: ruby
 authors:
 - Vladimir Dementyev
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-07-01 00:00:00.000000000 Z
+date: 2018-07-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler