action_policy 0.4.4 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aa234de7b74f58df4707ec00f9f4d67bee0d89fb721f2b0e4df90627970530e6
-  data.tar.gz: e6e4ba56d3be720b8ddac3a236f42c84eec2472d04b95213914d89e23d291bf7
+  metadata.gz: 4fc0130963013d2a27c7abf48817dba07345f15fde792a1d9b55633de820c318
+  data.tar.gz: 238306ff0b289bbe89e69c7805c57cee46d1f1bfb89479bc35b34c801dad6994
 SHA512:
-  metadata.gz: 450572c0987f8d4174ff6c51fdd188d62bd5dfd288b381a593030ee9ef8575df74852b1600706f6dfb1c115fddb9a45e518f03b2dd0a118e653c0a13c0efc05a
-  data.tar.gz: 1fa6dac85f5fe5f014026d23357c08e9dba0101b68a07a96315275a1ce2aa28762ab82abffbf0ae985a9a277d942de23c521223d485b7acfe1fdceeae9c4179d
+  metadata.gz: 192f5beabda0c3d0ad49deee958107b919e50eb1dc20e79df3fc96f8ee59f274eedb93e96f4d18614a58dc3df57b4f363ec360d40c3dfe42a2d0b2fca0eb6f81
+  data.tar.gz: ce790734997fbb3f6ac38bf9dea4aee0fd9a5c6dbe8442bb48fe2724f6e77574823d512444f398a5a2ad06b5b302d1a8ac031e50a62ea13830e6c38f2f75cd60

data/CHANGELOG.md

@@ -2,6 +2,35 @@
 
 ## master
 
+## 0.5.0 (2020-09-29)
+
+- Move `deny!` / `allow!` to core. ([@palkan][])
+
+Now you can call `deny!` and `allow!` in policy rules to fail- or pass-fast.
+
+**BREAKING.** Pre-check name is no longer added automatically to failure reasons. You should specify the reason
+explicitly: `deny!(:my_reason)`.
+
+- Add `Result#all_details` to return all collected details in a single hash. ([@palkan][])
+
+- Add `default` option to lookup and `default_authorization_policy_class` callback to behaviour. ([@palkan][])
+
+- Add `skip_verify_authorized!` to Rails controllers integration. ([@palkan][])
+
+This method allows you to skip the `verify_authorized` callback dynamically.
+
+- **Drop Ruby 2.4 support**. ([@palkan][])
+
+- Add `allowance_to` method to authorization behaviour. ([@palkan][])
+
+This method is similar to `allowed_to?` but returns an authorization result object.
+
+- Support aliases in `allowed_to?` / `check?` calls within policies. ([@palkan][])
+
+## 0.4.5 (2020-07-29)
+
+- Add strict_namespace option to lookup chain. (@rainerborene)
+
 ## 0.4.4 (2020-07-07)
 
 - Fix symbol lookup with namespaces. ([@palkan][])
@@ -23,12 +52,12 @@ See [PR#118](https://github.com/palkan/action_policy/pull/118).
 
 - Add `#cache(*parts, **options) { ... }` method. ([@palkan][])
 
-  Allows you to cache anything in policy classes using the Action Policy
-  cache key generation mechanism.
+Allows you to cache anything in policy classes using the Action Policy
+cache key generation mechanism.
 
 - Handle versioned Rails cache keys. ([@palkan][])
 
-  Use `#cache_with_version` as a cache key if defined.
+Use `#cache_with_version` as a cache key if defined.
 
 ## 0.4.2 (2019-12-13)
 
@@ -38,274 +67,275 @@ See [PR#118](https://github.com/palkan/action_policy/pull/118).
 
 - Add `action_policy.init` instrumentation event. ([@palkan][])
 
-  Triggered every time a new policy object is initialized.
+Triggered every time a new policy object is initialized.
 
 - Fix policy memoization with explicit context. ([@palkan][])
 
-  Explicit context (`authorize! context: {}`) wasn't considered during
-  policies memoization. Not this is fixed.
+Explicit context (`authorize! context: {}`) wasn't considered during
+policies memoization. Not this is fixed.
 
 - Support composed matchers for authorization target testing. ([@palkan][])
 
-  Now you can write tests like this:
+Now you can write tests like this:
 
-  ```ruby
-  expect { subject }.to be_authorized_to(:show?, an_instance_of(User))
-  ```
+```ruby
+expect { subject }.to be_authorized_to(:show?, an_instance_of(User))
+```
 
 ## 0.3.4 (2019-11-27)
 
 - Fix Rails generators. ([@palkan][])
 
-  Only invoke install generator if `application_policy.rb` is missing.
-  Fix hooking into test frameworks.
+Only invoke install generator if `application_policy.rb` is missing.
+Fix hooking into test frameworks.
 
 ## 0.3.3 (2019-11-27)
 
 - Improve pretty print functionality. ([@palkan][])
 
-  Colorize true/false values.
-  Handle multiline expressions and debug statements (i.e., `binding.pry`).
+Colorize true/false values.
+Handle multiline expressions and debug statements (i.e., `binding.pry`).
 
 - Add Rails generators. ([@nicolas-brousse][])
 
-  Adds `action_policy:install` and `action_policy:policy MODEL` Rails generators.
+Adds `action_policy:install` and `action_policy:policy MODEL` Rails generators.
 
 - Optional authorization target. ([@somenugget][])
 
-  Allows making authorization context optional:
+Allows making authorization context optional:
 
-  ```ruby
-  class OptionalRolePolicy < ActionPolicy::Base
-    authorize :role, optional: true
-  end
+```ruby
+class OptionalRolePolicy < ActionPolicy::Base
+  authorize :role, optional: true
+end
 
-  policy = OptionalRolePolicy.new
-  policy.role #=> nil
-  ```
+policy = OptionalRolePolicy.new
+policy.role #=> nil
+```
 
 ## 0.3.2 (2019-05-26) 👶
 
 - Fixed thread-safety issues with scoping configs. ([@palkan][])
 
-  Fixes [#75](https://github.com/palkan/action_policy/issues/75).
+Fixes [#75](https://github.com/palkan/action_policy/issues/75).
 
 ## 0.3.1 (2019-05-30)
 
 - Fixed bug with missing implicit target and hash like scoping data. ([@palkan][])
 
-  Fixes [#70](https://github.com/palkan/action_policy/issues/70).
+Fixes [#70](https://github.com/palkan/action_policy/issues/70).
 
 ## 0.3.0 (2019-04-02)
 
 - Added ActiveSupport-based instrumentation. ([@palkan][])
 
-  See [PR#4](https://github.com/palkan/action_policy/pull/4)
+See [PR#4](https://github.com/palkan/action_policy/pull/4)
 
 - Allow passing authorization context explicitly. ([@palkan][])
 
-  Closes [#3](https://github.com/palkan/action_policy/issues/3).
+Closes [#3](https://github.com/palkan/action_policy/issues/3).
 
-  Now it's possible to override implicit authorization context
-  via `context` option:
+Now it's possible to override implicit authorization context
+via `context` option:
 
-  ```ruby
-  authorize! target, to: :show?, context: {user: another_user}
-  authorized_scope User.all, context: {user: another_user}
-  ```
+```ruby
+authorize! target, to: :show?, context: {user: another_user}
+authorized_scope User.all, context: {user: another_user}
+```
 
 - Renamed `#authorized` to `#authorized_scope`. ([@palkan][])
 
-  **NOTE:** `#authorized` alias is also available.
+**NOTE:** `#authorized` alias is also available.
 
 - Added `Policy#pp(rule)` method to print annotated rule source code. ([@palkan][])
 
-  Example (debugging):
+Example (debugging):
 
-  ```ruby
-  def edit?
-    binding.pry # rubocop:disable Lint/Debugger
-    (user.name == "John") && (admin? || access_feed?)
-  end
-  ```
-
-  ```sh
-  pry> pp :edit?
-  MyPolicy#edit?
-  ↳ (
-      user.name == "John" #=> false
-    )
-    AND
-    (
-      admin? #=> false
-      OR
-      access_feed? #=> true
-    )
+```ruby
+def edit?
+  binding.pry # rubocop:disable Lint/Debugger
+  (user.name == "John") && (admin? || access_feed?)
+end
+```
+
+```sh
+pry> pp :edit?
+MyPolicy#edit?
+↳ (
+    user.name == "John" #=> false
+  )
+  AND
+  (
+    admin? #=> false
+    OR
+    access_feed? #=> true
   )
-  ```
+)
+```
 
-  See [PR#63](https://github.com/palkan/action_policy/pull/63)
+See [PR#63](https://github.com/palkan/action_policy/pull/63)
 
 - Added ability to provide additional failure reasons details. ([@palkan][])
 
-  Example:
+Example:
 
-  ```ruby
-  class ApplicantPolicy < ApplicationPolicy
-    def show?
-      allowed_to?(:show?, object.stage)
-    end
+```ruby
+class ApplicantPolicy < ApplicationPolicy
+  def show?
+    allowed_to?(:show?, object.stage)
   end
-
-  class StagePolicy < ApplicationPolicy
-    def show?
-      # Add stage title to the failure reason (if any)
-      # (could be used by client to show more descriptive message)
-      details[:title] = record.title
-      # then perform the checks
-      user.stages.where(id: record.id).exists?
-    end
+end
+
+class StagePolicy < ApplicationPolicy
+  def show?
+    # Add stage title to the failure reason (if any)
+    # (could be used by client to show more descriptive message)
+    details[:title] = record.title
+    # then perform the checks
+    user.stages.where(id: record.id).exists?
   end
+end
 
-  # when accessing the reasons
-  p ex.result.reasons.details #=> { stage: [{show?: {title: "Onboarding"}] }
-  ```
+# when accessing the reasons
+p ex.result.reasons.details #=> { stage: [{show?: {title: "Onboarding"}] }
+```
 
-  See https://github.com/palkan/action_policy/pull/58
+See https://github.com/palkan/action_policy/pull/58
 
 - Ruby 2.4+ is required. ([@palkan][])
 
 - Added RSpec DSL for writing policy specs. ([@palkan])
 
-  The goal of this DSL is to reduce the boilerplate when writing
-  policies specs.
+The goal of this DSL is to reduce the boilerplate when writing
+policies specs.
 
-  Example:
+Example:
 
-  ```ruby
-  describe PostPolicy do
-    let(:user) { build_stubbed :user }
-    let(:record) { build_stubbed :post, draft: false }
+```ruby
+describe PostPolicy do
+  let(:user) { build_stubbed :user }
+  let(:record) { build_stubbed :post, draft: false }
 
-    let(:context) { {user: user} }
+  let(:context) { {user: user} }
 
-    describe_rule :show? do
-      succeed "when post is published"
+  describe_rule :show? do
+    succeed "when post is published"
 
-      failed "when post is draft" do
-        before { post.draft = false }
+    failed "when post is draft" do
+      before { post.draft = false }
 
-        succeed "when user is a manager" do
-          before { user.role = "manager" }
-        end
+      succeed "when user is a manager" do
+        before { user.role = "manager" }
       end
     end
   end
-  ```
+end
+```
 
 - Added I18n support ([@DmitryTsepelev][])
 
-  Example:
+Example:
 
-  ```ruby
-  class ApplicationController < ActionController::Base
-    rescue_from ActionPolicy::Unauthorized do |ex|
-      p ex.result.message #=> "You do not have access to the stage"
-      p ex.result.reasons.full_messages #=> ["You do not have access to the stage"]
-    end
+```ruby
+class ApplicationController < ActionController::Base
+  rescue_from ActionPolicy::Unauthorized do |ex|
+    p ex.result.message #=> "You do not have access to the stage"
+    p ex.result.reasons.full_messages #=> ["You do not have access to the stage"]
   end
-  ```
+end
+```
 
 - Added scope options to scopes. ([@korolvs][])
 
-  See [#47](https://github.com/palkan/action_policy/pull/47).
+See [#47](https://github.com/palkan/action_policy/pull/47).
 
-  Example:
-  ```ruby
-  # users_controller.rb
-  class UsersController < ApplicationController
-    def index
-      @user = authorized(User.all, scope_options: {with_deleted: true})
-    end
+Example:
+
+```ruby
+# users_controller.rb
+class UsersController < ApplicationController
+  def index
+    @user = authorized(User.all, scope_options: {with_deleted: true})
   end
+end
 
-  # user_policy.rb
-  describe UserPolicy < Application do
-    relation_scope do |relation, with_deleted: false|
-      rel = some_logic(relation)
-      with_deleted ? rel.with_deleted : rel
-    end
+# user_policy.rb
+describe UserPolicy < Application do
+  relation_scope do |relation, with_deleted: false|
+    rel = some_logic(relation)
+    with_deleted ? rel.with_deleted : rel
   end
-  ```
+end
+```
 
 - Added Symbol lookup to the lookup chain ([@DmitryTsepelev][])
 
-  For instance, lookup will implicitly use `AdminPolicy` in a following case:
+For instance, lookup will implicitly use `AdminPolicy` in a following case:
 
-  ```ruby
-  # admin_controller.rb
-  class AdminController < ApplicationController
-    authorize! :admin, to: :update_settings
-  end
-  ```
+```ruby
+# admin_controller.rb
+class AdminController < ApplicationController
+  authorize! :admin, to: :update_settings
+end
+```
 
 - Added testing for scopes. ([@palkan][])
 
-  Example:
+Example:
 
-  ```ruby
-  # users_controller.rb
-  class UsersController < ApplicationController
-    def index
-      @user = authorized(User.all)
-    end
+```ruby
+# users_controller.rb
+class UsersController < ApplicationController
+  def index
+    @user = authorized(User.all)
   end
-
-  # users_controller_spec.rb
-  describe UsersController do
-    subject { get :index }
-    it "has authorized scope" do
-      expect { subject }.to have_authorized_scope(:active_record_relation)
-        .with(PostPolicy)
-    end
+end
+
+# users_controller_spec.rb
+describe UsersController do
+  subject { get :index }
+  it "has authorized scope" do
+    expect { subject }.to have_authorized_scope(:active_record_relation)
+      .with(PostPolicy)
   end
-  ```
+end
+```
 
 - Added scoping support. ([@palkan][])
 
-  See [#5](https://github.com/palkan/action_policy/issues/5).
+See [#5](https://github.com/palkan/action_policy/issues/5).
 
-  By "scoping" we mean an ability to use policies to _scope data_.
+By "scoping" we mean an ability to use policies to _scope data_.
 
-  For example, when you want to _scope_ Active Record collections depending
-  on the current user permissions:
+For example, when you want to _scope_ Active Record collections depending
+on the current user permissions:
 
-  ```ruby
-  class PostsController < ApplicationController
-    def index
-      @posts = authorized(Post.all)
-    end
+```ruby
+class PostsController < ApplicationController
+  def index
+    @posts = authorized(Post.all)
   end
+end
 
-  class PostPolicy < ApplicationPolicy
-    relation_scope do |relation|
-      next relation if user.admin?
-      relation.where(user: user)
-    end
+class PostPolicy < ApplicationPolicy
+  relation_scope do |relation|
+    next relation if user.admin?
+    relation.where(user: user)
   end
-  ```
+end
+```
 
-  Action Policy provides a flexible mechanism to apply scopes to anything you want.
+Action Policy provides a flexible mechanism to apply scopes to anything you want.
 
-  Read more in [docs](https://actionpolicy.evilmartians.io/).
+Read more in [docs](https://actionpolicy.evilmartians.io/).
 
 - Added `#implicit_authorization_target`. ([@palkan][]).
 
-  See [#35](https://github.com/palkan/action_policy/issues/35).
+See [#35](https://github.com/palkan/action_policy/issues/35).
 
-  Implicit authorization target (defined by `implicit_authorization_target`) is used when no target specified for `authorize!` call.
+Implicit authorization target (defined by `implicit_authorization_target`) is used when no target specified for `authorize!` call.
 
-  For example, for Rails controllers integration it's just `controller_name.classify.safe_constantize`.
+For example, for Rails controllers integration it's just `controller_name.classify.safe_constantize`.
 
 - Consider `record#policy_name` when looking up for a policy class. ([@palkan][])
 
@@ -319,21 +349,21 @@ See [PR#118](https://github.com/palkan/action_policy/pull/118).
 
 - Add ability to disable per-thread cache and disable it in test env by default. ([@palkan][])
 
-  You can control per-thread cache by setting:
+You can control per-thread cache by setting:
 
-  ```ruby
-  ActionPolicy::PerThreadCache.enabled = true # or false
-  ```
+```ruby
+ActionPolicy::PerThreadCache.enabled = true # or false
+```
 
 ## 0.2.3 (2018-07-03)
 
 - [Fix [#16](https://github.com/palkan/action_policy/issues/16)] Add ability to disable namespace resolution cache. ([@palkan][])
 
-  We cache namespaced policy resolution for better performance (it could affect performance when we look up a policy from a deeply nested module context).
+We cache namespaced policy resolution for better performance (it could affect performance when we look up a policy from a deeply nested module context).
 
-  It could be disabled by setting `ActionPolicy::LookupChain.namespace_cache_enabled = false`. It's enabled by default unless `RACK_ENV` env var is specified and is not equal to `"production"` (e.g. when `RACK_ENV=test` the cache is disabled).
+It could be disabled by setting `ActionPolicy::LookupChain.namespace_cache_enabled = false`. It's enabled by default unless `RACK_ENV` env var is specified and is not equal to `"production"` (e.g. when `RACK_ENV=test` the cache is disabled).
 
-  When using Rails it's enabled only in production mode but could be configured through setting the `config.action_policy.namespace_cache_enabled` parameter.
+When using Rails it's enabled only in production mode but could be configured through setting the `config.action_policy.namespace_cache_enabled` parameter.
 
 - [Fix [#18](https://github.com/palkan/action_policy/issues/18)] Clarify documentation around, and fix the way `resolve_rule` resolves rules and rule aliases when subclasses are involved. ([@brendon][])
 
@@ -341,11 +371,10 @@ See [PR#118](https://github.com/palkan/action_policy/pull/118).
 
 - [Fix [#29](https://github.com/palkan/action_policy/issues/29)] Fix loading cache middleware. ([@palkan][])
 
-
 - Use `send` instead of `public_send` to get the `authorization_context` so that contexts such as
   `current_user` can be `private` in the controller. ([@brendon][])
 
-- Fix railtie initialisation for Rails < 5. ([@brendon][])
+- Fix railtie initialization for Rails < 5. ([@brendon][])
 
 ## 0.2.1 (yanked)
 
@@ -355,18 +384,18 @@ See [PR#118](https://github.com/palkan/action_policy/pull/118).
 
 - Add `reasons.details`. ([@palkan][])
 
-  ```ruby
-  rescue_from ActionPolicy::Unauthorized do |ex|
-    ex.result.reasons.details #=> { stage: [:show?] }
-  end
-  ```
+```ruby
+rescue_from ActionPolicy::Unauthorized do |ex|
+  ex.result.reasons.details #=> { stage: [:show?] }
+end
+```
 
 - Add `ExecutionResult`. ([@palkan][])
 
-  ExecutionResult contains all the rule application artifacts: the result (`true` / `false`),
-  failures reasons.
+ExecutionResult contains all the rule application artifacts: the result (`true` / `false`),
+failures reasons.
 
-  This value is now stored in a cache (if any) instead of just the call result (`true` / `false`).
+This value is now stored in a cache (if any) instead of just the call result (`true` / `false`).
 
 - Add `Policy.identifier`. ([@palkan][])