action_policy 0.7.4 → 0.7.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c2ca6d3ab4293001cc4b07e7fe5503a8c06a8b72684c0f7a9c4e7a4ef8a32c89
-  data.tar.gz: f1e726704611a3bc9ade5d3466fd64c4a5c9faddf5aa8338f3179ec4da2381e5
+  metadata.gz: d3680162e91000d7fb369fcfa17710f557c9a12435c5bf00c6fb367a5045b970
+  data.tar.gz: 000760f640032e5a0b44e9ea7918908a32c2568cefeffc747fa4ea45c46949bf
 SHA512:
-  metadata.gz: aa35a3efefa37fc64066a78899b9b03a2283e2458471425a2e7cc2bc0b4ff829e87beda744057866f661e37fc54f14d094ba0fc446ea155537042478109576a7
-  data.tar.gz: d90069b7a1b3bea22c2d5e6dd990231f1bf24f85fd50081a92a54bcd5c271faa42f40c9c526a8434abd793e6f4c928b5cb28d4dad3fbaeb2bf3701f67fd4fd21
+  metadata.gz: f03892d33e150921d3ec4bdfe1038b017301825474597037585c45e0f780affdfd72ed5171c577cee007af69a8542d4172cb8266526a97895b9c3461b4b2abb3
+  data.tar.gz: e5d9a4259d5dcd8cac8a0cab28b6d85f3aedc46050c51057aa9d458b4c0b8597428bed1a6c57473f3836500b1696cfb1f4a4c1aeac868c2771bb443dc59f10fa

data/CHANGELOG.md

@@ -2,13 +2,17 @@
 
 ## master
 
+## 0.7.5 (2025-05-09) 🎇
+
+- Ensure `result.value` is true or false. ([@palkan][])
+
 ## 0.7.4 (2025-03-12)
 
-- Let authorize! return the policy record ([@sedubois][])
+- Let authorize! return the policy record. ([@sedubois][])
 
-- Enable `allowance_to` as a helper method by default ([@stephannv][])
+- Enable `allowance_to` as a helper method by default. ([@stephannv][])
 
-- Allow the `:through` option of `authorize` to be passed a proc ([@brendon][])
+- Allow the `:through` option of `authorize` to be passed a Proc. ([@brendon][])
 
 ## 0.7.3 (2024-12-18)
 

data/lib/.rbnext/3.0/action_policy/behaviours/policy_for.rb

@@ -61,7 +61,7 @@ module ActionPolicy
 
       def policy_for_cache_key(record:, with: nil, namespace: nil, context: authorization_context, **__kwrest__)
         record_key = record._policy_cache_key(use_object_id: true)
-        context_key = context.values.map { _1._policy_cache_key(use_object_id: true) }.join(".")
+        context_key = context.values.map { it = _1;it._policy_cache_key(use_object_id: true) }.join(".")
 
         "#{namespace}/#{with}/#{context_key}/#{record_key}"
       end

data/lib/.rbnext/3.0/action_policy/policy/cache.rb

@@ -29,7 +29,7 @@ module ActionPolicy # :nodoc:
         [
           cache_namespace,
           *parts
-        ].map { _1._policy_cache_key }.join("/")
+        ].map { it = _1;it._policy_cache_key }.join("/")
       end
 
       def rule_cache_key(rule)

data/lib/.rbnext/3.0/action_policy/policy/execution_result.rb

@@ -16,7 +16,7 @@ module ActionPolicy
 
       # Populate the final value
       def load(value)
-        @value = value
+        @value = !!value
       end
 
       def success?() ;  @value == true; end

data/lib/.rbnext/3.0/action_policy/policy/pre_check.rb

@@ -125,7 +125,7 @@ module ActionPolicy
         def pre_check(*names, **options)
           names.each do |name|
             # do not allow pre-check override
-            check = pre_checks.find { _1.name == name }
+            check = pre_checks.find { it = _1;it.name == name }
             raise "Pre-check already defined: #{name}" unless check.nil?
 
             pre_checks << Check.new(self, name, **options)
@@ -134,14 +134,14 @@ module ActionPolicy
 
         def skip_pre_check(*names, **options)
           names.each do |name|
-            check = pre_checks.find { _1.name == name }
+            check = pre_checks.find { it = _1;it.name == name }
             raise "Pre-check not found: #{name}" if check.nil?
 
             # when no options provided we remove this check completely
             next pre_checks.delete(check) if options.empty?
 
             # otherwise duplicate and apply skip options
-            pre_checks[pre_checks.index(check)] = check.dup.tap { _1.skip!(**options) }
+            pre_checks[pre_checks.index(check)] = check.dup.tap { it = _1;it.skip!(**options) }
           end
         end
 

data/lib/.rbnext/3.0/action_policy/rspec/be_authorized_to.rb

@@ -51,7 +51,7 @@ module ActionPolicy
 
         @actual_calls = ActionPolicy::Testing::AuthorizeTracker.calls
 
-        actual_calls.any? { _1.matches?(policy, rule, target, context) }
+        actual_calls.any? { it = _1;it.matches?(policy, rule, target, context) }
       end
 
       def does_not_match?(*__rest__)
@@ -78,7 +78,7 @@ module ActionPolicy
 
       def formatted_calls
         actual_calls.map do
-          " - #{_1.inspect}"
+          it = _1;" - #{it.inspect}"
         end.join("\n")
       end
 

data/lib/.rbnext/3.0/action_policy/rspec/have_authorized_scope.rb

@@ -61,7 +61,7 @@ module ActionPolicy
 
         @actual_scopes = ActionPolicy::Testing::AuthorizeTracker.scopings
 
-        matching_scopes = actual_scopes.select { _1.matches?(policy, type, name, scope_options, context) }
+        matching_scopes = actual_scopes.select { it = _1;it.matches?(policy, type, name, scope_options, context) }
 
         return false if matching_scopes.empty?
 
@@ -114,7 +114,7 @@ module ActionPolicy
 
       def formatted_scopings
         actual_scopes.map do
-          " - #{_1.inspect}"
+          it = _1;" - #{it.inspect}"
         end.join("\n")
       end
     end

data/lib/.rbnext/3.0/action_policy/utils/pretty_print.rb

@@ -119,7 +119,7 @@ module ActionPolicy
 
       # Some lines should not be evaled
       def ignore_exp?(exp)
-        PrettyPrint.ignore_expressions.any? { exp.match?(_1) }
+        PrettyPrint.ignore_expressions.any? { it = _1;exp.match?(it) }
       end
     end
 

data/lib/.rbnext/3.1/action_policy/behaviours/policy_for.rb

@@ -61,7 +61,7 @@ module ActionPolicy
 
       def policy_for_cache_key(record:, with: nil, namespace: nil, context: authorization_context, **__kwrest__)
         record_key = record._policy_cache_key(use_object_id: true)
-        context_key = context.values.map { _1._policy_cache_key(use_object_id: true) }.join(".")
+        context_key = context.values.map { it = _1;it._policy_cache_key(use_object_id: true) }.join(".")
 
         "#{namespace}/#{with}/#{context_key}/#{record_key}"
       end

data/lib/.rbnext/3.2/action_policy/behaviours/policy_for.rb

@@ -61,7 +61,7 @@ module ActionPolicy
 
       def policy_for_cache_key(record:, with: nil, namespace: nil, context: authorization_context, **__kwrest__)
         record_key = record._policy_cache_key(use_object_id: true)
-        context_key = context.values.map { _1._policy_cache_key(use_object_id: true) }.join(".")
+        context_key = context.values.map { it = _1;it._policy_cache_key(use_object_id: true) }.join(".")
 
         "#{namespace}/#{with}/#{context_key}/#{record_key}"
       end

data/lib/.rbnext/3.2/action_policy/rspec/be_authorized_to.rb

@@ -51,7 +51,7 @@ module ActionPolicy
 
         @actual_calls = ActionPolicy::Testing::AuthorizeTracker.calls
 
-        actual_calls.any? { _1.matches?(policy, rule, target, context) }
+        actual_calls.any? { it = _1;it.matches?(policy, rule, target, context) }
       end
 
       def does_not_match?(*__rest__)
@@ -78,7 +78,7 @@ module ActionPolicy
 
       def formatted_calls
         actual_calls.map do
-          " - #{_1.inspect}"
+          it = _1;" - #{it.inspect}"
         end.join("\n")
       end
 

data/lib/.rbnext/3.2/action_policy/rspec/have_authorized_scope.rb

@@ -61,7 +61,7 @@ module ActionPolicy
 
         @actual_scopes = ActionPolicy::Testing::AuthorizeTracker.scopings
 
-        matching_scopes = actual_scopes.select { _1.matches?(policy, type, name, scope_options, context) }
+        matching_scopes = actual_scopes.select { it = _1;it.matches?(policy, type, name, scope_options, context) }
 
         return false if matching_scopes.empty?
 
@@ -114,7 +114,7 @@ module ActionPolicy
 
       def formatted_scopings
         actual_scopes.map do
-          " - #{_1.inspect}"
+          it = _1;" - #{it.inspect}"
         end.join("\n")
       end
     end

data/lib/.rbnext/3.4/action_policy/behaviours/policy_for.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Behaviours
+    # Adds `policy_for` method
+    module PolicyFor
+      require "action_policy/ext/policy_cache_key"
+      using ActionPolicy::Ext::PolicyCacheKey
+
+      # Returns policy instance for the record.
+      def policy_for(record:, with: nil, namespace: authorization_namespace, context: nil, allow_nil: false, default: default_authorization_policy_class, strict_namespace: authorization_strict_namespace)
+        context = context ? build_authorization_context.merge(context) : authorization_context
+
+        policy_class = with || ::ActionPolicy.lookup(
+          record,
+          namespace:, context:, allow_nil:, default:, strict_namespace:
+        )
+        policy_class&.new(record, **context)
+      end
+
+      def authorization_context = @authorization_context ||= build_authorization_context
+
+      def build_authorization_context
+        Kernel.raise NotImplementedError, "Please, define `build_authorization_context` method!"
+      end
+
+      def authorization_namespace
+        # override to provide specific authorization namespace
+      end
+
+      def default_authorization_policy_class
+        # override to provide a policy class use when no policy found
+      end
+
+      def authorization_strict_namespace
+        # override to provide strict namespace lookup option
+      end
+
+      # Override this method to provide implicit authorization target
+      # that would be used in case `record` is not specified in
+      # `authorize!` and `allowed_to?` call.
+      #
+      # It is also used to infer a policy for scoping (in `authorized_scope` method).
+      def implicit_authorization_target
+        # no-op
+      end
+
+      # Return implicit authorization target or raises an exception if it's nil
+      def implicit_authorization_target!
+        implicit_authorization_target || Kernel.raise(
+          NotFound,
+          [
+            self,
+            "Couldn't find implicit authorization target " \
+            "for #{self.class}. " \
+            "Please, provide policy class explicitly using `with` option or " \
+            "define the `implicit_authorization_target` method."
+          ]
+        )
+      end
+
+      def policy_for_cache_key(record:, with: nil, namespace: nil, context: authorization_context, **)
+        record_key = record._policy_cache_key(use_object_id: true)
+        context_key = context.values.map { it = _1;it._policy_cache_key(use_object_id: true) }.join(".")
+
+        "#{namespace}/#{with}/#{context_key}/#{record_key}"
+      end
+    end
+  end
+end

data/lib/.rbnext/3.4/action_policy/i18n.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module I18n # :nodoc:
+    DEFAULT_UNAUTHORIZED_MESSAGE = "You are not authorized to perform this action"
+
+    class << self
+      def full_message(policy_class, rule, details = nil)
+        candidates = candidates_for(policy_class, rule)
+
+        options = {scope: :action_policy}
+        options.merge!(details) unless details.nil?
+
+        ::I18n.t(
+          candidates.shift,
+          default: candidates,
+          **options
+        )
+      end
+
+      private
+
+      def candidates_for(policy_class, rule)
+        policy_hierarchy = policy_class.ancestors.select { it = _1;it.respond_to?(:identifier) }
+        [
+          *policy_hierarchy.map { |klass| :"policy.#{klass.identifier}.#{rule}" },
+          :"policy.#{rule}",
+          :unauthorized,
+          DEFAULT_UNAUTHORIZED_MESSAGE
+        ]
+      end
+    end
+
+    ActionPolicy::Policy::FailureReasons.prepend(Module.new do
+      def full_messages
+        reasons.flat_map do |policy_klass, rules|
+          rules.flat_map do |rule|
+            if rule.is_a?(::Hash)
+              rule.map do |key, details|
+                ActionPolicy::I18n.full_message(policy_klass, key, details)
+              end
+            else
+              ActionPolicy::I18n.full_message(policy_klass, rule)
+            end
+          end
+        end
+      end
+    end)
+
+    ActionPolicy::Policy::ExecutionResult.prepend(Module.new do
+      def message
+        ActionPolicy::I18n.full_message(policy, rule, details)
+      end
+    end)
+  end
+end

data/lib/.rbnext/3.4/action_policy/policy/cache.rb

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+require "action_policy/version"
+
+module ActionPolicy # :nodoc:
+  using RubyNext
+
+  # By default cache namespace (or prefix) contains major and minor version of the gem
+  CACHE_NAMESPACE = "acp:#{ActionPolicy::VERSION.split(".").take(2).join(".")}"
+
+  require "action_policy/ext/policy_cache_key"
+
+  using ActionPolicy::Ext::PolicyCacheKey
+
+  module Policy
+    # Provides long-lived cache through ActionPolicy.cache_store.
+    #
+    # NOTE: if cache_store is nil then we silently skip all the caching.
+    module Cache
+      class << self
+        def included(base)
+          base.extend ClassMethods
+        end
+      end
+
+      def cache_namespace() = ActionPolicy::CACHE_NAMESPACE
+
+      def cache_key(*parts)
+        [
+          cache_namespace,
+          *parts
+        ].map { it = _1;it._policy_cache_key }.join("/")
+      end
+
+      def rule_cache_key(rule)
+        cache_key(
+          context_cache_key,
+          record,
+          self.class,
+          rule
+        )
+      end
+
+      def context_cache_key
+        authorization_context.map { _2._policy_cache_key.to_s }.join("/")
+      end
+
+      def apply_with_cache(rule)
+        options = self.class.cached_rules.fetch(rule)
+        key = rule_cache_key(rule)
+
+        ActionPolicy.cache_store.then do |store|
+          result = store.read(key)
+          unless result.nil?
+            result.cached!
+            next result
+          end
+          yield.tap do |result|
+            store.write(key, result, options)
+          end
+        end
+      end
+
+      def apply_r(rule)
+        return super if ActionPolicy.cache_store.nil? ||
+          !self.class.cached_rules.key?(rule)
+
+        apply_with_cache(rule) { super }
+      end
+
+      def cache(*parts, **options)
+        key = cache_key(*parts)
+        ActionPolicy.cache_store.then do |store|
+          res = store.read(key)
+          next res unless res.nil?
+          res = yield
+          store.write(key, res, options)
+          res
+        end
+      end
+
+      module ClassMethods # :nodoc:
+        def cache(*rules, **options)
+          rules.each do |rule|
+            cached_rules[rule] = options
+          end
+        end
+
+        def cached_rules
+          return @cached_rules if instance_variable_defined?(:@cached_rules)
+
+          @cached_rules = if superclass.respond_to?(:cached_rules)
+            superclass.cached_rules.dup
+          else
+            {}
+          end
+        end
+      end
+    end
+  end
+end

data/lib/.rbnext/3.4/action_policy/policy/pre_check.rb

@@ -0,0 +1,160 @@
+# frozen_string_literal: true
+
+module ActionPolicy
+  module Policy
+    # Adds callback-style checks to policies to
+    # extract common checks from rules.
+    #
+    #    class ApplicationPolicy < ActionPolicy::Base
+    #      authorize :user
+    #      pre_check :allow_admins
+    #
+    #      private
+    #        # Allow every action for admins
+    #        def allow_admins
+    #          allow! if user.admin?
+    #        end
+    #    end
+    #
+    # You can specify conditional pre-checks (through `except` / `only`) options
+    # and skip already defined pre-checks if necessary.
+    #
+    #    class UserPolicy < ApplicationPolicy
+    #      skip_pre_check :allow_admins, only: :destroy?
+    #
+    #      def destroy?
+    #        user.admin? && !record.admin?
+    #      end
+    #    end
+    module PreCheck
+      # Single pre-check instance.
+      #
+      # Implements filtering logic.
+      class Check
+        attr_reader :name, :policy_class
+
+        def initialize(policy, name, except: nil, only: nil)
+          if !except.nil? && !only.nil?
+            raise ArgumentError,
+              "Only one of `except` and `only` may be specified for pre-check"
+          end
+
+          @policy_class = policy
+          @name = name
+          @blacklist = Array(except) unless except.nil?
+          @whitelist = Array(only) unless only.nil?
+
+          rebuild_filter
+        end
+
+        def applicable?(rule)
+          return true if filter.nil?
+          filter.call(rule)
+        end
+
+        def call(policy) = policy.send(name)
+
+        def skip!(except: nil, only: nil)
+          if !except.nil? && !only.nil?
+            raise ArgumentError,
+              "Only one of `except` and `only` may be specified when skipping pre-check"
+          end
+
+          if except.nil? && only.nil?
+            raise ArgumentError,
+              "At least one of `except` and `only` must be specified when skipping pre-check"
+          end
+
+          if except
+            @whitelist = Array(except)
+            @whitelist -= blacklist if blacklist
+            @blacklist = nil
+          else
+            # only
+            @blacklist += Array(only) if blacklist
+            @whitelist -= Array(only) if whitelist
+            @blacklist = Array(only) if filter.nil?
+          end
+
+          rebuild_filter
+        end
+
+        def dup
+          self.class.new(
+            policy_class,
+            name,
+            except: blacklist&.dup,
+            only: whitelist&.dup
+          )
+        end
+
+        private
+
+        attr_reader :whitelist, :blacklist, :filter
+
+        def rebuild_filter
+          @filter =
+            if whitelist
+              proc { |rule| whitelist.include?(rule) }
+            elsif blacklist
+              proc { |rule| !blacklist.include?(rule) }
+            end
+        end
+      end
+
+      class << self
+        def included(base)
+          base.extend ClassMethods
+        end
+      end
+
+      def run_pre_checks(rule)
+        self.class.pre_checks.each do |check|
+          next unless check.applicable?(rule)
+          check.call(self)
+        end
+
+        yield if block_given?
+      end
+
+      def __apply__(rule)
+        run_pre_checks(rule) { super }
+      end
+
+      module ClassMethods # :nodoc:
+        def pre_check(*names, **options)
+          names.each do |name|
+            # do not allow pre-check override
+            check = pre_checks.find { it = _1;it.name == name }
+            raise "Pre-check already defined: #{name}" unless check.nil?
+
+            pre_checks << Check.new(self, name, **options)
+          end
+        end
+
+        def skip_pre_check(*names, **options)
+          names.each do |name|
+            check = pre_checks.find { it = _1;it.name == name }
+            raise "Pre-check not found: #{name}" if check.nil?
+
+            # when no options provided we remove this check completely
+            next pre_checks.delete(check) if options.empty?
+
+            # otherwise duplicate and apply skip options
+            pre_checks[pre_checks.index(check)] = check.dup.tap { it = _1;it.skip!(**options) }
+          end
+        end
+
+        def pre_checks
+          return @pre_checks if instance_variable_defined?(:@pre_checks)
+
+          @pre_checks = if superclass.respond_to?(:pre_checks)
+            superclass.pre_checks.dup
+          else
+            []
+          end
+        end
+      end
+    end
+  end
+end

data/lib/.rbnext/3.4/action_policy/rspec/be_authorized_to.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+require "action_policy/testing"
+
+module ActionPolicy
+  module RSpec
+    # Authorization matcher `be_authorized_to`.
+    #
+    # Verifies that a block of code has been authorized using specific policy.
+    #
+    # Example:
+    #
+    #   # in controller/request specs
+    #   subject { patch :update, id: product.id }
+    #
+    #   it "is authorized" do
+    #     expect { subject }
+    #       .to be_authorized_to(:manage?, product)
+    #       .with(ProductPolicy)
+    #   end
+    #
+    class BeAuthorizedTo < ::RSpec::Matchers::BuiltIn::BaseMatcher
+      attr_reader :rule, :target, :policy, :actual_calls, :context
+
+      def initialize(rule, target)
+        @rule = rule
+        @target = target
+      end
+
+      def with(policy)
+        @policy = policy
+        self
+      end
+
+      def with_context(context)
+        @context = context
+        self
+      end
+
+      def match(_expected, actual)
+        raise "This matcher only supports block expectations" unless actual.is_a?(Proc)
+
+        @policy ||= ::ActionPolicy.lookup(target)
+        @context ||= nil
+
+        begin
+          ActionPolicy::Testing::AuthorizeTracker.tracking { actual.call }
+        rescue ActionPolicy::Unauthorized
+          # we don't want to care about authorization result
+        end
+
+        @actual_calls = ActionPolicy::Testing::AuthorizeTracker.calls
+
+        actual_calls.any? { it = _1;it.matches?(policy, rule, target, context) }
+      end
+
+      def does_not_match?(*)
+        raise "This matcher doesn't support negation"
+      end
+
+      def supports_block_expectations?() = true
+
+      def failure_message
+        "expected #{formatted_record} " \
+        "to be authorized with #{policy}##{rule}, " \
+        "#{context ? "and context #{context.inspect}, " : ""}" \
+        "but #{actual_calls_message}"
+      end
+
+      def actual_calls_message
+        if actual_calls.empty?
+          "no authorization calls have been made"
+        else
+          "the following calls were encountered:\n" \
+          "#{formatted_calls}"
+        end
+      end
+
+      def formatted_calls
+        actual_calls.map do
+          it = _1;" - #{it.inspect}"
+        end.join("\n")
+      end
+
+      def formatted_record(record = target) = ::RSpec::Support::ObjectFormatter.format(record)
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include(Module.new do
+    def be_authorized_to(rule, target)
+      ActionPolicy::RSpec::BeAuthorizedTo.new(rule, target)
+    end
+  end)
+end

data/lib/.rbnext/3.4/action_policy/rspec/have_authorized_scope.rb

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+
+require "action_policy/testing"
+
+module ActionPolicy
+  module RSpec
+    # Implements `have_authorized_scope` matcher.
+    #
+    # Verifies that a block of code applies authorization scoping using specific policy.
+    #
+    # Example:
+    #
+    #   # in controller/request specs
+    #   subject { get :index }
+    #
+    #   it "has authorized scope" do
+    #     expect { subject }
+    #       .to have_authorized_scope(:active_record_relation)
+    #       .with(ProductPolicy)
+    #   end
+    #
+    class HaveAuthorizedScope < ::RSpec::Matchers::BuiltIn::BaseMatcher
+      attr_reader :type, :name, :policy, :scope_options, :actual_scopes,
+        :target_expectations, :context
+
+      def initialize(type)
+        @type = type
+        @name = :default
+        @scope_options = nil
+      end
+
+      def with(policy)
+        @policy = policy
+        self
+      end
+
+      def as(name)
+        @name = name
+        self
+      end
+
+      def with_scope_options(scope_options)
+        @scope_options = scope_options
+        self
+      end
+
+      def with_target(&block)
+        @target_expectations = block
+        self
+      end
+
+      def with_context(context)
+        @context = context
+        self
+      end
+
+      def match(_expected, actual)
+        raise "This matcher only supports block expectations" unless actual.is_a?(Proc)
+
+        ActionPolicy::Testing::AuthorizeTracker.tracking { actual.call }
+
+        @actual_scopes = ActionPolicy::Testing::AuthorizeTracker.scopings
+
+        matching_scopes = actual_scopes.select { it = _1;it.matches?(policy, type, name, scope_options, context) }
+
+        return false if matching_scopes.empty?
+
+        return true unless target_expectations
+
+        if matching_scopes.size > 1
+          raise "Too many matching scopings (#{matching_scopes.size}), " \
+                "you can run `.with_target` only when there is the only one match"
+        end
+
+        target_expectations.call(matching_scopes.first.target)
+        true
+      end
+
+      def does_not_match?(*)
+        raise "This matcher doesn't support negation"
+      end
+
+      def supports_block_expectations?() = true
+
+      def failure_message
+        "expected a scoping named :#{name} for type :#{type} " \
+        "#{scope_options_message} " \
+        "#{context ? "and context #{context.inspect} " : ""}" \
+        "from #{policy} to have been applied, " \
+        "but #{actual_scopes_message}"
+      end
+
+      def scope_options_message
+        if scope_options
+          if defined?(::RSpec::Matchers::Composable) &&
+              scope_options.is_a?(::RSpec::Matchers::Composable)
+            "with scope options #{scope_options.description}"
+          else
+            "with scope options #{scope_options}"
+          end
+        else
+          "without scope options"
+        end
+      end
+
+      def actual_scopes_message
+        if actual_scopes.empty?
+          "no scopings have been made"
+        else
+          "the following scopings were encountered:\n" \
+          "#{formatted_scopings}"
+        end
+      end
+
+      def formatted_scopings
+        actual_scopes.map do
+          it = _1;" - #{it.inspect}"
+        end.join("\n")
+      end
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include(Module.new do
+    def have_authorized_scope(type)
+      ActionPolicy::RSpec::HaveAuthorizedScope.new(type)
+    end
+  end)
+end

data/lib/.rbnext/3.4/action_policy/utils/pretty_print.rb

@@ -0,0 +1,155 @@
+# frozen_string_literal: true
+
+old_verbose = $VERBOSE
+
+begin
+  require "method_source"
+  # Ignore parse warnings when patch
+  # Ruby version mismatches
+  $VERBOSE = nil
+  require "prism"
+rescue LoadError
+  # do nothing
+ensure
+  $VERBOSE = old_verbose
+end
+
+module ActionPolicy
+  using RubyNext
+
+  # Takes the object and a method name,
+  # and returns the "annotated" source code for the method:
+  # code is split into parts by logical operators and each
+  # part is evaluated separately.
+  #
+  # Example:
+  #
+  #  class MyClass
+  #    def access?
+  #      admin? && access_feed?
+  #    end
+  #  end
+  #
+  #  puts PrettyPrint.format_method(MyClass.new, :access?)
+  #
+  #  #=> MyClass#access?
+  #  #=> ↳ admin? #=> false
+  #  #=> AND
+  #  #=> access_feed? #=> true
+  module PrettyPrint
+    TRUE = "\e[32mtrue\e[0m"
+    FALSE = "\e[31mfalse\e[0m"
+
+    class Visitor
+      attr_reader :lines, :object, :source
+      attr_accessor :indent
+
+      def initialize(object)
+        @object = object
+      end
+
+      def collect(ast)
+        @lines = []
+        @indent = 0
+        @source = ast.source.source
+        ast = ast.value.child_nodes[0].child_nodes[0].body
+
+        visit_node(ast)
+
+        lines.join("\n")
+      end
+
+      def visit_node(ast)
+        if respond_to?("visit_#{ast.type}")
+          send("visit_#{ast.type}", ast)
+        else
+          visit_missing ast
+        end
+      end
+
+      def expression_with_result(sexp)
+        expression = source[sexp.location.start_offset...sexp.location.end_offset]
+        "#{expression} #=> #{PrettyPrint.colorize(eval_exp(expression))}"
+      end
+
+      def eval_exp(exp)
+        return "<skipped>" if ignore_exp?(exp)
+        object.instance_eval(exp)
+      rescue => e
+        "Failed: #{e.message}"
+      end
+
+      def visit_and_node(ast)
+        visit_node(ast.left)
+        lines << indented("AND")
+        visit_node(ast.right)
+      end
+
+      def visit_or_node(ast)
+        visit_node(ast.left)
+        lines << indented("OR")
+        visit_node(ast.right)
+      end
+
+      def visit_statements_node(ast)
+        ast.child_nodes.each do |node|
+          visit_node(node)
+          # restore indent after each expression
+          self.indent -= 2
+        end
+      end
+
+      def visit_parentheses_node(ast)
+        lines << indented("(")
+        self.indent += 2
+        visit_node(ast.child_nodes[0])
+        lines << indented(")")
+      end
+
+      def visit_missing(ast)
+        lines << indented(expression_with_result(ast))
+      end
+
+      def indented(str)
+        "#{indent.zero? ? "↳ " : ""}#{" " * indent}#{str}".tap do
+          # increase indent after the first expression
+          self.indent += 2 if indent.zero?
+        end
+      end
+
+      # Some lines should not be evaled
+      def ignore_exp?(exp)
+        PrettyPrint.ignore_expressions.any? { it = _1;exp.match?(it) }
+      end
+    end
+
+    class << self
+      attr_accessor :ignore_expressions
+
+      if defined?(::Prism) && defined?(::MethodSource)
+        def available?() = true
+
+        def print_method(object, method_name)
+          ast = Prism.parse(object.method(method_name).source)
+
+          Visitor.new(object).collect(ast)
+        end
+      else
+        def available?() = false
+
+        def print_method(_, _) = ""
+      end
+
+      def colorize(val)
+        return val unless $stdout.isatty
+        return TRUE if val.eql?(true) # rubocop:disable Lint/DeprecatedConstants
+        return FALSE if val.eql?(false) # rubocop:disable Lint/DeprecatedConstants
+        val
+      end
+    end
+
+    self.ignore_expressions = [
+      /^\s*binding\.(pry|irb)\s*$/s
+    ]
+  end
+end

data/lib/action_policy/behaviours/policy_for.rb

@@ -61,7 +61,7 @@ module ActionPolicy
 
       def policy_for_cache_key(record:, with: nil, namespace: nil, context: authorization_context, **)
         record_key = record._policy_cache_key(use_object_id: true)
-        context_key = context.values.map { _1._policy_cache_key(use_object_id: true) }.join(".")
+        context_key = context.values.map { it._policy_cache_key(use_object_id: true) }.join(".")
 
         "#{namespace}/#{with}/#{context_key}/#{record_key}"
       end

data/lib/action_policy/i18n.rb

@@ -21,7 +21,7 @@ module ActionPolicy
       private
 
       def candidates_for(policy_class, rule)
-        policy_hierarchy = policy_class.ancestors.select { _1.respond_to?(:identifier) }
+        policy_hierarchy = policy_class.ancestors.select { it.respond_to?(:identifier) }
         [
           *policy_hierarchy.map { |klass| :"policy.#{klass.identifier}.#{rule}" },
           :"policy.#{rule}",

data/lib/action_policy/policy/cache.rb

@@ -29,7 +29,7 @@ module ActionPolicy # :nodoc:
         [
           cache_namespace,
           *parts
-        ].map { _1._policy_cache_key }.join("/")
+        ].map { it._policy_cache_key }.join("/")
       end
 
       def rule_cache_key(rule)

data/lib/action_policy/policy/execution_result.rb

@@ -16,7 +16,7 @@ module ActionPolicy
 
       # Populate the final value
       def load(value)
-        @value = value
+        @value = !!value
       end
 
       def success?() = @value == true

data/lib/action_policy/policy/pre_check.rb

@@ -125,7 +125,7 @@ module ActionPolicy
         def pre_check(*names, **options)
           names.each do |name|
             # do not allow pre-check override
-            check = pre_checks.find { _1.name == name }
+            check = pre_checks.find { it.name == name }
             raise "Pre-check already defined: #{name}" unless check.nil?
 
             pre_checks << Check.new(self, name, **options)
@@ -134,14 +134,14 @@ module ActionPolicy
 
         def skip_pre_check(*names, **options)
           names.each do |name|
-            check = pre_checks.find { _1.name == name }
+            check = pre_checks.find { it.name == name }
             raise "Pre-check not found: #{name}" if check.nil?
 
             # when no options provided we remove this check completely
             next pre_checks.delete(check) if options.empty?
 
             # otherwise duplicate and apply skip options
-            pre_checks[pre_checks.index(check)] = check.dup.tap { _1.skip!(**options) }
+            pre_checks[pre_checks.index(check)] = check.dup.tap { it.skip!(**options) }
           end
         end
 

data/lib/action_policy/rspec/be_authorized_to.rb

@@ -51,7 +51,7 @@ module ActionPolicy
 
         @actual_calls = ActionPolicy::Testing::AuthorizeTracker.calls
 
-        actual_calls.any? { _1.matches?(policy, rule, target, context) }
+        actual_calls.any? { it.matches?(policy, rule, target, context) }
       end
 
       def does_not_match?(*)
@@ -78,7 +78,7 @@ module ActionPolicy
 
       def formatted_calls
         actual_calls.map do
-          " - #{_1.inspect}"
+          " - #{it.inspect}"
         end.join("\n")
       end
 

data/lib/action_policy/rspec/have_authorized_scope.rb

@@ -61,7 +61,7 @@ module ActionPolicy
 
         @actual_scopes = ActionPolicy::Testing::AuthorizeTracker.scopings
 
-        matching_scopes = actual_scopes.select { _1.matches?(policy, type, name, scope_options, context) }
+        matching_scopes = actual_scopes.select { it.matches?(policy, type, name, scope_options, context) }
 
         return false if matching_scopes.empty?
 
@@ -114,7 +114,7 @@ module ActionPolicy
 
       def formatted_scopings
         actual_scopes.map do
-          " - #{_1.inspect}"
+          " - #{it.inspect}"
         end.join("\n")
       end
     end

data/lib/action_policy/utils/pretty_print.rb

@@ -119,7 +119,7 @@ module ActionPolicy
 
       # Some lines should not be evaled
       def ignore_exp?(exp)
-        PrettyPrint.ignore_expressions.any? { exp.match?(_1) }
+        PrettyPrint.ignore_expressions.any? { exp.match?(it) }
       end
     end
 

data/lib/action_policy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ActionPolicy
-  VERSION = "0.7.4"
+  VERSION = "0.7.5"
 end

data/lib/ruby_lsp/action_policy/addon.rb

@@ -0,0 +1,170 @@
+# frozen_string_literal: true
+
+# From https://gist.github.com/skryukov/35539d57b51f38235faaace2c1a2c1a1
+
+require "active_support/inflector"
+
+module RubyLsp
+  module ActionPolicy
+    class Addon < ::RubyLsp::Addon
+      def name
+        "ActionPolicy"
+      end
+
+      def activate(global_state, outgoing_queue)
+        require "action_policy"
+        warn "[ActionPolicy] Activating Ruby LSP addon v#{::ActionPolicy::VERSION}"
+      end
+
+      def deactivate
+      end
+
+      def create_definition_listener(response_builder, node_context, uri, dispatcher)
+        Definition.new(response_builder, node_context, uri, dispatcher)
+      end
+    end
+
+    class Definition
+      include Requests::Support::Common
+      include ActiveSupport::Inflector
+
+      POLICY_SUPERCLASSES = ["ApplicationPolicy", "ActionPolicy::Base"].freeze
+
+      def initialize(response_builder, uri, node_context, dispatcher)
+        @response_builder = response_builder
+        @node_context = node_context
+        @uri = uri
+        @path = uri.to_standardized_path
+        @policy_rules_cache = {}
+
+        dispatcher.register(self, :on_symbol_node_enter)
+      end
+
+      def on_symbol_node_enter(node)
+        return unless in_authorize_call?
+
+        target = @node_context.call_node
+        # authorization target is the first argument (if explicit)
+        policy_class = find_policy_class(target.arguments&.child_node&.first)
+        return unless policy_class
+
+        policy_path = find_policy_file(policy_class)
+        return unless policy_path
+
+        ensure_policy_rules_cached(policy_path)
+        add_definition(policy_path, node.value)
+      end
+
+      private
+
+      def in_authorize_call?
+        call = @node_context.call_node
+        call.is_a?(Prism::CallNode) && call.message == "authorize!"
+      end
+
+      def find_policy_class(target)
+        content = File.read(@path)
+        document = Prism.parse(content)
+        class_node = find_containing_class(document.value)
+        return derive_policy_from_target(target) unless class_node
+
+        class_name = class_node.constant_path.slice
+        return unless class_name.end_with?("Controller", "Channel")
+
+        resource_name = class_name
+          .delete_suffix("Controller")
+          .delete_suffix("Channel")
+          .singularize
+        "#{resource_name}Policy"
+      end
+
+      def find_containing_class(root)
+        return unless root.respond_to?(:statements)
+
+        root.statements.body.find do |node|
+          node.is_a?(Prism::ClassNode) &&
+            node.constant_path.slice.end_with?("Controller", "Channel")
+        end
+      end
+
+      def derive_policy_from_target(target)
+        target_name = case target
+        when Prism::InstanceVariableReadNode
+          target.name.to_s[1..].classify
+        when Prism::ConstantReadNode
+          target.name.to_s
+        when NilClass
+          return
+        else
+          target.slice
+        end
+
+        target_name.end_with?("Policy") ? target_name : "#{target_name}Policy"
+      end
+
+      def find_policy_file(policy_class)
+        file_path = policy_class.gsub(/([a-z])([A-Z])/, "\\1_\\2").downcase
+        root_path = Dir.pwd
+
+        [
+          File.join(root_path, "app/policies/#{file_path}.rb"),
+          File.join(root_path, "app/policies/#{file_path}_policy.rb"),
+          *Dir.glob(File.join(root_path, "app/policies/**/#{file_path}.rb")),
+          *Dir.glob(File.join(root_path, "app/policies/**/#{file_path}_policy.rb"))
+        ].find { |path| File.exist?(path) }
+      end
+
+      def ensure_policy_rules_cached(policy_path)
+        return if @policy_rules_cache[policy_path]
+
+        content = File.read(policy_path)
+        document = Prism.parse(content)
+
+        document.value.statements.body.each do |stmt|
+          if stmt.is_a?(Prism::ClassNode)
+            @policy_rules_cache[policy_path] = extract_rules(stmt)
+            break
+          end
+        end
+      end
+
+      def extract_rules(node)
+        return {} unless node.body
+
+        rules = {}
+        private_section = false
+
+        node.body.child_nodes.each do |stmt|
+          case stmt
+          when Prism::CallNode
+            if stmt.message == "private"
+              private_section = true
+            elsif stmt.message == "alias_rule" && stmt.arguments&.arguments
+              stmt.arguments.arguments
+                .select { |arg| arg.is_a?(Prism::SymbolNode) }
+                .each { |arg| rules[arg.value] ||= stmt.location.start_line }
+            end
+          when Prism::DefNode
+            next if private_section
+            rules[stmt.name.to_s] = stmt.location.start_line
+          end
+        end
+        rules
+      end
+
+      def add_definition(policy_path, action)
+        rules = @policy_rules_cache[policy_path]
+        line_number = rules&.[](action.to_s)
+        return unless line_number
+
+        @response_builder << Interface::Location.new(
+          uri: URI::Generic.from_path(path: policy_path).to_s,
+          range: Interface::Range.new(
+            start: Interface::Position.new(line: line_number - 1, character: 0),
+            end: Interface::Position.new(line: line_number - 1, character: 0)
+          )
+        )
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: action_policy
 version: !ruby/object:Gem::Version
-  version: 0.7.4
+  version: 0.7.5
 platform: ruby
 authors:
 - Vladimir Dementyev
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-03-12 00:00:00.000000000 Z
+date: 2025-05-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ruby-next-core
@@ -162,6 +162,13 @@ files:
 - lib/.rbnext/3.2/action_policy/rspec/be_authorized_to.rb
 - lib/.rbnext/3.2/action_policy/rspec/have_authorized_scope.rb
 - lib/.rbnext/3.2/action_policy/utils/suggest_message.rb
+- lib/.rbnext/3.4/action_policy/behaviours/policy_for.rb
+- lib/.rbnext/3.4/action_policy/i18n.rb
+- lib/.rbnext/3.4/action_policy/policy/cache.rb
+- lib/.rbnext/3.4/action_policy/policy/pre_check.rb
+- lib/.rbnext/3.4/action_policy/rspec/be_authorized_to.rb
+- lib/.rbnext/3.4/action_policy/rspec/have_authorized_scope.rb
+- lib/.rbnext/3.4/action_policy/utils/pretty_print.rb
 - lib/action_policy.rb
 - lib/action_policy/authorizer.rb
 - lib/action_policy/base.rb
@@ -218,6 +225,7 @@ files:
 - lib/generators/rspec/templates/policy_spec.rb.tt
 - lib/generators/test_unit/policy_generator.rb
 - lib/generators/test_unit/templates/policy_test.rb.tt
+- lib/ruby_lsp/action_policy/addon.rb
 homepage: https://github.com/palkan/action_policy
 licenses:
 - MIT