action_policy 0.7.5 → 0.7.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d3680162e91000d7fb369fcfa17710f557c9a12435c5bf00c6fb367a5045b970
-  data.tar.gz: 000760f640032e5a0b44e9ea7918908a32c2568cefeffc747fa4ea45c46949bf
+  metadata.gz: 322dfe78ddec91cb0d7c46b290f69484ba2fdf417c85c687d23e6b521db3e097
+  data.tar.gz: b263d5a7000f202b480331e4dd486726563ab83a4828bd57dbaa8c2e8a3b86a3
 SHA512:
-  metadata.gz: f03892d33e150921d3ec4bdfe1038b017301825474597037585c45e0f780affdfd72ed5171c577cee007af69a8542d4172cb8266526a97895b9c3461b4b2abb3
-  data.tar.gz: e5d9a4259d5dcd8cac8a0cab28b6d85f3aedc46050c51057aa9d458b4c0b8597428bed1a6c57473f3836500b1696cfb1f4a4c1aeac868c2771bb443dc59f10fa
+  metadata.gz: 93628bb047eb417395cc9b7f0b15f2f97882d327c32212105d186ef42187fc24e84abd37bdf40968ae5a5988d318d717f0fb3af454f5fb14059a3dc84fe98c08
+  data.tar.gz: 9d0387f6aea496ac9d3affdb6cfe89b9fef008d9ff2f96a97a69ce19c0832f8fe01d2023f4497a150325e00e341d6a170b8218e3ce47e06a96d8de28aea38cb5

data/CHANGELOG.md

@@ -2,6 +2,12 @@
 
 ## master
 
+## 0.7.6 (2025-01-13)
+
+- Execute proc passed to the `:through` option of `authorize` against `self` ([@Pagehey][])
+
+- Add authorization result to the instrumentation payload (as `event[:result]`). ([@palkan][])
+
 ## 0.7.5 (2025-05-09) 🎇
 
 - Ensure `result.value` is true or false. ([@palkan][])
@@ -553,3 +559,4 @@ This value is now stored in a cache (if any) instead of just the call result (`t
 [@Spone]: https://github.com/Spone
 [@stephannv]: https://github.com/stephannv
 [@sedubois]: https://github.com/sedubois
+[@Pagehey]: https://github.com/Pagehey

data/lib/.rbnext/3.0/action_policy/behaviours/policy_for.rb

@@ -61,7 +61,7 @@ module ActionPolicy
 
       def policy_for_cache_key(record:, with: nil, namespace: nil, context: authorization_context, **__kwrest__)
         record_key = record._policy_cache_key(use_object_id: true)
-        context_key = context.values.map { it = _1;it._policy_cache_key(use_object_id: true) }.join(".")
+        context_key = context.values.map { |it| it._policy_cache_key(use_object_id: true) }.join(".")
 
         "#{namespace}/#{with}/#{context_key}/#{record_key}"
       end

data/lib/.rbnext/3.0/action_policy/policy/cache.rb

@@ -29,7 +29,7 @@ module ActionPolicy # :nodoc:
         [
           cache_namespace,
           *parts
-        ].map { it = _1;it._policy_cache_key }.join("/")
+        ].map { |it| it._policy_cache_key }.join("/")
       end
 
       def rule_cache_key(rule)

data/lib/.rbnext/3.0/action_policy/policy/pre_check.rb

@@ -125,7 +125,7 @@ module ActionPolicy
         def pre_check(*names, **options)
           names.each do |name|
             # do not allow pre-check override
-            check = pre_checks.find { it = _1;it.name == name }
+            check = pre_checks.find { |it| it.name == name }
             raise "Pre-check already defined: #{name}" unless check.nil?
 
             pre_checks << Check.new(self, name, **options)
@@ -134,14 +134,14 @@ module ActionPolicy
 
         def skip_pre_check(*names, **options)
           names.each do |name|
-            check = pre_checks.find { it = _1;it.name == name }
+            check = pre_checks.find { |it| it.name == name }
             raise "Pre-check not found: #{name}" if check.nil?
 
             # when no options provided we remove this check completely
             next pre_checks.delete(check) if options.empty?
 
             # otherwise duplicate and apply skip options
-            pre_checks[pre_checks.index(check)] = check.dup.tap { it = _1;it.skip!(**options) }
+            pre_checks[pre_checks.index(check)] = check.dup.tap { |it| it.skip!(**options) }
           end
         end
 

data/lib/.rbnext/3.0/action_policy/rspec/be_authorized_to.rb

@@ -51,7 +51,7 @@ module ActionPolicy
 
         @actual_calls = ActionPolicy::Testing::AuthorizeTracker.calls
 
-        actual_calls.any? { it = _1;it.matches?(policy, rule, target, context) }
+        actual_calls.any? { |it| it.matches?(policy, rule, target, context) }
       end
 
       def does_not_match?(*__rest__)
@@ -63,7 +63,7 @@ module ActionPolicy
       def failure_message
         "expected #{formatted_record} " \
         "to be authorized with #{policy}##{rule}, " \
-        "#{context ? "and context #{context.inspect}, " : ""}" \
+        "#{"and context #{context.inspect}, " if context}" \
         "but #{actual_calls_message}"
       end
 
@@ -77,8 +77,8 @@ module ActionPolicy
       end
 
       def formatted_calls
-        actual_calls.map do
-          it = _1;" - #{it.inspect}"
+        actual_calls.map do |it|
+          " - #{it.inspect}"
         end.join("\n")
       end
 

data/lib/.rbnext/3.0/action_policy/rspec/have_authorized_scope.rb

@@ -61,7 +61,7 @@ module ActionPolicy
 
         @actual_scopes = ActionPolicy::Testing::AuthorizeTracker.scopings
 
-        matching_scopes = actual_scopes.select { it = _1;it.matches?(policy, type, name, scope_options, context) }
+        matching_scopes = actual_scopes.select { |it| it.matches?(policy, type, name, scope_options, context) }
 
         return false if matching_scopes.empty?
 
@@ -85,7 +85,7 @@ module ActionPolicy
       def failure_message
         "expected a scoping named :#{name} for type :#{type} " \
         "#{scope_options_message} " \
-        "#{context ? "and context #{context.inspect} " : ""}" \
+        "#{"and context #{context.inspect} " if context}" \
         "from #{policy} to have been applied, " \
         "but #{actual_scopes_message}"
       end
@@ -113,8 +113,8 @@ module ActionPolicy
       end
 
       def formatted_scopings
-        actual_scopes.map do
-          it = _1;" - #{it.inspect}"
+        actual_scopes.map do |it|
+          " - #{it.inspect}"
         end.join("\n")
       end
     end

data/lib/.rbnext/3.0/action_policy/utils/pretty_print.rb

@@ -111,7 +111,7 @@ module ActionPolicy
       end
 
       def indented(str)
-        "#{indent.zero? ? "↳ " : ""}#{" " * indent}#{str}".tap do
+        "#{"↳ " if indent.zero?}#{" " * indent}#{str}".tap do
           # increase indent after the first expression
           self.indent += 2 if indent.zero?
         end
@@ -119,7 +119,7 @@ module ActionPolicy
 
       # Some lines should not be evaled
       def ignore_exp?(exp)
-        PrettyPrint.ignore_expressions.any? { it = _1;exp.match?(it) }
+        PrettyPrint.ignore_expressions.any? { |it| exp.match?(it) }
       end
     end
 

data/lib/.rbnext/3.1/action_policy/behaviours/policy_for.rb

@@ -61,7 +61,7 @@ module ActionPolicy
 
       def policy_for_cache_key(record:, with: nil, namespace: nil, context: authorization_context, **__kwrest__)
         record_key = record._policy_cache_key(use_object_id: true)
-        context_key = context.values.map { it = _1;it._policy_cache_key(use_object_id: true) }.join(".")
+        context_key = context.values.map { |it| it._policy_cache_key(use_object_id: true) }.join(".")
 
         "#{namespace}/#{with}/#{context_key}/#{record_key}"
       end

data/lib/.rbnext/3.2/action_policy/behaviours/policy_for.rb

@@ -61,7 +61,7 @@ module ActionPolicy
 
       def policy_for_cache_key(record:, with: nil, namespace: nil, context: authorization_context, **__kwrest__)
         record_key = record._policy_cache_key(use_object_id: true)
-        context_key = context.values.map { it = _1;it._policy_cache_key(use_object_id: true) }.join(".")
+        context_key = context.values.map { |it| it._policy_cache_key(use_object_id: true) }.join(".")
 
         "#{namespace}/#{with}/#{context_key}/#{record_key}"
       end

data/lib/.rbnext/3.2/action_policy/rspec/be_authorized_to.rb

@@ -51,7 +51,7 @@ module ActionPolicy
 
         @actual_calls = ActionPolicy::Testing::AuthorizeTracker.calls
 
-        actual_calls.any? { it = _1;it.matches?(policy, rule, target, context) }
+        actual_calls.any? { |it| it.matches?(policy, rule, target, context) }
       end
 
       def does_not_match?(*__rest__)
@@ -63,7 +63,7 @@ module ActionPolicy
       def failure_message
         "expected #{formatted_record} " \
         "to be authorized with #{policy}##{rule}, " \
-        "#{context ? "and context #{context.inspect}, " : ""}" \
+        "#{"and context #{context.inspect}, " if context}" \
         "but #{actual_calls_message}"
       end
 
@@ -77,8 +77,8 @@ module ActionPolicy
       end
 
       def formatted_calls
-        actual_calls.map do
-          it = _1;" - #{it.inspect}"
+        actual_calls.map do |it|
+          " - #{it.inspect}"
         end.join("\n")
       end
 

data/lib/.rbnext/3.2/action_policy/rspec/have_authorized_scope.rb

@@ -61,7 +61,7 @@ module ActionPolicy
 
         @actual_scopes = ActionPolicy::Testing::AuthorizeTracker.scopings
 
-        matching_scopes = actual_scopes.select { it = _1;it.matches?(policy, type, name, scope_options, context) }
+        matching_scopes = actual_scopes.select { |it| it.matches?(policy, type, name, scope_options, context) }
 
         return false if matching_scopes.empty?
 
@@ -85,7 +85,7 @@ module ActionPolicy
       def failure_message
         "expected a scoping named :#{name} for type :#{type} " \
         "#{scope_options_message} " \
-        "#{context ? "and context #{context.inspect} " : ""}" \
+        "#{"and context #{context.inspect} " if context}" \
         "from #{policy} to have been applied, " \
         "but #{actual_scopes_message}"
       end
@@ -113,8 +113,8 @@ module ActionPolicy
       end
 
       def formatted_scopings
-        actual_scopes.map do
-          it = _1;" - #{it.inspect}"
+        actual_scopes.map do |it|
+          " - #{it.inspect}"
         end.join("\n")
       end
     end

data/lib/.rbnext/3.4/action_policy/behaviours/policy_for.rb

@@ -61,7 +61,7 @@ module ActionPolicy
 
       def policy_for_cache_key(record:, with: nil, namespace: nil, context: authorization_context, **)
         record_key = record._policy_cache_key(use_object_id: true)
-        context_key = context.values.map { it = _1;it._policy_cache_key(use_object_id: true) }.join(".")
+        context_key = context.values.map { |it| it._policy_cache_key(use_object_id: true) }.join(".")
 
         "#{namespace}/#{with}/#{context_key}/#{record_key}"
       end

data/lib/.rbnext/3.4/action_policy/i18n.rb

@@ -21,7 +21,7 @@ module ActionPolicy
       private
 
       def candidates_for(policy_class, rule)
-        policy_hierarchy = policy_class.ancestors.select { it = _1;it.respond_to?(:identifier) }
+        policy_hierarchy = policy_class.ancestors.select { |it| it.respond_to?(:identifier) }
         [
           *policy_hierarchy.map { |klass| :"policy.#{klass.identifier}.#{rule}" },
           :"policy.#{rule}",

data/lib/.rbnext/3.4/action_policy/policy/cache.rb

@@ -29,7 +29,7 @@ module ActionPolicy # :nodoc:
         [
           cache_namespace,
           *parts
-        ].map { it = _1;it._policy_cache_key }.join("/")
+        ].map { |it| it._policy_cache_key }.join("/")
       end
 
       def rule_cache_key(rule)

data/lib/.rbnext/3.4/action_policy/policy/pre_check.rb

@@ -125,7 +125,7 @@ module ActionPolicy
         def pre_check(*names, **options)
           names.each do |name|
             # do not allow pre-check override
-            check = pre_checks.find { it = _1;it.name == name }
+            check = pre_checks.find { |it| it.name == name }
             raise "Pre-check already defined: #{name}" unless check.nil?
 
             pre_checks << Check.new(self, name, **options)
@@ -134,14 +134,14 @@ module ActionPolicy
 
         def skip_pre_check(*names, **options)
           names.each do |name|
-            check = pre_checks.find { it = _1;it.name == name }
+            check = pre_checks.find { |it| it.name == name }
             raise "Pre-check not found: #{name}" if check.nil?
 
             # when no options provided we remove this check completely
             next pre_checks.delete(check) if options.empty?
 
             # otherwise duplicate and apply skip options
-            pre_checks[pre_checks.index(check)] = check.dup.tap { it = _1;it.skip!(**options) }
+            pre_checks[pre_checks.index(check)] = check.dup.tap { |it| it.skip!(**options) }
           end
         end
 

data/lib/.rbnext/3.4/action_policy/rspec/be_authorized_to.rb

@@ -51,7 +51,7 @@ module ActionPolicy
 
         @actual_calls = ActionPolicy::Testing::AuthorizeTracker.calls
 
-        actual_calls.any? { it = _1;it.matches?(policy, rule, target, context) }
+        actual_calls.any? { |it| it.matches?(policy, rule, target, context) }
       end
 
       def does_not_match?(*)
@@ -63,7 +63,7 @@ module ActionPolicy
       def failure_message
         "expected #{formatted_record} " \
         "to be authorized with #{policy}##{rule}, " \
-        "#{context ? "and context #{context.inspect}, " : ""}" \
+        "#{"and context #{context.inspect}, " if context}" \
         "but #{actual_calls_message}"
       end
 
@@ -77,8 +77,8 @@ module ActionPolicy
       end
 
       def formatted_calls
-        actual_calls.map do
-          it = _1;" - #{it.inspect}"
+        actual_calls.map do |it|
+          " - #{it.inspect}"
         end.join("\n")
       end
 

data/lib/.rbnext/3.4/action_policy/rspec/have_authorized_scope.rb

@@ -61,7 +61,7 @@ module ActionPolicy
 
         @actual_scopes = ActionPolicy::Testing::AuthorizeTracker.scopings
 
-        matching_scopes = actual_scopes.select { it = _1;it.matches?(policy, type, name, scope_options, context) }
+        matching_scopes = actual_scopes.select { |it| it.matches?(policy, type, name, scope_options, context) }
 
         return false if matching_scopes.empty?
 
@@ -85,7 +85,7 @@ module ActionPolicy
       def failure_message
         "expected a scoping named :#{name} for type :#{type} " \
         "#{scope_options_message} " \
-        "#{context ? "and context #{context.inspect} " : ""}" \
+        "#{"and context #{context.inspect} " if context}" \
         "from #{policy} to have been applied, " \
         "but #{actual_scopes_message}"
       end
@@ -113,8 +113,8 @@ module ActionPolicy
       end
 
       def formatted_scopings
-        actual_scopes.map do
-          it = _1;" - #{it.inspect}"
+        actual_scopes.map do |it|
+          " - #{it.inspect}"
         end.join("\n")
       end
     end

data/lib/.rbnext/3.4/action_policy/utils/pretty_print.rb

@@ -111,7 +111,7 @@ module ActionPolicy
       end
 
       def indented(str)
-        "#{indent.zero? ? "↳ " : ""}#{" " * indent}#{str}".tap do
+        "#{"↳ " if indent.zero?}#{" " * indent}#{str}".tap do
           # increase indent after the first expression
           self.indent += 2 if indent.zero?
         end
@@ -119,7 +119,7 @@ module ActionPolicy
 
       # Some lines should not be evaled
       def ignore_exp?(exp)
-        PrettyPrint.ignore_expressions.any? { it = _1;exp.match?(it) }
+        PrettyPrint.ignore_expressions.any? { |it| exp.match?(it) }
       end
     end
 

data/lib/action_policy/behaviour.rb

@@ -65,7 +65,7 @@ module ActionPolicy
     private def build_authorization_context
       self.class.authorization_targets
         .each_with_object({}) do |(key, method_or_proc), obj|
-        obj[key] = method_or_proc.is_a?(Proc) ? method_or_proc.call : send(method_or_proc)
+          obj[key] = method_or_proc.is_a?(Proc) ? instance_exec(&method_or_proc) : send(method_or_proc)
       end
     end
 

data/lib/action_policy/rails/controller.rb

@@ -11,9 +11,16 @@ module ActionPolicy
     end
   end
 
+  # Raised when `authorized_scope` hasn't been called for action
+  class UnscopedAction < Error
+    def initialize(controller, action)
+      super("Action '#{controller}##{action}' hasn't been scoped")
+    end
+  end
+
   # Controller concern.
   # Add `authorize!` and `allowed_to?` methods,
-  # provide `verify_authorized` hook.
+  # provide `verify_authorized` and `verify_authorized_scoped` hooks.
   module Controller
     extend ActiveSupport::Concern
 
@@ -29,10 +36,10 @@ module ActionPolicy
         helper_method :allowance_to
       end
 
-      attr_writer :authorize_count
-      attr_reader :verify_authorized_skipped
+      attr_writer :authorize_count, :scoped_count
+      attr_reader :verify_authorized_skipped, :verify_authorized_scoped_skipped
 
-      protected :authorize_count=, :authorize_count
+      protected :authorize_count=, :authorize_count, :scoped_count=, :scoped_count
     end
 
     # Authorize action against a policy.
@@ -56,6 +63,16 @@ module ActionPolicy
       policy_record
     end
 
+    # Apply scope to the target.
+    #
+    # @return the scoped target
+    def authorized_scope(target, **options)
+      scoped = super
+
+      self.scoped_count += 1
+      scoped
+    end
+
     # Tries to infer the resource class from controller name
     # (i.e. `controller_name.classify.safe_constantize`).
     def implicit_authorization_target
@@ -67,14 +84,27 @@ module ActionPolicy
         authorize_count.zero? && !verify_authorized_skipped
     end
 
+    def verify_authorized_scoped
+      Kernel.raise UnscopedAction.new(controller_path, action_name) if
+        scoped_count.zero? && !verify_authorized_scoped_skipped
+    end
+
     def authorize_count
       @authorize_count ||= 0
     end
 
+    def scoped_count
+      @scoped_count ||= 0
+    end
+
     def skip_verify_authorized!
       @verify_authorized_skipped = true
     end
 
+    def skip_verify_authorized_scoped!
+      @verify_authorized_scoped_skipped = true
+    end
+
     class_methods do
       # Adds after_action callback to check that
       # authorize! method has been called.
@@ -86,6 +116,17 @@ module ActionPolicy
       def skip_verify_authorized(**options)
         skip_after_action :verify_authorized, options
       end
+
+      # Adds after_action callback to check that
+      # authorized_scope method has been called.
+      def verify_authorized_scoped(**options)
+        after_action :verify_authorized_scoped, options
+      end
+
+      # Skips verify_authorized_scoped after_action callback.
+      def skip_verify_authorized_scoped(**options)
+        skip_after_action :verify_authorized_scoped, options
+      end
     end
   end
 end

data/lib/action_policy/rails/policy/instrumentation.rb

@@ -22,6 +22,7 @@ module ActionPolicy # :nodoc:
             result = super
             event[:cached] = result.cached?
             event[:value] = result.value
+            event[:result] = result
             result
           end
         end

data/lib/action_policy/rspec/be_authorized_to.rb

@@ -63,7 +63,7 @@ module ActionPolicy
       def failure_message
         "expected #{formatted_record} " \
         "to be authorized with #{policy}##{rule}, " \
-        "#{context ? "and context #{context.inspect}, " : ""}" \
+        "#{"and context #{context.inspect}, " if context}" \
         "but #{actual_calls_message}"
       end
 

data/lib/action_policy/rspec/have_authorized_scope.rb

@@ -85,7 +85,7 @@ module ActionPolicy
       def failure_message
         "expected a scoping named :#{name} for type :#{type} " \
         "#{scope_options_message} " \
-        "#{context ? "and context #{context.inspect} " : ""}" \
+        "#{"and context #{context.inspect} " if context}" \
         "from #{policy} to have been applied, " \
         "but #{actual_scopes_message}"
       end

data/lib/action_policy/test_helper.rb

@@ -52,7 +52,7 @@ module ActionPolicy
       assert(
         actual_calls.any? { |call| call.matches?(policy, rule, target, context) },
         "Expected #{target.inspect} to be authorized with #{policy}##{rule}, " \
-        "#{context ? "and context #{context}, " : ""}" \
+        "#{"and context #{context}, " if context}" \
         "but no such authorization has been made.\n" \
         "Registered authorizations: " \
         "#{actual_calls.empty? ? "none" : actual_calls.map(&:inspect).join(",")}"

data/lib/action_policy/utils/pretty_print.rb

@@ -111,7 +111,7 @@ module ActionPolicy
       end
 
       def indented(str)
-        "#{indent.zero? ? "↳ " : ""}#{" " * indent}#{str}".tap do
+        "#{"↳ " if indent.zero?}#{" " * indent}#{str}".tap do
           # increase indent after the first expression
           self.indent += 2 if indent.zero?
         end

data/lib/action_policy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ActionPolicy
-  VERSION = "0.7.5"
+  VERSION = "0.7.6"
 end

data/lib/action_policy.rb

@@ -21,7 +21,7 @@ module ActionPolicy
       @message =
         message ||
         "Couldn't find policy class for #{target.inspect}" \
-        "#{target.is_a?(Module) ? "" : " (#{target.class})"}"
+        "#{" (#{target.class})" unless target.is_a?(Module)}"
     end
   end
 

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: action_policy
 version: !ruby/object:Gem::Version
-  version: 0.7.5
+  version: 0.7.6
 platform: ruby
 authors:
 - Vladimir Dementyev
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-05-09 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ruby-next-core
@@ -235,7 +234,6 @@ metadata:
   documentation_uri: https://actionpolicy.evilmartians.io/
   homepage_uri: https://actionpolicy.evilmartians.io/
   source_code_uri: http://github.com/palkan/action_policy
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -250,8 +248,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.19
-signing_key:
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Authorization framework for Ruby/Rails application
 test_files: []