authorizy 0.4.1 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: adf5a52d89eabb0dd6503d0f96fb44ae9d4268213a6da8b91fb758805db97371
-  data.tar.gz: 01bcedd187623c4364c38d0c4f53b5a12ee1877f4426df44b21cc3b7446f6b5d
+  metadata.gz: d53108a017e691256dd6118c843aa217dc549628499721a2cda193d522289652
+  data.tar.gz: 4799bf0eb35c6f9695fe6b55eceaa4ed29a373fcfc3e7fbebaeee38af40ec4e7
 SHA512:
-  metadata.gz: 0623f322536c3a6de17848f3f6b3642d70041384e220d0417d028a045d59970c97dfa84e659dd6a95795fe30f2ed09bb7d6203cf0bc7b600fbea0e53ff63bec5
-  data.tar.gz: 4e4862f37eb92ef4c0eb247ecd0fa0abe0652d6d750b282bb20908fadaf3dbaf54738ed51167cfa5784e1d158a441d349c75f9a460981c800def31df30b1d002
+  metadata.gz: ab9a47d232ffd388efbc5a34eb0c8c8560f8ffc854e42683cd305d35af64d1823179946bb09cbb38a735ce50c9a2245e2f0988835cf359c082bf454992dc91fa
+  data.tar.gz: 2d7fdedc111586256e9920fd5041d7b3fff9cb87c6133e8452404b85c372f66ada4828bbf4a5ce9e264dffbd16ee9096a9404cfda4ddec2af9dfb613a916ed1b

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+# v0.5.0
+
+## Fixes
+
+- The `authorizy?` helper now accepts custom parameters;
+
 # v0.4.1
 
 ## Fixes

data/README.md

@@ -4,7 +4,7 @@
 [![Gem Version](https://badge.fury.io/rb/authorizy.svg)](https://badge.fury.io/rb/authorizy)
 [![Maintainability](https://api.codeclimate.com/v1/badges/f312587b4f126bb13e85/maintainability)](https://codeclimate.com/github/wbotelhos/authorizy/maintainability)
 [![Coverage](https://codecov.io/gh/wbotelhos/authorizy/branch/main/graph/badge.svg)](https://codecov.io/gh/wbotelhos/authorizy)
-[![Sponsor](https://img.shields.io/badge/sponsor-%3C3-green)](https://www.patreon.com/wbotelhos)
+[![Sponsor](https://img.shields.io/badge/sponsor-%3C3-green)](https://github.com/sponsors/wbotelhos)
 
 A JSON based Authorization.
 
@@ -22,7 +22,7 @@ Run the following task to create Authorizy migration and initialize.
 rails g authorizy:install
 ```
 
-Then execute the migration to adds the column `authorizy` to your `users` table.
+Then execute the migration to add the column `authorizy` to your `users` table.
 
 ```sh
 rake db:migrate
@@ -208,15 +208,29 @@ Using on view:
 <% end %>
 ```
 
+Usually, we use the helper to check DB permission, not the runtime permission using the Cop file, although you can do it. Just remember that the parameters will be related to the current page, not the action you're protecting.
+
 Using on jBuilder view:
 
 ```ruby
-json.create_link new_users_url if authorizy?(:users, :create)
+if authorizy?(:users, :create)
+  link_to('Create', new_users_url)
+end
+```
+
+But if you want to simulate the access on that resource you can manually provide the same parameters dispatched when you normally access that resource:
+
+```ruby
+if authorizy?(:users, :create, params: { role: 'admin' })
+  link_to('Create', new_users_url(role: 'admin'))
+end
 ```
 
+Now you're providing the same parameters used in runtime when the user accesses the link, so now, we can check the "future" access and prevent or allow it before happens.
+
 # Specs
 
-To test some routes you'll need to give or not permission to the user, for that you have to ways, where the first is give permission to the user via session:
+To test some routes you'll need to give or not permission to the user, for that you have two ways, where the first is the user via session:
 
 ```ruby
 before do
@@ -238,7 +252,7 @@ end
 
 ## Checks
 
-We have a couple of check, here is the order:
+We have a couple of checks, here is the order:
 
 1. `Authorizy::BaseCop#access?`;
 2. `session[:permissions]`;
@@ -247,15 +261,15 @@ We have a couple of check, here is the order:
 
 ## Performance
 
-If you have few permissions, you can save the permissions in the session and avoid hit database many times, but if you have a couple of them, maybe it's a good idea save it in some place like [Redis](https://redis.io).
+If you have few permissions, you can save the permissions in the session and avoid hitting the database many times, but if you have a couple of them, maybe it's a good idea to save them in some place like [Redis](https://redis.io).
 
 ## Management
 
-It's a good idea you keep your permissions in the database, so the customer can change it dynamic. You can load all permissions when the user is logged and cache it later. For cache expiration, you can trigger a refresh everytime that the permissions change.
+It's a good idea you keep your permissions in the database, so the customer can change it dynamically. You can load all permissions when the user is logged in and cache it later. For cache expiration, you can trigger a refresh every time that the permissions change.
 
 ## Database Structure
 
-Inside database you can use the following relation to dynamicly change your permissions:
+Inside the database, you can use the following relation to dynamically change your permissions:
 
 ```ruby
 plans -> plans_permissions <- permissions
@@ -269,7 +283,7 @@ plans -> plans_permissions <- permissions
 
 ## RSpec
 
-You can test you app passing through all authorizy layers:
+You can test your app by passing through all Authorizy layers:
 
 ```ruby
 user = User.create!(permission: { permissions: [[:users, :create]] })

data/lib/authorizy/core.rb

@@ -2,7 +2,7 @@
 
 module Authorizy
   class Core
-    def initialize(user, params, session, cop:)
+    def initialize(user, params, session, cop: nil)
       @cop     = cop
       @params  = params
       @session = session
@@ -12,13 +12,13 @@ module Authorizy
     def access?
       return false if @user.blank?
 
-      return true if @cop.access? ||
-                     session_permissions.any? { |tuple| route_match?(tuple) } ||
-                     user_permissions.any? { |tuple| route_match?(tuple) }
+      return true if @cop&.access?
+      return true if session_permissions.any? { |tuple| route_match?(tuple) }
+      return true if user_permissions.any? { |tuple| route_match?(tuple) }
 
-      return @cop.public_send(cop_controller) == true if @cop.respond_to?(cop_controller)
+      return false unless @cop.respond_to?(cop_controller)
 
-      false
+      @cop.public_send(cop_controller) == true
     end
 
     private

data/lib/authorizy/expander.rb

@@ -19,7 +19,7 @@ module Authorizy
           end
         end
 
-        actions = [default_aliases[action]].flatten.compact
+        actions = [aliases[action]].flatten.compact
 
         next if actions.blank?
 
@@ -34,7 +34,12 @@ module Authorizy
     private
 
     def aliases
-      Authorizy.config.aliases.stringify_keys
+      default = {
+        'create' => 'new',
+        'update' => 'edit',
+      }
+
+      default.merge(Authorizy.config.aliases.stringify_keys)
     end
 
     def controller_dependency(controller, action)
@@ -44,15 +49,6 @@ module Authorizy
       permissions.map { |c, a| [c.to_s, a.to_s] }
     end
 
-    def default_aliases
-      {
-        'create' => 'new',
-        'edit'   => 'update',
-        'new'    => 'create',
-        'update' => 'edit',
-      }.merge(aliases)
-    end
-
     def dependencies
       Authorizy.config.dependencies.deep_stringify_keys
     end

data/lib/authorizy/extension.rb

@@ -13,21 +13,23 @@ module Authorizy
         Authorizy.config.denied.call(self)
       end
 
-      def authorizy?(controller, action)
+      def authorizy?(controller, action, custom_params: {})
         params['controller'] = controller
         params['action'] = action
 
-        Authorizy::Core.new(authorizy_user, params, session, cop: authorizy_cop).access?
+        parameters = params.merge(custom_params)
+
+        Authorizy::Core.new(authorizy_user, parameters, session, cop: authorizy_cop(parameters)).access?
       end
 
       private
 
-      def authorizy_user
-        Authorizy.config.current_user.call(self)
+      def authorizy_cop(parameters = params)
+        Authorizy.config.cop.new(authorizy_user, parameters, session)
       end
 
-      def authorizy_cop
-        Authorizy.config.cop.new(authorizy_user, params, session)
+      def authorizy_user
+        Authorizy.config.current_user.call(self)
       end
     end
   end

data/lib/authorizy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Authorizy
-  VERSION = '0.4.1'
+  VERSION = '0.5.0'
 end

data/spec/authorizy/config_spec.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+RSpec.describe Authorizy, '.config' do
+  it 'returns the config' do
+    expect(described_class.config).to be_an_instance_of(Authorizy::Config)
+  end
+end

data/spec/authorizy/configure_spec.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+RSpec.describe Authorizy, '.configure' do
+  it 'yields the config' do
+    described_class.configure do |config|
+      expect(config).to be_an_instance_of(Authorizy::Config)
+    end
+  end
+end

data/spec/authorizy/cop/controller_spec.rb

@@ -19,7 +19,7 @@ RSpec.describe DummyController, '#authorizy', type: :controller do
     end
 
     context 'when method resturns true' do
-      it 'denies the access' do
+      it 'does not deny the access' do
         config_mock(cop: AuthorizyCop, current_user: user) do
           get :action, params: { access: true }
         end

data/spec/authorizy/extension/authorizy_question_spec.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'support/controllers/dummy_controller'
+require 'support/models/authorizy_cop'
 
 RSpec.describe DummyController, '#authorizy?', type: :controller do
   context 'when config returns no current user' do
@@ -46,5 +47,28 @@ RSpec.describe DummyController, '#authorizy?', type: :controller do
         end
       end
     end
+
+    context 'when custom params is provided' do
+      let!(:core) { instance_double('Authorizy::Core', access?: true) }
+      let!(:parameters) { ActionController::Parameters.new(controller: 'controller', action: 'action', key: 'value') }
+
+      it 'forwards to core' do
+        expect(Authorizy::Core).to receive(:new)
+          .with(user, parameters, session, cop: config.cop)
+          .and_return(core)
+
+        config_mock(current_user: user) do
+          controller.helpers.authorizy?('controller', 'action', custom_params: { key: 'value' })
+        end
+      end
+    end
+
+    context 'when custom params is provided' do
+      it 'forwards to cop' do
+        config_mock(cop: AuthorizyCop, current_user: user) do
+          controller.helpers.authorizy?('custom_params', 'action', custom_params: { custom: 'true' })
+        end
+      end
+    end
   end
 end

data/spec/authorizy/rspec_spec.rb

@@ -1,11 +1,30 @@
 # frozen_string_literal: true
 
+require 'authorizy/rspec'
+require 'support/models/authorizy_cop'
+
 RSpec.describe RSpec::Matchers, '#be_authorized' do
-  it 'pending' do
+  it 'builds the correct description' do
     matcher = be_authorized('controller', 'action', params: { params: true }, session: { session: true })
 
     expect(matcher.description).to eq %(
       be authorized "controller", "action", and {:params=>{:params=>true}, :session=>{:session=>true}}
     ).squish
   end
+
+  it 'has the positive question helper method' do
+    user = User.new
+
+    config_mock(cop: AuthorizyCop, current_user: user) do
+      expect(user).to be_authorized('dummy', 'any', params: { access: 'true' })
+    end
+  end
+
+  it 'has the negative question helper method' do
+    user = User.new
+
+    config_mock(cop: AuthorizyCop, current_user: user) do
+      expect(user).not_to be_authorized('dummy', 'any', params: { access: 'false' })
+    end
+  end
 end

data/spec/support/models/authorizy_cop.rb

@@ -5,6 +5,10 @@ class AuthorizyCop < Authorizy::BaseCop
     params[:admin] == 'true'
   end
 
+  def custom_params
+    params[:custom] == 'true'
+  end
+
   def dummy
     params[:access] == 'true'
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authorizy
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.5.0
 platform: ruby
 authors:
 - Washington Botelho
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-09-12 00:00:00.000000000 Z
+date: 2024-02-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -168,6 +168,8 @@ files:
 - spec/authorizy/config/field_spec.rb
 - spec/authorizy/config/initialize_spec.rb
 - spec/authorizy/config/redirect_url_spec.rb
+- spec/authorizy/config_spec.rb
+- spec/authorizy/configure_spec.rb
 - spec/authorizy/cop/controller_spec.rb
 - spec/authorizy/cop/model_spec.rb
 - spec/authorizy/cop/namespaced_controller_spec.rb
@@ -209,7 +211,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.4.19
 signing_key:
 specification_version: 4
 summary: A JSON based Authorization.
@@ -223,6 +225,8 @@ test_files:
 - spec/authorizy/config/field_spec.rb
 - spec/authorizy/config/initialize_spec.rb
 - spec/authorizy/config/redirect_url_spec.rb
+- spec/authorizy/config_spec.rb
+- spec/authorizy/configure_spec.rb
 - spec/authorizy/cop/controller_spec.rb
 - spec/authorizy/cop/model_spec.rb
 - spec/authorizy/cop/namespaced_controller_spec.rb