avo 2.17.0 → 2.17.1.pre.2.customauthorizationclients

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ce1ecba413a03866498a9f2992647e7f1ab99a55b854a67ba86154fde854f7d1
-  data.tar.gz: a060cca4fd407dd9d479fa5aa5bd1c6688d6c3eaab3ca23bdfc7b338341452f6
+  metadata.gz: 1e76409a6dd8d5c3a89a467e4cbed5e46f0c292988fd60efa5a1c673be10e36a
+  data.tar.gz: '09bde2e9be219d3f9af5fb3256ee9ed60c77d86d587e8f9131c8d3e95d03ef29'
 SHA512:
-  metadata.gz: 703bc0074a7db187b5d5d75e4cb9a1db908b7eb5c2381c97f668993320b499d8a4b5fee55799576f087ecd712ccfca8896a59334a5d526167a8ba74771b5fb00
-  data.tar.gz: d90939f46f227a5a3e14d7bf5ee77b621f4311121ea6fbad75f8db2fb6905b6254d6a3efe553083bd9d552e441bae43d1615f652532344e2fdb414d7fb776dbd
+  metadata.gz: 82ceba1946394ea1bea5cf4ef8283d75ddb40fdcfcfdd55ee19cad8aff34ed873698442dd846711134e6d961e288ca723cf8f9fab0aab122c0a49319e432ff05
+  data.tar.gz: 3829a9ec1348318c537aee5954463c41864ee710790a8a333c2f075102d205ec90e50e70f766051aa2e892c2d0d8609b0bedc299a502d557a0806e9c34107269

data/Gemfile

@@ -90,6 +90,7 @@ end
 group :development, :test do
   gem "awesome_print"
   gem "faker", require: false
+  gem "i18n-tasks", "~> 1.0.12"
 end
 
 group :test do

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    avo (2.17.0)
+    avo (2.17.1.pre.2.customauthorizationclients)
       active_link_to
       addressable
       breadcrumbs_on_rails
@@ -119,6 +119,13 @@ GEM
     aws-sigv4 (1.5.1)
       aws-eventstream (~> 1, >= 1.0.2)
     bcrypt (3.1.18)
+    better_html (2.0.1)
+      actionview (>= 6.0)
+      activesupport (>= 6.0)
+      ast (~> 2.0)
+      erubi (~> 1.4)
+      parser (>= 2.4)
+      smart_properties
     bindex (0.8.1)
     bootsnap (1.13.0)
       msgpack (~> 1.2)
@@ -189,6 +196,7 @@ GEM
     groupdate (6.1.0)
       activesupport (>= 5.2)
     hashdiff (1.0.1)
+    highline (2.0.3)
     hightop (0.3.0)
       activesupport (>= 5.2)
     hotwire-livereload (1.2.2)
@@ -200,6 +208,17 @@ GEM
       multi_xml (>= 0.5.2)
     i18n (1.12.0)
       concurrent-ruby (~> 1.0)
+    i18n-tasks (1.0.12)
+      activesupport (>= 4.0.2)
+      ast (>= 2.1.0)
+      better_html (>= 1.0, < 3.0)
+      erubi
+      highline (>= 2.0.0)
+      i18n
+      parser (>= 2.2.3.0)
+      rails-i18n
+      rainbow (>= 2.2.2, < 4.0)
+      terminal-table (>= 1.5.1)
     image_processing (1.12.2)
       mini_magick (>= 4.9.5, < 5)
       ruby-vips (>= 2.0.17, < 3)
@@ -289,6 +308,9 @@ GEM
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.4.3)
       loofah (~> 2.3)
+    rails-i18n (7.0.5)
+      i18n (>= 0.7, < 2)
+      railties (>= 6.0.0, < 8)
     railties (6.1.6.1)
       actionpack (= 6.1.6.1)
       activesupport (= 6.1.6.1)
@@ -350,7 +372,7 @@ GEM
     ruby-vips (2.1.4)
       ffi (~> 1.12)
     rubyzip (2.3.2)
-    selenium-webdriver (4.4.0)
+    selenium-webdriver (4.5.0)
       childprocess (>= 0.5, < 5.0)
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2, < 3.0)
@@ -365,6 +387,7 @@ GEM
     simplecov-html (0.12.3)
     simplecov_json_formatter (0.1.4)
     sixarm_ruby_unaccent (1.2.0)
+    smart_properties (1.17.0)
     spring (4.0.0)
     spring-commands-rspec (1.0.4)
       spring (>= 0.9.1)
@@ -378,6 +401,8 @@ GEM
     standard (1.16.0)
       rubocop (= 1.35.0)
       rubocop-performance (= 1.14.3)
+    terminal-table (3.0.2)
+      unicode-display_width (>= 1.1.1, < 3)
     test-prof (1.0.10)
     thor (1.2.1)
     timeout (0.3.0)
@@ -398,7 +423,7 @@ GEM
       activemodel (>= 6.0.0)
       bindex (>= 0.4.0)
       railties (>= 6.0.0)
-    webdrivers (5.0.0)
+    webdrivers (5.2.0)
       nokogiri (~> 1.6)
       rubyzip (>= 1.3.0)
       selenium-webdriver (~> 4.0)
@@ -452,6 +477,7 @@ DEPENDENCIES
   hotwire-livereload (~> 1.1)
   htmlbeautifier
   httparty
+  i18n-tasks (~> 1.0.12)
   image_processing (~> 1.12)
   iso
   jsbundling-rails

data/app/controllers/avo/application_controller.rb

@@ -1,11 +1,5 @@
 module Avo
   class ApplicationController < ::ActionController::Base
-    if defined?(Pundit::Authorization)
-      include Pundit::Authorization
-    else
-      include Pundit
-    end
-
     include Pagy::Backend
     include Avo::ApplicationHelper
     include Avo::UrlHelpers
@@ -24,7 +18,7 @@ module Avo
     before_action :set_view
     before_action :set_sidebar_open
 
-    rescue_from Pundit::NotAuthorizedError, with: :render_unauthorized
+    rescue_from Avo::NotAuthorizedError, with: :render_unauthorized
     rescue_from ActiveRecord::RecordInvalid, with: :exception_logger
 
     helper_method :_current_user, :resources_path, :resource_path, :new_resource_path, :edit_resource_path, :resource_attach_path, :resource_detach_path, :related_resources_path, :turbo_frame_request?, :resource_view_path
@@ -257,18 +251,16 @@ module Avo
       instance_eval(&Avo.configuration.authenticate)
     end
 
-    def render_unauthorized(exception)
-      if !exception.is_a? Pundit::NotDefinedError
-        flash.now[:notice] = t "avo.not_authorized"
-
-        redirect_url = if request.referrer.blank? || (request.referrer == request.url)
-          root_url
-        else
-          request.referrer
-        end
+    def render_unauthorized(_exception)
+      flash.now[:notice] = t "avo.not_authorized"
 
-        redirect_to(redirect_url)
+      redirect_url = if request.referrer.blank? || (request.referrer == request.url)
+        root_url
+      else
+        request.referrer
       end
+
+      redirect_to(redirect_url)
     end
 
     def set_authorization

data/app/controllers/avo/associations_controller.rb

@@ -5,6 +5,7 @@ module Avo
     before_action :set_model, only: [:show, :index, :new, :create, :destroy, :order]
     before_action :set_related_resource_name
     before_action :set_related_resource, only: [:show, :index, :new, :create, :destroy, :order]
+    before_action :set_related_authorization
     before_action :set_reflection_field
     before_action :hydrate_related_resource, only: [:show, :index, :create, :destroy, :order]
     before_action :set_related_model, only: [:show, :order]
@@ -152,5 +153,15 @@ module Avo
     def authorize_detach_action
       authorize_if_defined "detach_#{@field.id}?"
     end
+
+    private
+
+    def set_related_authorization
+      @related_authorization = if related_resource
+        related_resource.authorization(user: _current_user)
+      else
+        Services::AuthorizationService.new _current_user
+      end
+    end
   end
 end

data/config/i18n-tasks.yml

@@ -0,0 +1,159 @@
+# i18n-tasks finds and manages missing and unused translations: https://github.com/glebm/i18n-tasks
+
+# The "main" locale.
+base_locale: en
+## All available locales are inferred from the data by default. Alternatively, specify them explicitly:
+locales: [en, fr, nb, nn, pt-BR, ro, tr]
+## Reporting locale, default: en. Available: en, ru.
+# internal_locale: en
+
+# Read and write translations.
+data:
+  ## Translations are read from the file system. Supported format: YAML, JSON.
+  ## Provide a custom adapter:
+  # adapter: I18n::Tasks::Data::FileSystem
+
+  # Locale files or `File.find` patterns where translations are read from:
+  read:
+    ## Default:
+    # - config/locales/%{locale}.yml
+    ## More files:
+    - lib/generators/avo/templates/locales/**/*.%{locale}.yml
+
+  # Locale files to write new keys to, based on a list of key pattern => file rules. Matched from top to bottom:
+  # `i18n-tasks normalize -p` will force move the keys according to these rules
+  write:
+    ## For example, write devise and simple form keys to their respective files:
+    # - ['{devise, simple_form}.*', 'config/locales/\1.%{locale}.yml']
+    ## Catch-all default:
+    # - config/locales/%{locale}.yml
+
+  # External locale data (e.g. gems).
+  # This data is not considered unused and is never written to.
+  external:
+    ## Example (replace %#= with %=):
+    # - "<%#= %x[bundle info vagrant --path].chomp %>/templates/locales/%{locale}.yml"
+
+  ## Specify the router (see Readme for details). Valid values: conservative_router, pattern_router, or a custom class.
+  # router: conservative_router
+
+  yaml:
+    write:
+      # do not wrap lines at 80 characters
+      line_width: -1
+
+  ## Pretty-print JSON:
+  # json:
+  #   write:
+  #     indent: '  '
+  #     space: ' '
+  #     object_nl: "\n"
+  #     array_nl: "\n"
+
+# Find translate calls
+search:
+  ## Paths or `File.find` patterns to search in:
+  # paths:
+  #  - app/
+
+  ## Root directories for relative keys resolution.
+  # relative_roots:
+  #   - app/controllers
+  #   - app/helpers
+  #   - app/mailers
+  #   - app/presenters
+  #   - app/views
+
+  ## Directories where method names which should not be part of a relative key resolution.
+  # By default, if a relative translation is used inside a method, the name of the method will be considered part of the resolved key.
+  # Directories listed here will not consider the name of the method part of the resolved key
+  #
+  # relative_exclude_method_name_paths:
+  #  -
+
+  ## Files or `File.fnmatch` patterns to exclude from search. Some files are always excluded regardless of this setting:
+  ##   *.jpg *.jpeg *.png *.gif *.svg *.ico *.eot *.otf *.ttf *.woff *.woff2 *.pdf *.css *.sass *.scss *.less
+  ##   *.yml *.json *.zip *.tar.gz *.swf *.flv *.mp3 *.wav *.flac *.webm *.mp4 *.ogg *.opus *.webp *.map *.xlsx
+  exclude:
+    - app/assets/images
+    - app/assets/fonts
+    - app/assets/videos
+    - app/assets/builds
+
+  ## Alternatively, the only files or `File.fnmatch patterns` to search in `paths`:
+  ## If specified, this settings takes priority over `exclude`, but `exclude` still applies.
+  # only: ["*.rb", "*.html.slim"]
+
+  ## If `strict` is `false`, guess usages such as t("categories.#{category}.title"). The default is `true`.
+  # strict: true
+
+  ## Allows adding ast_matchers for finding translations using the AST-scanners
+  ## The available matchers are:
+  ## - RailsModelMatcher
+  ##     Matches ActiveRecord translations like
+  ##     User.human_attribute_name(:email) and User.model_name.human
+  ##
+  ## To implement your own, please see `I18n::Tasks::Scanners::AstMatchers::BaseMatcher`.
+  <%# I18n::Tasks.add_ast_matcher('I18n::Tasks::Scanners::AstMatchers::RailsModelMatcher') %>
+
+  ## Multiple scanners can be used. Their results are merged.
+  ## The options specified above are passed down to each scanner. Per-scanner options can be specified as well.
+  ## See this example of a custom scanner: https://github.com/glebm/i18n-tasks/wiki/A-custom-scanner-example
+
+## Translation Services
+# translation:
+#   # Google Translate
+#   # Get an API key and set billing info at https://code.google.com/apis/console to use Google Translate
+#   google_translate_api_key: "AbC-dEf5"
+#   # DeepL Pro Translate
+#   # Get an API key and subscription at https://www.deepl.com/pro to use DeepL Pro
+#   deepl_api_key: "48E92789-57A3-466A-9959-1A1A1A1A1A1A"
+#   # deepl_host: "https://api.deepl.com"
+#   # deepl_version: "v2"
+
+## Do not consider these keys missing:
+ignore_missing:
+  - 'avo.field_translations.file'
+  - 'avo.field_translations.people'
+  - 'avo.number_of_items'
+  - 'avo.resource_translations.user'
+  - 'avo.x_items_more'
+
+# - 'errors.messages.{accepted,blank,invalid,too_short,too_long}'
+# - '{devise,simple_form}.*'
+
+## Consider these keys used:
+# ignore_unused:
+# - 'activerecord.attributes.*'
+# - '{devise,kaminari,will_paginate}.*'
+# - 'simple_form.{yes,no}'
+# - 'simple_form.{placeholders,hints,labels}.*'
+# - 'simple_form.{error_notification,required}.:'
+
+## Exclude these keys from the `i18n-tasks eq-base' report:
+# ignore_eq_base:
+#   all:
+#     - common.ok
+#   fr,es:
+#     - common.brand
+
+## Exclude these keys from the `i18n-tasks check-consistent-interpolations` report:
+# ignore_inconsistent_interpolations:
+# - 'activerecord.attributes.*'
+
+## Ignore these keys completely:
+# ignore:
+#  - kaminari.*
+
+## Sometimes, it isn't possible for i18n-tasks to match the key correctly,
+## e.g. in case of a relative key defined in a helper method.
+## In these cases you can use the built-in PatternMapper to map patterns to keys, e.g.:
+#
+# <%# I18n::Tasks.add_scanner 'I18n::Tasks::Scanners::PatternMapper',
+#       only: %w(*.html.haml *.html.slim),
+#       patterns: [['= title\b', '.page_title']] %>
+#
+# The PatternMapper can also match key literals via a special %{key} interpolation, e.g.:
+#
+# <%# I18n::Tasks.add_scanner 'I18n::Tasks::Scanners::PatternMapper',
+#       patterns: [['\bSpree\.t[( ]\s*%{key}', 'spree.%{key}']] %>

data/config/master.key

@@ -0,0 +1 @@
+2aeb23d82b909d9c6b5abb62f7058c2a

data/lib/avo/configuration.rb

@@ -37,6 +37,7 @@ module Avo
     attr_accessor :model_resource_mapping
     attr_accessor :tabs_style
     attr_accessor :resource_default_view
+    attr_accessor :authorization_client
     attr_writer :branding
 
     def initialize
@@ -85,6 +86,7 @@ module Avo
       @model_resource_mapping = {}
       @tabs_style = :tabs
       @resource_default_view = :show
+      @authorization_client = nil
     end
 
     def current_user_method(&block)

data/lib/avo/services/authorization_clients/pundit_client.rb

@@ -0,0 +1,51 @@
+module Avo
+  module Services
+    module AuthorizationClients
+      class PunditClient
+        def authorize(user, record, action, policy_class: nil)
+          Pundit.authorize(user, record, action, policy_class: policy_class)
+        rescue Pundit::NotDefinedError
+          raise NoPolicyError
+        rescue Pundit::NotAuthorizedError
+          raise NotAuthorizedError
+        end
+
+        def policy(user, record)
+          Pundit.policy(user, record)
+        end
+
+        def policy!(user, record)
+          Pundit.policy!(user, record)
+        rescue Pundit::NotDefinedError
+          raise NoPolicyError
+        end
+
+        def apply_policy(user, model, policy_class: nil)
+          # Try and figure out the scope from a given policy or auto-detected one
+          scope_from_policy_class = scope_for_policy_class(policy_class)
+
+          # If we discover one use it.
+          # Else fallback to pundit.
+          if scope_from_policy_class.present?
+            scope_from_policy_class.new(user, model).resolve
+          else
+            Pundit.policy_scope!(user, model)
+          end
+        rescue Pundit::NotDefinedError => error
+          raise NoPolicyError
+        end
+
+        private
+
+        # Fetches the scope for a given policy
+        def scope_for_policy_class(policy_class = nil)
+          return if policy_class.blank?
+
+          if policy_class.present? && defined?(policy_class::Scope)
+            policy_class::Scope
+          end
+        end
+      end
+    end
+  end
+end

data/lib/avo/services/authorization_service.rb

@@ -3,29 +3,30 @@ module Avo
     class AuthorizationService
       attr_accessor :user
       attr_accessor :record
+      attr_accessor :policy_class
 
       class << self
+        def client
+          (configuration_client || default_client).new
+        end
+
         def authorize(user, record, action, policy_class: nil, **args)
           return true if skip_authorization
           return true if user.nil?
 
-          policy_class ||= Pundit.policy(user, record)&.class
-          begin
-            if policy_class&.new(user, record)
-              Pundit.authorize user, record, action, policy_class: policy_class
-            end
-
-            true
-          rescue Pundit::NotDefinedError => e
-            return false unless Avo.configuration.raise_error_on_missing_policy
-
-            raise e
-          rescue => error
-            if args[:raise_exception] == false
-              false
-            else
-              raise error
-            end
+          client.authorize user, record, action, policy_class: policy_class
+
+          true
+        rescue NoPolicyError => error
+          # By default, Avo allows anything if you don't have a policy present.
+          return true unless Avo.configuration.raise_error_on_missing_policy
+
+          raise error
+        rescue => error
+          if args[:raise_exception] == false
+            false
+          else
+            raise error
           end
         end
 
@@ -35,7 +36,7 @@ module Avo
           # If no action passed we should raise error if the user wants that.
           # If not, just allow it.
           if action.nil?
-            raise Pundit::NotDefinedError.new "Policy method is missing" if Avo.configuration.raise_error_on_missing_policy
+            raise NoPolicyError.new "Policy method is missing" if Avo.configuration.raise_error_on_missing_policy
 
             return true
           end
@@ -48,39 +49,27 @@ module Avo
         def apply_policy(user, model, policy_class: nil)
           return model if skip_authorization || user.nil?
 
-          begin
-            if policy_class
-              policy_class::Scope.new(user, model).resolve
-            else
-              Pundit.policy_scope! user, model
-            end
-          rescue Pundit::NotDefinedError => e
-            return model unless Avo.configuration.raise_error_on_missing_policy
+          client.apply_policy(user, model, policy_class: policy_class)
+        rescue NoPolicyError => error
+          return model unless Avo.configuration.raise_error_on_missing_policy
 
-            raise e
-          end
+          raise error
         end
 
         def skip_authorization
           Avo::App.license.lacks_with_trial :authorization
         end
 
-        def authorized_methods(user, record)
-          [:new, :edit, :update, :show, :destroy].map do |method|
-            [method, authorize(user, record, Avo.configuration.authorization_methods[method])]
-          end.to_h
-        end
-
         def defined_methods(user, record, policy_class: nil, **args)
-          return Pundit.policy!(user, record).methods if policy_class.nil?
+          return client.policy!(user, record).methods if policy_class.nil?
 
           # I'm aware this will not raise a Pundit error.
           # Should the policy not exist, it will however raise an uninitialized constant error, which is probably what we want when specifying a custom policy
           policy_class.new(user, record).methods
-        rescue Pundit::NotDefinedError => e
+        rescue NoPolicyError => error
           return [] unless Avo.configuration.raise_error_on_missing_policy
 
-          raise e
+          raise error
         rescue => error
           if args[:raise_exception] == false
             []
@@ -88,16 +77,28 @@ module Avo
             raise error
           end
         end
+
+        def configuration_client
+          client = Avo.configuration.authorization_client
+
+          return if client.blank?
+
+          if client.is_a?(String)
+            client.safe_constantize
+          else
+            client
+          end
+        end
+
+        def default_client
+          Avo::Services::AuthorizationClients::PunditClient
+        end
       end
 
       def initialize(user = nil, record = nil, policy_class: nil)
         @user = user
         @record = record
-        @policy_class = policy_class || Pundit.policy(user, record)&.class
-      end
-
-      def authorize(action, **args)
-        self.class.authorize(user, record, action, policy_class: @policy_class, **args)
+        @policy_class = policy_class || self.class.client.policy(user, record)&.class
       end
 
       def set_record(record)
@@ -106,22 +107,16 @@ module Avo
         self
       end
 
-      def set_user(user)
-        @user = user
-
-        self
-      end
-
       def authorize_action(action, **args)
-        self.class.authorize_action(user, record, action, policy_class: @policy_class, **args)
+        self.class.authorize_action(user, record, action, policy_class: policy_class, **args)
       end
 
       def apply_policy(model)
-        self.class.apply_policy(user, model, policy_class: @policy_class)
+        self.class.apply_policy(user, model, policy_class: policy_class)
       end
 
       def defined_methods(model, **args)
-        self.class.defined_methods(user, model, policy_class: @policy_class, **args)
+        self.class.defined_methods(user, model, policy_class: policy_class, **args)
       end
 
       def has_method?(method, **args)

data/lib/avo/version.rb

@@ -1,3 +1,3 @@
 module Avo
-  VERSION = "2.17.0" unless const_defined?(:VERSION)
+  VERSION = "2.17.1.pre.2.customauthorizationclients" unless const_defined?(:VERSION)
 end

data/lib/avo.rb

@@ -44,6 +44,10 @@ module Avo
   class LicenseVerificationTemperedError < StandardError; end
 
   class LicenseInvalidError < StandardError; end
+
+  class NotAuthorizedError < StandardError; end
+
+  class NoPolicyError < StandardError; end
 end
 
 loader.eager_load

data/lib/generators/avo/templates/initializer/avo.tt

@@ -30,6 +30,7 @@ Avo.configure do |config|
   #   destroy: 'destroy?',
   # }
   # config.raise_error_on_missing_policy = false
+  # config.authorization_client = false
 
   ## == Localization ==
   # config.locale = 'en-US'