cedar_policy 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7410b46f2bfc9344de867185521852b7f95d4511e5b903dd8e451844e0e5b07e
-  data.tar.gz: 462c41840176d812a3caa1814eb156ade79833e3dfde0607a1459cb574bd0a1b
+  metadata.gz: 3d74502a574ecb798f539deef9534d297f8f60802fc1614a2ba61a0b04c381e8
+  data.tar.gz: 052ea0f3383e332bcd94931ff7f5c57f45aa2ffbd126e3e8628574e20dd39d98
 SHA512:
-  metadata.gz: c996c04f26847edea288d1aba4f995ab880c825009f197d9f88139065f63f4aa5fc4f62ddd8f86961418bfbcc344b41496a8ffd9d54b33da38f5de86ee0533d9
-  data.tar.gz: 2a99f4e6026e3bf6f020128f00a0d9a856f75fce16299a0cd486f834c867dd9e392c54328d3527a951fb064924c793d09969d7e4296b3d348e5085ff7bd08224
+  metadata.gz: 1a1311adf918c900f7baac517ed7942377cbe8ded2e44c7228926d1e84db87a10bf81b474cc68d9555f4b4db5a754ab7e29c41df508c06e3878f2daab3126adb
+  data.tar.gz: 7c038820cfb7c60d0730ab7d8d10f43acce0afcf10db84e97b3c4e76c8f49b6d469cfdf66c37edbd4531bc8ace9ffd66deaa146d9afa5550b87894be2263875a

data/Cargo.lock

@@ -170,7 +170,9 @@ name = "cedar_policy"
 version = "0.1.0"
 dependencies = [
  "cedar-policy",
+ "cedar-policy-core",
  "magnus",
+ "serde_magnus",
 ]
 
 [[package]]
@@ -400,9 +402,9 @@ dependencies = [
 
 [[package]]
 name = "indexmap"
-version = "2.3.0"
+version = "2.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "de3fc2e30ba82dd1b3911c8de1ffc143c74a914a14e99514d7637e3099df5ea0"
+checksum = "93ead53efc7ea8ed3cfb0c79fc8023fbb782a5432b52830b6518941cebe6505c"
 dependencies = [
  "equivalent",
  "hashbrown 0.14.5",
@@ -435,9 +437,9 @@ checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b"
 
 [[package]]
 name = "js-sys"
-version = "0.3.69"
+version = "0.3.70"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d"
+checksum = "1868808506b929d7b0cfa8f75951347aa71bb21144b7791bae35d9bccfcfe37a"
 dependencies = [
  "wasm-bindgen",
 ]
@@ -529,9 +531,9 @@ checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24"
 
 [[package]]
 name = "magnus"
-version = "0.7.1"
+version = "0.6.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d87ae53030f3a22e83879e666cb94e58a7bdf31706878a0ba48752994146dab"
+checksum = "b1597ef40aa8c36be098249e82c9a20cf7199278ac1c1a1a995eeead6a184479"
 dependencies = [
  "magnus-macros",
  "rb-sys",
@@ -659,7 +661,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db"
 dependencies = [
  "fixedbitset",
- "indexmap 2.3.0",
+ "indexmap 2.4.0",
 ]
 
 [[package]]
@@ -865,18 +867,18 @@ checksum = "a3f0bf26fd526d2a95683cd0f87bf103b8539e2ca1ef48ce002d67aad59aa0b4"
 
 [[package]]
 name = "serde"
-version = "1.0.206"
+version = "1.0.207"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b3e4cd94123dd520a128bcd11e34d9e9e423e7e3e50425cb1b4b1e3549d0284"
+checksum = "5665e14a49a4ea1b91029ba7d3bca9f299e1f7cfa194388ccc20f14743e784f2"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.206"
+version = "1.0.207"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fabfb6138d2383ea8208cf98ccf69cdfb1aff4088460681d84189aa259762f97"
+checksum = "6aea2634c86b0e8ef2cfdc0c340baede54ec27b1e46febd7f80dffb2aa44a00e"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -885,17 +887,28 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.122"
+version = "1.0.124"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "784b6203951c57ff748476b126ccb5e8e2959a5c19e5c617ab1956be3dbc68da"
+checksum = "66ad62847a56b3dba58cc891acd13884b9c61138d330c0d7b6181713d4fce38d"
 dependencies = [
- "indexmap 2.3.0",
+ "indexmap 2.4.0",
  "itoa",
  "memchr",
  "ryu",
  "serde",
 ]
 
+[[package]]
+name = "serde_magnus"
+version = "0.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "76c20da583b5e1016e9199ef5f3260f7a8d1b253307d232600f6b12737262dbd"
+dependencies = [
+ "magnus",
+ "serde",
+ "tap",
+]
+
 [[package]]
 name = "serde_with"
 version = "3.9.0"
@@ -906,7 +919,7 @@ dependencies = [
  "chrono",
  "hex",
  "indexmap 1.9.3",
- "indexmap 2.3.0",
+ "indexmap 2.4.0",
  "serde",
  "serde_derive",
  "serde_json",
@@ -1002,6 +1015,12 @@ dependencies = [
  "unicode-ident",
 ]
 
+[[package]]
+name = "tap"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"
+
 [[package]]
 name = "term"
 version = "0.7.0"
@@ -1149,19 +1168,20 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
 
 [[package]]
 name = "wasm-bindgen"
-version = "0.2.92"
+version = "0.2.93"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8"
+checksum = "a82edfc16a6c469f5f44dc7b571814045d60404b55a0ee849f9bcfa2e63dd9b5"
 dependencies = [
  "cfg-if",
+ "once_cell",
  "wasm-bindgen-macro",
 ]
 
 [[package]]
 name = "wasm-bindgen-backend"
-version = "0.2.92"
+version = "0.2.93"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da"
+checksum = "9de396da306523044d3302746f1208fa71d7532227f15e347e2d93e4145dd77b"
 dependencies = [
  "bumpalo",
  "log",
@@ -1174,9 +1194,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-macro"
-version = "0.2.92"
+version = "0.2.93"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726"
+checksum = "585c4c91a46b072c92e908d99cb1dcdf95c5218eeb6f3bf1efa991ee7a68cccf"
 dependencies = [
  "quote",
  "wasm-bindgen-macro-support",
@@ -1184,9 +1204,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-macro-support"
-version = "0.2.92"
+version = "0.2.93"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7"
+checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -1197,9 +1217,9 @@ dependencies = [
 
 [[package]]
 name = "wasm-bindgen-shared"
-version = "0.2.92"
+version = "0.2.93"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96"
+checksum = "c62a0a307cb4a311d3a07867860911ca130c3494e8c2719593806c08bc5d0484"
 
 [[package]]
 name = "winapi"

data/README.md

@@ -26,34 +26,35 @@ policy = <<~POLICY
             resource
           );
         POLICY
-policy_set = CedarPolicy::PolicySet.from_str(policy)
+policy_set = CedarPolicy::PolicySet.new(policy)
 
-principal = CedarPolicy::EntityUid.new("AdminUser", "1")
+principal = CedarPolicy::EntityUid.new("User", "1")
 action = CedarPolicy::EntityUid.new("Action", "view")
 resource = CedarPolicy::EntityUid.new("Image", "1")
+ctx = CedarPolicy::Context.new
 
-request = CedarPolicy::Request.new(principal, action, resource)
+request = CedarPolicy::Request.new(principal, action, resource, ctx)
 
-entities_json = <<~JSON
-      [
-       {
-         "uid": { "type": "AdminUser", "id": "1" },
-         "attrs": {},
-         "parents": []
-       }
-      ]
-    JSON
-entities = CedarPolicy::Entities.from_json(entities_json)
+entities = CedarPolicy::Entities.new([
+    CedarPolicy::Entity.new(
+        CedarPolicy::EntityUid.new("User", "1"),
+        { role: "admin" }
+    )
+])
 
 authorizer = CedarPolicy::Authorizer.new
-
-authorized = authorizer.authorize?(request, policy_set, entities) # => true
+authorizer.authorize?(request, policy_set, entities) # => true
 
 response = authorizer.authorize(request, policy_set, entities)
-response.decision # => CedarPolicy::Decision.allow
+response.decision # => CedarPolicy::Decision::ALLOW
 ```
 
-> Currently, the API design is including too many low-level details. We are working on a more user-friendly API.
+## Roadmap
+
+* [ ] Add DSL to improve developer experience
+* [ ] Diagnostics return with response
+* [ ] Validator support
+* [ ] Schema support
 
 ## Development
 

data/ext/cedar_policy/Cargo.toml

@@ -11,4 +11,6 @@ crate-type = ["cdylib"]
 
 [dependencies]
 cedar-policy = "3.2.4"
-magnus = { version = "0.7.1" }
+cedar-policy-core = "3.2.4"
+magnus = "0.6.2"
+serde_magnus = "0.8.1"

data/ext/cedar_policy/src/authorizer.rs

@@ -1,7 +1,9 @@
 use cedar_policy::{Authorizer, Decision};
 use magnus::{function, method, Error, Module, Object, RModule, Ruby};
 
-use crate::{entities::REntities, policy_set::RPolicySet, request::RRequest, response::RResponse};
+use crate::{
+    entities::EntitiesWrapper, policy_set::RPolicySet, request::RRequest, response::RResponse,
+};
 
 #[magnus::wrap(class = "CedarPolicy::Authorizer")]
 pub struct RAuthorizer(Authorizer);
@@ -11,18 +13,23 @@ impl RAuthorizer {
         RAuthorizer(Authorizer::new())
     }
 
-    fn is_authorized(&self, request: &RRequest, policy: &RPolicySet, entities: &REntities) -> bool {
-        let response = self
-            .0
-            .is_authorized(request.into(), &policy.into(), &entities.into());
-        response.decision() == Decision::Allow
+    fn is_authorized(
+        &self,
+        request: &RRequest,
+        policy: &RPolicySet,
+        entities: EntitiesWrapper,
+    ) -> bool {
+        self.0
+            .is_authorized(request.into(), &policy.into(), &entities.into())
+            .decision()
+            == Decision::Allow
     }
 
     fn authorize(
         &self,
         request: &RRequest,
         policy: &RPolicySet,
-        entities: &REntities,
+        entities: EntitiesWrapper,
     ) -> RResponse {
         self.0
             .is_authorized(request.into(), &policy.into(), &entities.into())

data/ext/cedar_policy/src/context.rs

@@ -0,0 +1,51 @@
+use cedar_policy::Context;
+use cedar_policy_core::jsonvalue::JsonValueWithNoDuplicateKeys;
+use magnus::{
+    value::{Lazy, ReprValue},
+    Error, Module, RClass, Ruby, TryConvert, Value,
+};
+use serde_magnus::deserialize;
+
+use crate::CEDAR_POLICY;
+
+static CONTEXT: Lazy<RClass> = Lazy::new(|ruby| {
+    ruby.get_inner(&CEDAR_POLICY)
+        .define_class("Context", ruby.class_object())
+        .unwrap()
+});
+
+pub struct ContextWrapper(Context);
+
+impl From<ContextWrapper> for Context {
+    fn from(value: ContextWrapper) -> Self {
+        value.0
+    }
+}
+
+impl TryConvert for ContextWrapper {
+    fn try_convert(value: Value) -> Result<Self, Error> {
+        let handle = Ruby::get_with(value);
+        match value.respond_to("to_hash", false) {
+            Ok(true) => {
+                let value: Value = value.funcall_public("to_hash", ())?;
+                let value: JsonValueWithNoDuplicateKeys = deserialize(value)?;
+                Ok(Self(Context::from_json_value(value.into(), None).map_err(
+                    |e| Error::new(handle.exception_runtime_error(), e.to_string()),
+                )?))
+            }
+            Err(e) => Err(Error::new(handle.exception_runtime_error(), e.to_string())),
+            _ => Err(Error::new(
+                handle.exception_arg_error(),
+                format!("no implicit conversion of {} into Context", unsafe {
+                    value.classname()
+                }),
+            ))?,
+        }
+    }
+}
+
+pub fn init(ruby: &Ruby) -> Result<(), Error> {
+    Lazy::force(&CONTEXT, ruby);
+
+    Ok(())
+}

data/ext/cedar_policy/src/decision.rs

@@ -1,19 +1,27 @@
 use cedar_policy::Decision;
 use magnus::{
-    function, method, typed_data::IsEql, value::ReprValue, Class, Error, Module, Object, RModule,
-    Ruby, TryConvert, Value,
+    method,
+    typed_data::IsEql,
+    value::{Lazy, ReprValue},
+    Class, Error, IntoValue, Module, RClass, Ruby, TryConvert, Value,
 };
 
-#[magnus::wrap(class = "CedarPolicy::Decision")]
-pub struct RDecision(Decision);
+use crate::CEDAR_POLICY;
 
-fn allow() -> RDecision {
-    RDecision(Decision::Allow)
-}
+static DECISION: Lazy<RClass> = Lazy::new(|ruby| {
+    ruby.get_inner(&CEDAR_POLICY)
+        .define_class("Decision", ruby.class_object())
+        .unwrap()
+});
 
-fn deny() -> RDecision {
-    RDecision(Decision::Deny)
-}
+pub static DECISION_ALLOW: Lazy<Value> =
+    Lazy::new(|ruby| RDecision(Decision::Allow).into_value_with(ruby));
+
+pub static DECISION_DENY: Lazy<Value> =
+    Lazy::new(|ruby| RDecision(Decision::Deny).into_value_with(ruby));
+
+#[magnus::wrap(class = "CedarPolicy::Decision")]
+pub struct RDecision(Decision);
 
 impl IsEql for RDecision {
     fn is_eql(&self, other: Value) -> bool {
@@ -42,12 +50,15 @@ impl From<Decision> for RDecision {
     }
 }
 
-pub fn init(ruby: &Ruby, module: &RModule) -> Result<(), Error> {
-    let class = module.define_class("Decision", ruby.class_object())?;
+pub fn init(ruby: &Ruby) -> Result<(), Error> {
+    let class = ruby.get_inner(&DECISION);
+    let allow = ruby.get_inner(&DECISION_ALLOW);
+    let deny = ruby.get_inner(&DECISION_DENY);
+
     class.undef_default_alloc_func();
 
-    class.define_singleton_method("allow", function!(allow, 0))?;
-    class.define_singleton_method("deny", function!(deny, 0))?;
+    class.const_set("ALLOW", allow)?;
+    class.const_set("DENY", deny)?;
 
     class.define_method("==", method!(<RDecision as IsEql>::is_eql, 1))?;
     class.define_method("eql?", method!(<RDecision as IsEql>::is_eql, 1))?;

data/ext/cedar_policy/src/entities.rs

@@ -1,37 +1,51 @@
 use cedar_policy::Entities;
-use magnus::{function, method, Error, Module, Object, RModule, Ruby};
+use cedar_policy_core::jsonvalue::JsonValueWithNoDuplicateKeys;
+use magnus::{
+    value::{Lazy, ReprValue},
+    Error, Module, RClass, Ruby, TryConvert, Value,
+};
+use serde_magnus::deserialize;
 
-use crate::{entity::REntity, entity_uid::REntityUid, error::ENTITIES_ERROR};
+use crate::CEDAR_POLICY;
 
-#[magnus::wrap(class = "CedarPolicy::Entities")]
-pub struct REntities(Entities);
+static ENTITIES: Lazy<RClass> = Lazy::new(|ruby| {
+    ruby.get_inner(&CEDAR_POLICY)
+        .define_class("Entities", ruby.class_object())
+        .unwrap()
+});
 
-impl REntities {
-    fn new() -> Self {
-        Self(Entities::empty())
-    }
-
-    fn from_json(ruby: &Ruby, json: String) -> Result<Self, Error> {
-        let entities = Entities::from_json_str(&json, None)
-            .map_err(|error| Error::new(ruby.get_inner(&ENTITIES_ERROR), error.to_string()))?;
-        Ok(Self(entities))
-    }
+pub struct EntitiesWrapper(Entities);
 
-    fn get(&self, uid: &REntityUid) -> Option<REntity> {
-        self.0.get(&uid.into()).map(|entity| entity.into())
+impl From<EntitiesWrapper> for Entities {
+    fn from(value: EntitiesWrapper) -> Self {
+        value.0
     }
 }
 
-impl From<&REntities> for Entities {
-    fn from(entities: &REntities) -> Self {
-        entities.0.clone()
+impl TryConvert for EntitiesWrapper {
+    fn try_convert(value: Value) -> Result<Self, Error> {
+        let handle = Ruby::get_with(value);
+        match value.respond_to("to_ary", false) {
+            Ok(true) => {
+                let value: Value = value.funcall_public("to_ary", ())?;
+                let value: JsonValueWithNoDuplicateKeys = deserialize(value)?;
+                Ok(Self(
+                    Entities::from_json_value(value.into(), None)
+                        .map_err(|e| Error::new(handle.exception_arg_error(), e.to_string()))?,
+                ))
+            }
+            Err(e) => Err(Error::new(handle.exception_arg_error(), e.to_string())),
+            _ => Err(Error::new(
+                handle.exception_arg_error(),
+                format!("no implicit conversion of {} into Entities", unsafe {
+                    value.classname()
+                }),
+            ))?,
+        }
     }
 }
 
-pub fn init(ruby: &Ruby, module: &RModule) -> Result<(), Error> {
-    let class = module.define_class("Entities", ruby.class_object())?;
-    class.define_singleton_method("new", function!(REntities::new, 0))?;
-    class.define_singleton_method("from_json", function!(REntities::from_json, 1))?;
-    class.define_method("get", method!(REntities::get, 1))?;
+pub fn init(ruby: &Ruby) -> Result<(), Error> {
+    Lazy::force(&ENTITIES, ruby);
     Ok(())
 }

data/ext/cedar_policy/src/entity_uid.rs

@@ -1,54 +1,71 @@
-use std::str::FromStr;
+use cedar_policy::EntityUid;
+use cedar_policy_core::jsonvalue::JsonValueWithNoDuplicateKeys;
+use magnus::{
+    value::{Lazy, ReprValue},
+    Class, Error, IntoValue, Module, RClass, Ruby, TryConvert, Value,
+};
+use serde_magnus::deserialize;
 
-use cedar_policy::{EntityId, EntityTypeName, EntityUid};
-use magnus::{function, method, Error, Module, Object, RModule, Ruby};
+use crate::CEDAR_POLICY;
 
-#[magnus::wrap(class = "CedarPolicy::EntityUid")]
-pub struct REntityUid(EntityUid);
+static ENTITY_UID: Lazy<RClass> = Lazy::new(|ruby| {
+    ruby.get_inner(&CEDAR_POLICY)
+        .define_class("EntityUid", ruby.class_object())
+        .unwrap()
+});
 
-impl REntityUid {
-    fn new(ruby: &Ruby, entity_type: String, id: String) -> Result<Self, Error> {
-        let id = EntityId::from_str(&id)
-            .map_err(|e| Error::new(ruby.exception_arg_error(), e.to_string()))?;
-        let entity_type = EntityTypeName::from_str(&entity_type)
-            .map_err(|e| Error::new(ruby.exception_arg_error(), e.to_string()))?;
+pub struct EntityUidWrapper(EntityUid);
 
-        return Ok(Self(EntityUid::from_type_name_and_id(entity_type, id)));
-    }
-
-    fn eq(&self, other: &REntityUid) -> bool {
-        self.0.eq(&other.0)
+impl EntityUidWrapper {
+    pub fn new(uid: EntityUid) -> Self {
+        Self(uid)
     }
+}
 
-    fn to_s(&self) -> String {
-        self.0.to_string()
+impl From<EntityUidWrapper> for EntityUid {
+    fn from(value: EntityUidWrapper) -> EntityUid {
+        value.0
     }
 }
 
-impl From<EntityUid> for REntityUid {
-    fn from(uid: EntityUid) -> Self {
-        Self(uid)
+impl IntoValue for EntityUidWrapper {
+    fn into_value_with(self, handle: &Ruby) -> Value {
+        let type_name = self.0.type_name().to_string();
+        let id = self.0.id().to_string();
+        let class = handle.get_inner(&ENTITY_UID);
+
+        return class.new_instance((type_name, id)).unwrap().into();
     }
 }
 
-impl From<&EntityUid> for REntityUid {
-    fn from(uid: &EntityUid) -> Self {
-        Self(uid.clone())
+impl TryConvert for EntityUidWrapper {
+    fn try_convert(value: Value) -> Result<Self, magnus::Error> {
+        let handle = Ruby::get_with(value);
+        match value.respond_to("to_hash", false) {
+            Ok(true) => {
+                let value: Value = value.funcall_public("to_hash", ())?;
+                let value: JsonValueWithNoDuplicateKeys = deserialize(value)?;
+                Ok(Self(EntityUid::from_json(value.into()).map_err(|e| {
+                    Error::new(handle.exception_runtime_error(), e.to_string())
+                })?))
+            }
+            Err(e) => Err(Error::new(handle.exception_runtime_error(), e.to_string())),
+            _ => Err(Error::new(
+                handle.exception_arg_error(),
+                format!("no implicit conversion of {} into EntityUid", unsafe {
+                    value.classname()
+                }),
+            ))?,
+        }
     }
 }
 
-impl From<&REntityUid> for EntityUid {
-    fn from(wrapper: &REntityUid) -> Self {
-        wrapper.0.clone()
-    }
+pub fn to_euid_value(euid: &EntityUid) -> Value {
+    EntityUidWrapper::new(euid.clone()).into_value_with(&Ruby::get().unwrap())
 }
 
-pub fn init(ruby: &Ruby, module: &RModule) -> Result<(), Error> {
-    let class = module.define_class("EntityUid", ruby.class_object())?;
-    class.define_singleton_method("new", function!(REntityUid::new, 2))?;
-    class.define_method("==", method!(REntityUid::eq, 1))?;
-    class.define_method("to_s", method!(REntityUid::to_s, 0))?;
-    class.define_method("inspect", method!(REntityUid::to_s, 0))?;
+pub fn init(ruby: &Ruby) -> Result<(), Error> {
+    Lazy::force(&ENTITY_UID, ruby);
 
     Ok(())
 }

data/ext/cedar_policy/src/lib.rs

@@ -1,9 +1,9 @@
 use magnus::{value::Lazy, Error, RModule, Ruby};
 
 mod authorizer;
+mod context;
 mod decision;
 mod entities;
-mod entity;
 mod entity_uid;
 mod error;
 mod policy_set;
@@ -17,14 +17,14 @@ fn init(ruby: &Ruby) -> Result<(), Error> {
     let module = ruby.get_inner(&CEDAR_POLICY);
 
     error::init(ruby)?;
+    entity_uid::init(ruby)?;
+    entities::init(ruby)?;
+    decision::init(ruby)?;
+    context::init(ruby)?;
     authorizer::init(ruby, &module)?;
-    entity_uid::init(ruby, &module)?;
-    entities::init(ruby, &module)?;
-    entity::init(ruby, &module)?;
     request::init(ruby, &module)?;
     response::init(ruby, &module)?;
     policy_set::init(ruby, &module)?;
-    decision::init(ruby, &module)?;
 
     Ok(())
 }

data/ext/cedar_policy/src/policy_set.rs

@@ -1,7 +1,7 @@
 use std::str::FromStr;
 
-use cedar_policy::PolicySet;
-use magnus::{function, method, Error, Module, Object, RModule, Ruby};
+use cedar_policy::{ParseErrors, PolicySet};
+use magnus::{function, method, scan_args::scan_args, Error, Module, Object, RModule, Ruby, Value};
 
 use crate::error::PARSE_ERROR;
 
@@ -9,14 +9,15 @@ use crate::error::PARSE_ERROR;
 pub struct RPolicySet(PolicySet);
 
 impl RPolicySet {
-    fn new() -> Self {
-        Self(PolicySet::new())
-    }
-
-    fn from_str(ruby: &Ruby, policy: String) -> Result<Self, Error> {
-        let policy = PolicySet::from_str(&policy)
-            .map_err(|e| Error::new(ruby.get_inner(&PARSE_ERROR), e.to_string()))?;
-        Ok(Self(policy))
+    fn new(ruby: &Ruby, args: &[Value]) -> Result<Self, Error> {
+        let args = scan_args::<(), _, (), (), (), ()>(args)?;
+        let (policy,): (Option<String>,) = args.optional;
+
+        match policy {
+            Some(policy) => Self::from_str(&policy)
+                .map_err(|e| Error::new(ruby.get_inner(&PARSE_ERROR), e.to_string())),
+            None => Ok(Self(PolicySet::new())),
+        }
     }
 
     fn is_empty(&self) -> bool {
@@ -30,10 +31,17 @@ impl From<&RPolicySet> for PolicySet {
     }
 }
 
+impl FromStr for RPolicySet {
+    type Err = ParseErrors;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        Ok(Self(PolicySet::from_str(s)?))
+    }
+}
+
 pub fn init(ruby: &Ruby, module: &RModule) -> Result<(), Error> {
     let class = module.define_class("PolicySet", ruby.class_object())?;
-    class.define_singleton_method("new", function!(RPolicySet::new, 0))?;
-    class.define_singleton_method("from_str", function!(RPolicySet::from_str, 1))?;
+    class.define_singleton_method("new", function!(RPolicySet::new, -1))?;
     class.define_method("empty?", method!(RPolicySet::is_empty, 0))?;
 
     Ok(())

data/ext/cedar_policy/src/request.rs

@@ -1,40 +1,45 @@
-use cedar_policy::{Context, Request};
-use magnus::{function, method, Error, Module, Object, RModule, Ruby};
+use cedar_policy::Request;
+use magnus::{function, method, Error, Module, Object, RModule, Ruby, Value};
 use std::convert::Into;
 
-use crate::entity_uid::REntityUid;
+use crate::{
+    context::ContextWrapper,
+    entity_uid::{to_euid_value, EntityUidWrapper},
+};
 
 #[magnus::wrap(class = "CedarPolicy::Request")]
 pub struct RRequest(Request);
 
 impl RRequest {
     fn new(
-        principal: Option<&REntityUid>,
-        action: Option<&REntityUid>,
-        resource: Option<&REntityUid>,
-    ) -> Self {
-        Self(
+        ruby: &Ruby,
+        principal: Option<EntityUidWrapper>,
+        action: Option<EntityUidWrapper>,
+        resource: Option<EntityUidWrapper>,
+        context: ContextWrapper,
+    ) -> Result<Self, Error> {
+        Ok(Self(
             Request::new(
-                principal.map(&Into::into),
-                action.map(&Into::into),
-                resource.map(&Into::into),
-                Context::empty(),
+                principal.map(|p| p.into()),
+                action.map(|a| a.into()),
+                resource.map(|r| r.into()),
+                context.into(),
                 None,
             )
-            .unwrap(),
-        )
+            .map_err(|e| Error::new(ruby.exception_runtime_error(), e.to_string()))?,
+        ))
     }
 
-    fn principal(&self) -> Option<REntityUid> {
-        self.0.principal().map(&Into::into)
+    fn principal(&self) -> Option<Value> {
+        self.0.principal().map(&to_euid_value)
     }
 
-    fn action(&self) -> Option<REntityUid> {
-        self.0.action().map(&Into::into)
+    fn action(&self) -> Option<Value> {
+        self.0.action().map(&to_euid_value)
     }
 
-    fn resource(&self) -> Option<REntityUid> {
-        self.0.resource().map(&Into::into)
+    fn resource(&self) -> Option<Value> {
+        self.0.resource().map(&to_euid_value)
     }
 }
 
@@ -46,7 +51,7 @@ impl<'a> From<&'a RRequest> for &'a Request {
 
 pub fn init(ruby: &Ruby, module: &RModule) -> Result<(), Error> {
     let class = module.define_class("Request", ruby.class_object())?;
-    class.define_singleton_method("new", function!(RRequest::new, 3))?;
+    class.define_singleton_method("new", function!(RRequest::new, 4))?;
     class.define_method("principal", method!(RRequest::principal, 0))?;
     class.define_method("action", method!(RRequest::action, 0))?;
     class.define_method("resource", method!(RRequest::resource, 0))?;

data/ext/cedar_policy/src/response.rs

@@ -7,7 +7,7 @@ use crate::decision::RDecision;
 pub struct RResponse(Response);
 
 impl RResponse {
-    fn decision(&self) -> RDecision {
+    pub fn decision(&self) -> RDecision {
         self.0.decision().into()
     }
 }

data/lib/cedar_policy/context.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module CedarPolicy
+  # :nodoc:
+  class Context
+    def initialize(context = {})
+      @context = context
+    end
+
+    def to_hash
+      CedarPolicy.deep_serialize(@context)
+    end
+  end
+end

data/lib/cedar_policy/entities.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module CedarPolicy
+  # :nodoc:
+  class Entities
+    def initialize(entities = [])
+      @entities = Set.new(entities)
+    end
+
+    def to_ary
+      @entities.map { |entity| CedarPolicy.deep_serialize(entity) }
+    end
+  end
+end

data/lib/cedar_policy/entity.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module CedarPolicy
+  # :nodoc:
+  class Entity
+    attr_reader :uid, :attrs, :parents
+
+    def initialize(uid, attrs = {}, parents = [])
+      raise ArgumentError unless uid.is_a?(EntityUid)
+
+      @uid = uid
+      @attrs = attrs
+      @parents = Set.new(parents)
+    end
+
+    def ==(other)
+      hahs == other.hash
+    end
+
+    def hash
+      [self.class, @uid].hash
+    end
+
+    def to_hash
+      {
+        uid: @uid,
+        attrs: @attrs,
+        parents: @parents.to_a
+      }
+    end
+  end
+end

data/lib/cedar_policy/entity_uid.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module CedarPolicy
+  # :nodoc:
+  class EntityUid
+    attr_reader :type_name, :id
+
+    def initialize(type_name, id)
+      @type_name = type_name.to_s
+      @id = id.to_s
+    end
+
+    def ==(other)
+      hash == other.hash
+    end
+
+    def hash
+      [self.class, @type_name, @id].hash
+    end
+
+    def to_str
+      "#{@type_name}::#{@id.inspect}"
+    end
+    alias to_s to_str
+    alias inspect to_str
+
+    def to_hash
+      { type: @type_name, id: @id }
+    end
+  end
+end

data/lib/cedar_policy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module CedarPolicy
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

data/lib/cedar_policy.rb

@@ -1,9 +1,29 @@
 # frozen_string_literal: true
 
+require "json"
+require "set"
+
 require_relative "cedar_policy/version"
 require_relative "cedar_policy/cedar_policy"
+require_relative "cedar_policy/entity_uid"
+require_relative "cedar_policy/entity"
+require_relative "cedar_policy/entities"
+require_relative "cedar_policy/context"
 
+# :nodoc:
 module CedarPolicy
   class Error < StandardError; end
-  # Your code goes here...
+
+  def self.deep_serialize(input)
+    input.to_hash.each_with_object({}) do |(key, value), output|
+      output[key.to_sym] =
+        case value
+        when ->(h) { h.respond_to?(:to_hash) } then deep_serialize(value)
+        when Array
+          value.map { |item| item.respond_to?(:to_hash) ? deep_serialize(item) : item }
+        else
+          value
+        end
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cedar_policy
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Aotokitsuruya
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-08-13 00:00:00.000000000 Z
+date: 2024-08-14 00:00:00.000000000 Z
 dependencies: []
 description: Ruby bindings for Cedar policy evaluation engine.
 email:
@@ -29,9 +29,9 @@ files:
 - ext/cedar_policy/Cargo.toml
 - ext/cedar_policy/extconf.rb
 - ext/cedar_policy/src/authorizer.rs
+- ext/cedar_policy/src/context.rs
 - ext/cedar_policy/src/decision.rs
 - ext/cedar_policy/src/entities.rs
-- ext/cedar_policy/src/entity.rs
 - ext/cedar_policy/src/entity_uid.rs
 - ext/cedar_policy/src/error.rs
 - ext/cedar_policy/src/lib.rs
@@ -39,6 +39,10 @@ files:
 - ext/cedar_policy/src/request.rs
 - ext/cedar_policy/src/response.rs
 - lib/cedar_policy.rb
+- lib/cedar_policy/context.rb
+- lib/cedar_policy/entities.rb
+- lib/cedar_policy/entity.rb
+- lib/cedar_policy/entity_uid.rb
 - lib/cedar_policy/version.rb
 - sig/cedar_policy.rbs
 homepage: https://github.com/elct9620/cedar-policy-rb

data/ext/cedar_policy/src/entity.rs

@@ -1,70 +0,0 @@
-use std::{
-    collections::{HashMap, HashSet},
-    str::FromStr,
-};
-
-use cedar_policy::{Entity, RestrictedExpression};
-use magnus::{
-    function, method, scan_args::scan_args, Error, Module, Object, RHash, RModule, Ruby, Value,
-};
-
-use crate::{entity_uid::REntityUid, error::PARSE_ERROR};
-
-#[magnus::wrap(class = "CedarPolicy::Entity")]
-pub struct REntity(Entity);
-
-impl REntity {
-    fn new(ruby: &Ruby, args: &[Value]) -> Result<REntity, Error> {
-        let args = scan_args::<_, _, (), (), (), ()>(args)?;
-        let (uid,): (&REntityUid,) = args.required;
-        let (attrs,): (Option<RHash>,) = args.optional;
-
-        match attrs {
-            Some(attrs) => Ok(Self(
-                Entity::new(uid.into(), try_convert_attrs(ruby, &attrs)?, HashSet::new())
-                    .map_err(|e| Error::new(ruby.get_inner(&PARSE_ERROR), e.to_string()))?,
-            )),
-            None => Ok(Self(Entity::with_uid(uid.into()))),
-        }
-    }
-
-    fn uid(&self) -> REntityUid {
-        self.0.uid().into()
-    }
-}
-
-impl From<&Entity> for REntity {
-    fn from(entity: &Entity) -> Self {
-        Self(entity.clone())
-    }
-}
-
-fn to_attr(
-    ruby: &Ruby,
-    key: String,
-    value: String,
-) -> Result<(String, RestrictedExpression), Error> {
-    Ok((
-        key,
-        RestrictedExpression::from_str(&value)
-            .map_err(|e| Error::new(ruby.get_inner(&PARSE_ERROR), e.to_string()))?,
-    ))
-}
-
-fn try_convert_attrs(
-    ruby: &Ruby,
-    attrs: &RHash,
-) -> Result<HashMap<String, RestrictedExpression>, Error> {
-    Ok(attrs
-        .to_hash_map::<String, String>()?
-        .iter()
-        .map(|(k, v)| to_attr(ruby, k.to_string(), v.to_string()))
-        .collect::<Result<HashMap<String, RestrictedExpression>, Error>>()?)
-}
-
-pub fn init(ruby: &Ruby, module: &RModule) -> Result<(), Error> {
-    let class = module.define_class("Entity", ruby.class_object())?;
-    class.define_singleton_method("new", function!(REntity::new, -1))?;
-    class.define_method("uid", method!(REntity::uid, 0))?;
-    Ok(())
-}