RubyGems - critic - Versions diffs - 0.2.0 → 0.2.1 - Mend

critic 0.2.0 → 0.2.1

Files changed (16) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/.travis.yml +7 -1
data/Appraisals +11 -0
data/CHANGELOG.md +22 -0
data/Gemfile +2 -1
data/LICENSE.txt +7 -0
data/README.md +76 -5
data/critic.gemspec +3 -2
data/lib/critic/authorization.rb +1 -0
data/lib/critic/authorization_denied.rb +1 -0
data/lib/critic/callbacks.rb +4 -4
data/lib/critic/controller.rb +3 -2
data/lib/critic/policy.rb +13 -11
data/lib/critic/version.rb +1 -1
metadata +14 -10

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 119a637d018051dfe1517011f155c2d78155ccdc
-  data.tar.gz: eb1a100714ade7c9d2b8e15f1bd99b023fe07a1c
+  metadata.gz: '0119b15b73b4b634a8094d17b84a57d1a184a4ac'
+  data.tar.gz: 695b82b9e3aef373a73b23fa865e67ed4cd0e896
 SHA512:
-  metadata.gz: 0a0e3a0ec214a2a081a3b3725e2271f9bd5e975195f3663c7015600f2647d406a60ffa4c0363bd60e6071a63077a5fbd9cbaec9365102dad49ba98711f267901
-  data.tar.gz: ea2def4856cc138ed661bc309cf48c64ab5820e111e9f60a5f5e89581610c60a7aa04d2a4786f438548f7e83df297587a3075abd085c45ad0829689b1e00bc12
+  metadata.gz: e006d30bcdfced9e3eb957cc8ddb80418b894213eab82f3b8f0f520282eaf47e3c76b6120ff23da6ad153886476bf7b12b1833aba6f1924e42f9b9925b13d7ed
+  data.tar.gz: 7f8256287c97d17118eb0f33665602d63364657fd6b9dbe0fac96bd9cb6ad2221e0ede3a68bb50c7c488dc35b7c2b69c8ccddff8138c2edc7b80a5e2b07379ce

data/.gitignore CHANGED Viewed

@@ -9,3 +9,4 @@
 /tmp/
 spec/examples.txt
 *.gem
+gemfiles/

data/.travis.yml CHANGED Viewed

@@ -4,8 +4,14 @@ cache:
   - bundler
 rvm:
   - 2.3.0
-script:
+before_script:
+  - bundle install
+script:
   - bundle exec rake rubocop
   - bundle exec rake spec
 notifications:
   email: false
+gemfile:
+  - gemfiles/activesupport_5.gemfile
+  - gemfiles/activesupport_4.gemfile
+  - gemfiles/activesupport_3.gemfile

data/Appraisals ADDED Viewed

@@ -0,0 +1,11 @@
+appraise "activesupport-5" do
+  gem "activesupport", '~> 5.0'
+end
+appraise "activesupport-4" do
+  gem "activesupport", '~> 4.2'
+end
+appraise "activesupport-3" do
+  gem "activesupport", '~> 3.2'
+end

data/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,22 @@
+# Change Log
+## [Unreleased](https://github.com/lanej/critic/tree/HEAD)
+[Full Changelog](https://github.com/lanej/critic/compare/v0.2.0...HEAD)
+**Merged pull requests:**
+- chore: loosen activesupport requirement and test versions [\#3](https://github.com/lanej/critic/pull/3) ([lanej](https://github.com/lanej))
+- add MIT license [\#2](https://github.com/lanej/critic/pull/2) ([thommahoney](https://github.com/thommahoney))
+## [v0.2.0](https://github.com/lanej/critic/tree/v0.2.0) (2016-06-22)
+[Full Changelog](https://github.com/lanej/critic/compare/v0.1.1...v0.2.0)
+**Merged pull requests:**
+- add callbacks to `Critic::Policy\#authorize` [\#1](https://github.com/lanej/critic/pull/1) ([lanej](https://github.com/lanej))
+## [v0.1.1](https://github.com/lanej/critic/tree/v0.1.1) (2016-06-07)
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

data/Gemfile CHANGED Viewed

@@ -5,7 +5,8 @@ source 'https://rubygems.org'
 gemspec
 gem 'activesupport', '~> 3.2.22', require: false
-gem 'rubocop', '~> 0.40', require: false
+gem 'appraisal', '~> 2.1'
+gem 'rubocop', '~> 0.46.0', require: false
 group :test do
   gem 'pry-nav'

data/LICENSE.txt ADDED Viewed

@@ -0,0 +1,7 @@
+Copyright (c) 2016 Joshua Lane
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md CHANGED Viewed

@@ -46,7 +46,7 @@ The most basic actions return `true` or `false` to indicate the authorization st
 class PostPolicy
   include Critic::Policy
-  def update
+  def update?
     !resource.locked
   end
 end
@@ -60,15 +60,15 @@ Verify authorization using `#authorize`.
 Post = Struct.new(:locked)
 User = Struct.new
-PostPolicy.authorize(:update, User.new, Post.new(false)).granted? #=> true
-PostPolicy.authorize(:update, User.new, Post.new(true)).granted? #=> false
+PostPolicy.authorize(:update?, User.new, Post.new(false)).granted? #=> true
+PostPolicy.authorize(:update?, User.new, Post.new(true)).granted? #=> false
 ```
 #### Scopes
 Scopes treat `resource` as a starting point and return a restricted set of associated resources.  Policies can have any number of scopes.  The default scope is `#index`.
-```
+```ruby
 # app/policies/post_policy.rb
 class PostPolicy
   include Critic::Policy
@@ -79,6 +79,40 @@ class PostPolicy
 end
 ```
+#### Convention
+It can be a useful convention to add a `?` suffix to your action methods.  This allows a clear separation between actions and scopes.  All other methods should be `protected`, similar to Rails controller.
+```ruby
+# app/policies/post_policy.rb
+class PostPolicy
+  include Critic::Policy
+  # default scope
+  def index
+    Post.where(published: true)
+  end
+  # custom scope
+  def author_index
+    Post.where(author_id: subject.id)
+  end
+  # action
+  def show?
+    (post.draft? && authored_post?) || post.published?
+  end
+  protected
+  alias post resource
+  def authored_post?
+    subject == post.author
+  end
+end
+```
 ### Controller
 Controllers are the primary consumer of policies.  Controllers ask the policy if an authenticated subject is authorized to perform a specific action on a specific resource.
@@ -127,8 +161,12 @@ class PostController < Sinatra::Base
     post.to_json
   end
 end
 ```
+#### Custom subject
 By default, the policy's subject is referenced by `current_user`.  Override `critic` to customize.
 ```ruby
@@ -144,9 +182,43 @@ class ApplicationController < ActionController::Base
 end
 ```
+#### Custom policy
+The default policy for a resource is referenced by the resoure class name.  For instance, Critic will look for a `PostPolicy` for a `Post.new` object.  You can set a custom policy for the entire controller by overriding the `policy` method.
+```ruby
+# app/controllers/post_controller.rb
+class PostController < ActionController::Base
+  include Critic::Controller
+  protected
+  def policy(_resource)
+    V2::PostPolicy
+  end
+end
+```
+You can also provide a specific policy when calling `authorize`
+```ruby
+# app/controllers/post_controller.rb
+class PostController < ActionController::Base
+  include Critic::Controller
+  def show
+    post = Post.find(params[:id])
+    authorize post, policy: V2::PostPolicy
+    render json: post
+  end
+end
+```
 #### Testing
+`bundle exec rake spec`
 ## Development
@@ -157,4 +229,3 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 ## Contributing
 Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/critic.

data/critic.gemspec CHANGED Viewed

@@ -18,10 +18,11 @@ Gem::Specification.new do |spec|
   spec.bindir        = 'bin'
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
+  spec.license       = 'MIT'
   spec.add_development_dependency 'bundler', '~> 1.10'
   spec.add_development_dependency 'rake', '~> 10.0'
-  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'rspec', '~> 3.4'
-  spec.add_dependency 'activesupport', '> 3.0', '< 5.0'
+  spec.add_dependency 'activesupport', '> 3.0', '< 6.0'
 end

data/lib/critic/authorization.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+# Represents an authorization result for a policy and action
 class Critic::Authorization
   attr_reader :policy, :action
   attr_accessor :messages, :granted, :result, :metadata

data/lib/critic/authorization_denied.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+# Custom error class for authorization failures
 class Critic::AuthorizationDenied < Critic::Error
   DEFAULT_MESSAGE = 'Authorization denied'

data/lib/critic/callbacks.rb CHANGED Viewed

@@ -58,10 +58,10 @@ module Critic::Callbacks
     def _normalize_callback_option(options, from, to) # :nodoc:
       from = options[from]
-      if from
-        from = Array(from).map { |o| "authorization.action.to_s == '#{o}'" }
-        options[to] = Array(options[to]).unshift(from).join(' || ')
-      end
+      return unless from
+      from = Array(from).map { |o| "authorization.action.to_s == '#{o}'" }
+      options[to] = Array(options[to]).unshift(from).join(' || ')
     end
     # Skip before, after, and around action callbacks matching any of the names.

data/lib/critic/controller.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+# Sugar for accessing the authorization interface
 module Critic::Controller
   extend ActiveSupport::Concern
@@ -33,10 +34,10 @@ module Critic::Controller
     authorize(scope, authorization_action, *args, policy: policy, **options)
   end
-  protected
   attr_reader :authorization
+  protected
   def authorization_failed!
     raise Critic::AuthorizationDenied, authorization
   end

data/lib/critic/policy.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+# Represents the authorization policy interface
 module Critic::Policy
   extend ActiveSupport::Concern
@@ -39,21 +40,12 @@ module Critic::Policy
     end
   end
-  attr_reader :subject, :resource, :errors
-  attr_accessor :authorization
-  delegate :messages, :metadata, to: :authorization
   def initialize(subject, resource)
     @subject = subject
     @resource = resource
     @errors = []
   end
-  def failure_message(action)
-    "#{subject} is not authorized to #{action} #{resource}"
-  end
   def authorize(action, *args)
     self.authorization = Critic::Authorization.new(self, action)
@@ -62,8 +54,8 @@ module Critic::Policy
     authorization.result = result if authorization.result.nil?
     case authorization.result
-    when Critic::Authorization
-      # user has accessed authorization directly
+    # when Critic::Authorization
+    #   # user has accessed authorization directly
     when String
       authorization.granted = false
       authorization.messages << result
@@ -77,8 +69,18 @@ module Critic::Policy
     authorization
   end
+  attr_accessor :authorization
   protected
+  attr_reader :subject, :resource, :errors
+  delegate :messages, :metadata, to: :authorization
+  def failure_message(action)
+    "#{subject} is not authorized to #{action} #{resource}"
+  end
   def halt(*response)
     throw :halt, *response
   end

data/lib/critic/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Critic
-  VERSION = '0.2.0'
+  VERSION = '0.2.1'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: critic
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Josh Lane
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-06-22 00:00:00.000000000 Z
+date: 2016-12-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -42,16 +42,16 @@ dependencies:
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.4'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -61,7 +61,7 @@ dependencies:
         version: '3.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '6.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -71,7 +71,7 @@ dependencies:
         version: '3.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '6.0'
 description: Resource authorization via PORO
 email:
 - me@joshualane.com
@@ -85,7 +85,10 @@ files:
 - ".rspec"
 - ".rubocop.yml"
 - ".travis.yml"
+- Appraisals
+- CHANGELOG.md
 - Gemfile
+- LICENSE.txt
 - README.md
 - Rakefile
 - bin/console
@@ -99,7 +102,8 @@ files:
 - lib/critic/policy.rb
 - lib/critic/version.rb
 homepage: http://lanej.io/critic
-licenses: []
+licenses:
+- MIT
 metadata: {}
 post_install_message:
 rdoc_options: []
@@ -117,7 +121,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.1
+rubygems_version: 2.5.2
 signing_key:
 specification_version: 4
 summary: Resource authorization