graphql-guard 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 33482164f7f2f2a17ba43bc1219975ee6de6ea19
-  data.tar.gz: fade6ad6159072a1f3609cbc4e43b5fba2ce100b
+  metadata.gz: edc74c4db940ec20e1daa0907380a2db57c57bd5
+  data.tar.gz: 984fc4fb2913d17f4c6a331ac8f628aace746125
 SHA512:
-  metadata.gz: e198c43bd8b1a4e9ce8de01db82605f1d937efbbd8f6f509e89ae1363e253ec43a70251584fa6f7ef7a44d7b89a4029322be4b93ad9e43b4d8e04a6f3a26bea1
-  data.tar.gz: f465007bb574373cb6d220aea2b6361d828055a69bf57e91ed5e12a6f6fb31d64043b7636e15763eaac922926618ab1e01c280456dd91b022094df6d9e300bb7
+  metadata.gz: e2ab0b88f3daf2acdfdba60814b62fdbb3d36c34aec3f4441da3ebdc83daff068c1115d0680959c552cdd894ecc0d55c59fa3db6ca9bcd80039493b08d2158c5
+  data.tar.gz: d3987791bdd7cf4a494572ab2bedd08a5992cd71b1909a9d84572fe048e5bdf47fbd0796af38e21d12bfeaefcebf6506d362f315147d2dd51e4c648cd0fc0e51

data/.travis.yml

@@ -2,4 +2,6 @@ sudo: false
 language: ruby
 rvm:
   - 2.3.4
+env:
+  - CI=true
 before_install: gem install bundler -v 1.15.2

data/CHANGELOG.md

@@ -8,10 +8,14 @@ one of the following labels: `Added`, `Changed`, `Deprecated`,
 to manage the versions of this gem so
 that you can set version constraints properly.
 
-#### [Unreleased](https://github.com/exAspArk/graphql-guard/compare/v0.2.0...HEAD)
+#### [Unreleased](https://github.com/exAspArk/graphql-guard/compare/v0.4.0...HEAD)
 
 * WIP
 
+#### [v0.4.0](https://github.com/exAspArk/graphql-guard/compare/v0.3.0...v0.4.0) – 2017-07-25
+
+* `Added`: ability to test `guard` lambdas via field.
+
 #### [v0.3.0](https://github.com/exAspArk/graphql-guard/compare/v0.2.0...v0.3.0) – 2017-07-19
 
 * `Added`: ability to use custom error handlers.

data/Gemfile

@@ -3,6 +3,7 @@ source "https://rubygems.org"
 git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
 
 gem "pry"
+gem 'coveralls', require: false
 
 # Specify your gem's dependencies in graphql-guard.gemspec
 gemspec

data/README.md

@@ -1,6 +1,10 @@
 # graphql-guard
 
 [![Build Status](https://travis-ci.org/exAspArk/graphql-guard.svg?branch=master)](https://travis-ci.org/exAspArk/graphql-guard)
+[![Coverage Status](https://coveralls.io/repos/github/exAspArk/graphql-guard/badge.svg)](https://coveralls.io/github/exAspArk/graphql-guard)
+[![Code Climate](https://img.shields.io/codeclimate/github/exAspArk/graphql-guard.svg)](https://codeclimate.com/github/exAspArk/graphql-guard)
+[![Downloads](https://img.shields.io/gem/dt/graphql-guard.svg)](https://rubygems.org/gems/graphql-guard)
+[![Latest Version](https://img.shields.io/gem/v/graphql-guard.svg)](https://rubygems.org/gems/graphql-guard)
 
 This tiny gem provides a field-level authorization for [graphql-ruby](https://github.com/rmosolgo/graphql-ruby).
 
@@ -15,6 +19,7 @@ This tiny gem provides a field-level authorization for [graphql-ruby](https://gi
   * [CanCanCan](#cancancan)
   * [Pundit](#pundit)
 * [Installation](#installation)
+* [Testing](#testing)
 * [Development](#development)
 * [Contributing](#contributing)
 * [License](#license)
@@ -25,28 +30,30 @@ This tiny gem provides a field-level authorization for [graphql-ruby](https://gi
 Define a GraphQL schema:
 
 ```ruby
-# define a type
+# Define a type
 PostType = GraphQL::ObjectType.define do
   name "Post"
+
   field :id, !types.ID
   field :title, !types.String
 end
 
-# define a query
+# Define a query
 QueryType = GraphQL::ObjectType.define do
   name "Query"
+
   field :posts, !types[PostType] do
     argument :user_id, !types.ID
-    resolve ->(_obj, args, _ctx) { Post.where(user_id: args[:user_id]) }
+    resolve ->(_, args, _) { Post.where(user_id: args[:user_id]) }
   end
 end
 
-# define a schema
+# Define a schema
 Schema = GraphQL::Schema.define do
   query QueryType
 end
 
-# execute query
+# Execute query
 GraphSchema.execute(query, variables: { user_id: 1 }, context: { current_user: current_user })
 ```
 
@@ -54,67 +61,68 @@ GraphSchema.execute(query, variables: { user_id: 1 }, context: { current_user: c
 
 Add `GraphQL::Guard` to your schema:
 
-```ruby
+<pre>
 Schema = GraphQL::Schema.define do
   query QueryType
-  use GraphQL::Guard.new # <======= ʘ‿ʘ
+  <b>use GraphQL::Guard.new</b>
 end
-```
+</pre>
 
 Now you can define `guard` for a field, which will check permissions before resolving the field:
 
-```ruby
+<pre>
 QueryType = GraphQL::ObjectType.define do
   name "Query"
-  field :posts, !types[PostType] do
+
+  <b>field :posts</b>, !types[PostType] do
     argument :user_id, !types.ID
-    guard ->(_obj, args, ctx) { args[:user_id] == ctx[:current_user].id } # <======= ʘ‿ʘ
+    <b>guard ->(obj, args, ctx) {</b> args[:user_id] == ctx[:current_user].id <b>}</b>
     ...
   end
 end
-```
+</pre>
 
-You can also define `guard`, which will be executed for all fields in the type:
+You can also define `guard`, which will be executed for every (`*`) field in the type:
 
-```ruby
+<pre>
 PostType = GraphQL::ObjectType.define do
   name "Post"
-  guard ->(_post, ctx) { ctx[:current_user].admin? } # <======= ʘ‿ʘ
+  <b>guard ->(obj, ctx) {</b> ctx[:current_user].admin? <b>}</b>
   ...
 end
-```
+</pre>
 
-If `guard` block returns `false`, then it'll raise a `GraphQL::Guard::NotAuthorizedError` error.
+If `guard` block returns `nil` or `false`, then it'll raise a `GraphQL::Guard::NotAuthorizedError` error.
 
 ### Policy object
 
-Alternatively, it's possible to describe all policies by using PORO (Plain Old Ruby Object), which should implement a `guard` method. For example:
+Alternatively, it's possible to extract and describe all policies by using PORO (Plain Old Ruby Object), which should implement a `guard` method. For example:
 
-```ruby
-class GraphqlPolicy
+<pre>
+class <b>GraphqlPolicy</b>
   RULES = {
     QueryType => {
-      posts: ->(_obj, args, ctx) { args[:user_id] == ctx[:current_user].id }
+      <b>posts: ->(obj, args, ctx) {</b> args[:user_id] == ctx[:current_user].id <b>}</b>
     },
     PostType => {
-      '*': ->(_post, ctx) { ctx[:current_user].admin? }
+      <b>'*': ->(obj, ctx) {</b> ctx[:current_user].admin? <b>}</b>
     }
   }
 
-  def self.guard(type, field)
+  def self.<b>guard(type, field)</b>
     RULES.dig(type, field)
   end
 end
-```
+</pre>
 
 Pass this object to `GraphQL::Guard`:
 
-```ruby
+<pre>
 Schema = GraphQL::Schema.define do
   query QueryType
-  use GraphQL::Guard.new(policy_object: GraphqlPolicy) # <======= ʘ‿ʘ
+  use GraphQL::Guard.new(<b>policy_object: GraphqlPolicy</b>)
 end
-```
+</pre>
 
 ## Priority order
 
@@ -125,12 +133,12 @@ end
 3. Inline policy on the type.
 2. Policy from the policy object on the type.
 
-```ruby
-class GraphqlPolicy
+<pre>
+class <b>GraphqlPolicy</b>
   RULES = {
     PostType => {
-      title: ->(_post, ctx) { ctx[:current_user].admin? },                                # <======= 2
-      '*': ->(_post, ctx) { ctx[:current_user].admin? }                                   # <======= 4
+      <b>'*': ->(_, ctx) {</b> ctx[:current_user].admin? <b>}</b>,                               # <=== <b>4</b>
+      <b>title: ->(_, _, ctx) {</b> ctx[:current_user].admin? <b>}</b>                           # <=== <b>2</b>
     }
   }
 
@@ -141,43 +149,43 @@ end
 
 PostType = GraphQL::ObjectType.define do
   name "Post"
-  guard ->(_post, ctx) { ctx[:current_user].admin? }                                      # <======= 3
-  field :title, !types.String, guard: ->(_post, _args, ctx) { ctx[:current_user].admin? } # <======= 1
+  <b>guard ->(_, ctx) {</b> ctx[:current_user].admin? <b>}</b>                                  # <=== <b>3</b>
+  <b>field :title</b>, !types.String, <b>guard: ->(_, _, ctx) {</b> ctx[:current_user].admin? <b>}</b> # <=== <b>1</b>
 end
 
 Schema = GraphQL::Schema.define do
   query QueryType
-  use GraphQL::Guard.new(policy_object: GraphqlPolicy)
+  use GraphQL::Guard.new(<b>policy_object: GraphqlPolicy</b>)
 end
-```
+</pre>
 
 ## Error handling
 
 By default `GraphQL::Guard` raises a `GraphQL::Guard::NotAuthorizedError` exception if access to field is not authorized.
 You can change this behavior, by passing custom `not_authorized` lambda. For example:
 
-```ruby
-SchemaWithoutExceptions = GraphQL::Schema.define do
+<pre>
+SchemaWithErrors = GraphQL::Schema.define do
   query QueryType
   use GraphQL::Guard.new(
-    # by default it raises an error
-    # not_authorized: ->(type, field) { raise GraphQL::Guard::NotAuthorizedError.new("#{type}.#{field}") }
+    # Returns an error in the response
+    <b>not_authorized: ->(type, field) { GraphQL::ExecutionError.new("Not authorized to access #{type}.#{field}") }</b>
 
-    # returns an error in the response
-    not_authorized: ->(type, field) { GraphQL::ExecutionError.new("Not authorized to access #{type}.#{field}") }
+    # By default it raises an error
+    # not_authorized: ->(type, field) { raise GraphQL::Guard::NotAuthorizedError.new("#{type}.#{field}") }
   )
 end
-```
+</pre>
 
 In this case executing a query will continue, but return `nil` for not authorized field and also an array of `errors`:
 
-```ruby
-SchemaWithoutExceptions.execute("query { posts(user_id: 1) { id title } }")
+<pre>
+SchemaWithErrors.execute("query { <b>posts</b>(user_id: 1) { id title } }")
 # => {
-# "data" => nil,
-# "errors" => [{ "messages" => "Not authorized to access Query.posts", "locations": { ... }, "path" => ["posts"] }]
+#   "data" => <b>nil</b>,
+#   "errors" => [{ "messages" => <b>"Not authorized to access Query.posts"</b>, "locations": { ... }, "path" => [<b>"posts"</b>] }]
 # }
-```
+</pre>
 
 ## Integration
 
@@ -185,13 +193,13 @@ You can simply reuse your existing policies if you really want. You don't need a
 
 ### CanCanCan
 
-```ruby
-# define an ability
-class Ability
+<pre>
+# Define an ability
+class <b>Ability</b>
   include CanCan::Ability
 
   def initialize(user)
-    user ||= User.new # guest user if not logged in
+    user ||= User.new
     if user.admin?
       can :manage, :all
     else
@@ -200,46 +208,37 @@ class Ability
   end
 end
 
-# use the ability in your guard policy object
-class GraphqlPolicy
-  RULES = {
-    PostType => {
-      '*': ->(post, ctx) { ctx[:current_ability].can?(:read, post) },
-    }
-  }
-
-  def self.guard(type, field)
-    RULES.dig(type, field)
-  end
+# Use the ability in your guard
+PostType = GraphQL::ObjectType.define do
+  name "Post"
+  <b>guard ->(post, ctx) { ctx[:current_ability].can?(:read, post) }</b>
+  ...
 end
 
-# pass the ability
-GraphSchema.execute(query, context: { current_ability: Ability.new(current_user) })
-```
+# Pass the ability
+GraphSchema.execute(query, context: { <b>current_ability: Ability.new(current_user)</b> })
+</pre>
 
 ### Pundit
 
-```ruby
-# define a policy
-class PostPolicy < ApplicationPolicy
+<pre>
+# Define a policy
+class <b>PostPolicy</b> < ApplicationPolicy
   def show?
     user.admin? || record.author_id == user.id
   end
 end
 
-# use the policy in your guard policy object
-class GraphqlPolicy
-  RULES = {
-    PostType => {
-      '*': ->(post, ctx) { PostPolicy.new(ctx[:current_user], post).show? },
-    }
-  }
-
-  def self.guard(type, field)
-    RULES.dig(type, field)
-  end
+# Use the ability in your guard
+PostType = GraphQL::ObjectType.define do
+  name "Post"
+  <b>guard ->(post, ctx) { PostPolicy.new(ctx[:current_user], post).show? }</b>
+  ...
 end
-```
+
+# Pass current_user
+GraphSchema.execute(query, context: { <b>current_user: current_user</b> })
+</pre>
 
 ## Installation
 
@@ -257,6 +256,52 @@ Or install it yourself as:
 
     $ gem install graphql-guard
 
+## Testing
+
+It's possible to test fields with `guard` in isolation:
+
+<pre>
+# Your type
+QueryType = GraphQL::ObjectType.define do
+  name "Query"
+  <b>field :posts</b>, !types[PostType], <b>guard ->(obj, args, ctx) {</b> ... <b>}</b>
+end
+
+# Your test
+<b>require "graphql/guard/testing"</b>
+
+posts = QueryType.<b>field_with_guard('posts')</b>
+result = posts.<b>guard(obj, args, ctx)</b>
+expect(result).to eq(true)
+</pre>
+
+If you would like to test your fields with policy objects:
+
+
+<pre>
+# Your type
+QueryType = GraphQL::ObjectType.define do
+  name "Query"
+  <b>field :posts</b>, !types[PostType]
+end
+
+# Your policy object
+class <b>GraphqlPolicy</b>
+  def self.<b>guard</b>(type, field)
+    <b>->(_obj, args, ctx) {</b> ... <b>}</b>
+  end
+end
+
+# Your test
+<b>require "graphql/guard/testing"</b>
+
+<b>guard_object</b> = <b>GraphQL::Guard.new(policy_object: PolicyObject::GraphqlPolicy)</b>
+
+posts = QueryType.<b>field_with_guard('posts', guard_object)</b>
+result = posts.<b>guard(obj, args, ctx)</b>
+expect(result).to eq(true)
+</pre>
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/lib/graphql/guard.rb

@@ -25,8 +25,8 @@ module GraphQL
     end
 
     def instrument(type, field)
-      field_guard_proc = inline_field_guard(field) || policy_object_guard(type, field.name.to_sym)
-      type_guard_proc = inline_type_guard(type) || policy_object_guard(type, ANY_FIELD_NAME)
+      field_guard_proc = field_guard_proc(type, field)
+      type_guard_proc = type_guard_proc(type, field)
       return field if !field_guard_proc && !type_guard_proc
 
       old_resolve_proc = field.resolve_proc
@@ -48,6 +48,14 @@ module GraphQL
       field.redefine { resolve(new_resolve_proc) }
     end
 
+    def field_guard_proc(type, field)
+      inline_field_guard(field) || policy_object_guard(type, field.name.to_sym)
+    end
+
+    def type_guard_proc(type, field)
+      inline_type_guard(type) || policy_object_guard(type, ANY_FIELD_NAME)
+    end
+
     private
 
     def policy_object_guard(type, field_name)

data/lib/graphql/guard/testing.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module GraphQL
+  class Field
+    NoGuardError = Class.new(StandardError)
+
+    def guard(*args)
+      raise NoGuardError.new("Get your field by calling: Type.field_with_guard('#{name}')") unless @guard_type
+      guard_proc = @guard_object.field_guard_proc(@guard_type, self) || @guard_object.type_guard_proc(@guard_type, self)
+      raise NoGuardError.new("Guard lambda does not exist for #{@guard_type}.#{name}") unless guard_proc
+
+      guard_proc.call(*args)
+    end
+
+    def __guard_object=(guard_object)
+      @guard_object = guard_object || GraphQL::Guard.new
+    end
+
+    def __guard_type=(guard_type)
+      @guard_type = guard_type
+    end
+  end
+
+  class ObjectType
+    def field_with_guard(field_name, guard_object = nil)
+      field = get_field(field_name)
+      return unless field
+
+      field.clone.tap do |f|
+        f.__guard_object = guard_object
+        f.__guard_type = self
+      end
+    end
+  end
+end

data/lib/graphql/guard/version.rb

@@ -2,6 +2,6 @@
 
 module GraphQL
   class Guard
-    VERSION = "0.3.0"
+    VERSION = "0.4.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: graphql-guard
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - exAspArk
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-07-19 00:00:00.000000000 Z
+date: 2017-07-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: graphql
@@ -93,6 +93,7 @@ files:
 - bin/setup
 - graphql-guard.gemspec
 - lib/graphql/guard.rb
+- lib/graphql/guard/testing.rb
 - lib/graphql/guard/version.rb
 homepage: https://github.com/exAspArk/graphql-guard
 licenses: