graphql-permissions 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b19b42395768459f48d770eeca3d951f5322f7340dbe1bdd2229ba209ddac71a
+  data.tar.gz: 00d83aeec4b6ac80570c260e4175ff1933d11e0ecef922e0ee2474e12f8acdc6
+SHA512:
+  metadata.gz: e6ee32bb1a6624c5859a938c40cb19e2b529e91abb7df079d553fb972e64a94ac02f671934dfca232d4d2275ad7b0646b6c697fee96a4ae5dfc849107befdb1a
+  data.tar.gz: 9ee5d6ec4658bbf1b7ea5eb39308a4e9ad8bed8bf0e0bee03352a2a924e92f679bbbc9c1ea4a45ac60bf8e7f4d18233a6784a83a34ededf291887fbd8f299d91

data/.github/workflows/main.yml

@@ -0,0 +1,16 @@
+name: Ruby
+
+on: [push,pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 3.0.1
+        bundler-cache: true
+    - name: Run the default task
+      run: bundle exec rake

data/.gitignore

@@ -0,0 +1,8 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rubocop.yml

@@ -0,0 +1,31 @@
+require:
+  - rubocop-performance
+
+AllCops:
+  NewCops: enable
+  SuggestExtensions: false
+  TargetRubyVersion: 2.7
+
+Layout/LineLength:
+  Max: 120
+
+Layout/AccessModifierIndentation:
+  EnforcedStyle: outdent
+
+Layout/SpaceInLambdaLiteral:
+  EnforcedStyle: require_space
+
+Lint/UnusedBlockArgument:
+  Exclude:
+    - lib/generators/graphql/permissions/templates/initializer.rb
+
+Style/Documentation:
+  Enabled: false
+
+Style/StringLiterals:
+  Enabled: true
+  EnforcedStyle: single_quotes
+
+Style/StringLiteralsInInterpolation:
+  Enabled: true
+  EnforcedStyle: single_quotes

data/Gemfile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in graphql-permissions.gemspec
+gemspec
+
+gem 'rake', '~> 13.0'
+gem 'rubocop', '~> 1.29'
+gem 'rubocop-performance', '~> 1.13'

data/Gemfile.lock

@@ -0,0 +1,46 @@
+PATH
+  remote: .
+  specs:
+    graphql-permissions (0.1.0)
+      graphql
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.2)
+    graphql (2.0.7)
+    parallel (1.22.1)
+    parser (3.1.2.0)
+      ast (~> 2.4.1)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    regexp_parser (2.4.0)
+    rexml (3.2.5)
+    rubocop (1.29.0)
+      parallel (~> 1.10)
+      parser (>= 3.1.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.17.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.17.0)
+      parser (>= 3.1.1.0)
+    rubocop-performance (1.13.3)
+      rubocop (>= 1.7.0, < 2.0)
+      rubocop-ast (>= 0.4.0)
+    ruby-progressbar (1.11.0)
+    unicode-display_width (2.1.0)
+
+PLATFORMS
+  x86_64-linux
+
+DEPENDENCIES
+  graphql-permissions!
+  rake (~> 13.0)
+  rubocop (~> 1.29)
+  rubocop-performance (~> 1.13)
+
+BUNDLED WITH
+   2.2.17

data/README.md

@@ -0,0 +1,138 @@
+# GraphQL::Permissions
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/graphql/permissions`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'graphql-permissions'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install graphql-permissions
+
+Then run the Rails generator:
+
+    $ bin/rails generate graphql:permissions:install
+
+This will create the base permissions object and interface types, as well as an initializer under `config/initializers/graphql_permissions.rb`
+
+## Usage
+
+```ruby
+class PostType < Types::BaseObject
+  field :id, ID, null: false
+  field :body, String, null: false
+
+  permissions do
+    permission :update
+    permission :destroy
+  end
+end
+```
+
+The `Post` GraphQL object will expose a `permissions` property which returns a `PostPermissions` object.
+Your GraphQL schema would look like:
+
+```graphql
+type Post {
+    id: ID!
+    body: String!
+    permissions: PostPermissions!
+}
+
+type PostPermissions {
+    canUpdate: Boolean!
+    canDestroy: Boolean!
+}
+```
+
+### Interface Permissions
+
+GraphQL interfaces can also define permissions:
+
+```ruby
+module LikeableType
+  include Types::BaseInterface
+
+  field :liked_by_you, Boolean, null: false
+
+  permissions do
+    permission :like
+    permission :dislike
+  end
+end
+```
+
+The `Likeable` GraphQL interface will expose a `permissions` property which returns a `LikeablePermissions` interface.
+
+Permissions are automatically added to objects that implement an interface which defines permissions. For example:
+
+```ruby
+class PostType < Types::BaseObject
+  implements LikeableType
+
+  # Permissions from `LikeableType` are automatically inherited
+end
+```
+
+Now the `Post` object implements the `Likeable` interface, and the `PostPermissions` object will automatically implement the `LikeablePermissions` interface.
+The resulting GraphQL schema would look like:
+
+```graphql
+interface Likeable {
+    likedByYou: Boolean!
+    permissions: LikeablePermissions!
+}
+
+interface LikeablePermissions {
+    canLike: Boolean!
+    canDislike: Boolean!
+}
+
+type Post implements Likeable {
+    id: ID!
+    body: String!
+    permissions: PostPermissions!
+}
+
+type PostPermissions implements LikeablePermissions {
+    canUpdate: Boolean!
+    canDestroy: Boolean!
+}
+```
+
+### Custom Permission Checks
+
+You can also provide a block when defining a permission to include custom permission or data-fetching logic:
+
+```ruby
+class UserType < Types::BaseObject
+  # ...
+
+  permissions do
+    permission :ban do
+      context[:current_user].admin? && !object.admin?
+    end
+  end
+end
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/mintyfresh/graphql-permissions.

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new
+
+task default: :rubocop

data/bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'graphql/permissions'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require 'irb'
+IRB.start(__FILE__)

data/bin/rubocop

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'rubocop' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile',
+                                           Pathname.new(__FILE__).realpath)
+
+bundle_binstub = File.expand_path('bundle', __dir__)
+
+if File.file?(bundle_binstub)
+  if /This file was generated by Bundler/.match?(File.read(bundle_binstub, 300))
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('rubocop', 'rubocop')

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/graphql-permissions.gemspec

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require_relative 'lib/graphql/permissions/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'graphql-permissions'
+  spec.version       = GraphQL::Permissions::VERSION
+  spec.authors       = ['Minty Fresh']
+  spec.email         = ['7896757+mintyfresh@users.noreply.github.com']
+
+  spec.summary       = 'Permissions DSL for GraphQL Ruby'
+  spec.description   = 'Expose user permissions in your GraphQL schema'
+  spec.homepage      = 'https://github.com/mintyfresh/graphql-permissions'
+
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.7.0')
+
+  spec.metadata['allowed_push_host']     = 'https://rubygems.org'
+  spec.metadata['rubygems_mfa_required'] = 'true'
+
+  spec.metadata['homepage_uri']    = spec.homepage
+  spec.metadata['source_code_uri'] = spec.homepage
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{\A(?:test|spec|features)/}) }
+  end
+
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'graphql'
+end

data/lib/generators/graphql/permissions/install_generator.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Graphql
+  module Permissions
+    class InstallGenerator < ::Rails::Generators::Base
+      source_root File.expand_path('templates', __dir__)
+
+      def create_install
+        copy_file('initializer.rb', 'config/initializers/graphql_permissions.rb')
+        copy_file('base_permissions_object.rb', 'app/graphql/types/base_permissions_object.rb')
+        copy_file('base_permissions_interface.rb', 'app/graphql/types/base_permissions_interface.rb')
+
+        inject_into_file 'app/graphql/types/base_object.rb', after: "< GraphQL::Schema::Object\n" do
+          "  extend GraphQL::Permissions::ObjectPermissions\n"
+        end
+
+        inject_into_file 'app/graphql/types/base_interface.rb', after: "include GraphQL::Schema::Interface\n" do
+          "  extend GraphQL::Permissions::InterfacePermissions\n"
+        end
+      end
+    end
+  end
+end

data/lib/generators/graphql/permissions/templates/base_permissions_interface.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module Types
+  module BasePermissionsInterface
+    include Types::BaseInterface
+    extend GraphQL::Permissions::DSL
+  end
+end

data/lib/generators/graphql/permissions/templates/base_permissions_object.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Types
+  class BasePermissionsObject < Types::BaseObject
+    extend GraphQL::Permissions::DSL
+  end
+end

data/lib/generators/graphql/permissions/templates/initializer.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+GraphQL::Permissions.default_permission_handler = lambda do |action, object, context|
+  # TODO: Implement your own permission handler
+  #
+  # Example for Pundit:
+  #  policy = Pundit.policy(context[:current_user], object)
+  #  policy.send(:"#{action}?")
+  #
+  false
+end

data/lib/graphql/permissions/dsl.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module GraphQL
+  module Permissions
+    module DSL
+      def included(klass)
+        super
+        klass.extend(GraphQL::Permissions::DSL)
+      end
+
+      # @param name [Symbol] The name of the permission.
+      # @return [void]
+      def permission(action, **options, &block)
+        field(:"can_#{action}", 'Boolean',
+              description: "Whether the current user can #{action} this object.",
+              **options, null: false, resolver_method: :"can_#{action}?")
+
+        define_method(:"can_#{action}?") do
+          block ? instance_exec(&block) : GraphQL::Permissions.default_permission_handler.call(action, object, context)
+        end
+      end
+    end
+  end
+end

data/lib/graphql/permissions/interface_permissions.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+module GraphQL
+  module Permissions
+    module InterfacePermissions
+      # @return [Module, nil]
+      attr_reader :permissions_type
+
+      def included(klass)
+        super
+
+        klass.extend(GraphQL::Permissions::InterfacePermissions) unless klass.is_a?(Class)
+        return unless klass.is_a?(Class) && klass < GraphQL::Schema::Object && permissions_type
+
+        klass.permissions {} # rubocop:disable Lint/EmptyBlock
+        klass.permissions_type.implements(permissions_type)
+      end
+
+      # @return [Array<Module>]
+      def interfaces_with_permissions
+        own_interfaces.select { |interface| interface.respond_to?(:permissions_type) && interface.permissions_type }
+      end
+
+      def permissions(&block)
+        unless permissions_type
+          @permissions_type = create_permissions_type
+          const_set(:PermissionsType, @permissions_type)
+
+          implement_permissions_interfaces
+          define_permissions_field
+        end
+
+        permissions_type.class_eval(&block)
+      end
+
+    protected
+
+      # @return [Module]
+      def create_permissions_type
+        Module.new.tap do |type|
+          type.include(::Types::BasePermissionsInterface)
+          type.graphql_name("#{graphql_name}Permissions")
+          type.description("Permissions for this #{graphql_name}.")
+        end
+      end
+
+      # @return [void]
+      def implement_permissions_interfaces
+        # If this interface implements any other interfaces that defined their own permissions,
+        # Inherit those permissions in this interface's permissions type.
+        interfaces_with_permissions.each do |interface|
+          @permissions_type.implements(interface.permissions_type)
+        end
+
+        # If the interface defined any orphan types before its initial set of permissions,
+        # Update each of those types to implement the interface's permissions type.
+        orphan_types.each do |orphan_type|
+          orphan_type.permissions {} # Define an empty permission-set if not present.
+          orphan_type.permissions_type.implements(@permissions_type)
+        end
+      end
+
+      # @return [void]
+      def define_permissions_field
+        field(:permissions, @permissions_type, null: false, resolver_method: :object_for_permissions)
+        define_method(:object_for_permissions) { object || self }
+      end
+    end
+  end
+end

data/lib/graphql/permissions/object_permissions.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module GraphQL
+  module Permissions
+    module ObjectPermissions
+      # @return [Class<GraphQL::Schema::Object>, nil]
+      attr_reader :permissions_type
+
+      # @return [Array<Module>]
+      def interfaces_with_permissions
+        interfaces.select { |interface| interface.respond_to?(:permissions_type) && interface.permissions_type }
+      end
+
+      def permissions(&block)
+        unless permissions_type
+          @permissions_type = create_permissions_type
+          const_set(:PermissionsType, @permissions_type)
+
+          implement_permissions_interfaces
+          define_permissions_field
+        end
+
+        permissions_type.class_eval(&block)
+      end
+
+    protected
+
+      # @return [Class]
+      def create_permissions_type
+        Class.new(superclass.permissions_type || ::Types::BasePermissionsObject).tap do |type|
+          type.graphql_name("#{graphql_name}Permissions")
+          type.description("Permissions for this #{graphql_name}.")
+        end
+      end
+
+      # @return [void]
+      def implement_permissions_interfaces
+        # If this object implements any interfaces that defined their own permissions,
+        # Inherit those permissions in this object's permissions type.
+        interfaces_with_permissions.each do |interface|
+          @permissions_type.implements(interface.permissions_type)
+        end
+      end
+
+      # @return [void]
+      def define_permissions_field
+        field(:permissions, @permissions_type, null: false, resolver_method: :object_for_permissions)
+        define_method(:object_for_permissions) { object || self }
+      end
+    end
+  end
+end

data/lib/graphql/permissions/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module GraphQL
+  module Permissions
+    VERSION = '0.1.0'
+  end
+end

data/lib/graphql/permissions.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'graphql'
+require_relative 'permissions/version'
+
+module GraphQL
+  module Permissions
+    autoload :DSL, 'graphql/permissions/dsl'
+    autoload :InterfacePermissions, 'graphql/permissions/interface_permissions'
+    autoload :ObjectPermissions, 'graphql/permissions/object_permissions'
+
+    # @return [Proc]
+    def self.default_permission_handler
+      @default_permission_handler || raise('No default permission handler set')
+    end
+
+    # @param handler [Proc]
+    # @return [void]
+    def self.default_permission_handler=(handler)
+      @default_permission_handler = handler
+    end
+  end
+end

metadata

@@ -0,0 +1,80 @@
+--- !ruby/object:Gem::Specification
+name: graphql-permissions
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Minty Fresh
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2022-05-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: graphql
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Expose user permissions in your GraphQL schema
+email:
+- 7896757+mintyfresh@users.noreply.github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/workflows/main.yml"
+- ".gitignore"
+- ".rubocop.yml"
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- bin/console
+- bin/rubocop
+- bin/setup
+- graphql-permissions.gemspec
+- lib/generators/graphql/permissions/install_generator.rb
+- lib/generators/graphql/permissions/templates/base_permissions_interface.rb
+- lib/generators/graphql/permissions/templates/base_permissions_object.rb
+- lib/generators/graphql/permissions/templates/initializer.rb
+- lib/graphql/permissions.rb
+- lib/graphql/permissions/dsl.rb
+- lib/graphql/permissions/interface_permissions.rb
+- lib/graphql/permissions/object_permissions.rb
+- lib/graphql/permissions/version.rb
+homepage: https://github.com/mintyfresh/graphql-permissions
+licenses: []
+metadata:
+  allowed_push_host: https://rubygems.org
+  rubygems_mfa_required: 'true'
+  homepage_uri: https://github.com/mintyfresh/graphql-permissions
+  source_code_uri: https://github.com/mintyfresh/graphql-permissions
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.15
+signing_key: 
+specification_version: 4
+summary: Permissions DSL for GraphQL Ruby
+test_files: []