hubbado-policy 1.2.1 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fb076b8106150620c0cbe71b07bf2cf8f3c83234d6269fdb01395726fe83833f
-  data.tar.gz: e40f7c0787d5aafb14a41f889093fb488d0ed0c9faaaf4dcb81cc839c6d15f96
+  metadata.gz: c13f91fb3fc199763adb101abd81452f10540df9977625ae846a6935ba5c8b4f
+  data.tar.gz: 30374987e2de06084366a8a90cdeee83412385fad96b33d2e8b40d99f6da2cf5
 SHA512:
-  metadata.gz: c79b6a45e34b558a77e3aaaba9caa6e6963cab5e97f7ceff932fdf1150a75c7d94386baf173508923c6e87bcc0b7e5e5f1e69325cc64ba5d878b1c052980b835
-  data.tar.gz: e5f01ac761f171f755196057dbfe667171bccc5165c5ebd2cef1fa73df490f3ef6a5a50aa0065d343b1440ec2e1e076911c3b0f95953d6868d2ddcbd2b8631cc
+  metadata.gz: d7f7d1193d9b680df272a3cb477a21fb7c3b441fda943b3a291e6620d5811178af47cb4b2c64a21e0ad67e6280fd28ae0d53bde8a9d3caa15d404e2fdf01d7de
+  data.tar.gz: 2e60851e3c9f8a3f32640475a2335b99503446863ebd2618d73a2e9fae0794f0e2570e2010014fa38387e068fb20b26af8eaf34458f96260fb1a0e6322e50721

data/CHANGELOG.md

@@ -2,9 +2,22 @@
 
 All notable changes to this project will be documented in this file.
 
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.4.0] - 2025-10-04
+
+### Added
+
+- rspec matcher `:permit` for policies
+- rspec matcher `:deny` for policies
+
+## [1.3.0] - 2025-06-03
+
+### Added
+
+- Ability to configure the i18n_scope for a non-generic denied reason
+
 ## [1.2.1] - 2025-06-02
 
 ### Fixed

data/README.md

@@ -40,17 +40,17 @@ Policy objects encapsulate authorization logic and determine whether certain act
 class ArticlePolicy < Hubbado::Policy::Base
   define_policy :view do
     return permitted if user.admin?
-    
+
     if record.published?
-      permitted 
+      permitted
     else
       denied(:not_published)
     end
   end
-  
+
   define_policy :edit do
     return permitted if user.admin?
-    
+
     if record.author == user
       permitted
     else
@@ -131,6 +131,27 @@ en:
       denied: "Access denied"
 ```
 
+You can also specify a custom i18n scope when returning denied results:
+
+```ruby
+define_policy :edit do
+  # Use a different i18n scope for this specific denial
+  return denied(:not_authorized, i18n_scope: "custom_errors.article")
+
+  permitted
+end
+```
+
+Both the class method and instance method versions of `denied` support the `i18n_scope` parameter:
+
+```ruby
+# Class method
+ArticlePolicy.denied(:custom_reason, i18n_scope: "errors.custom")
+
+# Instance method
+policy.denied(:custom_reason, i18n_scope: "errors.custom")
+```
+
 ### Testing
 
 Policies can be mimiced using a built-in control
@@ -172,6 +193,13 @@ mimic_policy.deny(:view, data: { reason: "custom data" })
 mimic_policy.deny(:view, :not_authorized, data: { user_id: 123 })
 ```
 
+In addition, there are two RSpec matcher `permit` and `deny` and
+have to be required manually:
+```ruby
+require 'hubbado/policy/rspec_matchers/permit'
+require 'hubbado/policy/rspec_matchers/deny'
+```
+
 ## Result Objects
 
 Result objects represent the outcome of a policy check, containing:
@@ -250,11 +278,11 @@ class ArticleScope < Hubbado::Policy::Scope
   def self.default_scope
     Article.all
   end
-  
+
   # Required: Implement the filtering logic
   def resolve(record, scope, **options)
     return scope if record.admin?
-    
+
     scope.where(published: true).or(scope.where(author_id: record.id))
   end
 end
@@ -278,7 +306,7 @@ You can pass custom base scopes:
 ```ruby
 # Scope only to a specific category
 category_articles = ArticleScope.call(
-  current_user, 
+  current_user,
   Article.where(category_id: params[:category_id])
 )
 

data/hubbado-policy.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = "hubbado-policy"
-  s.version = "1.2.1"
+  s.version = "1.4.0"
   s.summary = "A lightweight, flexible policy framework for Ruby applications"
 
   s.authors = ["Hubbado Devs"]

data/lib/hubbado/policy/base.rb

@@ -48,13 +48,14 @@ module Hubbado
       # Define this in a subclass if there are dependencies to be configure
       template_method :configure
 
-      def self.denied(reason = nil, data: nil)
+      def self.denied(reason = nil, data: nil, i18n_scope: nil)
+        i18n_scope ||= self.i18n_scope
         reason ||= :denied
         Result.new(false, reason, i18n_scope: i18n_scope, data: data)
       end
 
       def self.permitted
-        Result.new(true, :permitted, i18n_scope: i18n_scope)
+        Result.new(true, :permitted)
       end
 
       def self.i18n_scope
@@ -72,8 +73,8 @@ module Hubbado
         self.class == other.class && user == other.user && record == other.record
       end
 
-      def denied(reason = nil, data: nil)
-        self.class.denied(reason, data: data)
+      def denied(reason = nil, data: nil, i18n_scope: nil)
+        self.class.denied(reason, data: data, i18n_scope: i18n_scope)
       end
 
       def permitted

data/lib/hubbado/policy/rspec_matchers/deny.rb

@@ -0,0 +1,76 @@
+module Hubbado
+  module Policy
+    module RspecMatchers
+      module Deny
+        def deny(...)
+          DenyMatcher.new(...)
+        end
+
+        class DenyMatcher
+          def initialize(action, *args, **kwargs)
+            @action = action
+            @args = args
+            @kwargs = kwargs
+            @reason = :denied
+          end
+
+          def with(reason)
+            @reason = reason
+            self
+          end
+
+          def matches?(policy)
+            @policy = policy
+            @result = policy.send @action, *@args, **@kwargs
+
+            unless @result.denied?
+              @incorrect_repsonse = true
+              return false
+            end
+
+            if @reason && @result.reason != @reason
+              @incorrect_reason = true
+              return false
+            end
+
+            begin
+              @result.message
+            rescue I18n::MissingTranslationData
+              @missing_translation = true
+              return false
+            end
+
+            true
+          end
+
+          def description
+            "#{@policy.class.name} deny #{@action} with #{@reason}"
+          end
+
+          def failure_message
+            if @incorrect_reason
+              "Expected #{@policy.class.name} to deny #{@action}, with #{@reason} " \
+                "but it was denied with #{@result.reason}"
+            elsif @missing_translation
+              "Translation missing for policy #{@policy.class.name} and #{@reason}"
+            else
+              "Expected #{@policy.class.name} to deny #{@action}, but it was permitted"
+            end
+          end
+
+          def failure_message_when_negated
+            if @missing_translation
+              "Translation missing for policy #{@policy.class.name} and #{@reason}"
+            else
+              "Expected #{@policy.class.name} to permit #{@action}, but it was denied"
+            end
+          end
+        end
+
+        RSpec.configure do |rspec|
+          rspec.include self, type: :policy
+        end
+      end
+    end
+  end
+end

data/lib/hubbado/policy/rspec_matchers/permit.rb

@@ -0,0 +1,49 @@
+module Hubbado
+  module Policy
+    module RspecMatchers
+      module Permit
+        def permit(...)
+          PermitMatcher.new(...)
+        end
+
+        class PermitMatcher
+          def initialize(action, *args, **kwargs)
+            @action = action
+            @args = args
+            @kwargs = kwargs
+          end
+
+          def matches?(policy)
+            @policy = policy
+
+            if policy.respond_to?(@action)
+              @result = policy.send @action, *@args, **@kwargs
+
+              @result.permitted?
+            else
+              # TODO: Get rid of this branch once the Navigation policy uses the DSL
+              policy.send "#{@action}?", *@args, **@kwargs
+            end
+          end
+
+          def description
+            "#{@policy.class.name} permit #{@action}"
+          end
+
+          def failure_message
+            "Expected #{@policy.class.name} to permit #{@action}, " \
+              "but it was revoked with #{@reason ? @result.reason : 'no reason'}"
+          end
+
+          def failure_message_when_negated
+            "Expected #{@policy.class.name} to deny #{@action}, but it was permitted"
+          end
+        end
+
+        RSpec.configure do |rspec|
+          rspec.include self, type: :policy
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hubbado-policy
 version: !ruby/object:Gem::Version
-  version: 1.2.1
+  version: 1.4.0
 platform: ruby
 authors:
 - Hubbado Devs
@@ -124,6 +124,8 @@ files:
 - lib/hubbado/policy/controls/policy.rb
 - lib/hubbado/policy/railtie.rb
 - lib/hubbado/policy/result.rb
+- lib/hubbado/policy/rspec_matchers/deny.rb
+- lib/hubbado/policy/rspec_matchers/permit.rb
 - lib/hubbado/policy/scope.rb
 homepage: https://github.com/hubbado/hubbado-policy
 licenses:
@@ -146,7 +148,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.6.9
 specification_version: 4
 summary: A lightweight, flexible policy framework for Ruby applications
 test_files: []