ii_policy 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: f4b0ae3047d7ec960796e3bc2cb0fec29584717eb19e23035337121b17b0f66e
+  data.tar.gz: 2d0e5696b4a5888f062ae7b9240eff50f7d94e5ee0f4bf49c461c037e4006619
+SHA512:
+  metadata.gz: caec6ed0fba367ae7f425afc1c427acef1ec1260e5e0b5057f106a95f237a65d598daadd75156875a4f282d7a606c0616fb7caeccc25b8147e4edc9f7e08adde
+  data.tar.gz: a49b1a52334ce402ea35a11055a76823713564d84b9d6105e42ec931973acf67dd15d6a85f0e3c98c8d06631ac1369323b8b862883000300d275fef062fb33bf

data/.github/workflows/ci.yml

@@ -0,0 +1,42 @@
+name: CI
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    runs-on: ubuntu-18.04
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: [2.3, 2.4, 2.5, 2.6, 2.7, 3.0]
+        gemfile: ['rails50', 'rails51', 'rails52', 'rails60', 'rails61']
+        exclude:
+          - ruby: 2.3
+            gemfile: rails60
+          - ruby: 2.3
+            gemfile: rails61
+          - ruby: 2.4
+            gemfile: rails60
+          - ruby: 2.4
+            gemfile: rails61
+          - ruby: 3.0
+            gemfile: rails50
+          - ruby: 3.0
+            gemfile: rails51
+          - ruby: 3.0
+            gemfile: rails52
+
+    name: ruby ${{ matrix.ruby }}, ${{ matrix.gemfile }}
+
+    env:
+      BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile
+
+    steps:
+    - uses: actions/checkout@v2
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - name: Run test
+      run: |
+        bundle exec rspec

data/.gitignore

@@ -0,0 +1,10 @@
+.bundle/
+.project
+Gemfile.lock
+coverage/
+gemfiles/*.lock
+pkg/
+tmp/
+spec/dummy/db/*.sqlite3
+spec/dummy/db/schema_*.rb
+spec/dummy/log/*.log

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+# CHANGELOG
+
+## 1.0.0
+
+* First release.

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2021 Yoshikazu Kaneta
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,259 @@
+# IIPolicy
+
+A base policy to support management of authorization logic.
+
+This gem is inspired by [pundit](https://github.com/varvet/pundit) specs.
+
+## Dependencies
+
+* ruby 2.3+
+* activesupport 5.0+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'ii_policy'
+```
+
+Then execute:
+
+    $ bundle
+
+## Usage
+
+Prepare model:
+
+```ruby
+class Item < ActiveRecord::Base
+end
+```
+
+Prepare controller with `current_user` and call `authorize`:
+
+```ruby
+class ItemsController < ActionController::Base
+  def index
+    @policy = authorize(ItemPolicy)
+    @items = Item.all
+  end
+
+  def show
+    @item = Item.find(params[:id])
+    @policy = authorize(@item)
+  end
+
+  def current_user
+    User.find(session[:login_user_id])
+  end
+end
+```
+
+Create policy that has methods corresponding with actions of controller:
+
+```ruby
+class ItemPolicy < IIPolicy::Base
+  def index?
+    @user.admin?
+  end
+
+  def show?
+    @user.admin? && @item.status != 'deleted'
+  end
+end
+```
+
+### Controller
+
+`authorize` lookups policy and calls it's method corresponding with current action.
+`authorize` takes following arguments:
+
+```ruby
+# no argument (policy class is looked up using the name of controller class)
+authorize
+
+# instance (policy class is looked up using the name of instance's class)
+authorize(@item)
+
+# policy class
+authorize(ItemPolicy)
+
+# with extra context as second argument
+authorize(@item, something: 'something')
+```
+
+Context is set to `{ user: current_user }` in the controller by default.
+You can set other context you want by overriding `policy_context`:
+
+```ruby
+class ItemsController < ActionController::Base
+  def policy_context
+    super.merge(something: 'something')
+  end
+end
+```
+
+When current user is not authoized, `IIPolicy::AuthorizationError` is raised.
+You can catch the error and render a special page using `rescue_from`:
+
+```ruby
+class ItemsController < ActionController::Base
+  rescue_from IIPolicy::AuthorizationError, with: -> { ... }
+end
+```
+
+You can also create policy instance by yourself and check authorization using `allowed` method as follows:
+
+```ruby
+# policy class
+policy(ItemPolicy).allowed(:index?)
+
+# instance
+policy(@item).allowed(:index?)
+```
+
+### Policy
+
+Policy has following attributes:
+
+```ruby
+class ItemPolicy < IIPolicy::Base
+  def index?
+    puts "user: #{@user}"
+    puts "item: #{@item}"
+    puts "context: #{@context}"
+  end
+end
+
+policy = ItemPolicy.new(user: User.find(1), item: Item.find(1), something: 'something')
+policy.allowed(:index?)
+#=> user: #<User: ...>
+#   item: #<Item: ...>
+#   context: #<IIPolicy::Context user=..., item=..., something="something">
+```
+
+You can call another policy method in the same context:
+
+```ruby
+class ItemPolicy < IIPolicy::Base
+  def another_show?
+    allowed(:show?)
+  end
+end
+```
+
+You can use policy for another instance by using `policy`:
+
+```ruby
+class ItemPolicy < IIPolicy::Base
+  def another_show?
+    policy(@context.another_item).allowed(:show?)
+  end
+end
+```
+
+#### Callbacks
+
+Following callbacks are available:
+
+* `before_call`
+* `around_call`
+* `after_call`
+
+For example:
+
+```ruby
+class ItemPolicy < IIPolicy::Base
+  before_call do
+    @something = @context.something
+  end
+
+  def index?
+    @something == 'something'
+  end
+end
+```
+
+#### Policy chain
+
+You can chain shared policies to base policy by including `IIPolicy::Chain` as follows:
+
+```ruby
+# shared policy
+class SharedPolicy < IIPolicy::Base
+  def show?
+    @user.admin?
+  end
+end
+
+# base policy
+class ItemPolicy < IIPolicy::Base
+  include IIPolicy::Chain
+
+  chain SharedPolicy
+
+  def show?
+    @item.status != 'deleted'
+  end
+end
+
+policy = ItemPolicy.new(user: User.find(1), item: Item.find(1))
+policy.allowed(:show?)
+#=> true
+```
+
+In this example, `policy.allowed(:show?)` is evaluated by `SharedPolicy#show? && ItemPolicy#show?`.
+
+### Lookup for policy
+
+`authorize` and `policy` lookups policy class if the first argument of them is not a policy class.
+So the name of policy class should be composed of the base name of model or controller.
+For example:
+
+```ruby
+class ItemPolicy < IIPolicy::Base
+end
+
+class Item
+end
+
+class ItemsController < ActionController::Base
+end
+
+IIPolicy::Base.lookup(Item)
+#=> ItemPolicy
+
+IIPolicy::Base.lookup(Item.new)
+#=> ItemPolicy
+
+IIPolicy::Base.lookup(ItemsController)
+#=> ItemPolicy
+```
+
+Note that superclass of model or controller is also looked up until policy is found.
+
+```ruby
+class ItemPolicy < IIPolicy::Base
+end
+
+class Item
+end
+
+class InheritedItem < Item
+end
+
+IIPolicy::Base.lookup(InheritedItem)
+#=> ItemPolicy
+
+IIPolicy::Base.lookup(InheritedItem.new)
+#=> ItemPolicy
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome at https://github.com/kanety/ii_policy.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "ii_policy"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+# require "irb"
+# IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/gemfiles/rails50.gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+gem "rails", "~> 5.0.0"
+gem "sqlite3", "~> 1.3.6"
+
+gemspec path: "../"

data/gemfiles/rails51.gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+gem "rails", "~> 5.1.0"
+gem "sqlite3", "~> 1.3.6"
+
+gemspec path: "../"

data/gemfiles/rails52.gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+gem "rails", "~> 5.2.0"
+gem "sqlite3", "~> 1.3.6"
+
+gemspec path: "../"

data/gemfiles/rails60.gemfile

@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+
+gem "rails", "~> 6.0.0"
+
+gemspec path: "../"

data/gemfiles/rails61.gemfile

@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+
+gem "rails", "~> 6.1.0"
+
+gemspec path: "../"

data/ii_policy.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'ii_policy/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "ii_policy"
+  spec.version       = IIPolicy::VERSION
+  spec.authors       = ["Yoshikazu Kaneta"]
+  spec.email         = ["kaneta@sitebridge.co.jp"]
+  spec.summary       = %q{A base policy to support management of authorization logic}
+  spec.description   = %q{A base policy to support management of authorization logic}
+  spec.homepage      = "https://github.com/kanety/ii_policy"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "activesupport", ">= 5.0"
+
+  spec.add_development_dependency "rails", ">= 5.0"
+  spec.add_development_dependency "sqlite3"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec-rails"
+  spec.add_development_dependency "simplecov"
+end

data/lib/ii_policy.rb

@@ -0,0 +1,21 @@
+require 'active_support'
+
+require 'ii_policy/version'
+require 'ii_policy/config'
+require 'ii_policy/errors'
+require 'ii_policy/base'
+require 'ii_policy/controller'
+require 'ii_policy/helper'
+require 'ii_policy/railtie' if defined?(Rails)
+
+module IIPolicy
+  class << self
+    def configure
+      yield Config
+    end
+
+    def config
+      Config
+    end
+  end
+end

data/lib/ii_policy/base.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+require_relative 'context'
+require_relative 'callbacks'
+require_relative 'lookup'
+require_relative 'chain'
+
+module IIPolicy
+  class Base
+    include Callbacks
+    include Lookup
+
+    attr_reader :context, :user, :item
+
+    def initialize(context = {})
+      @context = if context.is_a?(IIPolicy::Context)
+          context
+        else
+          IIPolicy::Context.new(context)
+        end
+      @item = @context.item
+      @user = @context.user
+    end
+
+    def call(action)
+      run_callbacks(:call) do
+        return false if respond_to?(action) && !send(action)
+      end
+      return true
+    end
+
+    def allowed(action)
+      call(action)
+    end
+
+    def policy(item)
+      context = @context.dup
+      context.item = item
+      self.class.lookup(item).new(context)
+    end
+  end
+end

data/lib/ii_policy/callbacks.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module IIPolicy
+  module Callbacks
+    extend ActiveSupport::Concern
+    include ActiveSupport::Callbacks
+
+    included do
+      define_callbacks :call
+    end
+
+    class_methods do
+      def before_call(*args, &block)
+        set_callback(:call, :before, *args, &block)
+      end
+
+      def after_call(*args, &block)
+        set_callback(:call, :after, *args, &block)
+      end
+
+      def around_call(*args, &block)
+        set_callback(:call, :around, *args, &block)
+      end
+    end
+  end
+end

data/lib/ii_policy/chain.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module IIPolicy
+  module Chain
+    extend ActiveSupport::Concern
+
+    included do
+      class_attribute :_chains
+      self._chains = []
+    end
+
+    def call(action)
+      self.class._chains.each do |policy|
+        return false unless policy.new(@context).call(action)
+      end
+      super
+    end
+
+    class_methods do
+      def chain(*policies)
+        self._chains = _chains + policies
+      end
+    end
+  end
+end

data/lib/ii_policy/config.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module IIPolicy
+  class Config
+    class_attribute :data
+
+    self.data = {
+      lookup_cache: true
+    }
+
+    data.keys.each do |key|
+      define_singleton_method "#{key}" do
+        data[key]
+      end
+
+      define_singleton_method "#{key}=" do |val|
+        data[key] = val
+      end
+    end
+  end
+end

data/lib/ii_policy/context.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module IIPolicy
+  class Context < OpenStruct
+  end
+end

data/lib/ii_policy/controller.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module IIPolicy
+  module Controller
+    extend ActiveSupport::Concern
+
+    def policy_context
+      { user: current_user }
+    end
+
+    def policy(item, context = {})
+      if item.is_a?(Class) && item < IIPolicy::Base
+        item.new(policy_context.merge(context))
+      else
+        klass = IIPolicy::Base.lookup(item)
+        raise IIPolicy::Error.new("could not find policy for #{item}") unless klass
+        klass.new(policy_context.merge(context.merge(item: item)))
+      end
+    end
+
+    def authorize(item, context = {})
+      instance = policy(item, context)
+      raise IIPolicy::AuthorizationError.new('Not Authorized') unless instance.call("#{action_name}?")
+      instance
+    end
+  end
+end

data/lib/ii_policy/errors.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module IIPolicy
+  class Error < StandardError
+  end
+
+  class AuthorizationError < StandardError
+  end
+end

data/lib/ii_policy/helper.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module IIPolicy
+  module Helper
+    delegate :policy, to: :controller
+  end
+end

data/lib/ii_policy/lookup.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module IIPolicy
+  module Lookup
+    extend ActiveSupport::Concern
+
+    class_methods do
+      def lookup(klass)
+        Lookup.call(klass)
+      end
+    end
+
+    class << self
+      class_attribute :_cache
+      self._cache = {}
+
+      def call(klass)
+        klass = klass.class unless klass.is_a?(Module)
+        return if terminate?(klass)
+
+        cache(klass) do
+          if klass.name && (policy = resolve(klass))
+            policy
+          elsif klass.superclass
+            call(klass.superclass)
+          end
+        end
+      end
+
+      private
+
+      def cache(klass)
+        if Config.lookup_cache
+          self._cache[klass] ||= yield
+        else
+          yield
+        end
+      end
+
+      def terminate?(klass)
+        klass.name.to_s.in?(['Object', 'ActiveRecord::Base', 'ActiveModel::Base', 'ActionController::Base'])
+      end
+
+      def resolve(klass)
+        policy_name = if klass < ActionController::Base
+            "#{klass.name.sub(/Controller$/, '').singularize}Policy"
+          else
+            "#{klass.name}Policy"
+          end
+        policy = policy_name.safe_constantize
+        return policy if policy && policy_name == policy.name
+      end
+    end
+  end
+end

data/lib/ii_policy/railtie.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module IIPolicy
+  class Railtie < Rails::Railtie
+    ActiveSupport.on_load :action_controller do
+      ActionController::Base.send :include, IIPolicy::Controller
+    end
+
+    ActiveSupport.on_load :action_view do
+      ActionView::Base.send :include, IIPolicy::Helper
+    end
+  end
+end

data/lib/ii_policy/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module IIPolicy
+  VERSION = '1.0.0'
+end

metadata

@@ -0,0 +1,154 @@
+--- !ruby/object:Gem::Specification
+name: ii_policy
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Yoshikazu Kaneta
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2021-07-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A base policy to support management of authorization logic
+email:
+- kaneta@sitebridge.co.jp
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/workflows/ci.yml"
+- ".gitignore"
+- ".rspec"
+- CHANGELOG.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- gemfiles/rails50.gemfile
+- gemfiles/rails51.gemfile
+- gemfiles/rails52.gemfile
+- gemfiles/rails60.gemfile
+- gemfiles/rails61.gemfile
+- ii_policy.gemspec
+- lib/ii_policy.rb
+- lib/ii_policy/base.rb
+- lib/ii_policy/callbacks.rb
+- lib/ii_policy/chain.rb
+- lib/ii_policy/config.rb
+- lib/ii_policy/context.rb
+- lib/ii_policy/controller.rb
+- lib/ii_policy/errors.rb
+- lib/ii_policy/helper.rb
+- lib/ii_policy/lookup.rb
+- lib/ii_policy/railtie.rb
+- lib/ii_policy/version.rb
+homepage: https://github.com/kanety/ii_policy
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: A base policy to support management of authorization logic
+test_files: []