isomorfeus-policy 1.0.0.zeta20 → 1.0.0.zeta21

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 48fea48dd7bc63c0bd8c1465c98df1bcac727dfa208599af0c2fe0fafa3ddc8a
-  data.tar.gz: 7e942d873d4061c5e6527b9d65665037a1ce4917afaad776d8eb95ef0ee31beb
+  metadata.gz: 6890b7e65d0609f7d51e451f859d06cd9529981f5881516e1b8e6fc0ca0357a4
+  data.tar.gz: 239b6f38293b8ffbe611dd799608f59aa1048fc74fcd556976ccbf8ae3123d49
 SHA512:
-  metadata.gz: 7c72b02fa4541d0f699b3c53d2fd41f5cd737b011526135bb339b0db57926e60b6c31f0803246772b8ff881cff21213a1ec26384a6c385ca04fd7d7d2f8925ad
-  data.tar.gz: c73d600b37534bfd2aa23c211a55f3a6bdcdfd239178530b1d80711335358b1049fcfb5c78a8eb1024084a8f6e6026332280c6faf5fda818dc1a83a2e755580f
+  metadata.gz: 57dac119ade4a91c632531ad8ef673af0fc9d3ca270471b7cc85e9a0bfa1c2114fa86f96ed8fc6ebfdd799dee7a4516efb2aeddc9223fc66759b9bee3c99b1f8
+  data.tar.gz: 79e70b82d2f08fe7e5347e09f6650f82969e10a8dc25ea8149efd7b95e731fafe30d1940251ff9f1e39186d5f6ba7ce04dfd7f716475b2fb84c5f05da5fdbd47

data/README.md

@@ -153,3 +153,30 @@ class MyUserPolicy < LucidPolicy::Base
   deny others
 end
 ```
+### Debugging Policies or finding out the winning rule
+Its possible to start recording the reason for a authorization result:
+```ruby
+my_user.record_authorization_reason
+```
+When then authorizing:
+```ruby
+my_user.authorized?(BlaGraph, :load)
+```
+the reason for access aor denied access, the winning rule, cen be inspected: 
+```ruby
+my_user.authozation_reason
+```
+
+It will be a Hash and show the responsible policy class, condition, condition result, etc. Example:
+```ruby
+{ combined:
+  { class_name: "Resource",
+    others: :deny,
+    policy_class: "CombinedPolicy" },
+  policy_class: "UserPolicy" }
+```
+
+Recording can be stopped again, for better performance:
+```ruby
+my_user.stop_to_record_authorization_reason
+```

data/lib/isomorfeus/policy/version.rb

@@ -1,5 +1,5 @@
 module Isomorfeus
   module Policy
-    VERSION = '1.0.0.zeta20'
+    VERSION = '1.0.0.zeta21'
   end
 end

data/lib/isomorfeus_policy/lucid_authorization/mixin.rb

@@ -1,5 +1,18 @@
 module LucidAuthorization
   module Mixin
+    def record_authorization_reason
+      @_isomorfeus_record_authorization_reason = true
+    end
+
+    def stop_to_record_authorization_reason
+      @_isomorfeus_record_authorization_reason = false
+      @_isomorfeus_authorization_reason = nil
+    end
+
+    def authorization_reason
+      @_isomorfeus_authorization_reason
+    end
+
     def authorized?(target_class, target_method = nil, props = nil)
       begin
         class_name = self.class.name
@@ -9,7 +22,10 @@ module LucidAuthorization
         policy_class = nil
       end
       return false unless policy_class
-      policy_class.new(self).authorized?(target_class, target_method, props)
+      policy_instance = policy_class.new(self, @_isomorfeus_record_authorization_reason)
+      result = policy_instance.authorized?(target_class, target_method, props)
+      @_isomorfeus_authorization_reason = policy_instance.reason
+      result
     end
 
     def authorized!(target_class, target_method = nil, props = nil)
@@ -17,7 +33,10 @@ module LucidAuthorization
       class_name = class_name.split('>::').last if class_name.start_with?('#<')
       policy_class = Isomorfeus.cached_policy_class("#{class_name}Policy")
       Isomorfeus.raise_error(error_class: LucidPolicy::Exception, message: "#{self}: policy class #{class_name}Policy not found!") unless policy_class
-      policy_class.new(self).authorized!(target_class, target_method, props)
+      policy_instance = policy_class.new(self, @_isomorfeus_record_authorization_reason)
+      result = policy_instance.authorized!(target_class, target_method, props)
+      @_isomorfeus_authorization_reason = policy_instance.reason
+      result
     end
   end
 end

data/lib/isomorfeus_policy/lucid_policy/mixin.rb

@@ -56,7 +56,7 @@ module LucidPolicy
               if class_method_option.class == Symbol && class_or_method_s[0].downcase == class_or_method_s[0]
                 target_methods << class_method_option
               else
-                class_method_option = class_method_option.to_s unless class_method_option.class == String
+                class_method_option = class_or_method_s unless class_method_option.class == String
                 target_classes << class_method_option
               end
             end
@@ -65,6 +65,7 @@ module LucidPolicy
           thing_or_block = block_given? ? block : thing
 
           target_classes.each do |target_class|
+            target_class = target_class.split('>::').last if target_class.start_with?('#<')
             rules[:rules][target_class] = {} unless rules[:rules].key?(target_class)
 
             if target_methods.empty?
@@ -82,14 +83,23 @@ module LucidPolicy
         end
       end
 
-      def initialize(object)
+      attr_reader :reason
+
+      def initialize(object, record_reason = nil)
         @object = object
+        @reason = nil
+        @record_reason = record_reason
+        if @record_reason
+          @class_name = self.class.name
+          @class_name = @class_name.split('>::').last if @class_name.start_with?('#<')
+        end
       end
 
       def authorized?(target_class, target_method = nil, props = nil)
-        Isomorfeus.raise_error(error_class: LucidPolicy::Exception, message: "#{self}: At least the class must be given!") unless target_class
+        Isomorfeus.raise_error(error_class: LucidPolicy::Exception, message: "#{self}: At least the class or class name must be given!") unless target_class
 
         target_class = target_class.to_s unless target_class.class == String
+        target_class = target_class.split('>::').last if target_class.start_with?('#<')
 
         rules  =  self.class.authorization_rules
 
@@ -97,14 +107,20 @@ module LucidPolicy
                     if target_method && rules[:rules][target_class].key?(:methods) && rules[:rules][target_class][:methods].key?(target_method)
                       options = rules[:rules][target_class][:methods][target_method][:options]
                       rule = rules[:rules][target_class][:methods][target_method][:rule]
+                      @reason = { policy_class: @class_name, class_name: target_class, method: target_method, rule: rule } if @record_reason
                     else
                       options = rules[:rules][target_class][:options]
                       rule = rules[:rules][target_class][:rule]
+                      @reason = { policy_class: @class_name, class_name: target_class, rule: rule } if @record_reason
                     end
 
-                    if rule.class == Symbol
+                    if rule.class == Symbol || rule.class == String
                       if options
                         condition, method_result = __get_condition_and_result(options)
+                        if @record_reason
+                          @reason[:condition] = condition
+                          @reason[:condition_result] = method_result
+                        end
                         rule if (condition == :if && method_result == true) || (condition == :if_not && method_result == false)
                       else
                         rule
@@ -113,10 +129,14 @@ module LucidPolicy
                       props = LucidProps.new(props) unless props.class == LucidProps
                       policy_helper = LucidPolicy::Helper.new
                       policy_helper.instance_exec(@object, target_class, target_method, props, &rule)
-                      policy_helper.result
+                      r = policy_helper.result
+                      @reason[:rule_result] = r if @record_reason
+                      r
                     end
                   else
-                    rules[:others]
+                    r = rules[:others]
+                    @reason = { policy_class: @class_name, class_name: target_class, others: r } if @record_reason
+                    r
                   end
 
         return true if result == :allow
@@ -124,11 +144,15 @@ module LucidPolicy
         rules[:policies].each do |policy_class, options|
           combined_policy_result = nil
           if options.empty?
-            combined_policy_result = policy_class.new(@object).authorized?(target_class, target_method, props)
+            policy_instance = policy_class.new(@object, @record_reason)
+            combined_policy_result = policy_instance.authorized?(target_class, target_method, props)
+            @reason = @reason = { policy_class: @class_name, combined: policy_instance.reason } if @record_reason
           else
             condition, method_result = __get_condition_and_result(options)
             if (condition == :if && method_result == true) || (condition == :if_not && method_result == false)
-              combined_policy_result = policy_class.new(@object).authorized?(target_class, target_method, props)
+              policy_instance = policy_class.new(@object, @record_reason)
+              combined_policy_result = policy_instance.authorized?(target_class, target_method, props)
+              @reason = { policy_class: @class_name, combined: policy_instance.reason, condition: condition, condition_result: method_result } if @record_reason
             end
           end
           return true if combined_policy_result == true
@@ -138,8 +162,10 @@ module LucidPolicy
       end
 
       def authorized!(target_class, target_method = nil, props = nil)
-        return true if authorized?(target_class, target_method, props)
-        Isomorfeus.raise_error(error_class: LucidPolicy::Exception, message: "#{@object}: not authorized to call #{target_class}.#{target_method}(#{props})!")
+        result = authorized?(target_class, target_method, props)
+        reason_message = reason ? ", reason: #{reason}" : ''
+        return true if result
+        Isomorfeus.raise_error(error_class: LucidPolicy::Exception, message: "#{@object}: not authorized to call #{target_class}#{}#{target_method} #{props} #{reason_message}!")
       end
 
       private

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: isomorfeus-policy
 version: !ruby/object:Gem::Version
-  version: 1.0.0.zeta20
+  version: 1.0.0.zeta21
 platform: ruby
 authors:
 - Jan Biedermann
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-02-20 00:00:00.000000000 Z
+date: 2020-02-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: opal
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.0.0.zeta20
+        version: 1.0.0.zeta21
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.0.0.zeta20
+        version: 1.0.0.zeta21
 - !ruby/object:Gem::Dependency
   name: opal-webpack-loader
   requirement: !ruby/object:Gem::Requirement