isomorfeus-policy 1.0.0.zeta25 → 2.0.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fde504baef9ce57e8878d9bc77a7884826c3c91694548e36d197d4683170be67
-  data.tar.gz: 410ba9bfb94cf9a89c972e50075ece84787cf064852ff97cf292a9e0ece634cc
+  metadata.gz: 9c5d355e7df96c7e5721694a785f1de788d8e13680f7d620f1db485d7cda8da7
+  data.tar.gz: be369be41b9710cd0a8bb0815dcc664b4fcc1c7ae797c0a688e19d6303f0ce3c
 SHA512:
-  metadata.gz: 38ff1582b18f5f52d2d3e117cf22d017bd2282d67ce1f059b63230babdb33cbbe734f4a1daa29ef73b61d4353847b7da17c04b69dcf5f7d79cc8d41e3914ef4c
-  data.tar.gz: 67b67ca8f309a24592f3ed7344ddfdc48a507ce21c93af486e2c66d1de3b3c943a07add6b4c41c7e0a4f6839b24d484ec87e67ba5089dd300c28e91ceb424a20
+  metadata.gz: 5f59fb533b9674108b739369507b49cc54e59f231e97396998a8a856e71e18367f04751d6107674b5bdee5ceb78e050801398b20a4d98fa2f99da55e3a38446f
+  data.tar.gz: 1585c5f5ed37f391d2c94f37e90832d743f7b35acf2cedd41b2fd015fa8ac45a17357ec5e2dba66ab6df244794be8a0ebb2c82b01f94e6c4fbabeaa457b19975

data/LICENSE

@@ -1,21 +1,21 @@
-MIT License
-
-Copyright (c) 2018 Jan Biedermann
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+
+Copyright (c) 2018 Jan Biedermann
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -1,182 +1,181 @@
-# isomorfeus-policy
-
-Policy for Isomorfeus
-
-
-### Community and Support
-At the [Isomorfeus Framework Project](http://isomorfeus.com) 
-
-## Usage
-
-Policy is enforced on the server, however, the same policy rules are also available on the client to allow for making consistent decisions everywhere.
-
-Everything that is not explicitly allowed somewhere is denied.
-
-Place the policy files in your projects `isomorfeus/policies`.
-
-Any class that would like to authorize for accessing a resource needs to include the `LucidAuthorization::Mixin` 
-or inherit from `LucidAuthorization::Base`. Example:
-
-```ruby
-class MyUser
-  include LucdiAuthorization::Mixin
-end
-```
-Any instance of that class then has the following methods available:
-- `authorized?(target_class, method_name, props)` - returning true or false
-- `authorized!(target_class, method_name, props)` - raising a exception if access is denied, otherwise returning true
-
-These methods, when called, look for a Policy class. The Policy class must be named after the user class plus the word 'Policy'.
-Example:
-
-For a class `MyUser` the policy class must be `MyUserPolicy`.
-
-### Simple Rules
-Example Policy:
-```ruby
-class MyUserPolicy < LucidPolicy::Base
-  # allow access to all methods of a class
-  allow BlaBlaGraph
-  # class names can be given as strings which benefits autoload performance as the class can be loaded later on
-  allow 'BlaBlaGraph' 
-
-  # allow access to all methods of multiple classes
-  allow BlaBlaGraph, BlaComposition
-  
-  # allow access to a single method of a class 
-  allow BlaBlaGraph, :load
-
-  # or allow multiple methods of a class
-  allow BlaBlaGraph, :load, :save
-
-  # deny access to all methods of multiple classes
-  deny BlaGraph, SuperOperation
-    
-  deny others # or: allow others
-    
-  # in a otherwise empty policy the following can be used too: 
-  # allow all
-  # deny all
-    
-  # further conditions can be used
-  allow BlaBlaGraph, :member_feature, only_if: :registered?
-    # this will call the method registered? on the user instance. The method must return a boolean.  
-    # permission is granted if the method returned true
-    # method name must be given as symbol 
-    # other versions: 
-    allow BlaBlaGraph, :member_feature, if: :registered?
-    
-  allow BlaBlaGraph, :public_feature, only_if_not: :registered? 
-    # this will call the method registered? on the user instance. The method must return a boolean.  
-    # permission is granted if the method returned false
-    # method name must be given as symbol
-    # other versions: 
-    allow BlaBlaGraph, :member_feature, only_unless: :registered?
-    allow BlaBlaGraph, :member_feature, unless: :registered? 
-    allow BlaBlaGraph, :member_feature, if_not: :registered?
-   
-  # a block can be passed directly to a rules condition
-  allow BlaBlaGraph, :member_feature, if: proc { |user, props| user.registered? }
-  # permission is granted if the block returns true
-  
-  # similar for deny, though:
-  deny BlaBlaGraph, :member_feature, if: proc { |user, props| !user.registered? }
-  # permission is denied if the block returns true
-end
-```
-and then any of:
-```ruby
-user.authorized?(target_class)
-user.authorized?(target_class, target_method)
-user.authorized?(target_class, target_method, *props)
-```
-or:
-```ruby
-user.authorized!(target_class)
-user.authorized!(target_class, target_method)
-user.authorized!(target_class, target_method, *props)
-```
-which will raise a LucidPolicy::Exception unless authorized
-
-### Custom Rules
-Besides calling methods or executing blocks from allow or deny, custom rules can be defined. Example:
-```ruby
-class MyUserPolicy < LucidPolicy::Base
-  rule BlaGraph, :load, :count do |user, target_class_name, target_method, props|
-    allow if user.verified?
-    allow if user.admin?
-    deny
-  end
-end
-```
-Within the rule block the `allow` and `deny` methods must be used to allow or deny access.
-They accept no arguments. Within the block the default is to deny, so any matching allow wins.
-
-### Combining Policies
-Policies can be combined. Across policies, the first Policy rule that permits access wins.
-The local policy is considered first, then the other policies.
-If the local policy allows, then the other policies are not considered.
-If the local policy has a `allow all` or a `allow others` rule, then there is a good chance the other policies are never considered. 
-The recommended default rule for combined policies is `deny others`. 
-
-Given a:
-```ruby
-  class AdminRolePolicy < LucidPolicy::Base
-    rule BlaGraph, :load, :count do |user, target_class_name, target_method, props|
-      allow if user.verified?
-      deny
-    end
-  end
-```
-another policy can include the rules. Example:
-```ruby
-class MyUserPolicy < LucidPolicy::Base
-  combine_with AdminRolePolicy
-
-  # conditions as for allow and deny can be used too
-  combine_with AdminRolePolicy, if: :admin?
-    # this will call the method admin? on the user instance. The method must return a boolean.  
-    # this will execute the AdminRolePolicy rules only if the method returned true
-    # method name must be given as symbol 
- 
-  combine_with AdminRolePolicy, if_not: :normal_guy? 
-    # this will call the method normal_guy?? on the user instance. The method must return a boolean.  
-    # this will execute the AdminRolePolicy rules only if the method returned false
-    # method name must be given as symbol
-    # other versions: 
-    combine_with AdminRolePolicy, unless: :normal_guy?
-
-  # a block can be passed directly to a rules condition
-  combine_with AdminRolePolicy, if: proc { |user| user.admin? }
-  # this will execute the AdminRolePolicy rules only if the condition block returns true 
-
-  deny others
-end
-```
-### Debugging Policies or finding out the winning rule
-Its possible to start recording the reason for a authorization result:
-```ruby
-my_user.record_authorization_reason
-```
-When then authorizing:
-```ruby
-my_user.authorized?(BlaGraph, :load)
-```
-the reason for access or denied access, the winning rule, can be inspected: 
-```ruby
-my_user.authozation_reason
-```
-
-It will be a Hash and show the responsible policy class, condition, condition result, etc. Example:
-```ruby
-{ combined:
-  { class_name: "Resource",
-    others: :deny,
-    policy_class: "CombinedPolicy" },
-  policy_class: "UserPolicy" }
-```
-
-Recording can be stopped again, for better performance:
-```ruby
-my_user.stop_to_record_authorization_reason
-```
+# isomorfeus-policy
+
+Policy for Isomorfeus
+
+### Community and Support
+At the [Isomorfeus Framework Project](http://isomorfeus.com)
+
+## Usage
+
+Policy is enforced on the server, however, the same policy rules are also available on the client to allow for making consistent decisions everywhere.
+
+Everything that is not explicitly allowed somewhere is denied.
+
+Place the policy files in your projects `app/policies` directory.
+
+Any class that would like to authorize for accessing a resource needs to include the `LucidAuthorization::Mixin`
+or inherit from `LucidAuthorization::Base`. Example:
+
+```ruby
+class MyUser
+  include LucdiAuthorization::Mixin
+end
+```
+Any instance of that class then has the following methods available:
+- `authorized?(target_class, method_name, props)` - returning true or false
+- `authorized!(target_class, method_name, props)` - raising a exception if access is denied, otherwise returning true
+
+These methods, when called, look for a Policy class. The Policy class must be named after the user class plus the word 'Policy'.
+Example:
+
+For a class `MyUser` the policy class must be `MyUserPolicy`.
+
+### Simple Rules
+Example Policy:
+```ruby
+class MyUserPolicy < LucidPolicy::Base
+  # allow access to all methods of a class
+  allow BlaBlaGraph
+  # class names can be given as strings which benefits autoload performance as the class can be loaded later on
+  allow 'BlaBlaGraph'
+
+  # allow access to all methods of multiple classes
+  allow BlaBlaGraph, BlaComposition
+
+  # allow access to a single method of a class
+  allow BlaBlaGraph, :load
+
+  # or allow multiple methods of a class
+  allow BlaBlaGraph, :load, :save
+
+  # deny access to all methods of multiple classes
+  deny BlaGraph, SuperOperation
+
+  deny others # or: allow others
+
+  # in a otherwise empty policy the following can be used too:
+  # allow all
+  # deny all
+
+  # further conditions can be used
+  allow BlaBlaGraph, :member_feature, only_if: :registered?
+    # this will call the method registered? on the user instance. The method must return a boolean.
+    # permission is granted if the method returned true
+    # method name must be given as symbol
+    # other versions:
+    allow BlaBlaGraph, :member_feature, if: :registered?
+
+  allow BlaBlaGraph, :public_feature, only_if_not: :registered?
+    # this will call the method registered? on the user instance. The method must return a boolean.
+    # permission is granted if the method returned false
+    # method name must be given as symbol
+    # other versions:
+    allow BlaBlaGraph, :member_feature, only_unless: :registered?
+    allow BlaBlaGraph, :member_feature, unless: :registered?
+    allow BlaBlaGraph, :member_feature, if_not: :registered?
+
+  # a proc can be passed directly to a rules condition
+  allow BlaBlaGraph, :member_feature, if: proc { |user, props| user.registered? }
+  # permission is granted if the block returns true
+
+  # similar for deny, though:
+  deny BlaBlaGraph, :member_feature, if: proc { |user, props| !user.registered? }
+  # permission is denied if the block returns true
+end
+```
+and then any of:
+```ruby
+user.authorized?(target_class)
+user.authorized?(target_class, target_method)
+user.authorized?(target_class, target_method, *props)
+```
+or:
+```ruby
+user.authorized!(target_class)
+user.authorized!(target_class, target_method)
+user.authorized!(target_class, target_method, *props)
+```
+which will raise a LucidPolicy::Exception unless authorized
+
+### Custom Rules
+Besides calling methods or executing blocks from allow or deny, custom rules can be defined. Example:
+```ruby
+class MyUserPolicy < LucidPolicy::Base
+  rule BlaGraph, :load, :count do |user, target_class_name, target_method, props|
+    allow if user.verified?
+    allow if user.admin?
+    deny
+  end
+end
+```
+Within the rule block the `allow` and `deny` methods must be used to allow or deny access.
+They accept no arguments. Within the block the default is to deny, so any matching allow wins.
+
+### Combining Policies
+Policies can be combined. Across policies, the first Policy rule that permits access wins.
+The outer policy is considered first, then the other policies.
+If the outer policy allows, then the other policies are not considered.
+If the outer policy has a `allow all` or a `allow others` rule, then there is a good chance the other policies are never considered.
+The recommended default rule for combined policies is `deny others`.
+
+Given a:
+```ruby
+  class AdminRolePolicy < LucidPolicy::Base
+    rule BlaGraph, :load, :count do |user, target_class_name, target_method, props|
+      allow if user.verified?
+      deny
+    end
+  end
+```
+another policy can include the rules. Example:
+```ruby
+class MyUserPolicy < LucidPolicy::Base
+  combine_with AdminRolePolicy
+
+  # conditions as for allow and deny can be used too
+  combine_with AdminRolePolicy, if: :admin?
+    # this will call the method admin? on the user instance. The method must return a boolean.
+    # this will execute the AdminRolePolicy rules only if the method returned true
+    # method name must be given as symbol
+
+  combine_with AdminRolePolicy, if_not: :normal_guy?
+    # this will call the method normal_guy?? on the user instance. The method must return a boolean.
+    # this will execute the AdminRolePolicy rules only if the method returned false
+    # method name must be given as symbol
+    # other versions:
+    combine_with AdminRolePolicy, unless: :normal_guy?
+
+  # a block can be passed directly to a rules condition
+  combine_with AdminRolePolicy, if: proc { |user| user.admin? }
+  # this will execute the AdminRolePolicy rules only if the condition block returns true
+
+  deny others
+end
+```
+### Debugging Policies or finding out the winning rule
+Its possible to start recording the reason for a authorization result:
+```ruby
+my_user.record_authorization_reason
+```
+When then authorizing:
+```ruby
+my_user.authorized?(BlaGraph, :load)
+```
+the reason for access or denied access, the winning rule, can be inspected:
+```ruby
+my_user.authozation_reason
+```
+
+It will be a Hash and show the responsible policy class, condition, condition result, etc. Example:
+```ruby
+{ combined:
+  { class_name: "Resource",
+    others: :deny,
+    policy_class: "CombinedPolicy" },
+  policy_class: "UserPolicy" }
+```
+
+Recording can be stopped again, for better performance:
+```ruby
+my_user.stop_to_record_authorization_reason
+```

data/lib/isomorfeus/policy/config.rb

@@ -1,36 +1,36 @@
-module Isomorfeus
-  class << self
-    def cached_policy_classes
-      @cached_array_classes ||= {}
-    end
-
-    if RUBY_ENGINE == 'opal'
-      def cached_policy_class(class_name)
-        return "::#{class_name}".constantize if Isomorfeus.development?
-        return cached_policy_classes[class_name] if cached_policy_classes.key?(class_name)
-        cached_policy_classes[class_name] = "::#{class_name}".constantize
-      end
-    else
-      def cached_policy_class(class_name)
-        return nil unless valid_policy_class_name?(class_name)
-        return "::#{class_name}".constantize if Isomorfeus.development?
-        return cached_policy_classes[class_name] if cached_policy_classes.key?(class_name)
-        cached_policy_classes[class_name] = "::#{class_name}".constantize
-      end
-
-      def valid_policy_class_names
-        @valid_policy_class_names ||= Set.new
-      end
-
-      def valid_policy_class_name?(class_name)
-        valid_policy_class_names.include?(class_name)
-      end
-
-      def add_valid_policy_class(klass)
-        class_name = klass.name
-        class_name = class_name.split('>::').last if class_name.start_with?('#<')
-        valid_policy_class_names << class_name
-      end
-    end
-  end
-end
+module Isomorfeus
+  class << self
+    def cached_policy_classes
+      @cached_array_classes ||= {}
+    end
+
+    if RUBY_ENGINE == 'opal'
+      def cached_policy_class(class_name)
+        return "::#{class_name}".constantize if Isomorfeus.development?
+        return cached_policy_classes[class_name] if cached_policy_classes.key?(class_name)
+        cached_policy_classes[class_name] = "::#{class_name}".constantize
+      end
+    else
+      def cached_policy_class(class_name)
+        return nil unless valid_policy_class_name?(class_name)
+        return "::#{class_name}".constantize if Isomorfeus.development?
+        return cached_policy_classes[class_name] if cached_policy_classes.key?(class_name)
+        cached_policy_classes[class_name] = "::#{class_name}".constantize
+      end
+
+      def valid_policy_class_names
+        @valid_policy_class_names ||= Set.new
+      end
+
+      def valid_policy_class_name?(class_name)
+        valid_policy_class_names.include?(class_name)
+      end
+
+      def add_valid_policy_class(klass)
+        class_name = klass.name
+        class_name = class_name.split('>::').last if class_name.start_with?('#<')
+        valid_policy_class_names << class_name
+      end
+    end
+  end
+end

data/lib/isomorfeus/policy/version.rb

@@ -1,5 +1,5 @@
-module Isomorfeus
-  module Policy
-    VERSION = '1.0.0.zeta25'
-  end
-end
+module Isomorfeus
+  module Policy
+    VERSION = '2.0.0.rc1'
+  end
+end

data/lib/isomorfeus-policy.rb

@@ -1,21 +1,22 @@
-require 'isomorfeus-react'
-require 'isomorfeus/policy/config'
-require 'lucid_props'
-
-if RUBY_ENGINE == 'opal'
-  Isomorfeus.zeitwerk.push_dir('isomorfeus_policy')
-  require_tree 'isomorfeus_policy', :autoload
-  Isomorfeus.zeitwerk.push_dir('policies')
-else
-  require 'isomorfeus_policy/lucid_policy/exception'
-  require 'isomorfeus_policy/lucid_policy/helper'
-  require 'isomorfeus_policy/lucid_policy/mixin'
-  require 'isomorfeus_policy/lucid_policy/base'
-  require 'isomorfeus_policy/lucid_authorization/mixin'
-  require 'isomorfeus_policy/lucid_authorization/base'
-  require 'isomorfeus_policy/anonymous'
-
-  Opal.append_path(__dir__.untaint) unless Opal.paths.include?(__dir__.untaint)
-  path = File.expand_path(File.join('app', 'policies'))
-  Isomorfeus.zeitwerk.push_dir(path)
-end
+require 'isomorfeus-preact'
+require 'isomorfeus/policy/config'
+require 'lucid_props'
+
+if RUBY_ENGINE == 'opal'
+  Isomorfeus.zeitwerk.push_dir('isomorfeus_policy')
+  require_tree 'isomorfeus_policy', autoload: true
+  Isomorfeus.zeitwerk.push_dir('policies')
+else
+  require 'isomorfeus_policy/lucid_policy/exception'
+  require 'isomorfeus_policy/lucid_policy/helper'
+  require 'isomorfeus_policy/lucid_policy/mixin'
+  require 'isomorfeus_policy/lucid_policy/base'
+  require 'isomorfeus_policy/lucid_authorization/mixin'
+  require 'isomorfeus_policy/lucid_authorization/base'
+  require 'isomorfeus_policy/anonymous'
+  require 'iso_opal'
+
+  Opal.append_path(__dir__.untaint) unless IsoOpal.paths_include?(__dir__.untaint)
+  path = File.expand_path(File.join('app', 'policies'))
+  Isomorfeus.zeitwerk.push_dir(path) if Dir.exist?(path)
+end

data/lib/isomorfeus_policy/anonymous.rb

@@ -1,11 +1,11 @@
-class Anonymous
-  include LucidAuthorization::Mixin
-
-  def anonymous?
-    true
-  end
-
-  def key
-    'anonymous'
-  end
-end
+class Anonymous
+  include LucidAuthorization::Mixin
+
+  def anonymous?
+    true
+  end
+
+  def key
+    'anonymous'
+  end
+end

data/lib/isomorfeus_policy/lucid_authorization/base.rb

@@ -1,5 +1,5 @@
-module LucidAuthorization
-  class Base
-    include LucidAuthorization::Mixin
-  end
-end
+module LucidAuthorization
+  class Base
+    include LucidAuthorization::Mixin
+  end
+end