kitty_policy 0.1.2 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 36bb0e98df928a03bb4e18761f8e23e7b7868da05d15bb70f81425d76f936da1
-  data.tar.gz: 6a00a72433c6cc7016f5d62427395d52914bab78fea76e2cdd1faf3b6f526924
+  metadata.gz: 73678357b257df80a329b2f02df58f13b536a9dc284cffdbead4fa0b13cbbcc4
+  data.tar.gz: 2aa9e8f995983610c9b5ce23ba0bd63c7022dfadeabd0f774bd0cc04e5905273
 SHA512:
-  metadata.gz: fc35eeb00ba8e1ec5d43ed4a20fa710fc2e1c347dea3d3f8424809f8eaf5a80300a99bb760d08660cb3ae5a9a32909fd61e6e2336bf95df27af3fdc59f5219ee
-  data.tar.gz: 81905f36f0b2cc4f2b007b53b5599d05f9be8777818a713706ec93c687fad1fcb76a9f49f27a651c2542e1323c4e389219ea2129e870b0e2d5f97a93d9bd7c2a
+  metadata.gz: df68b29d1e647c6ca8ed3fad644d6e886c858e8ec6669dd346f28aaff723e070ea2400d85cc59fa2d919fd41543c167f48565acb696428a56099d2d880faffbd
+  data.tar.gz: 83fabb6697e527c6c27c4321fdf6445cf793e3bb6a6f1db64f679a647de79914db3a5b0c80670b006b1b77a089b6d0bf6243f5d14777a2d07cb985cb18e1e32e

data/.github/workflows/ci.yml

@@ -0,0 +1,40 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Ruby
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['2.6', '2.7', '3.0']
+
+    steps:
+    - uses: actions/checkout@v3
+    
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@0a29871fe2b0200a17a4497bae54fe5df0d973aa # v1.115.3
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+    - name: Run Rubocop
+      run: bundle exec rubocop
+    
+    - name: Run RSpec
+      run: bundle exec rspec spec

data/.rubocop.yml

@@ -8,6 +8,8 @@ AllCops:
     - db/**/*
     - vendor/**/*
     - node_modules/**/*
+  NewCops: enable
+  SuggestExtensions: false
 
 Style/PercentLiteralDelimiters:
   PreferredDelimiters:
@@ -60,8 +62,17 @@ RSpec/MultipleExpectations:
 RSpec/ExampleLength:
   Enabled: false
 
-Capybara/FeatureMethods:
+Lint/AmbiguousBlockAssociation:
   Enabled: false
 
-Lint/AmbiguousBlockAssociation:
+Gemspec/RequiredRubyVersion:
+  Enabled: false
+
+RSpec/BeEq:
+  Enabled: false
+
+RSpec/VerifiedDoubles:
+  Enabled: false
+
+RSpec/NoExpectationExample:
   Enabled: false

data/.ruby-version

@@ -1 +1 @@
-2.6.2
+2.7.5

data/CHANGELOG.md

@@ -1,5 +1,15 @@
 # Changelog
 
+## Version 0.1.4
+
+* **[feature]** Added `delegate_ability` method, which delegates ability from one object to other
+* **[fix]** Raises error when "can_" method is defined more than once
+
+## Version 0.1.3
+
+* **[feature]** Added `authorize_object` for field authorization (@tgroutars)
+  - *no support for connections and arrays*
+
 ## Version 0.1.2
 
 * **[fix]** Allow `fallback: []` to work for Relay connections (@rstankov)

data/Gemfile.lock

@@ -1,57 +1,64 @@
 PATH
   remote: .
   specs:
-    kitty_policy (0.1.2)
+    kitty_policy (0.1.3)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    ast (2.4.0)
-    diff-lcs (1.3)
-    graphql (1.9.7)
-    jaro_winkler (1.5.3)
-    parallel (1.17.0)
-    parser (2.6.3.0)
-      ast (~> 2.4.0)
-    rainbow (3.0.0)
-    rake (10.5.0)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.1)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.4)
+    ast (2.4.2)
+    diff-lcs (1.5.0)
+    graphql (2.0.14)
+    json (2.6.2)
+    parallel (1.22.1)
+    parser (3.1.2.1)
+      ast (~> 2.4.1)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    regexp_parser (2.6.0)
+    rexml (3.2.5)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.1)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.2)
-    rubocop (0.72.0)
-      jaro_winkler (~> 1.5.1)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.1)
+    rubocop (1.36.0)
+      json (~> 2.3)
       parallel (~> 1.10)
-      parser (>= 2.6)
+      parser (>= 3.1.2.1)
       rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.20.1, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 1.7)
-    rubocop-rspec (1.33.0)
-      rubocop (>= 0.60.0)
-    ruby-progressbar (1.10.1)
-    unicode-display_width (1.6.0)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.21.0)
+      parser (>= 3.1.1.0)
+    rubocop-rspec (2.13.2)
+      rubocop (~> 1.33)
+    ruby-progressbar (1.11.0)
+    unicode-display_width (2.3.0)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  bundler (~> 2.0)
-  graphql (~> 1.8)
+  bundler (~> 2.3)
+  graphql (~> 2.0)
   kitty_policy!
-  rake (~> 10.0)
-  rspec (~> 3.8)
+  rake (~> 13.0)
+  rspec (~> 3.11)
   rspec-mocks (~> 3.8)
-  rubocop (= 0.72.0)
-  rubocop-rspec (= 1.33.0)
+  rubocop (= 1.36.0)
+  rubocop-rspec (= 2.13.2)
 
 BUNDLED WITH
-   2.0.2
+   2.3.10

data/README.md

@@ -1,16 +1,15 @@
 # KittyPolicy
 
 [![Gem Version](https://badge.fury.io/rb/kitty_policy.svg)](https://badge.fury.io/rb/kitty_policy)
-[![Build Status](https://secure.travis-ci.org/producthunt/kitty-policy.svg)](http://travis-ci.org/producthunt/kitty-policy)
 [![Code Climate](https://codeclimate.com/github/producthunt/kitty-policy.svg)](https://codeclimate.com/github/producthunt/kitty-policy)
 
 Minimalistic authorization library extracted from [Product Hunt](https://www.producthunt.com/).
 
 Features:
 
-* small DSL for defining abilities
-* not class initializations when performing abilities check
-* integrations with [GraphQL gem](https://rubygems.org/gems/graphql).
+- small DSL for defining authorization abilities
+- not class initializations when performing abilities check
+- integrations with [GraphQL gem](https://rubygems.org/gems/graphql).
 
 ## Installation
 
@@ -149,6 +148,31 @@ describe ApplicationPolicy do
 end
 ```
 
+### Delegating abilities
+
+```ruby
+module ApplicationPolicy
+  extend KittyPolicy::DSL
+
+  can :edit, Post do |user, post|
+    user.id == post.user_id
+  end
+
+  # users who can edit post, should edit or delete its media
+  can :edit, PostMedia do |user, media|
+    can? user, :edit, media.post
+  end
+
+  can :destroy, PostMedia do |user, media|
+    can? user, :edit, media.post
+  end
+
+  # this can be expressed with `delegate_ability` helper
+
+  delegate_ability :edit, PostMedia, to: :post
+  delegate_ability :destroy, PostMedia, to: :post, to_ability: :edit
+```
+
 ### Integration with GraphQL
 
 #### Field level authorization
@@ -190,6 +214,32 @@ module Types
 end
 ```
 
+```ruby
+module Types
+  class QueryType < BaseObject
+    # With fallback, same as:
+    # if ApplicationPolicy.can?(context[:current_user], :view, post)
+    #   return post
+    # else
+    #   return nil
+    # end
+    field :post, PostType, null: false, authorize_object: :view, fallback: nil do
+      argument :id, ID, required: true
+    end
+
+    # Without fallback, same as:
+    # if ApplicationPolicy.can?(context[:current_user], :view, post)
+    #   return post
+    # else
+    #   raise KittyPolicy::AccessDenied(context[:current_user], :view, post)
+    # end
+    field :post, PostType, null: false, authorize_object: :view do
+      argument :id, ID, required: true
+    end
+  end
+end
+```
+
 #### Can resolver
 
 Exposes if current user can perform certain action.

data/kitty_policy.gemspec

@@ -28,11 +28,12 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r(^exe/)) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_development_dependency 'bundler', '~> 2.0'
-  spec.add_development_dependency 'graphql', '~> 1.8'
-  spec.add_development_dependency 'rake', '~> 10.0'
-  spec.add_development_dependency 'rspec', '~> 3.8'
+  spec.add_development_dependency 'bundler', '~> 2.3'
+  spec.add_development_dependency 'graphql', '~> 2.0'
+  spec.add_development_dependency 'rake', '~> 13.0'
+  spec.add_development_dependency 'rspec', '~> 3.11'
   spec.add_development_dependency 'rspec-mocks', '~> 3.8'
-  spec.add_development_dependency 'rubocop', '0.72.0'
-  spec.add_development_dependency 'rubocop-rspec', '1.33.0'
+  spec.add_development_dependency 'rubocop', '1.36.0'
+  spec.add_development_dependency 'rubocop-rspec', '2.13.2'
+  spec.metadata['rubygems_mfa_required'] = 'true'
 end

data/lib/kitty_policy/dsl.rb

@@ -26,10 +26,20 @@ module KittyPolicy
       block ||= DEFAULT_BLOCK
 
       Array(abilities).each do |action|
-        define_method Helper.method_name(action, subject) do |*args|
+        method_name = Helper.method_name(action, subject)
+
+        raise %(Method "#{method_name}" already exists) if method_defined?(method_name)
+
+        define_method method_name do |*args|
           (args[0] || allow_guest) && !!block.call(*args)
         end
       end
     end
+
+    def delegate_ability(ability, subject, to:, to_ability: ability)
+      can(ability, subject) do |user, record|
+        can?(user, to_ability, record.public_send(to))
+      end
+    end
   end
 end

data/lib/kitty_policy/graphql/can_resolver.rb

@@ -14,7 +14,7 @@ module KittyPolicy
         current_user_key = @current_user_key
 
         Class.new(@base_resolver) do
-          type ::GraphQL::BOOLEAN_TYPE, null: false
+          type ::GraphQL::Types::Boolean, null: false
 
           define_method(:resolve) do
             policy.can?(

data/lib/kitty_policy/graphql/field_authorization.rb

@@ -9,8 +9,15 @@ module KittyPolicy
       end
 
       def instrument(_type, field)
-        return field unless field.metadata.key?(:authorize)
+        return instrument_with_authorize(field) if field.metadata.key?(:authorize)
+        return instrument_with_authorize_object(field) if field.metadata.key?(:authorize_object)
 
+        field
+      end
+
+      private
+
+      def instrument_with_authorize(field)
         policy = @policy
         current_user_key = @current_user_key
 
@@ -40,6 +47,31 @@ module KittyPolicy
           resolve new_resolve
         end
       end
+
+      def instrument_with_authorize_object(field)
+        raise "Can't use `authorize_object` on a connection" if field.connection?
+        raise "Can't use `authorize_object` on an array" if field.type.list?
+
+        policy = @policy
+        current_user_key = @current_user_key
+
+        old_resolve = field.resolve_proc
+        new_resolve = lambda do |type_or_object, arguments, context|
+          object = old_resolve.call(type_or_object, arguments, context)
+          if object.nil?
+            object
+          elsif field.metadata.key?(:fallback)
+            policy.can?(context[current_user_key], field.metadata[:authorize_object], object) ? object : field.metadata[:fallback]
+          else
+            policy.authorize!(context[current_user_key], field.metadata[:authorize_object], object)
+            object
+          end
+        end
+
+        field.redefine do
+          resolve new_resolve
+        end
+      end
     end
 
     class AssignFallbackKey
@@ -60,10 +92,12 @@ if defined?(::GraphQL::Field)
   ::GraphQL::Field.accepts_definitions(
     fallback: KittyPolicy::GraphQL::AssignFallbackKey.new(:fallback),
     authorize: GraphQL::Define.assign_metadata_key(:authorize),
+    authorize_object: GraphQL::Define.assign_metadata_key(:authorize_object),
   )
 end
 
 if defined?(::GraphQL::Schema::Field)
   ::GraphQL::Schema::Field.accepts_definition(:fallback)
   ::GraphQL::Schema::Field.accepts_definition(:authorize)
+  ::GraphQL::Schema::Field.accepts_definition(:authorize_object)
 end

data/lib/kitty_policy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module KittyPolicy
-  VERSION = '0.1.2'
+  VERSION = '0.1.4'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kitty_policy
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.4
 platform: ruby
 authors:
 - Radoslav Stankov
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-03-04 00:00:00.000000000 Z
+date: 2022-10-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,56 +16,56 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2.3'
 - !ruby/object:Gem::Dependency
   name: graphql
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.11'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.8'
+        version: '3.11'
 - !ruby/object:Gem::Dependency
   name: rspec-mocks
   requirement: !ruby/object:Gem::Requirement
@@ -86,28 +86,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.72.0
+        version: 1.36.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.72.0
+        version: 1.36.0
 - !ruby/object:Gem::Dependency
   name: rubocop-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.33.0
+        version: 2.13.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.33.0
+        version: 2.13.2
 description: Can be used for Rails and GraphQL applications
 email:
 - rstankov@gmail.com
@@ -115,11 +115,11 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
 - ".ruby-version"
-- ".travis.yml"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
@@ -145,6 +145,7 @@ metadata:
   homepage_uri: https://github.com/producthunt/kitty-policy
   source_code_uri: https://github.com/producthunt/kitty-policy
   changelog_uri: https://github.com/producthunt/kitty-policy/blob/master/CHANGELOG.md
+  rubygems_mfa_required: 'true'
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -160,7 +161,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: General purpose authorization library

data/.travis.yml

@@ -1,11 +0,0 @@
-language: ruby
-rvm:
-  - 2.4
-  - 2.6
-script:
-  - bundle exec rubocop
-  - bundle exec rspec spec
-notifications:
-  email: false
-before_install:
-  - gem install bundler