nexus_cqrs_auth 0.0.2 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 12f88e69474120c6c77e39eb87c83087352ab327bbf3ccb31a25ea7a71ddd5af
-  data.tar.gz: 9a87ded659ce541ebd65d0089a01d739fa562c2ab3ff7836d555e62a4db6e90e
+  metadata.gz: 9e062f14cca2a6a41d143bf648edbe21a6e661056fa5f8a408aeaea5c75d9b69
+  data.tar.gz: 686b79c46f969565dc23ba210bc48ff4a42f9c2f309b2592f82e0174e9e652b9
 SHA512:
-  metadata.gz: c932a6ecd9cb000b4f1d70a3fff680a6abcbe4c86af7b1277faf04e3d44f50d453dbeacff310654055a026eecee01b2d0a68feef6225149258d00dd92f394404
-  data.tar.gz: 86134c0025b0134282495d4ea9823e3fb3b28914e35b5937d93ff1a5ab63a4a23f1a677bae3bdb9d4ddac4485066267f868478c94164a2870dab663cb17b7c9f
+  metadata.gz: 3168a7a3ae6bb2070a2b3790043c5630560502515d7305d87a64d36cdfd0ed88f969c036d292452a6be6758f5f045f147a0a6c25ff46463ad3b697b2d418b935
+  data.tar.gz: 7f64fc4f86f877b19621728360d1f9cbd1ed1afedbff3c8808dc250e9b729af99477c0148af58b64042fa75c88d785296c71d7c55119285b06b05b0bec3db63b

data/.gitlab-ci.yml

@@ -22,7 +22,7 @@ release:
     - if: '$CI_COMMIT_TAG'
   script:
     - mkdir -p ~/.gem
-    - cp /builds/pub/nexus_cqrs_auth.tmp/RUBYGEMS_CREDENTIALS ~/.gem/credentials
+    - cp $RUBYGEMS_CREDENTIALS ~/.gem/credentials
     - chmod 0600 ~/.gem/credentials
     - gem update --system
     - ruby --version

data/README.md

@@ -1 +1,149 @@
-nexus_cqrs_auth
+# nexus_cqrs_auth
+
+Authorisation for the Nexus CQRS pattern.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'nexus_cqrs_auth'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install nexus_cqrs_auth
+
+## Usage
+
+When setting up the message bus, attach the authorisation middleware to it:
+
+```ruby
+middleware_stack = Middleware::Builder.new do |b|
+  b.use NexusCqrsAuth::AuthMiddleware
+end
+
+bus = Bus.new(middleware: middleware_stack)
+```
+
+You will also need to set metadata on each message (command/query) before dispatching it to the bus:
+
+```ruby
+command.set_metadata(:current_user, user)
+execute(command)
+```
+
+How you set this data, and where you get the current user from is application specific.
+
+For example, a helper included in all GraphQL types could look like this:
+
+```ruby
+module GraphQlCqrsHelpers
+  def execute(command)
+    command_executor.execute(enrich_message(command))
+  end
+
+  def query(query)
+    query_executor.execute(enrich_message(query))
+  end
+
+  def command_executor
+    @command_executor ||= $COMMAND_EXECUTOR
+  end
+
+  def query_executor
+    @query_executor ||= $QUERY_EXECUTOR
+  end
+
+  private
+
+  def enrich_message(message)
+    message.set_metadata(:current_user, @context[:current_user])
+    message
+  end
+end
+```
+
+You can then write various policies to setup authorisation in CQRS flows.
+
+More information about policies can be found in the [Pundit documentation](https://github.com/varvet/pundit).
+
+Remember to create a base policy at: `app/policies/application_policy.rb`
+
+### Bus level policy
+
+Create a policy class in `app/policies/my_message_policy.rb`
+
+```ruby
+class MyMessagePolicy < ApplicationPolicy
+  def initialize(user, message)
+    @user = user
+    @query = message
+  end
+  
+  def authorise?
+    true
+  end
+end
+```
+
+The `authorise?` method will be called before the message handler. If `authorise?` returns false, execution of the bus
+will halt and a `Pundit::NotAuthorizedError` will be raised.
+
+### Record level policy
+
+You can write policies for records:
+
+```ruby
+class PostPolicy < ApplicationPolicy
+  def initialize(user, post)
+    @user = user
+    @post = post
+  end
+  
+  def publish_post?
+    true
+  end
+end
+```
+
+You can then authorise a particular `Post`s by calling the policy from a command handler:
+
+```ruby
+class PublishPostHandler < NexusCqrs::BaseCommandHandler
+  include NexusCqrsAuth
+
+  # @param [Commands::PublishPost] command
+  def call(command)
+    post = Post.find(command.post_id)
+    authorize(command, post)
+    post.is_published = true
+    post.save
+  end
+end
+```
+
+The `NexusCqrsAuth` module must be included in the handler.
+
+`authorize` should be called with the domain message (e.g. command) and the record. The policy for that record type
+(e.g. `PostPolicy`) will be called and the scope with the same name as the command (`PublishPost` -> `publish_post?`)
+will be called.
+
+If the scope returns false, then a `Pundit::NotAuthorizedError` will be raised.
+
+## Development
+
+To contribute to this gem, simple clone the repository, run `bundle install` and run tests:
+
+```shell script
+    bundle exec rspec
+    bundle exec rubocop
+```
+
+## Releasing
+
+The release process is tied to the git tags. Simply creating a new tag and pushing will trigger a new release to rubygems.

data/lib/nexus_cqrs_auth/helper.rb

@@ -12,6 +12,12 @@ module NexusCqrsAuth
   end
 
   def pundit_user
-    @command_user || super
+    @command_user || super || nil
+  end
+
+  def current_user
+    return super if defined?(super)
+
+    nil
   end
 end

data/lib/nexus_cqrs_auth/middleware.rb

@@ -7,7 +7,9 @@ module NexusCqrsAuth
     include NexusCqrsAuth
 
     def call(message)
-      authorize(message, message, :authorise?)
+      if Pundit::PolicyFinder.new(message).policy
+        authorize(message, message, :authorise?)
+      end
       @next.call(message)
     end
   end

data/lib/nexus_cqrs_auth/version.rb

@@ -1,3 +1,3 @@
 module NexusCqrsAuth
-  VERSION = '0.0.2'
+  VERSION = '0.1.0'
 end

data/nexus_cqrs_auth.gemspec

@@ -15,7 +15,7 @@ Gem::Specification.new do |spec|
     %x(git ls-files -z).split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
   spec.require_paths = ['lib']
-  spec.add_dependency('nexus_cqrs', '~>0.1.1')
+  spec.add_dependency('nexus_cqrs', '~>0.2')
   spec.add_dependency('pundit')
   spec.add_dependency('strings-case')
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: nexus_cqrs_auth
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.1.0
 platform: ruby
 authors:
 - Chris Harrison
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-01 00:00:00.000000000 Z
+date: 2021-08-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nexus_cqrs
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.1.1
+        version: '0.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.1.1
+        version: '0.2'
 - !ruby/object:Gem::Dependency
   name: pundit
   requirement: !ruby/object:Gem::Requirement
@@ -88,7 +88,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.26
 signing_key: 
 specification_version: 4
 summary: Authorisation for the Nexus CQRS pattern