papers_please 0.1.4 → 0.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: bd9618d4daa3097adfab01cf14a0acdd733fe3a9
-  data.tar.gz: 9609532bc749992a740c9436ec681d4ab24327ec
+SHA256:
+  metadata.gz: d8107fa501a7483009cafcfb51d09a5672fbc62b881b8752efdb65fcfa559383
+  data.tar.gz: 6059429b9c9b8465ca349762798b04a639d386a0a260c441706e69e36cf7d5e7
 SHA512:
-  metadata.gz: 515d3a9671a27d6c3e8baa506a93cac76dc273410cfb97002d87939c73ff9aad8b3a4f655471b0ea90ad98ef0a2389b797341452be08977ecc1e93c528479ca1
-  data.tar.gz: '0628095ce93b73d6541248886d9cd7a8d30f6e5587623be43c1c62855876b451a64fe643b634845e6fad489ab533f8b0dd2a3ad6107343fbd988dcbd3f1e587a'
+  metadata.gz: 8f52cdec93ad99933c4a940d64e10c9912ec2d9f9a3f25a39fa0a3d9b56ab770957204752dc68a1aed1938dc4b9968158968ac74bf35a7ccaf64e2b8e9664d0c
+  data.tar.gz: 7c116ec7dbb9a4193cccfa1649163c37020ea7a13a71414f15989a8ea71589739651bd08ee55c5a9f60b5b4341bf32666fc21a806b5aee9a28622db871ade35d

data/.github/workflows/release.yml

@@ -0,0 +1,27 @@
+# .github/workflows/release.yml
+
+name: Release
+
+on:
+  workflow_dispatch:
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.0.0
+      - run: bundle install
+      - name: publish gem
+        run: |
+          mkdir -p $HOME/.gem
+          touch $HOME/.gem/credentials
+          chmod 0600 $HOME/.gem/credentials
+          printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+          gem build *.gemspec
+          gem push *.gem
+        env:
+          GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}"
+

data/.github/workflows/test.yml

@@ -0,0 +1,28 @@
+name: Test & Lint
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        ruby-version: ['3.1', '3.0', '2.7']
+
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@359bebbc29cbe6c87da6bc9ea3bc930432750108
+        with:
+          ruby-version: ${{ matrix.ruby-version }}
+      - name: Install dependencies
+        run: bundle install
+      - name: Rubocop
+        run: rubocop
+      - name: Run tests
+        run: bundle exec rake

data/.rubocop.yml

@@ -0,0 +1,137 @@
+require: rubocop-rspec
+
+AllCops:
+  NewCops: enable
+  SuggestExtensions: false
+  TargetRubyVersion: 3.1
+  Include:
+    - 'lib/**/*.rb'
+    - 'spec/**/*.rb'
+    - '**/Gemfile'
+    - '**/Rakefile'
+  Exclude:
+    - 'bin/**/*'
+    - 'spec/fixtures/**/*.rb'
+
+Style/HashSyntax:
+  EnforcedShorthandSyntax: never
+
+Style/Documentation:
+  Enabled: false
+
+Naming/BlockForwarding:
+  Enabled: false
+
+Style/RedundantSelf:
+  Enabled: false
+
+Style/RedundantReturn:
+  Enabled: false
+
+Style/GuardClause:
+  Enabled: false
+
+Style/ClassAndModuleChildren:
+  Enabled: false
+
+Layout/EmptyLinesAroundClassBody:
+  Enabled: false
+
+Style/FrozenStringLiteralComment:
+  Enabled: false
+
+Layout/CommentIndentation:
+  Enabled: false
+
+Layout/LineLength:
+  Max: 120
+
+Metrics/ClassLength:
+  Max: 120
+
+Metrics/CyclomaticComplexity:
+  Max: 10
+
+Metrics/MethodLength:
+  Max: 15
+
+Metrics/AbcSize:
+  Max: 25
+
+Metrics/ParameterLists:
+  Max: 8
+
+Layout/EmptyLineBetweenDefs:
+  AllowAdjacentOneLineDefs: true
+
+Naming/MethodParameterName:
+  AllowedNames:
+    - _
+
+RSpec/ExampleLength:
+  Enabled: false
+
+RSpec/MultipleExpectations:
+  Enabled: false
+
+RSpec/MultipleMemoizedHelpers:
+  Enabled: false
+
+RSpec/NestedGroups:
+  Enabled: false
+
+RSpec/MessageSpies:
+  Enabled: false
+
+RSpec/InstanceVariable:
+  Enabled: false
+
+RSpec/BeforeAfterAll:
+  Enabled: false
+
+RSpec/AnyInstance:
+  Enabled: false
+
+RSpec/ContextWording:
+  Enabled: false
+
+RSpec/FilePath:
+  Enabled: false
+
+RSpec/NamedSubject:
+  Enabled: false
+
+RSpec/StubbedMock:
+  Enabled: false
+
+RSpec/LetSetup:
+  Enabled: false
+
+RSpec/MessageChain:
+  Enabled: false
+
+RSpec/RepeatedDescription:
+  Enabled: false
+
+RSpec/RepeatedExample:
+  Enabled: false
+
+RSpec/ScatteredSetup:
+  Enabled: false
+
+RSpec/UnspecifiedException:
+  Enabled: false
+
+RSpec/VerifiedDoubles:
+  Enabled: false
+
+RSpec/ExpectInHook:
+  Enabled: false
+
+Style/ClassVars:
+  Exclude:
+    - 'lib/slayer/service.rb'
+
+Style/MutableConstant:
+  Exclude:
+    - 'lib/slayer/version.rb'

data/Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }

data/Gemfile.lock

@@ -1,38 +1,63 @@
 PATH
   remote: .
   specs:
-    papers_please (0.1.4)
+    papers_please (0.1.5)
       terminal-table
 
 GEM
   remote: https://rubygems.org/
   specs:
-    byebug (10.0.2)
-    diff-lcs (1.3)
-    docile (1.3.1)
-    json (2.1.0)
-    rake (10.5.0)
-    rspec (3.7.0)
-      rspec-core (~> 3.7.0)
-      rspec-expectations (~> 3.7.0)
-      rspec-mocks (~> 3.7.0)
-    rspec-core (3.7.1)
-      rspec-support (~> 3.7.0)
-    rspec-expectations (3.7.0)
+    ast (2.4.2)
+    byebug (11.1.3)
+    diff-lcs (1.5.0)
+    docile (1.4.0)
+    json (2.6.3)
+    parallel (1.23.0)
+    parser (3.2.2.3)
+      ast (~> 2.4.1)
+      racc
+    racc (1.7.1)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    regexp_parser (2.8.1)
+    rexml (3.2.5)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.2)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.3)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.7.0)
-    rspec-mocks (3.7.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.5)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.7.0)
-    rspec-support (3.7.1)
-    simplecov (0.16.1)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.1)
+    rubocop (1.38.0)
+      json (~> 2.3)
+      parallel (~> 1.10)
+      parser (>= 3.1.2.1)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.23.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.29.0)
+      parser (>= 3.2.1.0)
+    rubocop-rspec (2.17.1)
+      rubocop (~> 1.33)
+    ruby-progressbar (1.13.0)
+    simplecov (0.22.0)
       docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
-    terminal-table (1.8.0)
-      unicode-display_width (~> 1.1, >= 1.1.1)
-    unicode-display_width (1.4.0)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.4)
+    terminal-table (3.0.2)
+      unicode-display_width (>= 1.1.1, < 3)
+    unicode-display_width (2.4.2)
 
 PLATFORMS
   ruby
@@ -41,9 +66,11 @@ DEPENDENCIES
   bundler (~> 2.0)
   byebug
   papers_please!
-  rake (~> 10.0)
-  rspec (~> 3.0)
+  rake (~> 13.0)
+  rspec (~> 3.12)
+  rubocop (= 1.38.0)
+  rubocop-rspec
   simplecov
 
 BUNDLED WITH
-   2.0.1
+   2.3.9

data/Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
 

data/bin/console

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
 require 'bundler/setup'
 require 'papers_please'

data/lib/papers_please/errors.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module PapersPlease
   class Error < StandardError; end
 

data/lib/papers_please/permission.rb

@@ -1,6 +1,9 @@
+# frozen_string_literal: true
+
 module PapersPlease
   class Permission
-    attr_accessor :key, :subject, :query, :predicate, :granted_by, :granting_class
+    attr_accessor :key, :subject
+    attr_reader :query, :predicate, :granted_by, :granting_class
 
     def initialize(key, subject, query: nil, predicate: nil, granted_by: nil, granting_class: nil)
       self.key = key

data/lib/papers_please/policy.rb

@@ -1,7 +1,10 @@
+# frozen_string_literal: true
+
 module PapersPlease
   class Policy
     attr_accessor :roles
-    attr_reader :user
+
+    attr_reader :fallthrough, :user
 
     def initialize(user)
       @user          = user
@@ -11,16 +14,20 @@ module PapersPlease
       configure
     end
 
+    def allow_fallthrough
+      @fallthrough = true
+    end
+
     def configure
       raise NotImplementedError, 'The #configure method of the access policy was not implemented'
     end
 
     # Add a role to the Policy
-    def add_role(name, predicate = nil, &block)
+    def add_role(name, predicate = nil)
       name = name.to_sym
       raise DuplicateRole if roles.key?(name)
 
-      role = Role.new(name, predicate: predicate, definition: block)
+      role = Role.new(name, predicate: predicate)
       roles[name] = role
 
       role
@@ -41,22 +48,19 @@ module PapersPlease
 
     # Look up a stored permission block and call with
     # the current user and subject
-    def can?(action, subject = nil)
-      applicable_roles.each do |_, role|
-        permission = role.find_permission(action, subject)
+    def can?(action, subject = nil, roles: nil)
+      roles_to_check(roles: roles).each do |_, role|
+        permission = role&.find_permission(action, subject)
         next if permission.nil?
 
         # Proxy permission check if granted by other
-        if permission.granted_by_other?
-          # Get proxied subject
-          subject = subject.is_a?(Class) ? permission.granting_class : permission.granted_by.call(user, subject)
-
-          # Get proxied permission
-          permission = role.find_permission(action, subject)
-        end
+        subject, permission = get_proxied_permission(permission, action, subject, role) if permission.granted_by_other?
 
         # Check permission
-        return permission.granted?(user, subject, action) unless permission.nil?
+        granted = permission_granted?(permission, action, subject)
+        next if granted.nil? || (granted == false && fallthrough)
+
+        return granted
       end
 
       false
@@ -72,12 +76,28 @@ module PapersPlease
       subject
     end
 
+    def get_applicable_roles_by_keys(keys)
+      applicable_roles.slice(*Array(keys))
+    end
+
+    def roles_that_can(action, subject)
+      applicable_roles.reject do |_, role|
+        role.find_permission(action, subject).nil?
+      end.keys
+    end
+
     # Look up a stored scope block and call with the
     # current user and class
-    def scope_for(action, klass)
-      applicable_roles.each do |_, role|
+    def scope_for(action, klass, roles: nil)
+      roles_to_check(roles: roles).each do |_, role|
+        next if role.nil?
+
         permission = role.find_permission(action, klass)
-        return permission.fetch(user, klass, action) unless permission.nil?
+        scope = permission&.fetch(user, klass, action)
+
+        next if permission.nil? || (scope.nil? && fallthrough)
+
+        return scope
       end
 
       nil
@@ -90,5 +110,29 @@ module PapersPlease
         role.applies_to?(user)
       end
     end
+
+    private
+
+    def roles_to_check(roles: nil)
+      roles.nil? ? applicable_roles : get_applicable_roles_by_keys(roles)
+    end
+
+    def permission_granted?(permission, action, subject)
+      if fallthrough
+        permission.nil? ? false : permission.granted?(user, subject, action)
+      else
+        permission.nil? ? nil : permission.granted?(user, subject, action)
+      end
+    end
+
+    def get_proxied_permission(permission, action, subject, role)
+      # Get proxied subject
+      subject = subject.is_a?(Class) ? permission.granting_class : permission.granted_by.call(user, subject)
+
+      # Get proxied permission
+      permission = role.find_permission(action, subject)
+
+      [subject, permission]
+    end
   end
 end

data/lib/papers_please/rails/controller_methods.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module PapersPlease
   module Rails
     module ControllerMethods

data/lib/papers_please/railtie.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'rails/railtie'
 
 module PapersPlease

data/lib/papers_please/role.rb

@@ -2,7 +2,7 @@ module PapersPlease
   class Role
     attr_reader :name, :predicate, :permissions
 
-    def initialize(name, predicate: nil, definition: nil)
+    def initialize(name, predicate: nil)
       @name = name
       @predicate = predicate
       @permissions = []
@@ -17,48 +17,20 @@ module PapersPlease
     def add_permission(actions, klass, query: nil, predicate: nil, granted_by: nil)
       prepare_actions(actions).each do |action|
         raise DuplicatePermission if permission_exists?(action, klass)
-        raise InvalidGrant, 'granted_by must be an array of [Class, Proc]' if !granted_by.nil? && !valid_grant?(granted_by)
 
-        has_query = query.is_a?(Proc)
-        has_predicate = predicate.is_a?(Proc)
-        permission = Permission.new(action, klass)
-
-        if granted_by
-          permission.granting_class = granted_by[0]
-          permission.granted_by = granted_by[1]
-        end
-
-        if has_query && has_predicate
-          # Both query & predicate provided
-
-          permission.query = query
-          permission.predicate = predicate
-        elsif has_query && !has_predicate
-          # Only query provided
-          permission.query = query
-
-          if action == :create && actions == :manage
-            # If the action is :create, expanded from :manage
-            # then we set the default all predicate
-            permission.predicate = (proc { true })
-          else
-            # Otherwise the default predicate is to check
-            # for inclusion in the returned relationship
-            permission.predicate = (proc { |user, obj|
-              res = query.call(user, klass, action)
-              res.respond_to?(:include?) && res.include?(obj)
-            })
-          end
-        elsif !has_query && has_predicate
-          # Only predicate provided
-          permission.predicate = predicate
-        else
-          # Neither provided
-          permission.query = (proc { klass.all })
-          permission.predicate = (proc { true })
+        if !granted_by.nil? && !valid_grant?(granted_by)
+          raise InvalidGrant,
+                'granted_by must be an array of [Class, Proc]'
         end
 
-        permissions << permission
+        permissions << make_permission(
+          action,
+          actions,
+          klass,
+          query: query,
+          predicate: predicate,
+          granted_by: granted_by
+        )
       end
     end
     alias grant add_permission
@@ -90,5 +62,57 @@ module PapersPlease
         a == :manage ? %i[create read update destroy] : [a]
       end
     end
+
+    # rubocop:disable Metrics/MethodLength
+    def make_permission(action, actions, klass, query: nil, predicate: nil, granted_by: nil)
+      has_query = query.is_a?(Proc)
+      has_predicate = predicate.is_a?(Proc)
+      permission = make_base_permission(action, klass, granted_by: granted_by)
+
+      if has_query && has_predicate
+        # Both query & predicate provided
+        permission.query = query
+        permission.predicate = predicate
+      elsif has_query && !has_predicate
+        # Only query provided
+        permission.query = query
+        permission.predicate = build_predicate_from_query(action, actions, klass, query)
+      elsif !has_query && has_predicate
+        # Only predicate provided
+        permission.predicate = predicate
+      else
+        # Neither provided
+        permission.query = (proc { klass.all })
+        permission.predicate = (proc { true })
+      end
+
+      permission
+    end
+
+    # rubocop:enable Metrics/MethodLength
+
+    def make_base_permission(action, klass, granted_by: nil)
+      permission = Permission.new(action, klass)
+
+      if granted_by
+        permission.granting_class = granted_by[0]
+        permission.granted_by = granted_by[1]
+      end
+
+      permission
+    end
+
+    def build_predicate_from_query(action, actions, klass, query)
+      # If the action is :create, expanded from :manage
+      # then we set the default all predicate
+      return (proc { true }) if action == :create && actions == :manage
+
+      # Otherwise the default predicate is to check
+      # for inclusion in the returned relationship
+      proc do |user, obj|
+        res = query.call(user, klass, action)
+        res.respond_to?(:include?) && res.include?(obj)
+      end
+    end
   end
 end

data/lib/papers_please/tasks/papers_please.rake

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 namespace :papers_please do
   desc 'Print out all defined roles and permissions in match order'
-  task :roles, [:klass] => :environment do |_, args|
+  task :roles, [:klass] => :environment do |_, _args|
     klass = klass ? Object.const_get(klass) : AccessPolicy
 
     puts "Generating Role/Permission Table for #{klass}...\n\n"

data/lib/papers_please/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module PapersPlease
-  VERSION = '0.1.4'.freeze
+  VERSION = '0.1.5'
 end

data/lib/papers_please.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'papers_please/version'
 require 'papers_please/errors'
 require 'papers_please/policy'
@@ -7,6 +9,7 @@ require 'papers_please/rails/controller_methods'
 require 'papers_please/railtie' if defined? Rails
 
 module PapersPlease
+  # rubocop:disable Metrics/PerceivedComplexity, Metrics/MethodLength
   def self.permissions_table(policy_klass)
     require 'terminal-table'
 
@@ -34,7 +37,7 @@ module PapersPlease
               permission.key,
               permission.query ? 'yes' : 'no',
               permission.predicate ? 'yes' : 'no',
-              permission.granted_by_other? ? 'yes' : 'no',
+              permission.granted_by_other? ? 'yes' : 'no'
             ]
 
             first_line_of_role = false
@@ -42,6 +45,10 @@ module PapersPlease
         end
       end
     end
-    puts table
+
+    puts table.to_s
+
+    table.to_s
   end
+  # rubocop:enable Metrics/PerceivedComplexity, Metrics/MethodLength
 end

data/papers_please.gemspec

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'papers_please/version'
@@ -24,7 +26,9 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency 'bundler', '~> 2.0'
   spec.add_development_dependency 'byebug'
-  spec.add_development_dependency 'rake', '~> 10.0'
-  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rake', '~> 13.0'
+  spec.add_development_dependency 'rspec', '~> 3.12'
+  spec.add_development_dependency 'rubocop', '= 1.38.0'
+  spec.add_development_dependency 'rubocop-rspec'
   spec.add_development_dependency 'simplecov'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: papers_please
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.5
 platform: ruby
 authors:
 - Apsis Labs
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-05-07 00:00:00.000000000 Z
+date: 2023-07-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: terminal-table
@@ -58,28 +58,56 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.38.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.38.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -101,8 +129,11 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/release.yml"
+- ".github/workflows/test.yml"
 - ".gitignore"
 - ".rspec"
+- ".rubocop.yml"
 - ".travis.yml"
 - Gemfile
 - Gemfile.lock
@@ -140,8 +171,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.13
+rubygems_version: 3.2.3
 signing_key: 
 specification_version: 4
 summary: A roles & permissions gem for ruby applications.