passpartu 0.5.0 → 1.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cd628d50b6e52acefe4f503c5ada9cec0b224b70be8791fa07f8c5586f93def4
-  data.tar.gz: 5314cf52de8c7cf581768ed8842edb1164b3a57c9aa56456a5ed8e5f0dbfd1e9
+  metadata.gz: 6941eb262c351f25dd525ced8ce9d27cf03c90f6977d9e31674b5aa675db2ada
+  data.tar.gz: e9fd5451850cc07bec8b6a2db6e23cadbc9415eb14945a39ab3913857c7e4628
 SHA512:
-  metadata.gz: 7ddafd099269680b9f05dbe140fdd9ebae94eff8072e81073cd5db3840bc8d87d4a8171db637de242df0f19c16043123972f9a8b518228d2e2712aab6559385c
-  data.tar.gz: 3f3cab407da0abde8da14764df233c625020d12f8c0d631912d6d009c90bc6fb69d23024aa7d272dc3247009824160df64b816561ec05be43d0fc630b5687d7d
+  metadata.gz: 8986a0743c963712de307a141bfe37405636ec7f952e29ae13c22c2512ec5ae04ef0f4e93e29a8ee5ffd32ebcf39675c7800e58332b451acfc34444d875178a6
+  data.tar.gz: 5d1fde0b670dd30acd04bb819d503588cccaaacbae773076eee10fbd865a16fa370e822c1227d73388d588afd49f3cf96ad759a2db373ef8774d3206d39b3524

data/README.md

@@ -1,8 +1,9 @@
-# Passpartu
+# Passpartu v1.0.2 - [changelog](https://github.com/coaxsoft/passpartu/blob/master/CHANGELOG.md)
 
-Passpartu makes policies great again (works awesome with Pundit).
+Passpartu makes policies great again (works awesome with [Pundit](https://rubygems.org/gems/pundit)).
 
 Instead of this:
+
 ```ruby
 class PostPolicy < ApplicationPolicy
   def update?
@@ -12,6 +13,7 @@ end
 ```
 
 just this:
+
 ```ruby
 class PostPolicy < ApplicationPolicy
   def update?
@@ -19,23 +21,39 @@ class PostPolicy < ApplicationPolicy
   end
 end
 ```
+
 ## Usage
+
 Include `Passpartu` into your policy model.
+
 ```ruby
 class User
   include Passpartu
 end
 ```
+
 NOTE: Your `User` model must respond to `role` method that returns a string or a symbol!
 
 Keep all your policies in one place.
 Create `./config/passpartu.yml` and start writing your policies.
 
-#### Example
+#### Example of `passpartu.yml`
+
 ```yml
 # ./config/passpartu.yml
+manager: &manager
+  order:
+    create: true
+    edit: true
+    delete: false
+  product:
+    create: true
+    edit: true
+    delete: false
 
+# yaml files supports inheritance!
 admin:
+  <<: *manager
   post:
     create: false
     update: true
@@ -51,30 +69,51 @@ admin:
   items:  
     crud: true
     delete: false
-manager:
-  order:
-    create: true
-    edit: true
-    delete: false
-  product:
-    create: true
-    edit: true
-    delete: false
-
 ```
-#### Crud
+
+## Features
+
+#### CRUD
+
 It's possible to use `crud` key to set values for `create`, `read`, `update`, `delete` at once.
 `create`, `read`, `update`, `delete` has higher priority than `crud`
+
 In case `crud: true` and `delete: false` - result `false` 
 
 
-#### Except
-It's possible to exclude role from checks
+#### Only
+
+It's possible to include specific roles to checks
+
+```ruby
+    user_admin.can?(:orders, :edit) # check policy for admin and returns true if policy true
+    user_admin.can?(:orders, :edit, only: :admin) # returns true because the user is an admin and we included only admin
+    user_manager.can?(:orders, :edit, only: :admin) # returns false because user is manager and we included only admin
+```
+
+It's possible to give an array as only attribute
+
+```ruby
+  user_admin.can?(:orders, :edit, only: [:admin, :manager]) # returns true
+  user_manager.can?(:orders, :edit, only: [:admin, :manager]) # returns true
+```
+
+Note: `only` has higher priority than `except/skip`. Do not use both.
+
+```ruby
+  user_admin.can?(:orders, :edit, only: :admin, except: :admin) # returns true
+```
+
+#### Skip (except)
+
+It's possible to exclude roles from checks
+
 ```ruby
     user_admin.can?(:orders, :edit) # check policy for admin and returns true if policy true
     user_admin.can?(:orders, :edit, except: :admin) # returns false because user is admin and we excluded admin
     
 ```
+
 It's possible to give an array as except attribute
 
 ```ruby
@@ -82,8 +121,20 @@ It's possible to give an array as except attribute
   user_manager.can?(:orders, :edit, except: [:admin, :manager]) # returns false
 ```
 
+`skip` alias to `except`
+
+Note: `expect` has higher priority than `skip`. Do not use both.
+
+```ruby
+  user_agent.can?(:orders, :edit, except: [:admin, :manager]) { user_agent.orders.include?(order) }
+  # equals to
+  user_agent.can?(:orders, :edit, skip: [:admin, :manager]) { user_agent.orders.include?(order) }
+```
+
 #### Per role methods
+
 Check user roles AND policy rule
+
 ```ruby
     # check if user admin AND returns true if policy true
     user_admin.admin_can?(:orders, :edit) # true
@@ -93,6 +144,7 @@ Check user roles AND policy rule
 ```
 
 #### Code blocks
+
 ```ruby
   # check rules as usual AND code in the block   
   user_agent.can?(:orders, :edit, except: [:admin, :manager]) { user_agent.orders.include?(order) }
@@ -101,8 +153,42 @@ Check user roles AND policy rule
   user_agent.agent_can?(:orders, :edit, except: [:admin, :manager]) { user_agent.orders.include?(order) }
 ```
 
+#### Waterfall check
+
+Allow or restrict absolutely everything for particular role or/and particular domain.
+
+```ruby
+# ./config/initializers/passpartu.rb
+
+Passpartu.configure do |config|
+  config.check_waterfall = true
+end
+```
+
+```yml
+# ./config/passpartu.yml
+
+super_admin: true
+super_looser: false
+medium_looser:
+  orders:
+    create: true
+    delete: false
+  products: true
+```
+
+```ruby
+user_super_admin.can?(:do, :whatever, :want) # true
+user_super_loser.can?(:do, :whatever, :want) # false
+user_medium_loser.can?(:orders, :create) # true
+user_medium_loser.can?(:orders, :delete) # false
+user_medium_loser.can?(:products, :create) # true
+user_medium_loser.can?(:products, :create, :and_delete) # true
+```
 ##### Real life example
+
 You need to check custom rule for agent
+
 ```yml
 # ./config/passpartu.yml
 
@@ -140,9 +226,13 @@ You can configure Passpartu by creating `./config/initializers/passpartu.rb`.
 Passpartu.configure do |config|
   config.policy_file = './config/passpartu.yml'
   config.raise_policy_missed_error = true
+  config.check_waterfall = false
 end
+
 ```
+
 ### Raise policy missed errors
+
 By default Passpartu will raise an PolicyMissedError if policy is missed in `passpartu.yml`. In initializer set  `config.raise_policy_missed_error = false` in order to return `false` in case when policy is not defined. This is a good approach to write only "positive" policies (only true) and automatically restricts everything that is not mentioned in `passpartu.yml`
 
 ## Installation
@@ -171,7 +261,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/OrestF/passpartu. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+Bug reports and pull requests are welcome on GitHub at https://github.com/coaxsoft/passpartu. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
 
 ## License
 
@@ -182,4 +272,5 @@ The gem is available as open source under the terms of the [MIT License](https:/
 Everyone interacting in the Passpartu project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/coaxsoft/passpartu/blob/master/CODE_OF_CONDUCT.md).
 
 ## Idea
+
 Initially designed and created by [Orest Falchuk](https://github.com/OrestF)

data/lib/passpartu.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'passpartu/version'
 require 'yaml'
 require_relative 'passpartu/patcher'
@@ -8,6 +10,8 @@ require_relative 'passpartu/user' # for testing only
 
 module Passpartu
   class Error < StandardError; end
+  class PolicyYmlNotFoundError < StandardError; end
+  class WaterfallError < StandardError; end
 
   def self.included(policy_class)
     Passpartu::Patcher.call(policy_class)
@@ -27,18 +31,66 @@ module Passpartu
   end
 
   class Config
-    attr_accessor :policy, :raise_policy_missed_error
-    attr_reader :policy_file
+    attr_accessor :raise_policy_missed_error
+    attr_reader :policy_file, :check_waterfall, :policy
+
+    DEFAULT_POLICY_FILE = './config/passpartu.yml'
 
     def initialize
-      @policy_file = './config/passpartu.yml'
-      @policy = YAML.load_file(policy_file)
+      @policy_file = DEFAULT_POLICY_FILE
+      set_policy(YAML.load_file(policy_file)) if File.exist?(policy_file)
       @raise_policy_missed_error = true
+      @check_waterfall = false
     end
 
     def policy_file=(file = nil)
-      @policy_file = file || './config/passpartu.yml'
-      @policy = YAML.load_file(policy_file)
+      @policy_file = file || DEFAULT_POLICY_FILE
+
+      raise PolicyYmlNotFoundError unless File.exist?(policy_file)
+
+      set_policy(YAML.load_file(policy_file))
+    end
+
+    def check_waterfall=(value)
+      @check_waterfall = value
+
+      if @check_waterfall
+        @raise_policy_missed_error = false
+        set_policy(@policy)
+      end
+
+      @check_waterfall
+    end
+
+    private
+
+    def set_policy(value)
+      @policy = patch_policy_booleans_if(value)
+    end
+
+    # patch all booleans in hash to support check_waterfall
+    def patch_policy_booleans_if(hash)
+      return hash unless @check_waterfall
+
+      hash.transform_values! do |value|
+        if value.is_a?(TrueClass)
+          value.define_singleton_method(:dig) { |*_keys| true }
+        elsif value.is_a?(FalseClass)
+          value.define_singleton_method(:dig) { |*_keys| false }
+        elsif
+          patch_policy_booleans_if(value)
+        end
+
+        value
+      end
+    end
+
+    def blank?(item)
+      item.respond_to?(:empty?) ? !!item.empty? : !item
+    end
+
+    def present?(item)
+      !blank?(item)
     end
   end
 

data/lib/passpartu/block_verify.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Passpartu
   class BlockVerify < ::Passpartu::Verify
     def call

data/lib/passpartu/patcher.rb

@@ -1,7 +1,11 @@
+# frozen_string_literal: true
+
 module Passpartu
   class Patcher
     attr_reader :klass
     def initialize(klass)
+      raise PolicyYmlNotFoundError if Passpartu.policy.nil?
+
       @klass = klass
     end
 
@@ -11,13 +15,17 @@ module Passpartu
 
     def call
       klass.class_eval do
-        define_method('can?') do |*keys, except: nil, &block|
-          Passpartu::BlockVerify.call(role, keys, except: except, &block)
+        define_method('can?') do |*keys, only: nil, except: nil, skip: nil, &block|
+          Passpartu::BlockVerify.call(role, keys, only: only, except: except, skip: skip, &block)
         end
 
         Passpartu.policy.keys.each do |policy_role|
-          define_method("#{policy_role}_can?") do |*keys, except: nil, &block|
-            role.to_s == policy_role && Passpartu::BlockVerify.call(role, keys, except: except, &block)
+          define_method("#{policy_role}_can?") do |*keys, only: nil, except: nil, skip: nil, &block|
+            role.to_s == policy_role && Passpartu::BlockVerify.call(role, keys,
+                                                                    only: only,
+                                                                    except: except,
+                                                                    skip: skip,
+                                                                    &block)
           end
         end
       end

data/lib/passpartu/user.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # for testing only
 
 module Passpartu

data/lib/passpartu/validate_result.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Passpartu
   class ValidateResult
     class PolicyMissedError < StandardError; end

data/lib/passpartu/verify.rb

@@ -1,47 +1,62 @@
+# frozen_string_literal: true
+
 module Passpartu
   class Verify
-    CRUD_KEY = 'crud'.freeze
+    CRUD_KEY = 'crud'
+
+    attr_reader :role, :keys, :result, :only, :except, :block
+
+    def initialize(role, keys, only, except, skip, block)
+      exclusion = except || skip # alias
 
-    attr_reader :role, :keys, :result, :except, :block
-    def initialize(role, keys, except, block)
       @role = role.to_s
       @keys = keys.map(&:to_s)
-      @except = Array(except).map(&:to_s) if present?(except)
+      @only = Array(only).map(&:to_s) if present?(only)
+      @except = Array(exclusion).map(&:to_s) if present?(exclusion) && !@only
       @block = block
+
+      raise PolicyYmlNotFoundError if Passpartu.policy.nil?
     end
 
-    def self.call(role, keys, except: nil, &block)
-      new(role, keys, except, block).call
+    def self.call(role, keys, only: nil, except: nil, skip: nil, &block)
+      new(role, keys, only, except, skip, block).call
     end
 
     def call
-      return false if role_excepted?
+      return false if role_ignore?
 
-      check_policy
-      check_crud if policy_missed? && last_key_crud?
+      default_check
+      check_crud_if
 
       validate_result
+    rescue StandardError => e
+      if ['TrueClass does not have #dig method', 'FalseClass does not have #dig method'].include?(e.message)
+        raise WaterfallError.new "Looks like you want to use check_waterfall feature, but it's set to 'false'. Otherwise check your #{Passpartu.config.policy_file} for validness"
+      else
+        raise e
+      end
     end
 
     private
 
-    def role_excepted?
-      return false if blank?(except)
+    def role_ignore?
+      return !only.include?(role) if present?(only)
+      return except.include?(role) if present?(except)
 
-      except.include?(role)
+      false
     end
 
-    def check_policy
+    def default_check
+      return unless policy_missed?
+
       @result = Passpartu.policy.dig(role, *keys)
     end
 
-    def check_crud
-      change_crud_key
-      check_policy
-    end
+    def check_crud_if
+      return unless policy_missed? && last_key_crud?
 
-    def change_crud_key
       @keys[-1] = CRUD_KEY
+      default_check
     end
 
     def policy_missed?

data/lib/passpartu/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Passpartu
-  VERSION = '0.5.0'.freeze
+  VERSION = '1.0.2'
 end

data/passpartu.gemspec

@@ -17,8 +17,8 @@ Gem::Specification.new do |spec|
 
   # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
   # to allow pushing to a single host or delete this section to allow pushing to any host.
-  # if spec.respond_to?(:metadata)
   #   spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
+  # if spec.respond_to?(:metadata)
 
   #   spec.metadata["homepage_uri"] = spec.homepage
   #   spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here."
@@ -39,6 +39,6 @@ Gem::Specification.new do |spec|
   spec.files = Dir['README.md', 'lib/**/*', 'lib/*', 'passpartu.gemspec']
 
   spec.add_development_dependency 'bundler', '~> 2.0'
-  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rake', '~> 12.3'
   spec.add_development_dependency 'rspec', '~> 3.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passpartu
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 1.0.2
 platform: ruby
 authors:
 - OrestF
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-03-20 00:00:00.000000000 Z
+date: 2020-08-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -89,8 +89,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.3
+rubygems_version: 3.0.1
 signing_key: 
 specification_version: 4
 summary: Passpartu makes policies great again