passpartu 1.0.1 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 21336de32d4938c7815f3792fa6fa99be0ec64ee45f2a401eb870b5cd7cfe669
-  data.tar.gz: 2a5a48df685793599dddd4271919b00d75c08343d95f7d5c8e93b21a4d787d5b
+  metadata.gz: f9a34533883b1c070612ecd73c34299a9c05f899e31256b8f51f0b9edf50c6e4
+  data.tar.gz: 625c359af9f1d4560f28d63fe47b426351f1cf7f5e0f68da3e7aaafb2bfec08f
 SHA512:
-  metadata.gz: 1940690916391b4053c30a6d4cc00b1c6f49cf4650434cfa95ed5ca57529e9f734bbe197c73d7c4e89becc2dae841f3c8c62b897b5be70bd7d7b15bedc703137
-  data.tar.gz: 7bfc6007b1aa0490ad4ec21b0e41bddc4b96a3658a8e484e8b5194d3e5fd633772502d03d1d1c9863217f771947b6f7f3a581d17fe8f46e0846e59a4ff54d101
+  metadata.gz: bb08f025f855506ea084cf9010dddb38d6f9f499d12e837fb015bf061163b48b86312da2e20e3a223559ebf1800b1fd332adfecb7769e52e6fcd3cbbd503f717
+  data.tar.gz: b10e9806c7eb0dee1e0332b5f651a4ab82da93a52cf1c955681f3d3c5be9cb32fd4346dd18da26f5d7af78c0a6876b289ce075a01a1ba2049a5becd0f5d25afe

data/README.md

@@ -1,8 +1,14 @@
-# Passpartu v1.0.1 - [changelog](https://github.com/coaxsoft/passpartu/blob/master/CHANGELOG.md)
+# Passpartu v1.1.0 - [changelog](https://github.com/coaxsoft/passpartu/blob/master/CHANGELOG.md)
 
 Passpartu makes policies great again (works awesome with [Pundit](https://rubygems.org/gems/pundit)).
 
+### Tested with ruby:
+- 3.1.1
+- 3.0.0
+- 2.7.3
+
 Instead of this:
+
 ```ruby
 class PostPolicy < ApplicationPolicy
   def update?
@@ -12,6 +18,7 @@ end
 ```
 
 just this:
+
 ```ruby
 class PostPolicy < ApplicationPolicy
   def update?
@@ -19,19 +26,24 @@ class PostPolicy < ApplicationPolicy
   end
 end
 ```
+
 ## Usage
+
 Include `Passpartu` into your policy model.
+
 ```ruby
 class User
   include Passpartu
 end
 ```
+
 NOTE: Your `User` model must respond to `role` method that returns a string or a symbol!
 
 Keep all your policies in one place.
 Create `./config/passpartu.yml` and start writing your policies.
 
 #### Example of `passpartu.yml`
+
 ```yml
 # ./config/passpartu.yml
 manager: &manager
@@ -65,18 +77,25 @@ admin:
 ```
 
 ## Features
-#### CRUD
+
+### CRUD
+
 It's possible to use `crud` key to set values for `create`, `read`, `update`, `delete` at once.
 `create`, `read`, `update`, `delete` has higher priority than `crud`
+
 In case `crud: true` and `delete: false` - result `false` 
 
-#### Only
+
+### Only
+
 It's possible to include specific roles to checks
+
 ```ruby
     user_admin.can?(:orders, :edit) # check policy for admin and returns true if policy true
     user_admin.can?(:orders, :edit, only: :admin) # returns true because the user is an admin and we included only admin
     user_manager.can?(:orders, :edit, only: :admin) # returns false because user is manager and we included only admin
 ```
+
 It's possible to give an array as only attribute
 
 ```ruby
@@ -85,18 +104,21 @@ It's possible to give an array as only attribute
 ```
 
 Note: `only` has higher priority than `except/skip`. Do not use both.
+
 ```ruby
   user_admin.can?(:orders, :edit, only: :admin, except: :admin) # returns true
 ```
 
+### Skip (except)
 
-#### Skip (except)
 It's possible to exclude roles from checks
+
 ```ruby
     user_admin.can?(:orders, :edit) # check policy for admin and returns true if policy true
     user_admin.can?(:orders, :edit, except: :admin) # returns false because user is admin and we excluded admin
     
 ```
+
 It's possible to give an array as except attribute
 
 ```ruby
@@ -107,14 +129,17 @@ It's possible to give an array as except attribute
 `skip` alias to `except`
 
 Note: `expect` has higher priority than `skip`. Do not use both.
+
 ```ruby
   user_agent.can?(:orders, :edit, except: [:admin, :manager]) { user_agent.orders.include?(order) }
   # equals to
   user_agent.can?(:orders, :edit, skip: [:admin, :manager]) { user_agent.orders.include?(order) }
 ```
 
-#### Per role methods
+### Per role methods
+
 Check user roles AND policy rule
+
 ```ruby
     # check if user admin AND returns true if policy true
     user_admin.admin_can?(:orders, :edit) # true
@@ -123,7 +148,8 @@ Check user roles AND policy rule
     user_admin.manager_can?(:orders, :edit) # false
 ```
 
-#### Code blocks
+### Code blocks
+
 ```ruby
   # check rules as usual AND code in the block   
   user_agent.can?(:orders, :edit, except: [:admin, :manager]) { user_agent.orders.include?(order) }
@@ -132,8 +158,10 @@ Check user roles AND policy rule
   user_agent.agent_can?(:orders, :edit, except: [:admin, :manager]) { user_agent.orders.include?(order) }
 ```
 
-#### Waterfall check
+### Waterfall check
+
 Allow or restrict absolutely everything for particular role or/and particular domain.
+
 ```ruby
 # ./config/initializers/passpartu.rb
 
@@ -153,6 +181,7 @@ medium_looser:
     delete: false
   products: true
 ```
+
 ```ruby
 user_super_admin.can?(:do, :whatever, :want) # true
 user_super_loser.can?(:do, :whatever, :want) # false
@@ -161,10 +190,10 @@ user_medium_loser.can?(:orders, :delete) # false
 user_medium_loser.can?(:products, :create) # true
 user_medium_loser.can?(:products, :create, :and_delete) # true
 ```
+#### Real life example
 
-
-##### Real life example
 You need to check custom rule for agent
+
 ```yml
 # ./config/passpartu.yml
 
@@ -202,9 +231,14 @@ You can configure Passpartu by creating `./config/initializers/passpartu.rb`.
 Passpartu.configure do |config|
   config.policy_file = './config/passpartu.yml'
   config.raise_policy_missed_error = true
+  config.check_waterfall = false
+  config.role_access_method = :role
 end
+
 ```
+
 ### Raise policy missed errors
+
 By default Passpartu will raise an PolicyMissedError if policy is missed in `passpartu.yml`. In initializer set  `config.raise_policy_missed_error = false` in order to return `false` in case when policy is not defined. This is a good approach to write only "positive" policies (only true) and automatically restricts everything that is not mentioned in `passpartu.yml`
 
 ## Installation
@@ -244,4 +278,5 @@ The gem is available as open source under the terms of the [MIT License](https:/
 Everyone interacting in the Passpartu project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/coaxsoft/passpartu/blob/master/CODE_OF_CONDUCT.md).
 
 ## Idea
+
 Initially designed and created by [Orest Falchuk](https://github.com/OrestF)

data/lib/passpartu/patcher.rb

@@ -3,6 +3,7 @@
 module Passpartu
   class Patcher
     attr_reader :klass
+
     def initialize(klass)
       raise PolicyYmlNotFoundError if Passpartu.policy.nil?
 
@@ -14,18 +15,34 @@ module Passpartu
     end
 
     def call
+      phash = respond_to?(:policy_hash) ? {} : Passpartu.policy
+      role_method = Passpartu.config.role_access_method
+
       klass.class_eval do
-        define_method('can?') do |*keys, only: nil, except: nil, skip: nil, &block|
-          Passpartu::BlockVerify.call(role, keys, only: only, except: except, skip: skip, &block)
+        define_method(:can?) do |*keys, only: nil, except: nil, skip: nil, &block|
+          Passpartu::BlockVerify.call(
+            send(role_method),
+            keys,
+            only: only,
+            except: except,
+            skip: skip,
+            policy_hash: phash,
+            &block
+          )
         end
 
-        Passpartu.policy.keys.each do |policy_role|
+        phash.each_key do |policy_role|
           define_method("#{policy_role}_can?") do |*keys, only: nil, except: nil, skip: nil, &block|
-            role.to_s == policy_role && Passpartu::BlockVerify.call(role, keys,
-                                                                    only: only,
-                                                                    except: except,
-                                                                    skip: skip,
-                                                                    &block)
+            send(role_method).to_s == policy_role &&
+              Passpartu::BlockVerify.call(
+                send(role_method),
+                keys,
+                only: only,
+                except: except,
+                skip: skip,
+                policy_hash: phash,
+                &block
+              )
           end
         end
       end

data/lib/passpartu/{user.rb → test_user.rb}

@@ -3,7 +3,7 @@
 # for testing only
 
 module Passpartu
-  class User
+  class TestUser
     attr_reader :role
 
     def initialize(role)
@@ -11,11 +11,19 @@ module Passpartu
     end
   end
 
-  class Person
+  class TestPerson
     attr_reader :role
 
     def initialize(role)
       @role = role
     end
   end
+
+  class TestUserWithOtherRoleMethod
+    attr_reader :other_role_method
+
+    def initialize(role)
+      @other_role_method = role
+    end
+  end
 end

data/lib/passpartu/validate_result.rb

@@ -5,6 +5,7 @@ module Passpartu
     class PolicyMissedError < StandardError; end
 
     attr_reader :result
+
     def initialize(result)
       @result = result
     end
@@ -23,7 +24,7 @@ module Passpartu
     private
 
     def boolean?
-      [TrueClass, FalseClass].include?(result.class)
+      [true, false].include?(result)
     end
 
     def raise_error?

data/lib/passpartu/verify.rb

@@ -1,12 +1,12 @@
 # frozen_string_literal: true
-
+require 'byebug'
 module Passpartu
   class Verify
     CRUD_KEY = 'crud'
 
-    attr_reader :role, :keys, :result, :only, :except, :block
+    attr_reader :role, :keys, :result, :only, :except, :block, :policy_hash
 
-    def initialize(role, keys, only, except, skip, block)
+    def initialize(role, keys, only, except, skip, policy_hash, &block)
       exclusion = except || skip # alias
 
       @role = role.to_s
@@ -14,25 +14,26 @@ module Passpartu
       @only = Array(only).map(&:to_s) if present?(only)
       @except = Array(exclusion).map(&:to_s) if present?(exclusion) && !@only
       @block = block
+      @policy_hash = deep_stringify_keys(policy_hash)
 
       raise PolicyYmlNotFoundError if Passpartu.policy.nil?
     end
 
-    def self.call(role, keys, only: nil, except: nil, skip: nil, &block)
-      new(role, keys, only, except, skip, block).call
+    def self.call(role, keys, only: nil, except: nil, skip: nil, policy_hash: Passpartu.policy, &block)
+      new(role, keys, only, except, skip, policy_hash, &block).call
     end
 
     def call
       return false if role_ignore?
 
-      check_waterfall_if
       default_check
       check_crud_if
 
       validate_result
     rescue StandardError => e
       if ['TrueClass does not have #dig method', 'FalseClass does not have #dig method'].include?(e.message)
-        raise WaterfallError.new "Looks like you want to use check_waterfall feature, but it's set to 'false'. Otherwise check your #{Passpartu.config.policy_file} for validness"
+        raise WaterfallError,
+              "Looks like you want to use check_waterfall feature, but it's set to 'false'. Otherwise check your #{Passpartu.config.policy_file} for validness"
       else
         raise e
       end
@@ -48,9 +49,7 @@ module Passpartu
     end
 
     def default_check
-      return unless policy_missed?
-
-      @result = Passpartu.policy.dig(role, *keys)
+      @result = policy_hash.dig(role, *keys)
     end
 
     def check_crud_if
@@ -72,12 +71,6 @@ module Passpartu
       %w[create read update delete].include?(keys[-1])
     end
 
-    def check_waterfall_if
-      return unless Passpartu.config.check_waterfall && policy_missed?
-
-      @result = Passpartu::CheckWaterfall.call(role, keys)
-    end
-
     def blank?(item)
       item.respond_to?(:empty?) ? !!item.empty? : !item
     end
@@ -85,5 +78,11 @@ module Passpartu
     def present?(item)
       !blank?(item)
     end
+
+    def deep_stringify_keys(hash)
+      return hash.deep_stringify_keys if hash.respond_to?(:deep_stringify_keys)
+
+      JSON.parse(JSON.dump(hash))
+    end
   end
 end

data/lib/passpartu/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Passpartu
-  VERSION = '1.0.1'
+  VERSION = '1.1.0'
 end

data/lib/passpartu.rb

@@ -6,42 +6,42 @@ require_relative 'passpartu/patcher'
 require_relative 'passpartu/verify'
 require_relative 'passpartu/block_verify'
 require_relative 'passpartu/validate_result'
-require_relative 'passpartu/check_waterfall'
-require_relative 'passpartu/user' # for testing only
+require_relative 'passpartu/test_user' # for testing only
 
 module Passpartu
   class Error < StandardError; end
   class PolicyYmlNotFoundError < StandardError; end
   class WaterfallError < StandardError; end
 
-  def self.included(policy_class)
-    Passpartu::Patcher.call(policy_class)
-  end
-
-  def self.policy
-    config.policy
-  end
-
   class << self
     attr_accessor :config
-  end
 
-  def self.configure
-    self.config ||= Config.new
-    yield(config)
+    def included(policy_class)
+      Passpartu::Patcher.call(policy_class)
+    end
+
+    def policy
+      config.policy
+    end
+
+    def configure
+      self.config ||= Config.new
+      yield(config)
+    end
   end
 
   class Config
-    attr_accessor :policy, :raise_policy_missed_error
-    attr_reader :policy_file, :check_waterfall
+    attr_accessor :raise_policy_missed_error, :role_access_method
+    attr_reader :policy_file, :check_waterfall, :policy
 
     DEFAULT_POLICY_FILE = './config/passpartu.yml'
 
     def initialize
       @policy_file = DEFAULT_POLICY_FILE
-      @policy = YAML.load_file(policy_file) if File.exist?(policy_file)
+      self.policy = load_policy_file(policy_file) if File.exist?(policy_file)
       @raise_policy_missed_error = true
       @check_waterfall = false
+      @role_access_method = :role
     end
 
     def policy_file=(file = nil)
@@ -49,18 +49,56 @@ module Passpartu
 
       raise PolicyYmlNotFoundError unless File.exist?(policy_file)
 
-      @policy = YAML.load_file(policy_file)
+      self.policy = load_policy_file(policy_file)
     end
 
     def check_waterfall=(value)
       @check_waterfall = value
-      @raise_policy_missed_error = false if @check_waterfall
 
-      @check_waterfall
+      @check_waterfall.tap do |check_waterfall|
+        if check_waterfall
+          @raise_policy_missed_error = false
+          self.policy = @policy
+        end
+      end
     end
-  end
 
-  configure {}
+    private
+
+    def load_policy_file(path)
+      RUBY_VERSION.to_f >= 3.1 ? YAML.load_file(path, aliases: true) : YAML.load_file(path)
+    end
+
+    def policy=(value)
+      @policy = patch_policy_booleans_if(value)
+    end
+
+    # patch all booleans in hash to support check_waterfall
+    def patch_policy_booleans_if(hash)
+      return hash unless @check_waterfall
+
+      hash.transform_values! do |value|
+        case value
+        when true
+          value.define_singleton_method(:dig) { |*_keys| true }
+        when false
+          value.define_singleton_method(:dig) { |*_keys| false }
+        else
+          patch_policy_booleans_if(value)
+        end
+
+        value
+      end
+    end
+
+    def blank?(item)
+      item.respond_to?(:empty?) ? !!item.empty? : !item
+    end
+
+    def present?(item)
+      !blank?(item)
+    end
+  end
 end
 
 initializer = './config/initializers/passpartu.rb'

data/passpartu.gemspec

@@ -38,7 +38,11 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
   spec.files = Dir['README.md', 'lib/**/*', 'lib/*', 'passpartu.gemspec']
 
-  spec.add_development_dependency 'bundler', '~> 2.0'
-  spec.add_development_dependency 'rake', '~> 12.3'
-  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'bundler', '~> 2.3'
+  spec.add_development_dependency 'byebug'
+  spec.add_development_dependency 'rake', '~> 13.0'
+  spec.add_development_dependency 'rspec', '~> 3.11'
+  spec.add_development_dependency 'codecov', '~> 0.6'
+  spec.add_development_dependency 'dotenv', '~> 2.7'
+  spec.add_development_dependency 'simplecov', '~> 0.21'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passpartu
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.0
 platform: ruby
 authors:
 - OrestF
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-04-26 00:00:00.000000000 Z
+date: 2022-04-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,42 +16,98 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '12.3'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.11'
+- !ruby/object:Gem::Dependency
+  name: codecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: dotenv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.21'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '0.21'
 description: |-
   Passpartu is a great tool to manage your policies.
                           Keep all your policy rules in one file - passpartu.yml.
@@ -64,9 +120,8 @@ files:
 - README.md
 - lib/passpartu.rb
 - lib/passpartu/block_verify.rb
-- lib/passpartu/check_waterfall.rb
 - lib/passpartu/patcher.rb
-- lib/passpartu/user.rb
+- lib/passpartu/test_user.rb
 - lib/passpartu/validate_result.rb
 - lib/passpartu/verify.rb
 - lib/passpartu/version.rb
@@ -75,7 +130,7 @@ homepage: https://github.com/coaxsoft/passpartu
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -90,8 +145,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
 summary: Passpartu makes policies great again
 test_files: []

data/lib/passpartu/check_waterfall.rb

@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-
-module Passpartu
-  class CheckWaterfall
-    attr_reader :waterfall, :policy_hash
-    def initialize(role, keys)
-      @waterfall = [role] + keys
-      @policy_hash = Passpartu.policy
-    end
-
-    def self.call(role, keys)
-      new(role, keys).call
-    end
-
-    def call
-      patch_boolean_classes
-      @result = policy_hash.dig(*waterfall)
-      reset_boolean_classes
-
-      @result
-    end
-
-    def patch_boolean_classes
-      TrueClass.define_method(:dig) { |*_keys| true }
-      FalseClass.define_method(:dig) { |*_keys| false }
-    end
-
-    def reset_boolean_classes
-      TrueClass.undef_method(:dig)
-      FalseClass.undef_method(:dig)
-    end
-  end
-end