piko-pro-gem 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (31) hide show
  1. checksums.yaml +7 -0
  2. data/piko-pro-gem.gemspec +12 -0
  3. data/pundit-2.5.2/CHANGELOG.md +196 -0
  4. data/pundit-2.5.2/CONTRIBUTING.md +31 -0
  5. data/pundit-2.5.2/LICENSE.txt +22 -0
  6. data/pundit-2.5.2/README.md +891 -0
  7. data/pundit-2.5.2/SECURITY.md +19 -0
  8. data/pundit-2.5.2/config/rubocop-rspec.yml +5 -0
  9. data/pundit-2.5.2/lib/generators/pundit/install/USAGE +2 -0
  10. data/pundit-2.5.2/lib/generators/pundit/install/install_generator.rb +15 -0
  11. data/pundit-2.5.2/lib/generators/pundit/install/templates/application_policy.rb.tt +53 -0
  12. data/pundit-2.5.2/lib/generators/pundit/policy/USAGE +8 -0
  13. data/pundit-2.5.2/lib/generators/pundit/policy/policy_generator.rb +17 -0
  14. data/pundit-2.5.2/lib/generators/pundit/policy/templates/policy.rb.tt +16 -0
  15. data/pundit-2.5.2/lib/generators/rspec/policy_generator.rb +16 -0
  16. data/pundit-2.5.2/lib/generators/rspec/templates/policy_spec.rb.tt +27 -0
  17. data/pundit-2.5.2/lib/generators/test_unit/policy_generator.rb +16 -0
  18. data/pundit-2.5.2/lib/generators/test_unit/templates/policy_test.rb.tt +18 -0
  19. data/pundit-2.5.2/lib/pundit/authorization.rb +269 -0
  20. data/pundit-2.5.2/lib/pundit/cache_store/legacy_store.rb +27 -0
  21. data/pundit-2.5.2/lib/pundit/cache_store/null_store.rb +30 -0
  22. data/pundit-2.5.2/lib/pundit/cache_store.rb +24 -0
  23. data/pundit-2.5.2/lib/pundit/context.rb +190 -0
  24. data/pundit-2.5.2/lib/pundit/error.rb +71 -0
  25. data/pundit-2.5.2/lib/pundit/helper.rb +16 -0
  26. data/pundit-2.5.2/lib/pundit/policy_finder.rb +135 -0
  27. data/pundit-2.5.2/lib/pundit/railtie.rb +20 -0
  28. data/pundit-2.5.2/lib/pundit/rspec.rb +165 -0
  29. data/pundit-2.5.2/lib/pundit/version.rb +6 -0
  30. data/pundit-2.5.2/lib/pundit.rb +77 -0
  31. metadata +70 -0
@@ -0,0 +1,19 @@
1
+ # Security Policy
2
+
3
+ Please do not file an issue on GitHub, or send a PR addressing the issue.
4
+
5
+ ## Supported versions
6
+
7
+ Most recent major version only.
8
+
9
+ ## Reporting a vulnerability
10
+
11
+ Contact one of the maintainers directly:
12
+
13
+ * [@Burgestrand](https://github.com/Burgestrand)
14
+ * [@dgmstuart](https://github.com/dgmstuart)
15
+ * [@varvet](https://github.com/varvet)
16
+
17
+ You can report vulnerabilities on GitHub too: https://github.com/varvet/pundit/security
18
+
19
+ Thank you!
@@ -0,0 +1,5 @@
1
+ RSpec:
2
+ Language:
3
+ ExampleGroups:
4
+ Regular:
5
+ - permissions
@@ -0,0 +1,2 @@
1
+ Description:
2
+ Generates an application policy as a starting point for your application.
@@ -0,0 +1,15 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Pundit
4
+ # @private
5
+ module Generators
6
+ # @private
7
+ class InstallGenerator < ::Rails::Generators::Base
8
+ source_root File.expand_path("templates", __dir__)
9
+
10
+ def copy_application_policy
11
+ template "application_policy.rb.tt", "app/policies/application_policy.rb"
12
+ end
13
+ end
14
+ end
15
+ end
@@ -0,0 +1,53 @@
1
+ # frozen_string_literal: true
2
+
3
+ class ApplicationPolicy
4
+ attr_reader :user, :record
5
+
6
+ def initialize(user, record)
7
+ @user = user
8
+ @record = record
9
+ end
10
+
11
+ def index?
12
+ false
13
+ end
14
+
15
+ def show?
16
+ false
17
+ end
18
+
19
+ def create?
20
+ false
21
+ end
22
+
23
+ def new?
24
+ create?
25
+ end
26
+
27
+ def update?
28
+ false
29
+ end
30
+
31
+ def edit?
32
+ update?
33
+ end
34
+
35
+ def destroy?
36
+ false
37
+ end
38
+
39
+ class Scope
40
+ def initialize(user, scope)
41
+ @user = user
42
+ @scope = scope
43
+ end
44
+
45
+ def resolve
46
+ raise NoMethodError, "You must define #resolve in #{self.class}"
47
+ end
48
+
49
+ private
50
+
51
+ attr_reader :user, :scope
52
+ end
53
+ end
@@ -0,0 +1,8 @@
1
+ Description:
2
+ Generates a policy for a model with the given name.
3
+
4
+ Example:
5
+ rails generate pundit:policy user
6
+
7
+ This will create:
8
+ app/policies/user_policy.rb
@@ -0,0 +1,17 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Pundit
4
+ # @private
5
+ module Generators
6
+ # @private
7
+ class PolicyGenerator < ::Rails::Generators::NamedBase
8
+ source_root File.expand_path("templates", __dir__)
9
+
10
+ def create_policy
11
+ template "policy.rb.tt", File.join("app/policies", class_path, "#{file_name}_policy.rb")
12
+ end
13
+
14
+ hook_for :test_framework
15
+ end
16
+ end
17
+ end
@@ -0,0 +1,16 @@
1
+ <% module_namespacing do -%>
2
+ class <%= class_name %>Policy < ApplicationPolicy
3
+ # NOTE: Up to Pundit v2.3.1, the inheritance was declared as
4
+ # `Scope < Scope` rather than `Scope < ApplicationPolicy::Scope`.
5
+ # In most cases the behavior will be identical, but if updating existing
6
+ # code, beware of possible changes to the ancestors:
7
+ # https://gist.github.com/Burgestrand/4b4bc22f31c8a95c425fc0e30d7ef1f5
8
+
9
+ class Scope < ApplicationPolicy::Scope
10
+ # NOTE: Be explicit about which records you allow access to!
11
+ # def resolve
12
+ # scope.all
13
+ # end
14
+ end
15
+ end
16
+ <% end -%>
@@ -0,0 +1,16 @@
1
+ # frozen_string_literal: true
2
+
3
+ # @private
4
+ module Rspec
5
+ # @private
6
+ module Generators
7
+ # @private
8
+ class PolicyGenerator < ::Rails::Generators::NamedBase
9
+ source_root File.expand_path("templates", __dir__)
10
+
11
+ def create_policy_spec
12
+ template "policy_spec.rb.tt", File.join("spec/policies", class_path, "#{file_name}_policy_spec.rb")
13
+ end
14
+ end
15
+ end
16
+ end
@@ -0,0 +1,27 @@
1
+ require '<%= File.exist?('spec/rails_helper.rb') ? 'rails_helper' : 'spec_helper' %>'
2
+
3
+ RSpec.describe <%= class_name %>Policy, type: :policy do
4
+ let(:user) { User.new }
5
+
6
+ subject { described_class }
7
+
8
+ permissions ".scope" do
9
+ pending "add some examples to (or delete) #{__FILE__}"
10
+ end
11
+
12
+ permissions :show? do
13
+ pending "add some examples to (or delete) #{__FILE__}"
14
+ end
15
+
16
+ permissions :create? do
17
+ pending "add some examples to (or delete) #{__FILE__}"
18
+ end
19
+
20
+ permissions :update? do
21
+ pending "add some examples to (or delete) #{__FILE__}"
22
+ end
23
+
24
+ permissions :destroy? do
25
+ pending "add some examples to (or delete) #{__FILE__}"
26
+ end
27
+ end
@@ -0,0 +1,16 @@
1
+ # frozen_string_literal: true
2
+
3
+ # @private
4
+ module TestUnit
5
+ # @private
6
+ module Generators
7
+ # @private
8
+ class PolicyGenerator < ::Rails::Generators::NamedBase
9
+ source_root File.expand_path("templates", __dir__)
10
+
11
+ def create_policy_test
12
+ template "policy_test.rb.tt", File.join("test/policies", class_path, "#{file_name}_policy_test.rb")
13
+ end
14
+ end
15
+ end
16
+ end
@@ -0,0 +1,18 @@
1
+ require 'test_helper'
2
+
3
+ class <%= class_name %>PolicyTest < ActiveSupport::TestCase
4
+ def test_scope
5
+ end
6
+
7
+ def test_show
8
+ end
9
+
10
+ def test_create
11
+ end
12
+
13
+ def test_update
14
+ end
15
+
16
+ def test_destroy
17
+ end
18
+ end
@@ -0,0 +1,269 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Pundit
4
+ # Pundit DSL to include in your controllers to provide authorization helpers.
5
+ #
6
+ # @example
7
+ # class ApplicationController < ActionController::Base
8
+ # include Pundit::Authorization
9
+ # end
10
+ # @see #pundit
11
+ # @api public
12
+ # @since v2.2.0
13
+ module Authorization
14
+ extend ActiveSupport::Concern
15
+
16
+ included do
17
+ helper Helper if respond_to?(:helper)
18
+ if respond_to?(:helper_method)
19
+ helper_method :policy
20
+ helper_method :pundit_policy_scope
21
+ helper_method :pundit_user
22
+ end
23
+ end
24
+
25
+ protected
26
+
27
+ # An instance of {Pundit::Context} initialized with the current user.
28
+ #
29
+ # @note this method is memoized and will return the same instance during the request.
30
+ # @api public
31
+ # @return [Pundit::Context]
32
+ # @see #pundit_user
33
+ # @see #policies
34
+ # @since v2.3.2
35
+ def pundit
36
+ @pundit ||= Pundit::Context.new(
37
+ user: pundit_user,
38
+ policy_cache: Pundit::CacheStore::LegacyStore.new(policies)
39
+ )
40
+ end
41
+
42
+ # Hook method which allows customizing which user is passed to policies and
43
+ # scopes initialized by {#authorize}, {#policy} and {#policy_scope}.
44
+ #
45
+ # @note Make sure to call `pundit_reset!` if this changes during a request.
46
+ # @see https://github.com/varvet/pundit#customize-pundit-user
47
+ # @see #pundit
48
+ # @see #pundit_reset!
49
+ # @return [Object] the user object to be used with pundit
50
+ # @since v0.2.2
51
+ def pundit_user
52
+ current_user
53
+ end
54
+
55
+ # Clears the cached Pundit authorization data.
56
+ #
57
+ # This method should be called when the pundit_user is changed,
58
+ # such as during user switching, to ensure that stale authorization
59
+ # data is not used. Pundit caches authorization policies and scopes
60
+ # for the pundit_user, so calling this method will reset those
61
+ # caches and ensure that the next authorization checks are performed
62
+ # with the correct context for the new pundit_user.
63
+ #
64
+ # @return [void]
65
+ # @since v2.5.0
66
+ def pundit_reset!
67
+ @pundit = nil
68
+ @_pundit_policies = nil
69
+ @_pundit_policy_scopes = nil
70
+ @_pundit_policy_authorized = nil
71
+ @_pundit_policy_scoped = nil
72
+ end
73
+
74
+ # @!group Policies
75
+
76
+ # Retrieves the policy for the given record, initializing it with the record
77
+ # and current user and finally throwing an error if the user is not
78
+ # authorized to perform the given action.
79
+ #
80
+ # @param record [Object, Array] the object we're checking permissions of
81
+ # @param query [Symbol, String] the predicate method to check on the policy (e.g. `:show?`).
82
+ # If omitted then this defaults to the Rails controller action name.
83
+ # @param policy_class [Class] the policy class we want to force use of
84
+ # @raise [NotAuthorizedError] if the given query method returned false
85
+ # @return [record] Always returns the passed object record
86
+ # @see Pundit::Context#authorize
87
+ # @see #verify_authorized
88
+ # @since v0.1.0
89
+ def authorize(record, query = nil, policy_class: nil)
90
+ query ||= "#{action_name}?"
91
+
92
+ @_pundit_policy_authorized = true
93
+
94
+ pundit.authorize(record, query: query, policy_class: policy_class)
95
+ end
96
+
97
+ # Allow this action not to perform authorization.
98
+ #
99
+ # @see https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used
100
+ # @return [void]
101
+ # @see #verify_authorized
102
+ # @since v1.0.0
103
+ def skip_authorization
104
+ @_pundit_policy_authorized = :skipped
105
+ end
106
+
107
+ # @return [Boolean] wether or not authorization has been performed
108
+ # @see #authorize
109
+ # @see #skip_authorization
110
+ # @since v1.0.0
111
+ def pundit_policy_authorized?
112
+ !!@_pundit_policy_authorized
113
+ end
114
+
115
+ # Raises an error if authorization has not been performed.
116
+ #
117
+ # Usually used as an `after_action` filter to prevent programmer error in
118
+ # forgetting to call {#authorize} or {#skip_authorization}.
119
+ #
120
+ # @see https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used
121
+ # @raise [AuthorizationNotPerformedError] if authorization has not been performed
122
+ # @return [void]
123
+ # @see #authorize
124
+ # @see #skip_authorization
125
+ # @since v0.1.0
126
+ def verify_authorized
127
+ raise AuthorizationNotPerformedError, self.class unless pundit_policy_authorized?
128
+ end
129
+
130
+ # rubocop:disable Naming/MemoizedInstanceVariableName
131
+
132
+ # Cache of policies. You should not rely on this method.
133
+ #
134
+ # @api private
135
+ # @since v1.0.0
136
+ def policies
137
+ @_pundit_policies ||= {}
138
+ end
139
+
140
+ # rubocop:enable Naming/MemoizedInstanceVariableName
141
+
142
+ # @!endgroup
143
+
144
+ # Retrieves the policy for the given record.
145
+ #
146
+ # @see https://github.com/varvet/pundit#policies
147
+ # @param record [Object] the object we're retrieving the policy for
148
+ # @return [Object] instance of policy class with query methods
149
+ # @since v0.1.0
150
+ def policy(record)
151
+ pundit.policy!(record)
152
+ end
153
+
154
+ # @!group Policy Scopes
155
+
156
+ # Retrieves the policy scope for the given record.
157
+ #
158
+ # @see https://github.com/varvet/pundit#scopes
159
+ # @param scope [Object] the object we're retrieving the policy scope for
160
+ # @param policy_scope_class [#resolve] the policy scope class we want to force use of
161
+ # @return [#resolve, nil] instance of scope class which can resolve to a scope
162
+ # @since v0.1.0
163
+ def policy_scope(scope, policy_scope_class: nil)
164
+ @_pundit_policy_scoped = true
165
+ policy_scope_class ? policy_scope_class.new(pundit_user, scope).resolve : pundit_policy_scope(scope)
166
+ end
167
+
168
+ # Allow this action not to perform policy scoping.
169
+ #
170
+ # @see https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used
171
+ # @return [void]
172
+ # @see #verify_policy_scoped
173
+ # @since v1.0.0
174
+ def skip_policy_scope
175
+ @_pundit_policy_scoped = :skipped
176
+ end
177
+
178
+ # @return [Boolean] wether or not policy scoping has been performed
179
+ # @see #policy_scope
180
+ # @see #skip_policy_scope
181
+ # @since v1.0.0
182
+ def pundit_policy_scoped?
183
+ !!@_pundit_policy_scoped
184
+ end
185
+
186
+ # Raises an error if policy scoping has not been performed.
187
+ #
188
+ # Usually used as an `after_action` filter to prevent programmer error in
189
+ # forgetting to call {#policy_scope} or {#skip_policy_scope} in index
190
+ # actions.
191
+ #
192
+ # @see https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used
193
+ # @raise [AuthorizationNotPerformedError] if policy scoping has not been performed
194
+ # @return [void]
195
+ # @see #policy_scope
196
+ # @see #skip_policy_scope
197
+ # @since v0.2.1
198
+ def verify_policy_scoped
199
+ raise PolicyScopingNotPerformedError, self.class unless pundit_policy_scoped?
200
+ end
201
+
202
+ # rubocop:disable Naming/MemoizedInstanceVariableName
203
+
204
+ # Cache of policy scope. You should not rely on this method.
205
+ #
206
+ # @api private
207
+ # @since v1.0.0
208
+ def policy_scopes
209
+ @_pundit_policy_scopes ||= {}
210
+ end
211
+
212
+ # rubocop:enable Naming/MemoizedInstanceVariableName
213
+
214
+ # This was added to allow calling `policy_scope!` without flipping the
215
+ # `pundit_policy_scoped?` flag.
216
+ #
217
+ # It's used internally by `policy_scope`, as well as from the views
218
+ # when they call `policy_scope`. It works because views get their helper
219
+ # from {Pundit::Helper}.
220
+ #
221
+ # @note This also memoizes the instance with `scope` as the key.
222
+ # @see Pundit::Helper#policy_scope
223
+ # @api private
224
+ # @since v1.0.0
225
+ def pundit_policy_scope(scope)
226
+ policy_scopes[scope] ||= pundit.policy_scope!(scope)
227
+ end
228
+ private :pundit_policy_scope
229
+
230
+ # @!endgroup
231
+
232
+ # @!group Strong Parameters
233
+
234
+ # Retrieves a set of permitted attributes from the policy.
235
+ #
236
+ # Done by instantiating the policy class for the given record and calling
237
+ # `permitted_attributes` on it, or `permitted_attributes_for_{action}` if
238
+ # `action` is defined. It then infers what key the record should have in the
239
+ # params hash and retrieves the permitted attributes from the params hash
240
+ # under that key.
241
+ #
242
+ # @see https://github.com/varvet/pundit#strong-parameters
243
+ # @param record [Object] the object we're retrieving permitted attributes for
244
+ # @param action [Symbol, String] the name of the action being performed on the record (e.g. `:update`).
245
+ # If omitted then this defaults to the Rails controller action name.
246
+ # @return [Hash{String => Object}] the permitted attributes
247
+ # @since v1.0.0
248
+ def permitted_attributes(record, action = action_name)
249
+ policy = policy(record)
250
+ method_name = if policy.respond_to?("permitted_attributes_for_#{action}")
251
+ "permitted_attributes_for_#{action}"
252
+ else
253
+ "permitted_attributes"
254
+ end
255
+ pundit_params_for(record).permit(*policy.public_send(method_name))
256
+ end
257
+
258
+ # Retrieves the params for the given record.
259
+ #
260
+ # @param record [Object] the object we're retrieving params for
261
+ # @return [ActionController::Parameters] the params
262
+ # @since v2.0.0
263
+ def pundit_params_for(record)
264
+ params.require(PolicyFinder.new(record).param_key)
265
+ end
266
+
267
+ # @!endgroup
268
+ end
269
+ end
@@ -0,0 +1,27 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Pundit
4
+ module CacheStore
5
+ # A cache store that uses only the record as a cache key, and ignores the user.
6
+ #
7
+ # The original cache mechanism used by Pundit.
8
+ #
9
+ # @api private
10
+ # @since v2.3.2
11
+ class LegacyStore
12
+ # @since v2.3.2
13
+ def initialize(hash = {})
14
+ @store = hash
15
+ end
16
+
17
+ # A cache store that uses only the record as a cache key, and ignores the user.
18
+ #
19
+ # @note `nil` results are not cached.
20
+ # @since v2.3.2
21
+ def fetch(user:, record:)
22
+ _ = user
23
+ @store[record] ||= yield
24
+ end
25
+ end
26
+ end
27
+ end
@@ -0,0 +1,30 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Pundit
4
+ module CacheStore
5
+ # A cache store that does not cache anything.
6
+ #
7
+ # Use `NullStore.instance` to get the singleton instance, it is thread-safe.
8
+ #
9
+ # @see Pundit::Context#initialize
10
+ # @api private
11
+ # @since v2.3.2
12
+ class NullStore
13
+ @instance = new
14
+
15
+ class << self
16
+ # @since v2.3.2
17
+ # @return [NullStore] the singleton instance
18
+ attr_reader :instance
19
+ end
20
+
21
+ # Always yields, does not cache anything.
22
+ # @yield
23
+ # @return [any] whatever the block returns.
24
+ # @since v2.3.2
25
+ def fetch(*, **)
26
+ yield
27
+ end
28
+ end
29
+ end
30
+ end
@@ -0,0 +1,24 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Pundit
4
+ # Namespace for cache store implementations.
5
+ #
6
+ # Cache stores are used to cache policy lookups, so you get the same policy
7
+ # instance for the same record.
8
+ # @since v2.3.2
9
+ module CacheStore
10
+ # @!group Cache Store Interface
11
+
12
+ # @!method fetch(user:, record:, &block)
13
+ # Looks up a stored policy or generate a new one.
14
+ #
15
+ # @since v2.3.2
16
+ # @note This is a method template, but the method does not exist in this module.
17
+ # @param user [Object] the user that initiated the action
18
+ # @param record [Object] the object being accessed
19
+ # @param block [Proc] the block to execute if missing
20
+ # @return [Object] the policy
21
+
22
+ # @!endgroup
23
+ end
24
+ end