pundit_custom_errors 0.9.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 6465ad6640e3f2d62f2542719caa33982043014f
+  data.tar.gz: 4755a3988e8db347ad1bc0a5a94314f0455fe086
+SHA512:
+  metadata.gz: 3a43ad7336a3da385e459d460615d78f696681beeca07d4d15fd0da2d62f1f8dc05ba1c9174dbc93b0d75602a9aa82f8bf0facc9b0673c749d8fc9f24f02150b
+  data.tar.gz: a846d4fe2b0da3d0e777f71e09afce92fc98183ac9d8642a4ec12eca7a59e92f69979bbdff48d5f66a9cb79b5bc52f057a2224b4e14b31f7316737f53b14d0b5

data/.gitignore

@@ -0,0 +1,15 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log
+*.gem

data/.ruby-version

@@ -0,0 +1 @@
+2.1.2

data/.travis.yml

@@ -0,0 +1,3 @@
+rvm:
+ - 2.1.2
+script: rspec spec

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in pundit_custom_errors.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Luis Daher
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,108 @@
+# PunditCustomErrors
+[![Build Status](https://travis-ci.org/luisdaher/pundit_custom_errors.svg)](https://travis-ci.org/luisdaher/pundit_custom_errors) [![Code Climate](https://codeclimate.com/github/luisdaher/pundit_custom_errors/badges/gpa.svg)](https://codeclimate.com/github/luisdaher/pundit_custom_errors) [![Inline docs](http://inch-ci.org/github/luisdaher/pundit_custom_errors.svg?branch=master)](http://inch-ci.org/github/luisdaher/pundit_custom_errors)
+
+`pundit_custom_errors` is an extension for the [Pundit gem](https://github.com/elabs/pundit) that enables the creation of custom error messages. This adds more flexibility to retrieve different kinds of messages in the same validation method, according to the nature of the error. As for the default error message, it is also set up to generate them by using a localization file (if existent).
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'pundit_custom_errors'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install pundit_custom_errors
+
+## Getting Started
+
+(Note: since this gem is intended to extend [Pundit's](https://github.com/elabs/pundit) capabilities, it is assumed that you're already familiar with it. If not, It is highly recommended that you take a look at [Pundit's documentation](https://github.com/elabs/pundit#pundit) first.)
+
+For this example, let's suppose there's already a standard `Policy` class for an object (`Post`, in this case), called `PostPolicy`, containing a validation for the `show` action. It would look like this:
+
+```ruby
+  class PostPolicy
+    def show?
+      # dummy validation code for the 'show' action
+      false
+    end
+  end
+```
+
+Since the `show?` method is returning `false`, this example will always throw a `Pundit::NotAuthorizedError`, with Pundit's default error message inside. As said before, this behavior can be changed by either setting a message in an attribute inside the `Policy` class or creating default messages for the actions' validation methods inside a localization YAML file. Both approaches are explained below.
+
+### Setting a message in an attribute inside the `Policy` class
+
+In order to set custom messages, the first thing to be done is to create the `error_message` attribute with `attr_accessor` permissions inside the desired `Policy` class. The `PostPolicy` class will look like this:
+
+```ruby
+  class PostPolicy
+    attr_accessor :error_message
+
+    def show?
+      # dummy validation code for the 'show' action
+      false
+    end
+  end
+```
+
+By putting that attribute inside a class, every time a validation method returns false, `Pundit` will try to use the `error_message`. If there's something set there (like the example below), `Pundit` will use it as the error message.
+
+```ruby
+  class PostPolicy
+    attr_accessor :error_message
+
+    def show?
+      @error_message = "You're not allowed to see this. Better luck next time!"
+
+      # dummy validation code for the 'show' action
+      false
+    end
+  end
+```
+
+As the message is set, every time the `show?` method returns false, the message present inside `error_message` will be put inside the `Pundit::NotAuthorizedError` instance.
+
+### Creating default error messages inside a YAML file
+
+#### Creating the YAML file
+
+By running the command:
+
+    $ rails generate pundit_custom_errors:initialize
+
+A file called `pundit_custom_errors.en.yml` will be generated inside the `config/locales` folder. It contains the default message, used if there's no messages for the given controller/action validation.
+
+#### Creating error messages in the localization file
+
+The `policy` keys must be the snake case representation of the given policy classes, containing action names as keys (e.g: `show?` and the message as value). Also, the `policy` hashes must be inside the `pundit` hash, inside the `en` (or the desired language abbreviation) hash.
+
+In short, the YAML file structure should be similar as the example below:
+
+```yaml
+en:
+  pundit:
+    default: "You have requested a page that you do not have access to."
+    post_policy:
+      show?: "You're not allowed to see this."
+```
+
+## Message hierarchy
+
+1. The gem will use the message present in the `error_message` attribute, that should be part of the given `Policy` class.
+2. If there's no error message (or even the attribute, if `PunditCustomErrors::Policy` isn't being extended), it will use the message for the given action validation, present in the YAML file.
+3. If there's no message for the given action validation in the YAML, it will use the YAML's default message inside `pundit` hash.
+4. If there's no YAML default message, it will use the hardcoded message, behaving the same way as Pundit does today.
+
+## Contributing
+
+1. Fork it ( https://github.com/luisdaher/pundit_custom_errors/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/lib/generators/pundit_custom_errors/initialize/initialize_generator.rb

@@ -0,0 +1,18 @@
+module PunditCustomErrors
+  module Generators
+    # Generates the localization strings YAML file in english
+    class InitializeGenerator < ::Rails::Generators::Base
+      desc 'Copy pundit_custom_errors.yml file to application config directory.'
+
+      def self.source_root
+        @source_root ||= File.expand_path(
+          File.join(File.dirname(__FILE__), 'templates')
+        )
+      end
+
+      def copy_config_file
+        template 'config/locales/pundit_custom_errors.en.yml'
+      end
+    end
+  end
+end

data/lib/generators/pundit_custom_errors/initialize/templates/config/locales/pundit_custom_errors.en.yml

@@ -0,0 +1,3 @@
+en:
+  pundit:
+    default: "You have requested a page that you do not have access to."

data/lib/pundit_custom_errors.rb

@@ -0,0 +1,7 @@
+require 'pundit_custom_errors/version'
+require 'pundit_custom_errors/authorization'
+
+# The 'PunditCustomErrors::Authorization' module is being prepended here.
+module Pundit
+  prepend PunditCustomErrors::Authorization
+end

data/lib/pundit_custom_errors/authorization.rb

@@ -0,0 +1,41 @@
+module PunditCustomErrors
+  # Module created to override Pundit's 'authorize' function. It enables Pundit
+  # to use the 'error_message' attribute (if existent) inside a Policy object,
+  # displaying the given error message instead of a default error message.
+  module Authorization
+    def authorize(record, query = nil)
+      @_pundit_policy_authorized = true
+
+      query ||= params[:action].to_s + '?'
+      policy = policy(record)
+      unless policy.public_send(query)
+        fail generate_error_for(policy, query, record)
+      end
+
+      true
+    end
+
+    protected
+
+    def generate_error_for(policy, query, record)
+      if policy.respond_to? :error_message
+        message = policy.error_message
+        policy.error_message = nil
+      end
+
+      message ||= translate_error_message_for_query(query, policy)
+      message ||= "not allowed to #{query} this #{record}"
+
+      error = Pundit::NotAuthorizedError.new(message)
+
+      error.query, error.record, error.policy = query, record, policy
+      error
+    end
+
+    def translate_error_message_for_query(query, policy)
+      t("#{policy.class.to_s.underscore}.#{query}",
+        scope: 'pundit',
+        default: :default) if self.respond_to?(:t)
+    end
+  end
+end

data/lib/pundit_custom_errors/version.rb

@@ -0,0 +1,3 @@
+module PunditCustomErrors
+  VERSION = '0.9.0'
+end

data/pundit_custom_errors.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'pundit_custom_errors/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'pundit_custom_errors'
+  spec.version       = PunditCustomErrors::VERSION
+  spec.authors       = ['Luis Daher', 'Damien Wilson']
+  spec.email         = ['luisotaviodaher@gmail.com', 'damien@mindglob.com']
+  spec.summary       = 'Custom error messages for Pundit.'
+  spec.description   = %(An extension for the Pundit gem that enables the
+                         creation of custom error messages.)
+  spec.homepage      = 'http://luisdaher.net'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{/^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{/^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler', '~> 1.6'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.2', '>= 3.2.0'
+  spec.add_development_dependency 'pry', '~> 0.10', '>= 0.10.1'
+  spec.add_development_dependency 'rubocop', '~> 0.28', '>= 0.28.0'
+  spec.add_dependency 'pundit', '~> 0.3', '>= 0.3.0'
+end

data/spec/pundit_custom_errors/authorization_spec.rb

@@ -0,0 +1,157 @@
+require 'spec_helper'
+
+describe PunditCustomErrors::Authorization do
+  # Pundit Mock class
+  class PunditMock
+    prepend PunditCustomErrors::Authorization
+    def policy(_arg = nil)
+      @policy ||= DummyPolicy.new
+    end
+  end
+
+  # Dummy Policy class for testing purposes
+  class DummyPolicy
+  end
+
+  describe '.authorize' do
+    let(:pundit_mock) { PunditMock.new }
+
+    context "when the user isn't authorized" do
+      context "and it's a single error" do
+        before :each do
+          expect_any_instance_of(DummyPolicy).to(
+            receive(:show?).and_return(false)
+          )
+        end
+
+        it 'raises an error' do
+          expect { pundit_mock.authorize(Class.new, :show?) }.to raise_error
+        end
+
+        context 'and a custom error message has been set' do
+          it 'returns the error with the previously set error message' do
+            expect_any_instance_of(DummyPolicy).to(
+              receive(:error_message).and_return('error')
+            )
+            expect_any_instance_of(DummyPolicy).to(
+              receive(:error_message=).and_return(nil)
+            )
+            expect { pundit_mock.authorize(Class.new, :show?) }.to(
+              raise_error(
+                Pundit::NotAuthorizedError,
+                'error'
+              )
+            )
+          end
+        end
+      end
+
+      context 'and there is more than one error' do
+        # Dummy Policy class for testing purposes
+        class DummyPolicy
+          attr_accessor :error_message
+
+          def index?
+            @error_message = 'error'
+            false
+          end
+
+          def show?
+            false
+          end
+
+          def update?
+            @error_message = 'update error'
+            false
+          end
+        end
+
+        context "and the other error doesn't contain a custom message" do
+          it 'shows the default error message' do
+            class_instance = Class.new
+
+            expect { pundit_mock.authorize(class_instance, :index?) }.to(
+              raise_error(
+                Pundit::NotAuthorizedError,
+                'error'
+              )
+            )
+
+            expect { pundit_mock.authorize(class_instance, :show?) }.to(
+              raise_error(
+                Pundit::NotAuthorizedError,
+                "not allowed to show? this #{class_instance}"
+              )
+            )
+          end
+        end
+
+        context 'and the other error also contains a custom message' do
+          it "doesn't show the previous error message" do
+            class_instance = Class.new
+
+            expect { pundit_mock.authorize(class_instance, :index?) }.to(
+              raise_error(
+                Pundit::NotAuthorizedError,
+                'error'
+              )
+            )
+
+            expect { pundit_mock.authorize(class_instance, :update?) }.to(
+              raise_error(
+                Pundit::NotAuthorizedError,
+                'update error'
+              )
+            )
+          end
+        end
+      end
+
+      context "and there's a translated message but no custom message" do
+        before :each do
+          expect(pundit_mock).to(
+            receive(:t)
+            .with(
+              "#{pundit_mock.policy.class.to_s.underscore}.show?",
+              scope: 'pundit',
+              default: :default
+            )
+            .and_return('translated error message')
+          )
+        end
+
+        it 'returns the error with the translated message' do
+          expect { pundit_mock.authorize(Class.new, :show?) }.to(
+            raise_error(
+              Pundit::NotAuthorizedError,
+              'translated error message'
+            )
+          )
+        end
+      end
+
+      context 'and no message is found' do
+        it 'returns the error with the default message' do
+          record = Class.new
+          expect { pundit_mock.authorize(record, :show?) }.to(
+            raise_error(
+              Pundit::NotAuthorizedError,
+              "not allowed to show? this #{record}"
+            )
+          )
+        end
+      end
+    end
+
+    context 'when the user is authorized' do
+      before :each do
+        expect_any_instance_of(DummyPolicy).to(
+          receive(:show?).and_return(true)
+        )
+      end
+      it "doesn't raise an error" do
+        expect { pundit_mock.authorize(Class.new, :show?) }.not_to raise_error
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,11 @@
+require 'rubygems'
+require 'bundler'
+require 'pundit_custom_errors'
+require 'pundit'
+require 'pry'
+
+Bundler.setup(:default, :test, :development)
+
+RSpec.configure do |config|
+  config.mock_with :rspec
+end

metadata

@@ -0,0 +1,172 @@
+--- !ruby/object:Gem::Specification
+name: pundit_custom_errors
+version: !ruby/object:Gem::Version
+  version: 0.9.0
+platform: ruby
+authors:
+- Luis Daher
+- Damien Wilson
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-03-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.10.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.10.1
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.28'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.28.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.28'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.28.0
+- !ruby/object:Gem::Dependency
+  name: pundit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.3'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+description: |-
+  An extension for the Pundit gem that enables the
+                           creation of custom error messages.
+email:
+- luisotaviodaher@gmail.com
+- damien@mindglob.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".ruby-version"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/generators/pundit_custom_errors/initialize/initialize_generator.rb
+- lib/generators/pundit_custom_errors/initialize/templates/config/locales/pundit_custom_errors.en.yml
+- lib/pundit_custom_errors.rb
+- lib/pundit_custom_errors/authorization.rb
+- lib/pundit_custom_errors/version.rb
+- pundit_custom_errors.gemspec
+- spec/pundit_custom_errors/authorization_spec.rb
+- spec/spec_helper.rb
+homepage: http://luisdaher.net
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Custom error messages for Pundit.
+test_files: []
+has_rdoc: