pundit_extraextra 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: efe9e9d3572cd753f9834532b4e6e913ea62a839146f9f02506aed669de8ddd6
+  data.tar.gz: '0384a52b21b8329de96b08106200b80bbb3b5206997a3e5ca53562d8b7c89643'
+SHA512:
+  metadata.gz: 75ae6276ffd31361b3924b8b5a7eb82b9e87821231cbce03155dc2790ce8d6b6444aaf01fb686b9743e6db4bc8014905f51d7b7f5477be8207328ff5d39313f0
+  data.tar.gz: 67498abe57e9e1f160f9b176e8cc388a37a434c87379acc707890ae15a69dc1a7033901c41d99ce8c0b735aae8a242d9e645cec62d8197aba77cb494de537e85

data/README.md

@@ -0,0 +1,126 @@
+# PunditExtra
+
+[![Gem Version](https://badge.fury.io/rb/pundit_extra.svg)](https://badge.fury.io/rb/pundit_extra)
+[![Build Status](https://github.com/DannyBen/pundit_extra/workflows/Test/badge.svg)](https://github.com/DannyBen/pundit_extra/actions?query=workflow%3ATest)
+[![Maintainability](https://api.codeclimate.com/v1/badges/61990b2b88d45ea6c89d/maintainability)](https://codeclimate.com/github/DannyBen/pundit_extra/maintainability)
+
+---
+
+This library borrows functionality from [CanCan(Can)][2] and adds it to [Pundit][1].
+
+- `can?` and `cannot?` view helpers
+- `load_resource`, `authorize_resource`, `load_and_authorize_resource` and 
+  `skip_authorization` controller filters
+
+The design intentions were:
+
+1. To ease the transition from CanCanCan to Pundit.
+2. To reduce boilerplate code in controller methods.
+3. To keep things simple and intentionally avoid dealing with edge cases or
+   endless magical options you need to memorize.
+
+---
+
+## Install
+
+Add to your Gemfile:
+
+```
+gem 'pundit_extra'
+```
+
+Add to your `ApplicationController`:
+
+```ruby
+class ApplicationController < ActionController::Base
+  include Pundit::Authorization
+  include PunditExtra
+end
+```
+
+
+## View Helpers:  `can?` and `cannot?` 
+
+You can use the convenience methods `can?` and `cannot?` in any controller 
+and view.
+
+- `if can? :assign, @task` is the same as Pundit's `policy(@task).assign?`
+- `if can? :index, Task` is the same as Pundit's `policy(Task).index?`
+- `if cannot? :assign, @task` is the opposite of `can?`
+
+
+## Autoload and Authorize Resource
+
+You can add these to your controllers to automatically load the resource 
+and/or authorize it. 
+
+```ruby
+class TasksController < ApplicationController
+  before_action :authenticate_user!
+  load_resource except: [:index, :create]
+  authorize_resource except: [:create]
+end
+```
+
+The `load_resource` filter will create the appropriate instance variable 
+based on the current action.
+
+The `authorize_resource` filter will call Pundit's `authorize @model` in each
+action.
+
+You can use `except: :action`, or `only: :action` to limit the filter to a 
+given action or an array of actions.
+
+Example:
+
+```ruby
+class TasksController < ApplicationController
+  before_action :authenticate_user!
+  load_resource except: [:edit, :complete]
+  authorize_resource except: :index
+
+  def index
+    # this happens automatically
+    # @tasks = policy_scope(Task)
+  end
+
+  def show
+    # this happens automatically
+    # @task = Task.find params[:id]
+    # authorize @task
+  end
+
+  def new
+    # this happens automatically
+    # @task = Task.new
+    # authorize @task
+  end
+
+  def create
+    # this happens automatically
+    # @task = Task.new task_params
+    # authorize @task
+  end
+
+end
+```
+
+In addition, you can use:
+
+- `load_and_authorize_resource` which is a combination shortcut for 
+  `load_resource` and `authorize_resource`
+- `skip_authorization` which sends `skip_authorization` and 
+  `skip_policy_scope` to Pundit for all (or the specified) actions.
+
+## Credits
+
+- [Jonas Nicklas](https://github.com/jnicklas) @ [Pundit][1]
+- [Bryan Rite](https://github.com/bryanrite), [Ryan Bates](https://github.com/ryanb), [Richard Wilson](https://github.com/Senjai) @ [CanCanCan][2]
+- [Tom Morgan](https://github.com/seven1m)
+
+Thanks for building awesome stuff.
+
+---
+
+[1]: https://github.com/elabs/pundit
+[2]: https://github.com/CanCanCommunity/cancancan

data/lib/pundit_extraextra/controller_mixin.rb

@@ -0,0 +1,10 @@
+module PunditExtra
+  def self.included(_base)
+    return unless defined? ActionController::Base
+
+    ActionController::Base.class_eval do
+      include PunditExtra::Helpers
+      include PunditExtra::ResourceAutoload
+    end
+  end
+end

data/lib/pundit_extraextra/helpers.rb

@@ -0,0 +1,15 @@
+module PunditExtra
+  module Helpers
+    def self.included(base)
+      base.helper_method :can?, :cannot? if base.respond_to? :helper_method
+    end
+
+    def can?(action, resource)
+      policy(resource).send :"#{action}?"
+    end
+
+    def cannot?(*args)
+      !can?(*args)
+    end
+  end
+end

data/lib/pundit_extraextra/resource_autoload.rb

@@ -0,0 +1,345 @@
+require 'active_support/concern'
+
+module PunditExtra
+  module ResourceAutoload
+    extend ActiveSupport::Concern
+
+    included do
+      class_attribute :resource_options
+      self.resource_options = []
+      before_action :process_resource_callbacks
+    end
+
+    module ClassMethods
+      def load_resource(resource_name_or_options = {}, options = {})
+        store_resource_options(:load, resource_name_or_options, options)
+      end
+
+      def authorize_resource(resource_name_or_options = {}, options = {})
+        store_resource_options(:authorize, resource_name_or_options, options)
+      end
+
+      def skip_authorization(options = {})
+        before_action :skip_authorization_and_scope, options.dup
+      end
+
+      def load_and_authorize_resource(resource_name_or_options = {}, options = {})
+        store_resource_options(:load_and_authorize, resource_name_or_options, options)
+      end
+
+      private
+      def store_resource_options(action, resource_name_or_options, options)
+        resource_name, options = extract_resource_name_and_options(resource_name_or_options, options)
+        self.resource_options += [{ action: action, resource_name: resource_name, options: options }]
+      end
+
+      def extract_resource_name_and_options(resource_name_or_options, options)
+        if resource_name_or_options.is_a?(Hash)
+          [nil, resource_name_or_options]
+        elsif resource_name_or_options.is_a?(Symbol) || resource_name_or_options.is_a?(String)
+          [resource_name_or_options.to_s, options]
+        else
+          [nil, options]
+        end
+      end
+    end
+
+    def process_resource_callbacks
+      self.class.resource_options.each do |resource_option|
+        next if skip_action?(resource_option[:options])
+
+        if resource_option[:action] == :load
+          load_resource(resource_option[:resource_name], resource_option[:options])
+        elsif resource_option[:action] == :authorize
+          authorize_resource(resource_option[:resource_name], resource_option[:options])
+        elsif resource_option[:action] == :load_and_authorize
+          load_resource(resource_option[:resource_name], resource_option[:options])
+          authorize_resource(resource_option[:resource_name], resource_option[:options])
+        end
+      end
+    end
+
+    def skip_action?(options)
+      action = params[:action].to_sym
+      (options[:except] && Array(options[:except]).include?(action)) ||
+        (options[:only] && !Array(options[:only]).include?(action))
+    end
+
+    def load_resource(resource_name = nil, options = {})
+      resource_name = (resource_name || controller_name.singularize).to_s
+      instance_name = options[:instance_name] || resource_name
+      scope = resource_name.classify.constantize
+      action = params[:action]
+      varname = instance_name
+
+      # Use id_param option if provided, otherwise fallback to default pattern
+      resource_id_param = options[:id_param] || "#{resource_name}_id"
+      resource_id = params[resource_id_param] || params[:id]
+
+      if resource_name != controller_name.singularize
+        # If the resource being loaded isn't the primary resource for the controller
+        # we assume we are loading a single instance of it
+
+        if options[:through]
+          # If there's a through option, find the parent instance
+          current_instance = find_parent_instance(options[:through])
+
+          if current_instance
+            if options[:singleton]
+              # If the relationship is has_one, we load the single associated instance
+              resource = current_instance.public_send(resource_name)
+            else
+              # Otherwise, we find by resource_id or simply the first matching resource
+              resource = resource_id ? current_instance.public_send(resource_name.pluralize).find(resource_id) : current_instance.public_send(resource_name.pluralize).first
+            end
+          else
+            resource = nil
+          end
+        else
+          # Load the resource directly if no `through` option or if `resource_id_param` is provided
+          resource = scope.find(resource_id)
+        end
+
+        raise ActiveRecord::RecordNotFound, "No valid parent instance found through #{options[:through].join(', ')}" if resource == nil
+
+        # Authorize the loaded resource for the 'show' action
+        authorize resource, "show?"
+      else
+        resource = if options[:through]
+                     load_through_resource(options[:through], resource_name, resource_id, action, options)
+                   else
+                     load_direct_resource(scope, action, resource_id, options)
+                   end
+      end
+
+      raise ActiveRecord::RecordNotFound, "Couldn't find #{resource_name.to_s.capitalize} with #{resource_id_param} == #{resource_id}"if resource.nil?
+
+      if resource.is_a?(ActiveRecord::Relation) || resource.is_a?(Array)
+        varname = varname.to_s.pluralize
+      end
+
+      instance_variable_set("@#{varname}", resource)
+    end
+
+    def find_parent_instance(parents)
+      Array(parents).each do |parent|
+        parent_resource_name = parent.to_s.singularize
+        parent_instance = instance_variable_get("@#{parent_resource_name}")
+
+        return parent_instance if parent_instance
+      end
+
+      nil
+    end
+
+    def load_singleton_resource(current_instance, resource_name, action, options)
+      if action == 'create'
+        new_resource = resource_name.classify.constantize.new
+        new_resource.attributes = resource_attributes(new_resource, action) if new_resource.respond_to?(:attributes=)
+        new_resource
+      else
+        current_instance.public_send(resource_name)
+      end
+    end
+
+    def load_index_resource(current_instance, resource_name)
+      resource = current_instance.public_send(resource_name.pluralize)
+      policy_scope(resource)
+    end
+
+    def find_resource_by_id(current_instance, resource_name, resource_id, find_by_attribute)
+      current_instance.public_send(resource_name.pluralize).find_by(find_by_attribute => resource_id)
+    end
+
+    def create_new_resource(resource_name, action)
+      new_resource = resource_name.classify.constantize.new
+      new_resource.attributes = resource_attributes(new_resource, action)
+      new_resource
+    end
+
+    def update_resource(current_instance, resource_name, resource_id, find_by_attribute, action)
+      resource = current_instance.public_send(resource_name.pluralize).find_by(find_by_attribute => resource_id)
+      unless record.nil?
+        authorize resource, "#{action}?"
+        resource.attributes = resource_attributes(resource, action) if resource.respond_to?(:attributes=)
+      else
+        resource = nil
+      end
+
+      resource
+    end
+
+    def load_nested_resource(parent_instances, resource_name, current_instance)
+      if parent_instances.size > 1
+        query = parent_instances.inject({}) do |hash, parent_instance|
+          association_name = parent_instance.class.name.underscore.to_sym
+          hash.merge!(association_name => parent_instance)
+        end
+        resource_name.classify.constantize.find_by(query)
+      else
+        current_instance.public_send(resource_name.pluralize)
+        policy_scope(resource_name.classify.constantize)
+      end
+    end
+
+    def load_through_resource(parents, resource_name, resource_id, action, options)
+      parent_instances = Array(parents).map do |parent|
+        instance_variable_get("@#{parent.to_s.singularize}")
+      end.compact
+
+      if parent_instances.empty?
+        raise ActiveRecord::RecordNotFound, "No parent instance found for #{resource_name}"
+      end
+
+      current_instance = parent_instances.first
+      find_by_attribute = options[:find_by] || :id
+
+      resource = if options[:singleton]
+                   load_singleton_resource(current_instance, resource_name, action, options)
+                 elsif action == 'index' && (!resource_id && !options[:singleton])
+                   load_index_resource(current_instance, resource_name)
+                 elsif resource_id
+                   find_resource_by_id(current_instance, resource_name, resource_id, find_by_attribute)
+                 elsif action == 'create'
+                   create_new_resource(resource_name, action)
+                 elsif action == 'update'
+                   update_resource(current_instance, resource_name, resource_id, find_by_attribute, action)
+                 else
+                   load_nested_resource(parent_instances, resource_name, current_instance)
+                 end
+
+      resource
+    end
+
+    def load_direct_resource(scope, action, resource_id, options = {})
+      # Determine the attribute to find by and the parameter to use for the ID
+      # if it isn't specified we assume we're finding by the 'id' column
+      find_by_attribute = options[:find_by] || :id
+
+      if action == 'create'
+        if resource_id
+          resource = scope.find_by(find_by_attribute => resource_id) # Use the custom find_by attribute
+        else
+          new_resource = scope.new
+          new_resource.attributes = resource_attributes(new_resource, action) if new_resource.respond_to?(:attributes=)
+          resource = new_resource
+        end
+      elsif action == 'update'
+        resource = scope.find_by(find_by_attribute => resource_id) # Use the custom find_by attribute
+        unless resource.nil?
+          authorize resource, "#{action}?"
+          resource.attributes = resource_attributes(resource, action)
+          resource = resource
+        else
+          resource = nil
+        end
+      elsif action == 'index'
+        resource = policy_scope(scope) # Treat as collection for index
+      elsif resource_id
+        resource = scope.find_by(find_by_attribute => resource_id) # Use the custom find_by attribute
+      else
+        resource = policy_scope(scope) # Treat as collection for non-standard actions
+      end
+
+      resource
+    end
+
+    def load_parent_resources(parents)
+      Array(parents).each do |parent|
+        parent_resource_name = parent.to_s.singularize
+        parent_id = params["#{parent_resource_name}_id"]
+        parent_instance = instance_variable_get("@#{parent_resource_name}")
+
+        unless parent_instance
+          parent_scope = parent_resource_name.classify.constantize
+          parent_instance = parent_scope.find(parent_id)
+          instance_variable_set("@#{parent_resource_name}", parent_instance)
+          authorize parent_instance, :show?
+        end
+
+        parent_instance
+      end
+    end
+
+    def authorize_resource(resource_name = nil, options = {})
+      resource_name = (resource_name || controller_name.singularize).to_s
+      instance_name = (options[:instance_name] || resource_name).to_s
+      resource = instance_variable_get("@#{instance_name}") || resource_name.classify.constantize
+
+      # Determine if this is a parent resource by checking if it was listed as a `through` resource
+      is_parent_resource = self.class.resource_options.any? do |opt|
+        opt[:options][:through] && Array(opt[:options][:through]).include?(resource_name.to_sym)
+      end
+
+      action = is_parent_resource ? :show : params[:action].to_sym
+      if resource_name != controller_name.singularize
+        action = :show
+      end
+
+      if resource.is_a?(Class)
+        authorize resource, "#{params[:action].to_sym}?"
+      else
+        authorize resource, "#{action}?"
+      end
+    end
+
+    def skip_authorization_and_scope
+      action = params[:action]
+      skip_policy_scope if action == 'index'
+      skip_authorization
+    end
+
+    def resource_name
+      controller_name.singularize
+    end
+
+    def resource_class
+      resource_name.classify.constantize
+    end
+
+    def resource_instance
+      instance_variable_get "@#{resource_name}"
+    end
+
+    def resource_attributes(resource, action)
+      attributes = {}
+
+      # Get permitted attributes if they are defined
+      if has_permitted_attributes?(resource, action)
+        attributes = permitted_attributes(resource)
+      else
+        candidates = ["#{action}_params", "#{resource_name}_params"]
+        candidates.each do |candidate|
+          if respond_to?(candidate, true)
+            attributes.merge!(send(candidate)) { |key, old_val, new_val| old_val }
+            break
+          end
+        end
+      end
+
+      # Extract URL parameters that are part of the resource's attributes
+      url_param_keys = request.path_parameters.keys.map(&:to_sym)
+
+      # Remove :id from the keys to ensure it isn't included
+      url_param_keys.delete(:id)
+
+      relevant_url_params = params.slice(*url_param_keys).permit!.to_h
+
+      # Merge only the relevant URL parameters that match resource's column names
+      relevant_url_params.each do |key, value|
+        if resource.class.column_names.include?(key.to_s)
+          attributes[key.to_sym] ||= value
+        end
+      end
+
+      attributes
+    end
+
+    def has_permitted_attributes?(resource, action)
+      return true if policy(resource).respond_to? :"permitted_attributes_for_#{action}"
+      return true if policy(resource).respond_to? :permitted_attributes
+
+      false
+    end
+  end
+end

data/lib/pundit_extraextra/version.rb

@@ -0,0 +1,3 @@
+module PunditExtraExtra
+  VERSION = '1.0.0'
+end

data/lib/pundit_extraextra.rb

@@ -0,0 +1,4 @@
+require 'pundit_extraextra/controller_mixin'
+require 'pundit_extraextra/helpers'
+require 'pundit_extraextra/resource_autoload'
+require 'pundit_extraextra/version'

metadata

@@ -0,0 +1,50 @@
+--- !ruby/object:Gem::Specification
+name: pundit_extraextra
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Danny Ben Shitrit
+- Andrew Michael Fahmy
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2024-09-18 00:00:00.000000000 Z
+dependencies: []
+description: Add CanCanCan like load and authorize to Pundit.
+email: andrew.michael.fahmy@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- lib/pundit_extraextra.rb
+- lib/pundit_extraextra/controller_mixin.rb
+- lib/pundit_extraextra/helpers.rb
+- lib/pundit_extraextra/resource_autoload.rb
+- lib/pundit_extraextra/version.rb
+homepage: https://github.com/sayre1000/pundit_extraextra
+licenses:
+- MIT
+metadata:
+  rubygems_mfa_required: 'true'
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.7
+signing_key: 
+specification_version: 4
+summary: Additions for PunditExtra
+test_files: []