resource_policy 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: fed24d9cd11a66ed01e1c3502226d08552e28613059ebd7ec7df33b9516dd50b
+  data.tar.gz: 46b4678e5d4c56bf3553869672e07fef6a31dca7a72b4c05633fa1845f79d0a1
+SHA512:
+  metadata.gz: a92ff288f3b96e0733ffe975b44acace545db00526aca10da31aa947ae3c9f58e71458d88e76d24380f98cb438fab12edfac3d53e627ff53b4d9966bd39a95b3
+  data.tar.gz: 4dd64068ede10a86e019872728f6d93522b266c6463e9853211067c5e2b990db6ecbd520d84230dec7a7ca784eed18bb0942e4be033f38aa600e09624564aebf

data/.github/workflows/ruby.yml

@@ -0,0 +1,20 @@
+name: Ruby
+
+on: [push]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v1
+    - name: Set up Ruby 2.6
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: 2.6.x
+    - name: Build and test with Rake
+      run: |
+        gem install bundler
+        bundle install --jobs 4 --retry 3
+        bundle exec rake

data/.gitignore

@@ -0,0 +1,15 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/.history/
+/.vscode/
+
+# rspec failure tracking
+.rspec_status
+
+*.gem

data/.hound.yml

@@ -0,0 +1,3 @@
+rubocop:
+  config_file: .rubocop.yml
+  version: 0.75.0

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,43 @@
+require: rubocop-rspec
+
+RSpec/NestedGroups:
+  Enabled: false
+
+Metrics/LineLength:
+  Enabled: true
+  Max: 120
+
+Metrics/BlockLength:
+  Exclude:
+    - spec/**/*.rb
+    - resource_policy.gemspec
+Metrics/ModuleLength:
+  Exclude:
+    - spec/**/*_spec.rb
+Metrics/ClassLength:
+  Exclude:
+    - spec/**/*_spec.rb
+
+Lint/AmbiguousBlockAssociation:
+  Exclude:
+    - spec/**/*.rb
+
+Naming/UncommunicativeMethodParamName:
+  AllowedNames:
+    - 'to'
+    - 'at'
+    - 'on'
+    - 'id'
+    - 'in'
+    - 'as'
+
+Style/ClassAndModuleChildren:
+  Exclude:
+    - spec/**/*_spec.rb
+
+AllCops:
+  TargetRubyVersion: 2.5
+  Exclude:
+    - bin/*
+    - graphql_rails.gemspec
+    - Rakefile

data/.ruby-version

@@ -0,0 +1 @@
+3.1.2

data/.travis.yml

@@ -0,0 +1,7 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.6.1
+before_install: gem install bundler -v 2.0.1

data/CHANGELOG.md

@@ -0,0 +1,19 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+* Added/Changed/Deprecated/Removed/Fixed/Security: YOUR CHANGE HERE
+
+## [1.0.0]
+
+* Added Ruby on Rails validator
+* Fixed: attribute policy no longer depends on action policy conditions
+
+## [0.2.0]
+
+* Changed: resource protection is now done using policy instance method instead of class method

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at povilas@samesystem.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+group :test do
+  gem 'codecov', require: false
+  gem 'simplecov', require: false
+end
+
+# Specify your gem's dependencies in resource_policy.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,232 @@
+PATH
+  remote: .
+  specs:
+    resource_policy (1.0.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (7.0.4.2)
+      actionpack (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+      nio4r (~> 2.0)
+      websocket-driver (>= 0.6.1)
+    actionmailbox (7.0.4.2)
+      actionpack (= 7.0.4.2)
+      activejob (= 7.0.4.2)
+      activerecord (= 7.0.4.2)
+      activestorage (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+      mail (>= 2.7.1)
+      net-imap
+      net-pop
+      net-smtp
+    actionmailer (7.0.4.2)
+      actionpack (= 7.0.4.2)
+      actionview (= 7.0.4.2)
+      activejob (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+      mail (~> 2.5, >= 2.5.4)
+      net-imap
+      net-pop
+      net-smtp
+      rails-dom-testing (~> 2.0)
+    actionpack (7.0.4.2)
+      actionview (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+      rack (~> 2.0, >= 2.2.0)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actiontext (7.0.4.2)
+      actionpack (= 7.0.4.2)
+      activerecord (= 7.0.4.2)
+      activestorage (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+      globalid (>= 0.6.0)
+      nokogiri (>= 1.8.5)
+    actionview (7.0.4.2)
+      activesupport (= 7.0.4.2)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (7.0.4.2)
+      activesupport (= 7.0.4.2)
+      globalid (>= 0.3.6)
+    activemodel (7.0.4.2)
+      activesupport (= 7.0.4.2)
+    activerecord (7.0.4.2)
+      activemodel (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+    activestorage (7.0.4.2)
+      actionpack (= 7.0.4.2)
+      activejob (= 7.0.4.2)
+      activerecord (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+      marcel (~> 1.0)
+      mini_mime (>= 1.1.0)
+    activesupport (7.0.4.2)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    ast (2.4.2)
+    builder (3.2.4)
+    byebug (11.1.3)
+    codecov (0.6.0)
+      simplecov (>= 0.15, < 0.22)
+    coderay (1.1.3)
+    concurrent-ruby (1.2.0)
+    crass (1.0.6)
+    date (3.3.3)
+    diff-lcs (1.5.0)
+    docile (1.4.0)
+    erubi (1.12.0)
+    globalid (1.1.0)
+      activesupport (>= 5.0)
+    i18n (1.12.0)
+      concurrent-ruby (~> 1.0)
+    json (2.6.3)
+    loofah (2.19.1)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.8.0.1)
+      mini_mime (>= 0.1.1)
+      net-imap
+      net-pop
+      net-smtp
+    marcel (1.0.2)
+    method_source (1.0.0)
+    mini_mime (1.1.2)
+    mini_portile2 (2.8.1)
+    minitest (5.17.0)
+    net-imap (0.3.4)
+      date
+      net-protocol
+    net-pop (0.1.2)
+      net-protocol
+    net-protocol (0.2.1)
+      timeout
+    net-smtp (0.3.3)
+      net-protocol
+    nio4r (2.5.8)
+    nokogiri (1.14.1)
+      mini_portile2 (~> 2.8.0)
+      racc (~> 1.4)
+    parallel (1.22.1)
+    parser (3.2.0.0)
+      ast (~> 2.4.1)
+    pry (0.14.2)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.10.1)
+      byebug (~> 11.0)
+      pry (>= 0.13, < 0.15)
+    racc (1.6.2)
+    rack (2.2.6.2)
+    rack-test (2.0.2)
+      rack (>= 1.3)
+    rails (7.0.4.2)
+      actioncable (= 7.0.4.2)
+      actionmailbox (= 7.0.4.2)
+      actionmailer (= 7.0.4.2)
+      actionpack (= 7.0.4.2)
+      actiontext (= 7.0.4.2)
+      actionview (= 7.0.4.2)
+      activejob (= 7.0.4.2)
+      activemodel (= 7.0.4.2)
+      activerecord (= 7.0.4.2)
+      activestorage (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+      bundler (>= 1.15.0)
+      railties (= 7.0.4.2)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.5.0)
+      loofah (~> 2.19, >= 2.19.1)
+    railties (7.0.4.2)
+      actionpack (= 7.0.4.2)
+      activesupport (= 7.0.4.2)
+      method_source
+      rake (>= 12.2)
+      thor (~> 1.0)
+      zeitwerk (~> 2.5)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    regexp_parser (2.6.2)
+    rexml (3.2.5)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.0)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.3)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.0)
+    rubocop (1.44.1)
+      json (~> 2.3)
+      parallel (~> 1.10)
+      parser (>= 3.2.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.24.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.24.1)
+      parser (>= 3.1.1.0)
+    rubocop-capybara (2.17.0)
+      rubocop (~> 1.41)
+    rubocop-performance (1.15.2)
+      rubocop (>= 1.7.0, < 2.0)
+      rubocop-ast (>= 0.4.0)
+    rubocop-rails (2.17.4)
+      activesupport (>= 4.2.0)
+      rack (>= 1.1)
+      rubocop (>= 1.33.0, < 2.0)
+    rubocop-rspec (2.18.1)
+      rubocop (~> 1.33)
+      rubocop-capybara (~> 2.17)
+    ruby-progressbar (1.11.0)
+    simplecov (0.21.2)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.4)
+    thor (1.2.1)
+    timeout (0.3.1)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (2.4.2)
+    websocket-driver (0.7.5)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.5)
+    zeitwerk (2.6.6)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 2.0)
+  codecov
+  pry-byebug
+  rails (~> 7.0.0)
+  rake (~> 13.0)
+  resource_policy!
+  rspec (~> 3.0)
+  rubocop
+  rubocop-performance
+  rubocop-rails
+  rubocop-rspec
+  simplecov
+
+BUNDLED WITH
+   2.0.1

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 Povilas Jurcys
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "resource_policy"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/docs/README.md

@@ -0,0 +1,163 @@
+# ResourcePolicy
+
+[![Build Status](https://travis-ci.org/samesystem/resource_policy.svg?branch=master)](https://travis-ci.org/samesystem/resource_policy)
+[![codecov](https://codecov.io/gh/samesystem/resource_policy/branch/master/graph/badge.svg)](https://codecov.io/gh/samesystem/resource_policy)
+[![Documentation](https://readthedocs.org/projects/ansicolortags/badge/?version=latest)](https://samesystem.github.io/resource_policy)
+
+Gem which allows to protect your resources and their methods with policy rules.
+
+## Installation
+
+Add this line to your Ruby on Rails application's Gemfile:
+
+```ruby
+gem 'resource_policy', require 'resource_policy/rails'
+```
+
+Or add this for any other ruby app:
+
+```ruby
+gem 'resource_policy'
+```
+
+And then execute:
+
+```sh
+    $ bundle
+```
+
+Or install it yourself as:
+
+```sh
+    $ gem install resource_policy
+```
+
+## Documentation
+
+All details about gem usage can be found here: https://samesystem.github.io/resource_policy
+
+## Usage
+
+Policy should be a single point of truth where you can check what kind of actions current user (or anything else) can do to some resource. Later you will see example of `UserPolicy`.
+
+### Actions policy
+
+Action policy defines what kind of actions can be done on resource. In the folulowing example `UserPolicy` defines what kind of actions `current_user` can do with other `user`.
+
+#### Define action policy
+
+```ruby
+class UserPolicy
+  include ResourcePolicy::Policy
+
+  policy do |c|
+    c.action(:read).allowed # current_user can always see user
+    c.action(:write).allowed(if: :admin?) # only admin current_user can update user
+  end
+
+  def initialize(user, current_user:)
+    @user = user
+    @current_user = current_user
+  end
+
+  private
+
+  def admin?
+    @current_user.admin?
+  end
+end
+```
+
+#### Using action policy
+
+```ruby
+policy = UserPolicy.new(user, current_user: current_user)
+policy.action(:read).allowed? # => true
+policy.action(:write).allowed? # ... depends on `admin?` result
+```
+
+### Attributes policy
+
+Similar as with actions policy, you can define each field which should be visible or writable by other user
+
+#### Define attributes policy
+
+```ruby
+class UserPolicy
+  include ResourcePolicy::Policy
+
+  policy do |c|
+    c.attribute(:email)
+      .allowed(:read) # current_user can always view user.email
+      .allowed(:write, if: :admin?) # only admin current_user can change email
+  end
+
+  def initialize(user, current_user:)
+    @user = user
+    @current_user = current_user
+  end
+
+  private
+
+  def admin?
+    @current_user.admin?
+  end
+end
+```
+
+#### Using attributes policy
+
+```ruby
+policy = UserPolicy.new(user, current_user: current_user)
+policy.attribute(:email).readable? # => true
+policy.action(:email).writable? # ... depends on `admin?` result
+```
+
+#### Using protector
+
+You can use `Policy` to hide some fields. Here is how:
+
+```ruby
+class UserPolicy
+  include ResourcePolicy::Policy
+
+  policy do |c|
+    c.attribute(:id).allowed(:read)
+    c.attribute(:salary).allowed(:read, if: :admin?)
+  end
+
+  ...
+end
+```
+
+Now you can protect `user` like this:
+
+```ruby
+current_user.admin? #=> false
+
+user = User.find(1337)
+user.id #=> 1337
+user.email #=> "john.doe@example.com"
+
+protected_user = UserPolicy.attributes_policy.protect(user, current_user: current_user)
+protected_user.id #=> 1337
+protected_user.email # nil
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/samesystem/resource_policy. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the ResourcePolicy project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/samesystem/resource_policy/blob/master/CODE_OF_CONDUCT.md).

data/docs/_sidebar.md

@@ -0,0 +1,6 @@
+* [Home](README)
+* Components
+  * [Policy](components/policy)
+  * [ActionsPolicy](components/actions_policy)
+  * [ActionsPolicy](components/actions_validator)
+  * [AttributesPolicy](components/attributes_policy)