resource_policy 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fed24d9cd11a66ed01e1c3502226d08552e28613059ebd7ec7df33b9516dd50b
-  data.tar.gz: 46b4678e5d4c56bf3553869672e07fef6a31dca7a72b4c05633fa1845f79d0a1
+  metadata.gz: 2f65fc6083e96120d13e9f16f9209da6821690d5868fbb8c5e220af87c2cca00
+  data.tar.gz: 69f4d3e2969688640b28d0621625735caf47c4601aee45aa9f4b499bf2f7c708
 SHA512:
-  metadata.gz: a92ff288f3b96e0733ffe975b44acace545db00526aca10da31aa947ae3c9f58e71458d88e76d24380f98cb438fab12edfac3d53e627ff53b4d9966bd39a95b3
-  data.tar.gz: 4dd64068ede10a86e019872728f6d93522b266c6463e9853211067c5e2b990db6ecbd520d84230dec7a7ca784eed18bb0942e4be033f38aa600e09624564aebf
+  metadata.gz: d6a57863a8e23dc296549b227e612ae64837431d3f7f2512f795e0277e262d9eb3482f77a26844a4c028e97f4f21f3605616a52795e8088b62d32899baacfc4a
+  data.tar.gz: 42568d8e854a936150c590ca4691a7b40f69881de02fe909b53fa0f1ec5f5763731c51e0bf0f3eea91c83a4ef721be023eb9f4b5782e4bd2fd9d8b23a7cd6085

data/.github/workflows/ruby.yml

@@ -1,20 +1,18 @@
 name: Ruby
-
-on: [push]
-
+on: [push, pull_request]
 jobs:
-  build:
+  specs:
+    strategy:
+      matrix:
+        ruby-version: ['2.7', '3.0', '3.1']
 
     runs-on: ubuntu-latest
-
+    env:
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
     steps:
-    - uses: actions/checkout@v1
-    - name: Set up Ruby 2.6
-      uses: actions/setup-ruby@v1
-      with:
-        ruby-version: 2.6.x
-    - name: Build and test with Rake
-      run: |
-        gem install bundler
-        bundle install --jobs 4 --retry 3
-        bundle exec rake
+      - uses: actions/checkout@v2
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby-version }}
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+      - run: bundle exec rake

data/CHANGELOG.md

@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 * Added/Changed/Deprecated/Removed/Fixed/Security: YOUR CHANGE HERE
 
+## [1.1.0]
+
+* Added AttributesValidator
+
 ## [1.0.0]
 
 * Added Ruby on Rails validator

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    resource_policy (1.0.0)
+    resource_policy (1.1.0)
 
 GEM
   remote: https://rubygems.org/

data/docs/_sidebar.md

@@ -4,3 +4,4 @@
   * [ActionsPolicy](components/actions_policy)
   * [ActionsPolicy](components/actions_validator)
   * [AttributesPolicy](components/attributes_policy)
+  * [ActionsPolicy](components/attributes_validator)

data/docs/components/attributes_validator.md

@@ -0,0 +1,37 @@
+# ResourcePolicy::AttributesValidator
+
+`ResourcePolicy::AttributesValidator` is a validator that validates the attributes of an object to ensure they comply with specified policies. The validator can be used to validate a hash of attributes with the `apply_to` option and the desired access level with the `allowed_to` option.
+
+## Options
+
+The validates method requires two options:
+
+- `:apply_to` (required) - The name of the method that returns the hash that needs to be validated.
+- `:allowed_to` (required) - The access level that we need to check. This can be either :read or :write.
+
+## Usage example
+
+```ruby
+class SomeClass
+  include ActiveModel::Validations
+  validates :some_policy, 'resource_policy/attributes': { apply_to: :some_params, allowed_to: :write }
+
+  def some_policy
+    SomePolicy.new
+  end
+
+  def some_params
+    { foo: :foo, bar: :bar }
+  end
+end
+
+some_object = SomeClass.new
+if some_object.valid?
+  # No validation errors, continue with the process
+else
+  some_object.errors.messages # => { foo: ['attribute action "write" is not allowed'], bar: ['attribute action "write" is not allowed'] }
+end
+```
+
+In this example, the `SomeClass` has an attribute named `some_policy` which is being validated using the `ResourcePolicy::AttributesValidator`. The validator checks if attributes from the `some_params` satisfy access level conditions (such as `:write`). It adds an error for each hash key that does not satisfy policy conditions.
+

data/lib/resource_policy/rails.rb

@@ -2,4 +2,5 @@
 
 # Incudes resource policy and rails specific helpers
 require 'resource_policy'
-require 'resource_policy/validators/action_policy_validator'
+require 'resource_policy/validators/action_validator'
+require 'resource_policy/validators/attributes_validator'

data/lib/resource_policy/validators/attributes_validator.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+# Validates attributes hash.
+#
+# Available options:
+#
+#   * `:apply_to` (required) - hash which needs to be validated using policy.
+#   * `:allowed_to` (required) - access level which we need to check. In most cases it's `:read` or `:write`.
+#
+# Usage example:
+#
+#   class MyClass
+#     include ActiveModel::Validations
+#     validates :some_policy, 'resource_policy/attributes': { apply_to: :some_params, allowed_to: :write }
+#
+#     def some_policy
+#       SomePolicy.new
+#     end
+#
+#     def some_params
+#       { foo: :foo, bar: :bar }
+#     end
+#   end
+#
+module ResourcePolicy
+  class AttributesValidator < ActiveModel::EachValidator
+    def validate_each(record, _attribute, policy)
+      hash_value = hash_value_for(record)
+
+      hash_value.each_key do |hash_attribute|
+        validate_attribute_policy(
+          policy.attribute(hash_attribute),
+          record: record,
+          hash_attribute: hash_attribute
+        )
+      end
+    end
+
+    private
+
+    def validate_attribute_policy(attribute_policy, record:, hash_attribute:)
+      if attribute_policy.nil?
+        add_missing_policy_error_for(record, attribute: hash_attribute)
+      elsif !attribute_policy.allowed_to?(access_level)
+        add_not_permitted_error_for(record, attribute: hash_attribute)
+      end
+    end
+
+    def access_level
+      @access_level ||= options.fetch(:allowed_to)
+    end
+
+    def hash_value_for(record)
+      record.send(options.fetch(:apply_to))
+    end
+
+    def add_missing_policy_error_for(record, attribute:)
+      record.errors.add(attribute, 'does not have attribute policy defined')
+    end
+
+    def add_not_permitted_error_for(record, attribute:)
+      record.errors.add(
+        attribute,
+        "attribute action #{access_level.to_s.inspect} is not allowed"
+      )
+    end
+  end
+end

data/lib/resource_policy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ResourcePolicy
-  VERSION = '1.0.0'
+  VERSION = '1.1.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: resource_policy
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Povilas Jurcys
@@ -164,6 +164,7 @@ files:
 - docs/components/action_validator.md
 - docs/components/actions_policy.md
 - docs/components/attributes_policy.md
+- docs/components/attributes_validator.md
 - docs/components/policy.md
 - docs/index.html
 - lib/resource_policy.rb
@@ -180,7 +181,8 @@ files:
 - lib/resource_policy/policy/policy_configuration.rb
 - lib/resource_policy/protected_resource.rb
 - lib/resource_policy/rails.rb
-- lib/resource_policy/validators/action_policy_validator.rb
+- lib/resource_policy/validators/action_validator.rb
+- lib/resource_policy/validators/attributes_validator.rb
 - lib/resource_policy/version.rb
 - resource_policy.gemspec
 homepage: https://github.com/samesystem/resource_policy
@@ -189,7 +191,7 @@ licenses:
 metadata:
   homepage_uri: https://github.com/samesystem/resource_policy
   source_code_uri: https://github.com/samesystem/resource_policy
-  changelog_uri: https://github.com/samesystem/resource_policy/blob/v1.0.0/CHANGELOG.md
+  changelog_uri: https://github.com/samesystem/resource_policy/blob/v1.1.0/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths: