sequel-privacy 0.5 → 0.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8307cc7016667794361e143ba1a17735d2c189079af884a9928df3f67450fed1
-  data.tar.gz: f6ae84ecd2b0627deeb998d69cc7f38ec73313b5851b4e84b4367335ab6e7b06
+  metadata.gz: 2e415c08d25c658e76c101a7c7ccbdbb791ef1f00deb6a81481ada2044a2b779
+  data.tar.gz: 819dfce705006ad300e092650cd2014944989c6bec4baefb6bdd5a0fe1bd6bc1
 SHA512:
-  metadata.gz: ff39c00cfd1df723a53bca2a75a3ab6fd3657e1475f9f53c48f369de686c3c81facea4af80325b6acfa23e409e6e5fe71b5794ed9c31fad7300f19727f25e7e7
-  data.tar.gz: fa3124720cb8a285a1033fc3923d3df5f61d04685585394d94614d9bc7331ada3f8863335e91c0198229bfc7238e827b004de2cbed2c88a06fd762328753f8b2
+  metadata.gz: b875efc8f711c1403eb90e8ebc6ca5071b325c3e6e7856cc7c43f4dc43f5edb4add75a6081db527d30a184c856719a1461da50a2e6a754567a8a5886567daea8
+  data.tar.gz: b1c2f4a0525b3d4232f4f369d483affbf3bcc84235602d116f2d8a40d80c686e5bd8a677e1367bbc53012b8341a63e787b7d502377b2322f63afdbf5f10518ec

data/README.md

@@ -221,56 +221,34 @@ system, so these VCs give you an escape hatch for things like scripts while also
 You could also create lint rules that prevent the casual creation of these viewer contexts.
 
 ```ruby
+# You can use an omniscient viewer context to load the user from a session
+# or however you store them. Discard this viewer context when you're done with it.
+def current_user 
+  return @current_user if @current_user
+  login_vc = Sequel::Privacy::ViewerContext.omniscient(:login)
+  user = User.for_vc(login_vc)[session_user_id]
+  return nil unless user
+
+  # Attach an ActorVC to the loaded user so that future calls to its fields and 
+  # associations respect privacy .
+  @current_user ||= user.for_vc(Sequel::Privacy::ViewerContext.for_actor(user))
+end
+
+def current_vc
+  current_user&.vc || Sequel::Privacy::ViewerContext.anonymous()
+end
+
 # Standard viewer (most common)
-current_vc = Sequel::Privacy::ViewerContext.for_actor(current_user)
 users_groups = Group.for_vc(current_vc).where(creator: current_user).all
 
-# API-specific (can be distinguished in policies)
-vc = Sequel::Privacy::ViewerContext.for_api_actor(current_user)
-
 # Anonymous viewer (logged-out users)
 logged_out_vc = Sequel::Privacy::ViewerContext.anonymous
 posts = Post.for_vc(logged_out_vc).where(published: true).all
 
-# Omniscient VCs can read any object in the system, but are incapable of writes.
-# Dispose of these ViewerContexts quickly. 
-current_user = Sequel::Privacy::ViewerContext.omniscient(:login).then {|vc| User.for_vc(vc)[authenticated_user_id] }
-current_vc = Sequel::Privacy::ViewerContext.for_actor(current_user)
-
 # All-powerful ViewerContexts dangerously bypass all read and write checks.
 admin_vc = Sequel::Privacy::ViewerContext.all_powerful(:admin_migration)
 ```
 
-### A Note Login & Authenticated Users
-
-If your User or equivalent model is privacy-aware *and* is protected by 
-policies that would complicating fetching (or login), then you will have
-trouble creating a `current_user` for an `ActorVC`.
-
-In both cases you can use an `OmniscientVC` to make your initial User query.
-
-```ruby
-before do
-  if session[:user_id]
-    current_user = Sequel::Privacy::ViewerContext.omniscient(:session).then {|vc| User.for_vc(vc)[session[:user_id]] }
-    current_vc = Sequel::Privacy::ViewerContext.for_actor(current_user)
-  else
-    current_user = nil
-    current_vc = Sequel::Privacy::ViewerContext.anonymous
-  end
-end
-
-post '/auth/password' do
-  user = Sequel::Privacy::ViewerContext.omniscient(:login).then {|vc| User.for_vc(vc).first(email: params[:email]) }  
-  
-  pass unless user
-  pass unless user.password == params[:password]
-  
-  session[:user_id] = user.id
-  redirect '/'
-end
-```
-
 ## Mutation Enforcement
 
 When a viewer context is attached, mutations are automatically checked:

data/lib/sequel/plugins/privacy.rb

@@ -405,8 +405,10 @@ module Sequel
           case type
           when :many_to_one, :one_to_one
             _override_singular_association(name)
+            _override_association_dataset(name)
           when :one_to_many, :many_to_many
             _override_plural_association(name)
+            _override_association_dataset(name)
             # Check if there are already privacy policies defined for this association
             setup_association_privacy(name) if privacy_association_policies[name]
           end
@@ -436,6 +438,29 @@ module Sequel
 
         private
 
+        sig { params(name: Symbol).void }
+        def _override_association_dataset(name)
+          dataset_method = :"#{name}_dataset"
+          return unless method_defined?(dataset_method)
+
+          original = instance_method(dataset_method)
+          assoc_reflection = association_reflection(name)
+          assoc_class = T.let(nil, T.nilable(T.class_of(Sequel::Model)))
+
+          define_method(dataset_method) do |*args|
+            ds = original.bind(self).(*args)
+            vc = instance_variable_get(:@viewer_context)
+            return ds unless vc
+
+            assoc_class ||= assoc_reflection.associated_class
+            if assoc_class.respond_to?(:privacy_vc_key) && ds.respond_to?(:for_vc)
+              T.unsafe(ds).for_vc(vc)
+            else
+              ds
+            end
+          end
+        end
+
         sig { params(name: Symbol).void }
         def _override_singular_association(name)
           original = instance_method(name)

data/lib/sequel/privacy/built_in_policies.rb

@@ -3,10 +3,9 @@
 
 module Sequel
   module Privacy
-    # Built-in policies that ship with the gem.
-    # Applications should define their own policies using PolicyDSL.
     module BuiltInPolicies
-      # Always deny access. Should be the last policy in every chain (fail-secure).
+      # Always deny access. You should specify this policy at the end of every chain, but the framework
+      # currently appends it. This could change; I'm not sure about this yet.
       AlwaysDeny = Policy.create(
         :AlwaysDeny,
         -> { :deny },
@@ -14,7 +13,6 @@ module Sequel
         cacheable: true
       )
 
-      # Always allow access. Use sparingly.
       AlwaysAllow = Policy.create(
         :AlwaysAllow,
         -> { :allow },

data/lib/sequel/privacy/cache.rb

@@ -8,7 +8,6 @@ module Sequel
     class << self
       extend T::Sig
 
-      # Returns the in-memory cache Hash for policy results.
       sig { returns(T::Hash[Integer, Symbol]) }
       def cache
         @cache ||= T.let({}, T.nilable(T::Hash[Integer, Symbol]))

data/lib/sequel/privacy/enforcer.rb

@@ -3,8 +3,6 @@
 
 module Sequel
   module Privacy
-    # The Enforcer evaluates policy chains to determine if an action is allowed.
-    # It handles caching, single-match optimization, and policy combinators.
     module Enforcer
       extend T::Sig
 
@@ -138,9 +136,7 @@ module Sequel
         ).returns(Symbol)
       end
       def self.evaluate_child_policies(child_policies, subject, actor, viewer_context, direct_object)
-        unless child_policies.all? { |c| c.is_a?(Proc) }
-          Kernel.raise "Policy combinator contains non-policy members"
-        end
+        Kernel.raise 'Policy combinator contains non-policy members' unless child_policies.all? { |c| c.is_a?(Proc) }
 
         results = child_policies.map do |child_policy|
           policy_result(child_policy, subject, actor, viewer_context, direct_object)
@@ -190,14 +186,10 @@ module Sequel
         result ||= :pass
 
         # Handle combinator results
-        if result.is_a?(Array)
-          result = evaluate_child_policies(result, subject, actor, viewer_context, direct_object)
-        end
+        result = evaluate_child_policies(result, subject, actor, viewer_context, direct_object) if result.is_a?(Array)
 
         # Cache result
-        if policy.cacheable? && !from_cache
-          Sequel::Privacy.cache[cache_key] = result
-        end
+        Sequel::Privacy.cache[cache_key] = result if policy.cacheable? && !from_cache
 
         # Log result
         log_result(policy, result, actor, subject, from_cache, skipped_from_single_match)
@@ -227,9 +219,7 @@ module Sequel
         # Anonymous viewers (no actor) auto-deny unless the policy opts in
         # with allow_anonymous: true (for state-gate policies that examine
         # only the subject).
-        if !actor && policy.arity >= 1 && !policy.allow_anonymous?
-          return :deny
-        end
+        return :deny if !actor && policy.arity >= 1 && !policy.allow_anonymous?
 
         case policy.arity
         when 0
@@ -259,14 +249,14 @@ module Sequel
         actor_id = actor ? actor.id : 'anonymous'
         logger.debug do
           msg = "#{result.to_s.upcase}: #{policy.policy_name || 'anonymous'} for actor[#{actor_id}] on #{subject.class}[#{subject_id(subject)}]"
-          msg += " (cached)" if from_cache
-          msg += " (skipped: single_match)" if skipped
+          msg += ' (cached)' if from_cache
+          msg += ' (skipped: single_match)' if skipped
           msg
         end
 
-        if policy.comment && %i[deny allow].include?(result)
-          logger.debug { " ⮑  #{policy.comment}" }
-        end
+        return unless policy.comment && %i[deny allow].include?(result)
+
+        logger.debug { " ⮑  #{policy.comment}" }
       end
 
       sig { params(subject: TPolicySubject).returns(T.untyped) }

data/lib/sequel/privacy/version.rb

@@ -3,6 +3,6 @@
 
 module Sequel
   module Privacy
-    VERSION = '0.5'
+    VERSION = '0.5.2'
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sequel-privacy
 version: !ruby/object:Gem::Version
-  version: '0.5'
+  version: 0.5.2
 platform: ruby
 authors:
 - Austin Bales