wallaby-core 0.2.0 → 0.2.4

data/lib/authorizers/wallaby/model_authorizer.rb

@@ -1,68 +1,29 @@
 # frozen_string_literal: true
 
 module Wallaby
-  # Model Authorizer to provide authorization functions
-  # @since 5.2.0
+  # This is the base authorizer class to provider authorization for given/associated model.
+  #
+  # For best practice, please create an application authorizer class (see example)
+  # to better control the functions shared between different model authorizers.
+  # @example Create an application class for Admin Interface usage
+  #   class Admin::ApplicationAuthorizer < Wallaby::ModelAuthorizer
+  #     base_class!
+  #   end
+  # @since wallaby-5.2.0
   class ModelAuthorizer
     extend Baseable::ClassMethods
+    base_class!
 
     class << self
-      # @!attribute [w] model_class
-      attr_writer :model_class
-
-      # @!attribute [r] model_class
-      # Return associated model class, e.g. return **Product** for **ProductAuthorizer**.
-      #
-      # If Wallaby can't recognise the model class for Authorizer, it's required to be configured as below example:
-      # @example To configure model class
-      #   class Admin::ProductAuthorizer < Admin::ApplicationAuthorizer
-      #     self.model_class = Product
-      #   end
-      # @example To configure model class for version below 5.2.0
-      #   class Admin::ProductAuthorizer < Admin::ApplicationAuthorizer
-      #     def self.model_class
-      #       Product
-      #     end
-      #   end
-      # @return [Class] assoicated model class
-      # @return [nil] if current class is marked as base class
-      # @return [nil] if current class is the same as the value of {Wallaby::Configuration::Mapping#model_authorizer}
-      # @return [nil] if current class is {Wallaby::ModelAuthorizer}
-      # @return [nil] if assoicated model class is not found
-      def model_class
-        return unless self < ModelAuthorizer
-        return if base_class? || self == Wallaby.configuration.mapping.model_authorizer
-
-        @model_class ||= Map.model_class_map(name.gsub(/(^#{namespace}::)|(Authorizer$)/, EMPTY_STRING))
-      end
-
       # @!attribute [w] provider_name
       attr_writer :provider_name
 
       # @!attribute [r] provider_name
-      # @return [String, Symbol] provider name of the authorization framework used
+      # Provider name of the authorization framework used.
+      # It will be inherited from its parent classes if there isn't one for current class.
+      # @return [String, Symbol]
       def provider_name
-        @provider_name ||= ModuleUtils.try_to superclass, :provider_name
-      end
-
-      # Factory method to create the model authorizer
-      # @param context [ActionController::Base]
-      # @param model_class [Class]
-      # @return [Wallaby::ModelAuthorizer]
-      def create(context, model_class)
-        model_class ||= self.model_class
-        provider_class = guess_provider_class context, model_class
-        new model_class, provider_class, provider_class.args_from(context)
-      end
-
-      private
-
-      # @param context [ActionController::Base]
-      # @param model_class [Class]
-      # @return [Class] provider class
-      def guess_provider_class(context, model_class)
-        providers = Map.authorizer_provider_map model_class
-        providers[provider_name] || providers.values.find { |klass| klass.available? context }
+        @provider_name ||= superclass.try :provider_name
       end
     end
 
@@ -73,28 +34,43 @@ module Wallaby
     attr_reader :model_class
 
     # @!attribute [r] provider
-    # @return [Wallaby::ModelAuthorizationProvider]
-    # @since 5.2.0
+    # @return [Wallaby::ModelAuthorizationProvider] the instance that does the job
+    # @since wallaby-5.2.0
     attr_reader :provider
 
+    # @!attribute [r] context
+    # @return [ActionController::Base, ActionView::Base]
+    # @since 0.2.2
+    attr_reader :context
+
+    # @!attribute [r] options
+    # @return [Hash]
+    # @since 0.2.2
+    attr_reader :options
+
     # @param model_class [Class]
-    # @param provider_name_or_class [String, Symbol, Class]
-    # @param options [Hash]
-    def initialize(model_class, provider_name_or_class, options = {})
+    # @param context [ActionController::Base, ActionView::Base]
+    # @param options [Symbol, String, nil]
+    def initialize(model_class, context, **options)
       @model_class = model_class || self.class.model_class
-      @provider = init_provider provider_name_or_class, options
+      @context = context
+      @options = options
+      @provider = guess_provider_from(context)
     end
 
     protected
 
-    # Go through provider list and detect which provider is used.
-    # @param provider_name_or_class [String, Symbol, Class]
-    # @param options [Hash]
-    # @return [Wallaby::Authorizer]
-    def init_provider(provider_name_or_class, options)
-      providers = Map.authorizer_provider_map model_class
-      provider_class = provider_name_or_class.is_a?(Class) ? provider_name_or_class : providers[provider_name_or_class]
-      provider_class.new(**options)
+    # Go through the provider list and find out the one is
+    # {Wallaby::ModelAuthorizationProvider.available? .available?}
+    # @param context [ActionController::Base, ActionView::Base]
+    def guess_provider_from(context)
+      provider_class =
+        Map.authorizer_provider_map(model_class).try do |providers|
+          providers[options[:provider_name] || self.class.provider_name] \
+            || providers.values.find { |klass| klass.available? context } \
+            || providers[:default] # fallback to default
+        end
+      provider_class.new context, options
     end
   end
 end

data/lib/authorizers/wallaby/pundit_authorization_provider.rb

@@ -1,83 +1,74 @@
 # frozen_string_literal: true
 
 module Wallaby
-  # Pundit base authorization provider
+  # @note This authorization provider DOES NOT use the
+  #   {https://github.com/varvet/pundit#customize-pundit-user pundit_user} helper.
+  #   It uses the one from {Wallaby::AuthenticationConcern#wallaby_user #wallaby_user} instead.
+  # {https://github.com/varvet/pundit Pundit} base authorization provider.
   class PunditAuthorizationProvider < ModelAuthorizationProvider
     # Detect and see if Pundit is in use.
-    # @param context [ActionController::Base]
-    # @return [true] if Pundit is in use.
-    # @return [false] if Pundit is not in use.
+    # @param context [ActionController::Base, ActionView::Base]
+    # @return [true] if Pundit is in use
+    # @return [false] otherwise
     def self.available?(context)
       defined?(Pundit) && context.respond_to?(:pundit_user)
     end
 
-    # This will pull out the args required for contruction from context
-    # @param context [ActionController::Base]
-    # @return [Hash] args for initialize
-    def self.args_from(context)
-      { user: context.pundit_user }
-    end
-
-    # @param user [Object]
-    def initialize(user:)
-      @user = user
-    end
-
     # Check user's permission for an action on given subject.
     #
-    # This method will be used in controller.
+    # This method will be mostly used in controller.
     # @param action [Symbol, String]
     # @param subject [Object, Class]
     # @raise [Wallaby::Forbidden] when user is not authorized to perform the action.
     def authorize(action, subject)
       Pundit.authorize(user, subject, normalize(action)) && subject
     rescue ::Pundit::NotAuthorizedError
-      Rails.logger.info I18n.t('errors.unauthorized', user: user, action: action, subject: subject)
+      Logger.error <<~MESSAGE
+        #{Utils.inspect user} is forbidden to perform #{action} on #{Utils.inspect subject}
+      MESSAGE
       raise Forbidden
     end
 
     # Check and see if user is allowed to perform an action on given subject
     # @param action [Symbol, String]
     # @param subject [Object, Class]
-    # @return [Boolean]
+    # @return [true] if user is allowed to perform the action
+    # @return [false] otherwise
     def authorized?(action, subject)
       policy = Pundit.policy! user, subject
-      ModuleUtils.try_to policy, normalize(action)
+      policy.try normalize(action)
     end
 
     # Restrict user to assign certain values.
     #
     # It will do a lookup in policy's methods and pick the first available method:
     #
-    # - attributes\_for\_#\{ action \}
-    # - attributes\_for
+    # - `attributes_for_#{action}`
+    # - `attributes_for`
     # @param action [Symbol, String]
     # @param subject [Object]
     # @return [Hash] field value paired hash that user's allowed to assign
     def attributes_for(action, subject)
       policy = Pundit.policy! user, subject
-      value = ModuleUtils.try_to(policy, "attributes_for_#{action}") || ModuleUtils.try_to(policy, 'attributes_for')
-      Rails.logger.warn I18n.t('error.pundit.not_found.attributes_for', subject: subject) unless value
-      value || {}
+      policy.try("attributes_for_#{action}") || policy.try('attributes_for') || {}
     end
 
     # Restrict user for mass assignment.
     #
     # It will do a lookup in policy's methods and pick the first available method:
     #
-    # - permitted\_attributes\_for\_#\{ action \}
-    # - permitted\_attributes
+    # - `permitted_attributes_for_#{ action }`
+    # - `permitted_attributes`
     # @param action [Symbol, String]
     # @param subject [Object]
     # @return [Array] field list that user's allowed to change.
     def permit_params(action, subject)
       policy = Pundit.policy! user, subject
       # @see https://github.com/varvet/pundit/blob/master/lib/pundit.rb#L258
-      ModuleUtils.try_to(policy, "permitted_attributes_for_#{action}") \
-        || ModuleUtils.try_to(policy, 'permitted_attributes')
+      policy.try("permitted_attributes_for_#{action}") || policy.try('permitted_attributes')
     end
 
-    private
+    protected
 
     # Convert action to pundit method name
     # @param action [Symbol, String]

data/lib/concerns/wallaby/application_concern.rb

@@ -0,0 +1,110 @@
+# frozen_string_literal: true
+
+module Wallaby
+  # Here, it provides the most basic functions e.g. error handling for common 4xx HTTP status, helpers method,
+  # and URL handling.
+  module ApplicationConcern
+    extend ActiveSupport::Concern
+
+    # @!parse
+    #   extend Engineable::ClassMethods
+    #   include Engineable
+    #   include SharedHelpers
+
+    # @!method healthy
+    # Health check page
+
+    # @!method not_found(exception = nil)
+    # Not found page
+    # @param exception [Exception] comes from **rescue_from**
+
+    # @!method bad_request(exception = nil)
+    # Bad request page
+    # @param exception [Exception] comes from **rescue_from**
+
+    # @!method unprocessable_entity(exception = nil)
+    # Unprocessable entity page
+    # @param exception [Exception] comes from **rescue_from**
+
+    # @!method internal_server_error(exception = nil)
+    # Internal server error page
+    # @param exception [Exception] comes from **rescue_from**
+
+    # @!method not_implemented(exception = nil)
+    # Not implemented
+    # @param exception [Exception] comes from **rescue_from**
+
+    # @!method helpers
+    # {https://api.rubyonrails.org/classes/ActionController/Helpers.html#method-i-helpers helpers}
+    # exists since Rails 5.0, need to mimic this to support Rails 4.2.
+    # @see https://api.rubyonrails.org/classes/ActionController/Helpers.html#method-i-helpers
+    #   ActionController::Helpers#helpers
+    # @see https://github.com/rails/rails/blob/5-0-stable/actionpack/lib/action_controller/metal/helpers.rb#L118
+
+    # @!method render_error(exception, symbol)
+    # Capture exceptions and display the error using error template.
+    # @param exception [Exception]
+    # @param symbol [Symbol] http status symbol
+
+    included do # rubocop:disable Metrics/BlockLength
+      extend Engineable::ClassMethods
+      include Engineable
+      include SharedHelpers
+
+      rescue_from NotFound, with: :not_found
+      rescue_from ::ActionController::ParameterMissing, with: :bad_request
+      rescue_from ::ActiveRecord::StatementInvalid, with: :unprocessable_entity
+      rescue_from NotImplemented, with: :not_implemented
+      rescue_from UnprocessableEntity, with: :unprocessable_entity
+
+      delegate(*ConfigurationHelper.instance_methods(false), :url_for, to: :helpers)
+
+      # (see #healthy)
+      def healthy
+        render plain: 'healthy'
+      end
+
+      # (see #not_found)
+      def not_found(exception = nil)
+        render_error exception, __callee__
+      end
+
+      # (see #bad_request)
+      def bad_request(exception = nil)
+        render_error exception, __callee__
+      end
+
+      # (see #unprocessable_entity)
+      def unprocessable_entity(exception = nil)
+        render_error exception, __callee__
+      end
+
+      # (see #internal_server_error)
+      def internal_server_error(exception = nil)
+        render_error exception, __callee__
+      end
+
+      # (see #not_implemented)
+      def not_implemented(exception = nil)
+        render_error exception, __callee__
+      end
+
+      # (see #helpers)
+      def helpers
+        @helpers ||= defined?(super) ? super : view_context
+      end
+
+      protected
+
+      # (see #render_error)
+      def render_error(exception, symbol)
+        Logger.error exception
+
+        @exception = exception
+        @symbol = symbol
+        @code = Rack::Utils::SYMBOL_TO_STATUS_CODE[symbol].to_i
+        respond_with @exception, status: @code, template: ERROR_PATH, prefixes: _prefixes
+      end
+    end
+  end
+end

data/lib/concerns/wallaby/authentication_concern.rb

@@ -0,0 +1,162 @@
+# frozen_string_literal: true
+
+module Wallaby
+  # Authentication related functions
+  module AuthenticationConcern
+    extend ActiveSupport::Concern
+
+    # @deprecated Use {#wallaby_user} instead
+    # @!method current_user
+    # @note This is a template method that can be overridden by subclasses
+    # This {current_user} method will try to looking up the actual implementation from the following
+    # places from high precedence to low:
+    #
+    # - {Wallaby::Configuration::Security#current_user}
+    # - `super`
+    # - do nothing
+    #
+    # It can be replaced completely in subclasses:
+    #
+    #   def current_user
+    #     # NOTE: please ensure `@current_user` is assigned, for instance:
+    #     @current_user ||= User.new params.slice(:email)
+    #   end
+    # @return [Object] a user object
+
+    # @deprecated Use {#authenticate_wallaby_user!} instead
+    # @!method authenticate_user!
+    # @note This is a template method that can be overridden by subclasses
+    # This {authenticate_user!} method will try to looking up the actual implementation from the following
+    # places from high precedence to low:
+    #
+    # - {Wallaby::Configuration::Security#authenticate}
+    # - `super`
+    # - do nothing
+    #
+    # It can be replaced completely in subclasses:
+    #
+    #   def authenticate_user!
+    #     authenticate_or_request_with_http_basic do |username, password|
+    #       username == 'too_simple' && password == 'too_naive'
+    #     end
+    #   end
+    # @return [true] when user is authenticated successfully
+    # @raise [Wallaby::NotAuthenticated] when user fails to authenticate
+
+    # @!method wallaby_user
+    # @note This is a template method that can be overridden by subclasses
+    # This method will try to call {#current_user} from superclass.
+    # @example It can be overridden in subclasses:
+    #   def wallaby_user
+    #     # NOTE: better to assign user to `@wallaby_user` for better performance:
+    #     @wallaby_user ||= User.new params.slice(:email)
+    #   end
+    # @return [Object] a user object
+
+    # @!method pundit_user
+    # @note This is a template method that can be overridden by subclasses
+    # This overridden method of {#original_pundit_user} will try to call {#wallaby_user} instead of {#current_user}.
+    # @example It can be overridden in subclasses:
+    #   def pundit_user
+    #     @pundit_user ||= User.new params.slice(:email)
+    #   end
+    # @return [Object] a user object
+
+    # @!parse alias :override_pundit_user :pundit_user
+
+    # @!method original_pundit_user
+    # This method is the original version of {#pundit_user} which calls the {#current_user}.
+    # @return [Object] a user object
+
+    # @!method authenticate_wallaby_user!
+    # @note This is a template method that can be overridden by subclasses
+    # This method will try to call {#authenticate_user!} from superclass.
+    # And it will be run as the first callback before an action.
+    # @example It can be overridden in subclasses:
+    #   def authenticate_wallaby_user!
+    #     authenticate_or_request_with_http_basic do |username, password|
+    #       username == 'too_simple' && password == 'too_naive'
+    #     end
+    #   end
+    # @return [true] when user is authenticated successfully
+    # @raise [Wallaby::NotAuthenticated] when user fails to authenticate
+
+    # @!method unauthorized(exception = nil)
+    # Unauthorized page.
+    # @param exception [Exception] comes from **rescue_from**
+
+    # @!method forbidden(exception = nil)
+    # Forbidden page.
+    # @param exception [Exception] comes from **rescue_from**
+
+    included do # rubocop:disable Metrics/BlockLength
+      helper_method :wallaby_user
+
+      rescue_from NotAuthenticated, with: :unauthorized
+      rescue_from Forbidden, with: :forbidden
+
+      # (see #current_user)
+      # TODO: remove this from 6.2
+      def current_user
+        @current_user ||=
+          if security.current_user? || !defined? super
+            instance_exec(&security.current_user)
+          else
+            Logger.deprecated 'Wallaby will use `wallaby_user` instead of `current_user` from 6.2.'
+            super
+          end
+      end
+
+      # (see #authenticate_user!)
+      # TODO: remove this from 6.2
+      def authenticate_user!
+        authenticated =
+          if security.authenticate? || !defined? super
+            instance_exec(&security.authenticate)
+          else
+            Logger.deprecated 'Wallaby will use `authenticate_wallaby_user!`' \
+              'instead of `authenticate_user!` from 6.2.'
+            super
+          end
+        raise NotAuthenticated if authenticated == false
+
+        true
+      end
+
+      # (see #wallaby_user)
+      def wallaby_user
+        @wallaby_user ||= try :current_user
+      end
+
+      if defined?(::Pundit) && instance_methods.include?(:pundit_user)
+        # (see #override_pundit_user)
+        def override_pundit_user
+          wallaby_user
+        end
+
+        # (see #original_pundit_user)
+        alias_method :original_pundit_user, :pundit_user
+        # (see #pundit_user)
+        alias_method :pundit_user, :override_pundit_user
+      end
+
+      # (see #authenticate_wallaby_user!)
+      def authenticate_wallaby_user!
+        authenticated = try :authenticate_user!
+        raise NotAuthenticated if authenticated == false
+
+        true
+      end
+
+      # (see #unauthorized)
+      def unauthorized(exception = nil)
+        render_error exception, __callee__
+      end
+
+      # (see #forbidden)
+      def forbidden(exception = nil)
+        render_error exception, __callee__
+      end
+    end
+  end
+end

data/lib/concerns/wallaby/authorizable.rb

@@ -20,7 +20,7 @@ module Wallaby
       # @return [Class] model authorizer
       # @raise [ArgumentError] when **model_authorizer** doesn't inherit from **application_authorizer**
       # @see Wallaby::ModelAuthorizer
-      # @since 5.2.0
+      # @since wallaby-5.2.0
       attr_reader :model_authorizer
 
       # @!attribute [w] application_authorizer
@@ -38,7 +38,7 @@ module Wallaby
       # @return [Class] application decorator
       # @raise [ArgumentError] when **model_authorizer** doesn't inherit from **application_authorizer**
       # @see Wallaby::ModelAuthorizer
-      # @since 5.2.0
+      # @since wallaby-5.2.0
       def application_authorizer
         @application_authorizer ||= ModuleUtils.try_to superclass, :application_authorizer
       end
@@ -52,11 +52,11 @@ module Wallaby
     # - a generic authorizer based on
     #   {Wallaby::Authorizable::ClassMethods#application_authorizer .application_authorizer}
     # @return [Wallaby::ModelAuthorizer] model authorizer
-    # @since 5.2.0
+    # @since wallaby-5.2.0
     def current_authorizer
       @current_authorizer ||=
         authorizer_of(current_model_class, controller_to_get(:model_authorizer)).tap do |authorizer|
-          Rails.logger.info %(  - Current authorizer: #{authorizer.try(:class)})
+          Logger.debug %(Current authorizer: #{authorizer.try(:class)}), sourcing: false
         end
     end
 
@@ -65,7 +65,7 @@ module Wallaby
     # @param subject [Object, Class]
     # @return [true] if allowed
     # @return [false] if not allowed
-    # @since 5.2.0
+    # @since wallaby-5.2.0
     def authorized?(action, subject)
       return false unless subject
 
@@ -78,7 +78,7 @@ module Wallaby
     # @param subject [Object, Class]
     # @return [true] if not allowed
     # @return [false] if allowed
-    # @since 5.2.0
+    # @since wallaby-5.2.0
     def unauthorized?(action, subject)
       !authorized? action, subject
     end
@@ -88,10 +88,10 @@ module Wallaby
     # @param model_class [Class]
     # @param authorizer_class [Class, nil]
     # @return [Wallaby::ModelAuthorizer] model authorizer for given model
-    # @since 5.2.0
+    # @since wallaby-5.2.0
     def authorizer_of(model_class, authorizer_class = nil)
       authorizer_class ||= Map.authorizer_map(model_class, controller_to_get(:application_authorizer))
-      authorizer_class.try :create, self, model_class
+      authorizer_class.new model_class, self
     end
   end
 end