Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

action_policy-graphiti

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

action_policy-graphiti

  • 0.2.1
  • Rubygems
  • Socket score

Version published
Maintainers
1
Created
Source

Action Policy Graphiti

This gem allows you to use Action Policy as an authorization framework for Graphiti applications.

The following features are currently enabled:

  • Authorization of create, update and destroy actions
  • Resource scoping

This gem is under heavy development so use it at your own risk!

Installation

Add this line to your application's Gemfile:

gem "action_policy-graphiti"

Usage

The integration is done via including a behaviour module into your Graphiti resources:

class TestResource < ApplicationResource
  include ActionPolicy::Graphiti::Behaviour
end

Authorization of actions is done via using corresponding class methods:

class TestResource < ApplicationResource
  include ActionPolicy::Graphiti::Behaviour
  
  authorize_action :create
  authorize_action :update
  authorize_action :destroy
end

Or certain action shortcuts may be used (pay attention to explicit policies and actions):

class TestResource < ApplicationResource
  include ActionPolicy::Graphiti::Behaviour
  
  authorize_create to: :manage_but_not_destroy?
  authorize_update with: 'TestExplicitPolicy', to: :manage_but_not_destroy?
  authorize_destroy
end

Note: current implementation requires you to use policy names (when specifying explicit policies) instead of classes since it is not guaranteed that policy classes are already loaded before the resource classes load.

Note: current implementation requires you to place authorize_ directives after before_save and before_destroy hooks (since it is adding authorization checks as hooks and we want them to be called after all the regular hooks were completed).

Scoping is done via adding the following class method call (you can specify the explicit policy using with argument):

class TestResource < ApplicationResource
  include ActionPolicy::Graphiti::Behaviour
  
  authorize_scope with: 'TestExplicitPolicy'
  # or just plain authorize_scope 
end

You can also use a handy shortcut (you can also use an explicit with argument just as with other authorize_ class methods) to authorize create, update, destroy methods and also apply scoping:

class TestResource < ApplicationResource
  include ActionPolicy::Graphiti::Behaviour
  
  authorize_and_scope_all with: 'TestExplicitPolicy'
  # or just plain authorize_and_scope_all if you want to deduce the policy class 
end

Note: current implementation requires you to place authorize_scope (and authorize_and_scope_all too) call after the explicit base_scope method (scoping is performed by base scope results modification).

You can also use authorization context building inside Graphiti resources (just like with Action Policy in controllers):

class TestResource < ApplicationResource
  include ActionPolicy::Graphiti::Behaviour
  
  authorize :parameter, through: :acquire_parameter
  
  def acquire_parameter
    # Your code goes here
  end
end

Or in a base class:

class ApplicationResource < Graphiti::Resource
  include ActionPolicy::Graphiti::Behaviour
  
  authorize :parameter, through: :acquire_parameter
  
  def acquire_parameter
    # Your code goes here
  end
end

And then in a corresponding policy:

class ApplicationPolicy < ActionPolicy::Base
  authorize :parameter
end

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/shrimple-tech/action_policy-graphiti.

License

The gem is available as open source under the terms of the MIT License.

FAQs

Package last updated on 30 Jun 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc