All Versions
Latest Version
Avg Release Cycle
49 days
Latest Release
513 days ago

Changelog History
Page 2

  • v0.4.4 Changes

    July 07, 2020
    • ๐Ÿ›  Fix symbol lookup with namespaces. ([@palkan][])

    ๐Ÿ›  Fixes #122.

    • Separated #classify-based and #camelize-based symbol lookups. ([@Be-ngt-oH][])

    ๐Ÿš… Only affects Rails apps. Now lookup for :users tries to find UsersPolicy first (camelize), and only then search for UserPolicy (classify).

    ๐Ÿ‘€ See PR#118.

    • ๐Ÿ›  Fix calling rules with allowed_to? directly. ([@palkan][])

    Fixes #113

  • v0.4.3 Changes

    December 14, 2019
    • Add #cache(*parts, **options) { ... } method. ([@palkan][])

    ๐Ÿ‘ Allows you to cache anything in policy classes using the Action Policy cache key generation mechanism.

    • ๐Ÿš… Handle versioned Rails cache keys. ([@palkan][])

    Use #cache_with_version as a cache key if defined.

  • v0.4.2 Changes

    December 13, 2019
    • ๐Ÿ›  Fix regression introduced in 0.4.0 which broke testing Class targets. ([@palkan][])
  • v0.4.1

    December 13, 2019
  • v0.4.0 Changes

    December 11, 2019

    ๐Ÿ”‹ Features

    • Optional authorization context. (#95)

    In addition to allow_nil: true, we now have an option to skip the context altogether:

    class OptionalRolePolicy \< ActionPolicy::Baseauthorize :role, optional: trueendpolicy = OptionalRolePolicy.newpolicy.role #=\> nil
    • ๐Ÿš… Rails generators. (#87)

    Now you can use action_policy:install and action_policy:policy MODEL Rails generators.

    • ๐Ÿ†• New instrumentation event: action_policy.init.

    Triggered every time a new policy object is initialized.

    ๐Ÿ”„ Changes

    • โœ… Composed matchers are supported in authorization target testing.

    โœ… Now you can write tests like this:

    expect { subject }.to be\_authorized\_to(:show?, an\_instance\_of(User))
  • v0.3.4 Changes

    November 27, 2019
    • ๐Ÿ›  Fix Rails generators. ([@palkan][])

    Only invoke install generator if application_policy.rb is missing. ๐Ÿ›  Fix hooking into test frameworks.

  • v0.3.3 Changes

    November 27, 2019
    • ๐Ÿ‘Œ Improve pretty print functionality. ([@palkan][])

    Colorize true/false values. ๐Ÿ– Handle multiline expressions and debug statements (i.e., binding.pry).

    • โž• Add Rails generators. ([@nicolas-brousse][])

    Adds action_policy:install and action_policy:policy MODEL Rails generators.

    • Optional authorization target. ([@somenugget][])

    ๐Ÿ‘ Allows making authorization context optional:

    class OptionalRolePolicy < ActionPolicy::Base
      authorize :role, optional: true
    policy =
    policy.role #=> nil
  • v0.3.2 Changes

    May 26, 2019
    • ๐Ÿ›  Fixed thread-safety issues with scoping configs. ([@palkan][])

    ๐Ÿ›  Fixes #75.

  • v0.3.1 Changes

    May 30, 2019
    • ๐Ÿ›  Fixed bug with missing implicit target and hash like scoping data. ([@palkan][])

    ๐Ÿ›  Fixes #70.

  • v0.3.0 Changes

    April 02, 2019
    • โž• Added ActiveSupport-based instrumentation. ([@palkan][])

    ๐Ÿ‘€ See PR#4

    • ๐Ÿ‘ Allow passing authorization context explicitly. ([@palkan][])

    Closes #3.

    Now it's possible to override implicit authorization context via context option:

    authorize! target, to: :show?, context: {user: another_user}
    authorized_scope User.all, context: {user: another_user}
    • ๐Ÿ“‡ Renamed #authorized to #authorized_scope. ([@palkan][])

    NOTE: #authorized alias is also available.

    • โž• Added Policy#pp(rule) method to print annotated rule source code. ([@palkan][])

    Example (debugging):

    def edit?
      binding.pry # rubocop:disable Lint/Debugger
      ( == "John") && (admin? || access_feed?)
    pry> pp :edit?
    โ†ณ ( == "John" #=> false
        admin? #=> false
        access_feed? #=> true

    ๐Ÿ‘€ See PR#63

    • โž• Added ability to provide additional failure reasons details. ([@palkan][])


    class ApplicantPolicy < ApplicationPolicy
      def show?
        allowed_to?(:show?, object.stage)
    class StagePolicy < ApplicationPolicy
      def show?
        # Add stage title to the failure reason (if any)
        # (could be used by client to show more descriptive message)
        details[:title] = record.title
        # then perform the checks