Allow passing policy class to scope (#13)

* Allow passing policy class to scope * Bump version * Remove dead code
ontohub · Sep 6, 2017 · 93f8233 · 93f8233
1 parent 8987e35
commit 93f8233
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -112,6 +112,15 @@ field :posts
 end
 ```
 
+In case you only want to specify the Policy class containing the Scope explicitly, you can pass the Policy class explicitly:
+
+```ruby
+field :posts
+  scope PostablePolicy
+  resolve ...
+end
+```
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

diff --git a/lib/graphql-pundit/instrumenter.rb b/lib/graphql-pundit/instrumenter.rb
@@ -23,16 +23,6 @@ def instrument(type, field)
         scoped_field = scope_instrumenter.instrument(type, field)
         authorization_instrumenter.instrument(type, scoped_field)
       end
-
-      def authorize(current_user, obj, args, ctx, options)
-        if options[:proc]
-          options[:proc].call(obj, args, ctx)
-        else
-          ::Pundit.authorize(ctx[current_user],
-                             options[:record] || obj,
-                             options[:query].to_s + '?')
-        end
-      end
     end
   end
 end
diff --git a/lib/graphql-pundit/instrumenters/scope.rb b/lib/graphql-pundit/instrumenters/scope.rb
@@ -25,6 +25,10 @@ def instrument(_type, field)
           old_resolve = field.resolve_proc
 
           scope_proc = lambda do |obj, _args, ctx|
+            unless inferred?(scope)
+              obj.define_singleton_method(:policy_class) { scope }
+            end
+
             ::Pundit.policy_scope!(ctx[current_user], obj)
           end
           scope_proc = scope if proc?(scope)
@@ -40,7 +44,7 @@ def instrument(_type, field)
         private
 
         def valid_value?(value)
-          inferred?(value) || proc?(value)
+          value.is_a?(Class) || inferred?(value) || proc?(value)
         end
 
         def proc?(value)

diff --git a/lib/graphql-pundit/version.rb b/lib/graphql-pundit/version.rb
@@ -2,6 +2,6 @@
 
 module GraphQL
   module Pundit
-    VERSION = '0.2.0'
+    VERSION = '0.3.0'
   end
 end
diff --git a/spec/graphql-pundit/instrumenters/scope_spec.rb b/spec/graphql-pundit/instrumenters/scope_spec.rb
@@ -58,7 +58,7 @@ def test?
       end
     end
 
-    context 'explicit scope' do
+    context 'explicit scope proc' do
       let(:field) do
         GraphQL::Field.define(type: 'String') do
           name :notTest
@@ -71,6 +71,20 @@ def test?
         expect(result).to match_array([22, 48])
       end
     end
+
+    context 'explicit scope class' do
+      let(:field) do
+        GraphQL::Field.define(type: 'String') do
+          name :notTest
+          scope ScopeTestPolicy
+          resolve ->(obj, _args, _ctx) { obj.to_a }
+        end
+      end
+
+      it 'filters the list' do
+        expect(result).to match_array([1, 2, 3])
+      end
+    end
   end
 
   context 'with authorization' do
@@ -89,7 +103,7 @@ def test?
       end
     end
 
-    context 'explicit scope' do
+    context 'explicit scope proc' do
       let(:field) do
         GraphQL::Field.define(type: 'String') do
           name :test
@@ -103,6 +117,21 @@ def test?
         expect(result).to eq(nil)
       end
     end
+
+    context 'explicit scope class' do
+      let(:field) do
+        GraphQL::Field.define(type: 'String') do
+          name :test
+          authorize
+          scope ScopeTestPolicy
+          resolve ->(obj, _args, _ctx) { obj.to_a }
+        end
+      end
+
+      it 'returns nil' do
+        expect(result).to eq(nil)
+      end
+    end
   end
 
   context 'invalid scope argument' do