{"id":13879737,"url":"https://github.com/producthunt/kitty-policy","last_synced_at":"2025-04-30T13:07:53.640Z","repository":{"id":56880217,"uuid":"193889096","full_name":"producthunt/kitty-policy","owner":"producthunt","description":"Kitty Policy Ruby Authorization Gem","archived":false,"fork":false,"pushed_at":"2024-08-02T00:23:22.000Z","size":46,"stargazers_count":23,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-20T16:42:29.136Z","etag":null,"topics":["authorization","gem","graphql","producthunt","ruby","ruby-on-rails"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/producthunt.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-06-26T11:12:06.000Z","updated_at":"2023-12-19T11:06:09.000Z","dependencies_parsed_at":"2024-11-15T05:42:44.200Z","dependency_job_id":null,"html_url":"https://github.com/producthunt/kitty-policy","commit_stats":{"total_commits":45,"total_committers":3,"mean_commits":15.0,"dds":"0.11111111111111116","last_synced_commit":"b09cb26f62d52abb284a866d594baf6b13fa207f"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/producthunt%2Fkitty-policy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/producthunt%2Fkitty-policy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/producthunt%2Fkitty-policy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/producthunt%2Fkitty-policy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/producthunt","download_url":"https://codeload.github.com/producthunt/kitty-policy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246343442,"owners_count":20762039,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","gem","graphql","producthunt","ruby","ruby-on-rails"],"created_at":"2024-08-06T08:02:30.875Z","updated_at":"2025-03-30T16:20:40.275Z","avatar_url":"https://github.com/producthunt.png","language":"Ruby","funding_links":[],"categories":["Ruby"],"sub_categories":[],"readme":"# KittyPolicy\n\n[![Gem Version](https://badge.fury.io/rb/kitty_policy.svg)](https://badge.fury.io/rb/kitty_policy)\n[![Code Climate](https://codeclimate.com/github/producthunt/kitty-policy.svg)](https://codeclimate.com/github/producthunt/kitty-policy)\n\nMinimalistic authorization library extracted from [Product Hunt](https://www.producthunt.com/).\n\nFeatures:\n\n- small DSL for defining authorization abilities\n- not class initializations when performing abilities check\n- integrations with [GraphQL gem](https://rubygems.org/gems/graphql).\n\n## Installation\n\nAdd this line to your application's Gemfile:\n\n```ruby\ngem 'kitty_policy'\n```\n\nAnd then execute:\n\n    $ bundle\n\nOr install it yourself as:\n\n    $ gem install kitty_policy\n\n## Usage\n\n### Step 1 - Define policy object\n\n```ruby\nmodule ApplicationPolicy\n  extend KittyPolicy::DSL\n\n  # generates a method named `can_moderate?`\n  # example: no subject, just action\n  can :moderate do |user|\n    user.admin?\n  end\n\n  # generates a method named `can_start_trial?`\n  # example: `allow_guest` access\n  can :start_trial, allow_guest: true do |user, _subscription|\n    !user || user.trial_used?\n  end\n\n  # generates a method named `can_create_chat_room?`\n  # example: subject as symbol\n  can :create, :chat_room do |user|\n    user.admin?\n  end\n\n  # generates a method named `can_create_post?`\n  # example: subject as class, instance not used\n  can :create, Post do |user|\n    user.can_post?\n  end\n\n  # generates a method named `can_edit_post?`\n  # example: subject as class, passing subject instance\n  can :edit, Post do |user, post|\n    user.admin?  || user == post.author\n  end\n\n  # generates a method named `can_manage_account?`\n  # example: using a private helper method\n  can :manage, Account do |user, account|\n    user.admin? || member?(user, account)\n  end\n\n  private\n\n  # you can extract private helper methods\n  def member?(user, account)\n    # ...\n  end\nend\n```\n\n`can` is just a convince helper to create methods on a module:\n\n```\nApplicationPolicy.can_moderate?\nApplicationPolicy.can_start_trial?\nApplicationPolicy.can_create_post?\nApplicationPolicy.can_edit_post?\nApplicationPolicy.can_manage_account?\n```\n\n### Step 2 - Use policy object\n\n```ruby\n# answers if user can perform certain action\nApplicationPolicy.can?(user, :create, Post)\nApplicationPolicy.can?(user, :create, Post.new)\nApplicationPolicy.can?(user, :create, post)\nApplicationPolicy.can?(user, :start_trial)\n\n# raises `KittyPolicy::AccessDenied` when user can't perform certain action\nApplicationPolicy.authorize!(user, :create, Post)\nApplicationPolicy.authorize!(user, :create, Post.new)\nApplicationPolicy.authorize!(user, :create, post)\nApplicationPolicy.authorize!(user, :start_trial)\n```\n\n### (Optional Step) - Group policies into separate files\n\nYou can split your logic into multiple policy files:\n\n```ruby\nmodule Posts::Policy\n  extend KittyPolicy::DSL\n\n  # ... define abilities\nend\n```\n\nThen you can group them together.\n\n```ruby\nmodule ApplicationPolicy\n  extend Posts::Policy\n  extend Ship::Policy\nend\n```\n\n### Testing with RSpec\n\n```ruby\nrequire 'spec_helper'\nrequire 'kitty_policy/rspec'\n\ndescribe ApplicationPolicy do\n  include KittyPolicy::RSpec\n\n  describe 'can_moderate?' do\n    it 'returns true for admin' do\n      expect(User.new(admin: true)).to be_able_to :moderate\n    end\n\n    it 'returns false for everyone else' do\n      expect(User.new(admin: false)).not_to be_able_to :moderate\n    end\n  end\nend\n```\n\n### Delegating abilities\n\n```ruby\nmodule ApplicationPolicy\n  extend KittyPolicy::DSL\n\n  can :edit, Post do |user, post|\n    user.id == post.user_id\n  end\n\n  # users who can edit post, should edit or delete its media\n  can :edit, PostMedia do |user, media|\n    can? user, :edit, media.post\n  end\n\n  can :destroy, PostMedia do |user, media|\n    can? user, :edit, media.post\n  end\n\n  # this can be expressed with `delegate_ability` helper\n\n  delegate_ability :edit, PostMedia, to: :post\n  delegate_ability :destroy, PostMedia, to: :post, to_ability: :edit\n```\n\n### Integration with GraphQL\n\n#### Field level authorization\n\n```ruby\n# Manually import graphql plugin\nrequire 'kitty_policy/graphql/field_authorization'\n\nclass ProductHuntSchema \u003c GraphQL::Schema\n  # setup authorization per field\n  instrument :field, KittyPolicy::GraphQL::FieldAuthorization.new(\n    policy: ApplicationPolicy,        # required\n    current_user_key: :current_user,  # optional, default: :current_user\n  )\n\n  # ...\nend\n```\n\n```ruby\nmodule Types\n  class PostType \u003c BaseObject\n    # Same as:\n    # if ApplicationPolicy.can?(context[:current_user], :edit, object)\n    #   return metrics\n    # else\n    #   return []\n    # end\n    field :metrics, [MetricType], null: false, authorize: :edit, fallback: []\n\n    # Same as:\n    # if ApplicationPolicy.can?(context[:current_user], :moderate, object)\n    #   return moderation_changes_count\n    # else\n    #   return 0\n    # end\n    field :moderation_changes_count, Integer, null: false, authorize: :moderate, fallback: 0\n  end\nend\n```\n\n```ruby\nmodule Types\n  class QueryType \u003c BaseObject\n    # With fallback, same as:\n    # if ApplicationPolicy.can?(context[:current_user], :view, post)\n    #   return post\n    # else\n    #   return nil\n    # end\n    field :post, PostType, null: false, authorize_object: :view, fallback: nil do\n      argument :id, ID, required: true\n    end\n\n    # Without fallback, same as:\n    # if ApplicationPolicy.can?(context[:current_user], :view, post)\n    #   return post\n    # else\n    #   raise KittyPolicy::AccessDenied(context[:current_user], :view, post)\n    # end\n    field :post, PostType, null: false, authorize_object: :view do\n      argument :id, ID, required: true\n    end\n  end\nend\n```\n\n#### Can resolver\n\nExposes if current user can perform certain action.\n\n```ruby\n# Manually import graphql plugin\nrequire 'kitty_policy/graphql/can_resolver'\n\nmodule Resolvers\n  Can = KittyPolicy::GraphQL::CanResolver.new(\n    policy: ApplicationPolicy,        # required\n    current_user_key: :current_user,  # optional, default: :current_user\n    base_resolver: BaseResolver,      # optional, default: ::GraphQL::Schema::Resolver,\n  )\nend\n```\n\n```ruby\nmodule Types\n  class PostType \u003c BaseObject\n    # ...\n\n    field :can_edit, resolver: Resolvers::Can.perform(:edit)                   # -\u003e ApplicationPolicy.can?(edit, post)\n    field :can_moderate, resolver: Resolvers::Can.perform(:moderate) { :site } # -\u003e ApplicationPolicy.can?(:moderate, :site)\n  end\nend\n```\n\n## Development\n\nAfter checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.\n\nTo install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).\n\n## Contributing\n\n1. Fork it\n2. Create your feature branch (`git checkout -b my-new-feature`)\n3. Commit your changes (`git commit -am 'Add some feature'`)\n4. Push to the branch (`git push origin my-new-feature`)\n5. Run the tests (`rake`)\n6. Create new Pull Request\n\n## License\n\nThe gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).\n\n## Code of Conduct\n\nEveryone interacting in the KittyPolicy project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/producthunt/kitty-policy/blob/master/CODE_OF_CONDUCT.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fproducthunt%2Fkitty-policy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fproducthunt%2Fkitty-policy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fproducthunt%2Fkitty-policy/lists"}