bullet_train-roles 0.1.4 → 0.1.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f03a796a2c17954ad4c25e313caea68ba0b60b7e8901e7c1acf83d869e100592
-  data.tar.gz: 131e6518cefb00c6ea280d4ac4bf492961cb6f45b6d0ef3d695b66de9366d906
+  metadata.gz: 95cb748cf7f1d4cb6b3ba9a28c6d7b3d7e8bab30cd1d76eb925e52ebc48741a7
+  data.tar.gz: 8d1a5d66b9febbae5985105932f9d4f751f0e806386bb6ec9b98ff73c240e3fc
 SHA512:
-  metadata.gz: 7df53d71fb2d393e84a30a5efb1fa9f351781653b40e1cc31e5cf565d4432228b3a78b6924d021908c5d463695dfdeb0dff834a0f1c63a26438774e8159f4438
-  data.tar.gz: 56a0c8b76f5105959d828db3f619c863cc917fd3caf1e8dc838151268da68da1bce455ebd3378f68dfa7bf78d804d673df311f6351cfd0a47a2b4f43a6c68c07
+  metadata.gz: 9eed70dbba4e17e025885df2d7a1ce920afadfa1da90ad20194916c13d4cfeedd5f979efaf71c1609a4f9474b8b5783c31ef7477cfcd078227726a81252d8e09
+  data.tar.gz: 43c8ed5b1db7d28f49aa171cca36eb675f95eeb37542f7dcb264691c35f55aaf2c18109b35604f8f5add5ae2142f2eba9834bddfb5e38f51aa532a79fa0d20f3

data/.circleci/config.yml

@@ -1,86 +1,124 @@
 version: 2.1
 orbs:
   ruby: circleci/ruby@0.1.2
-
+  browser-tools: circleci/browser-tools@1.1
 aliases:
   - &restore_bundler_cache
-    name: Restore Bundler cache
-    keys:
-      - gem-cache-v1-{{ .Branch }}-{{ checksum "Gemfile.lock" }}
-      - gem-cache-v1-{{ .Branch }}-
-      - gem-cache-v1-
+      name: Restore Bundler cache
+      keys:
+        - gem-cache-v1-{{ .Branch }}-{{ checksum "Gemfile.lock" }}
+        - gem-cache-v1-{{ .Branch }}-
+        - gem-cache-v1-
   - &restore_yarn_cache
-    name: Restore Yarn cache
-    keys:
-      - yarn-packages-v1-{{ .Branch }}-{{ checksum "yarn.lock" }}
-      - yarn-packages-v1-{{ .Branch }}-
-      - yarn-packages-
+      name: Restore Yarn cache
+      keys:
+        - yarn-packages-v1-{{ .Branch }}-{{ checksum "yarn.lock" }}
+        - yarn-packages-v1-{{ .Branch }}-
+        - yarn-packages-
   - &save_bundle_cache
-    name: Save Bundle cache
-    key: gem-cache-v1-{{ .Branch }}-{{ checksum "Gemfile.lock" }}
-    paths:
-      - vendor/bundle
+      name: Save Bundle cache
+      key: gem-cache-v1-{{ .Branch }}-{{ checksum "Gemfile.lock" }}
+      paths:
+        - vendor/bundle
   - &save_yarn_cache
-    name: Save Yarn cache
-    key: yarn-packages-v1-{{ .Branch }}-{{ checksum "yarn.lock" }}
-    paths:
-      - node_modules
-
+      name: Save Yarn cache
+      key: yarn-packages-v1-{{ .Branch }}-{{ checksum "yarn.lock" }}
+      paths:
+        - node_modules
+  - &ruby_node_browsers_docker_image
+      - image: cimg/ruby:3.1.2-browsers
+        environment:
+          PGHOST: localhost
+          PGUSER: untitled_application
+          RAILS_ENV: test
+  - &postgres_docker_image
+      - image: circleci/postgres
+        environment:
+          POSTGRES_HOST_AUTH_METHOD: trust
+          POSTGRES_DB: untitled_application_test
+          POSTGRES_USER: untitled_application
+  - &wait_for_docker
+      # We run this because the DB might not be available for a while due to a race condition.
+      run: dockerize -wait tcp://localhost:5432 -timeout 1m
 jobs:
-  'Standard Ruby':
+  'Local Minitest':
+    docker:
+      - <<: *ruby_node_browsers_docker_image
+      - <<: *postgres_docker_image
+      - image: circleci/redis
+    executor: ruby/default
+    steps:
+      - browser-tools/install-browser-tools
+      - checkout
+
+      # Install dependencies
+      - run: "bundle install"
+      - run: "bundle clean --force"
+      - run: "yarn install"
+      - *wait_for_docker
+      - run:
+          name: Run unit tests
+          command: bundle exec rails test
+
+  'Local Standard Ruby':
     docker:
-      # normal ruby image is also sufficient here but we are using node-browsers so that we can make use of caching and speed up the process since other jobs are also using the same image
-      - image: circleci/ruby:3.0.2-node-browsers
+      - <<: *ruby_node_browsers_docker_image
     steps:
       - checkout
 
-      # Restore dependency caches
-      - restore_cache: *restore_bundler_cache
-      - restore_cache: *restore_yarn_cache
+      # TODO Figure out how to make these work for `tmp/starter`
+      # # Restore dependency caches
+      # - restore_cache: *restore_bundler_cache
+      # - restore_cache: *restore_yarn_cache
 
       # Install dependencies
       - ruby/bundle-install
       - run: bundle clean --force
       - run: yarn install
 
-      # Save dependency caches
-      # We only do this as part of this job, because it's time consuming and we don't want it to slow down test runners.
-      - save_cache: *save_bundle_cache
-      - save_cache: *save_yarn_cache
+      # # Save dependency caches
+      # # We only do this as part of this job, because it's time consuming and we don't want it to slow down test runners.
+      # - save_cache: *save_bundle_cache
+      # - save_cache: *save_yarn_cache
 
       - run:
           name: Check Standard Ruby
           command: bundle exec standardrb
 
-  'Minitest':
+  'Starter Repo Minitest':
     docker:
-      - image: circleci/ruby:3.0.2-node-browsers
-        environment:
-          PGHOST: localhost
-          PGUSER: bullet_train
-          RAILS_ENV: test
-      - image: circleci/postgres
-        environment:
-          POSTGRES_HOST_AUTH_METHOD: trust
-          POSTGRES_DB: bullet_train_test
-          POSTGRES_USER: bullet_train
+      - <<: *ruby_node_browsers_docker_image
+      - <<: *postgres_docker_image
+      - image: circleci/redis
     executor: ruby/default
     parallelism: 16
     steps:
+      - browser-tools/install-browser-tools
       - checkout
-      - restore_cache: *restore_bundler_cache
-      - restore_cache: *restore_yarn_cache
+      - run: "git clone https://github.com/bullet-train-co/bullet_train.git tmp/starter"
+
+      - run:
+          name: Link starter repository to the Ruby gem being tested.
+          command: "grep -v 'gem \"bullet_train-roles\"' tmp/starter/Gemfile > tmp/starter/Gemfile.tmp && mv tmp/starter/Gemfile.tmp tmp/starter/Gemfile && echo 'gem \"bullet_train-roles\", path: \"../..\"' >> tmp/starter/Gemfile"
+
+      # TODO Figure out how to make these work for `tmp/starter`
+      # - restore_cache: *restore_bundler_cache
+      # - restore_cache: *restore_yarn_cache
 
       # Install dependencies
-      - ruby/bundle-install
-      - run: bundle clean --force
+      - run: "cd tmp/starter && bundle install"
+      - run: "cd tmp/starter && bundle clean --force"
+      - run: "cd tmp/starter && bundle exec rake bt:link"
+      - run: "cd tmp/starter && yarn install"
+      - run: "cd tmp/starter && yarn build"
+      - run: "cd tmp/starter && yarn build:css"
 
-      # We run this because the DB might not be available for a while due to a race condition.
-      - run: dockerize -wait tcp://localhost:5432 -timeout 1m
+      - *wait_for_docker
 
       - run:
           name: Run tests with Knapsack Pro
           command: |
+            cd tmp/starter
             export RAILS_ENV=test
             bundle exec rails "knapsack_pro:queue:minitest[--verbose]"
           environment:
@@ -102,9 +140,48 @@ jobs:
       # - store_test_results:
       #     path: test/reports
 
+  'Starter Repo Minitest for Super Scaffolding':
+    docker:
+      - <<: *ruby_node_browsers_docker_image
+      - <<: *postgres_docker_image
+      - image: circleci/redis
+    executor: ruby/default
+    steps:
+      - browser-tools/install-browser-tools
+      - checkout
+      - run: "git clone https://github.com/bullet-train-co/bullet_train.git tmp/starter"
+
+      - run:
+          name: Link starter repository to the Ruby gem being tested.
+          command: "grep -v 'gem \"bullet_train-roles\"' tmp/starter/Gemfile > tmp/starter/Gemfile.tmp && mv tmp/starter/Gemfile.tmp tmp/starter/Gemfile && echo 'gem \"bullet_train-roles\", path: \"../..\"' >> tmp/starter/Gemfile"
+
+      # TODO Figure out how to make these work for `tmp/starter`
+      # # Restore dependency caches
+      # - restore_cache: *restore_bundler_cache
+      # - restore_cache: *restore_yarn_cache
+
+      # Install dependencies
+      - run: "cd tmp/starter && bundle install"
+      - run: "cd tmp/starter && bundle clean --force"
+      - run: "cd tmp/starter && bundle exec rake bt:link"
+      - run: "cd tmp/starter && yarn install"
+      - run: "cd tmp/starter && yarn build"
+      - run: "cd tmp/starter && yarn build:css"
+
+      - *wait_for_docker
+
+      - run:
+          name: 'Setup Super Scaffolding System Test'
+          command: "cd tmp/starter && bundle exec test/bin/setup-super-scaffolding-system-test"
+      - run:
+          name: 'Run Super Scaffolding Test'
+          command: "cd tmp/starter && bundle exec rails test test/system/super_scaffolding_test.rb"
+
 workflows:
   version: 2
   build:
     jobs:
-      - 'Standard Ruby'
-      - 'Minitest'
+      - 'Local Minitest'
+      - 'Local Standard Ruby'
+      - 'Starter Repo Minitest'
+      - 'Starter Repo Minitest for Super Scaffolding'

data/Gemfile.lock

@@ -9,7 +9,7 @@ GIT
 PATH
   remote: .
   specs:
-    bullet_train-roles (0.1.4)
+    bullet_train-roles (0.1.7)
       active_hash
       activesupport
       cancancan
@@ -106,6 +106,8 @@ GEM
     nio4r (2.5.8)
     nokogiri (1.12.5-arm64-darwin)
       racc (~> 1.4)
+    nokogiri (1.12.5-x86_64-darwin)
+      racc (~> 1.4)
     parallel (1.21.0)
     parser (3.0.3.2)
       ast (~> 2.4.1)
@@ -174,6 +176,7 @@ GEM
 PLATFORMS
   arm64-darwin-20
   arm64-darwin-21
+  x86_64-darwin-21
 
 DEPENDENCIES
   active_hash!

data/README.md

@@ -68,7 +68,7 @@ editor:
   manageable_roles:
     - editor
   models:
-    Project: manage
+    Project: crud
 
 billing:
   manageable_roles:
@@ -98,7 +98,8 @@ The following things are true given the example configuration above:
  - By default, users on a team are read-only participants.
  - Users with the `editor` role:
    - can give other users the `editor` role.
-   - can modify project details.
+   - can perform crud actions on project (create, read, update and destroy).
+   - cannot perform any custom controller actions the projects controller responds to
  - Users with the `billing` role:
    - can give other users the `billing` role.
    - can create and update billing subscriptions.

data/lib/bullet_train/roles/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Roles
-  VERSION = "0.1.4"
+  VERSION = "0.1.7"
 end

data/lib/models/role.rb

@@ -21,17 +21,12 @@ class Role < ActiveYaml::Base
 
   def self.includes(role_or_key)
     role_key = role_or_key.is_a?(Role) ? role_or_key.key : role_or_key
-
     role = Role.find_by_key(role_key)
-
     return Role.all.select(&:assignable?) if role.default?
-
     result = []
-
     all.each do |role|
       result << role if role.includes.include?(role_key)
     end
-
     result
   end
 
@@ -49,6 +44,10 @@ class Role < ActiveYaml::Base
     key
   end
 
+  def to_s
+    key
+  end
+
   def included_by
     Role.includes(self)
   end
@@ -69,20 +68,15 @@ class Role < ActiveYaml::Base
 
   def included_roles
     default_roles = []
-
     default_roles << Role.default unless default?
-
     (default_roles + includes.map { |included_key| Role.find_by_key(included_key) }).uniq.compact
   end
 
   def manageable_by?(role_or_roles)
     return true if default?
-
     roles = role_or_roles.is_a?(Array) ? role_or_roles : [role_or_roles]
-
     roles.each do |role|
       return true if role.manageable_roles.include?(key)
-
       role.included_roles.each do |included_role|
         return true if manageable_by?([included_role])
       end
@@ -95,9 +89,9 @@ class Role < ActiveYaml::Base
     !default?
   end
 
-  def ability_generator(user, through, parent)
+  def ability_generator(user, through, parent, intermediary)
     models.each do |model_name, _|
-      ag = AbilityGenerator.new(self, model_name, user, through, parent)
+      ag = AbilityGenerator.new(self, model_name, user, through, parent, intermediary)
       yield(ag)
     end
   end
@@ -131,7 +125,7 @@ class Role < ActiveYaml::Base
   class AbilityGenerator
     attr_reader :model
 
-    def initialize(role, model_name, user, through, parent_name)
+    def initialize(role, model_name, user, through, parent_name, intermediary = nil)
       begin
         @model = model_name.constantize
       rescue NameError
@@ -143,6 +137,8 @@ class Role < ActiveYaml::Base
       @through = through
       @parent = user.send(through).reflect_on_association(parent_name)&.klass
       @parent_ids = user.parent_ids_for(@role, @through, parent_name) if @parent
+      @intermediary = intermediary
+      @intermediary_class = @model.reflect_on_association(intermediary)&.class_name&.constantize if @intermediary.present?
     end
 
     def valid?
@@ -151,42 +147,48 @@ class Role < ActiveYaml::Base
 
     def actions
       return @actions if @actions
+      @actions = (@ability_data["actions"] if @ability_data.is_a?(Hash)) || @ability_data
+      # crud is a special value that we substitute for the 4 crud actions
+      # This is instead of :manage which covers all 4 actions _and_ any extra actions the controller may respond to
+      @actions = crud_actions if @actions.to_s.downcase == "crud"
+      @actions = [actions] unless actions.is_a?(Array)
+      @actions.map!(&:to_sym)
+    end
 
-      actions = (@ability_data["actions"] if @ability_data.is_a?(Hash)) || @ability_data
-
-      actions = [actions] unless actions.is_a?(Array)
-
-      @actions = actions.map!(&:to_sym)
+    def crud_actions
+      [:create, :read, :update, :destroy]
     end
 
     def possible_parent_associations
       ary = @parent.to_s.split("::").map(&:underscore)
-
       possibilities = []
       current = nil
-
       until ary.empty?
         current = "#{ary.pop}#{"_" unless current.nil?}#{current}"
         possibilities << current
       end
-
       possibilities.map(&:to_sym)
     end
 
     def condition
       return @condition if @condition
-
       return nil unless @parent_ids
-
       if @model == @parent
         return @condition = {id: @parent_ids}
       end
-
-      parent_association = possible_parent_associations.find { |association| @model.method_defined? association }
-
+      parent_association = possible_parent_associations.find { |association| @model.method_defined?(association) || @model.method_defined?("#{association}_id") }
       return nil unless parent_association.present?
-
-      @condition = {parent_association => {id: @parent_ids}}
+      # If possible, use the team_id attribute because it saves us having to join all the way back to the source parent model
+      # In some scenarios this may be quicker, or if the parent model is in a different database shard, it may not even
+      # be possible to do the join
+      parent_with_id = "#{parent_association}_id"
+      @condition = if @model.column_names.include?(parent_with_id)
+        {parent_with_id.to_sym => @parent_ids}
+      elsif @intermediary.present? && @model.method_defined?(@intermediary) && @intermediary_class&.column_names&.include?(parent_with_id)
+        {@intermediary.to_sym => {parent_with_id.to_sym => @parent_ids}}
+      else
+        {parent_association => {id: @parent_ids}}
+      end
     end
   end
 end

data/lib/roles/permit.rb

@@ -2,30 +2,25 @@
 
 module Roles
   module Permit
-    def permit(user, through:, parent:, debug: false)
+    def permit(user, through:, parent:, debug: false, intermediary: nil)
       # Without this, you need to restart the server each time you make changes to the config/models/role.yml file
       Role.reload(true) if Rails.env.development?
 
       # When changing permissions during development, you may also want to do this on each request:
       # User.update_all ability_cache: nil if Rails.env.development?
-
       output = []
       added_roles = Set.new
-
       user.send(through).map(&:roles).flatten.uniq.each do |role|
         unless added_roles.include?(role)
           output << "########### ROLE: #{role.key}"
-
-          output += add_abilities_for(role, user, through, parent)
-
+          output += add_abilities_for(role, user, through, parent, intermediary)
           added_roles << role
         end
 
         role.included_roles.each do |included_role|
           unless added_roles.include?(included_role)
             output << "############# INCLUDED ROLE: #{included_role.key}"
-
-            output += add_abilities_for(included_role, user, through, parent)
+            output += add_abilities_for(included_role, user, through, parent, intermediary)
           end
         end
       end
@@ -38,19 +33,16 @@ module Roles
       end
     end
 
-    def add_abilities_for(role, user, through, parent)
+    def add_abilities_for(role, user, through, parent, intermediary)
       output = []
-
-      role.ability_generator(user, through, parent) do |ag|
+      role.ability_generator(user, through, parent, intermediary) do |ag|
         if ag.valid?
           output << "can #{ag.actions}, #{ag.model}, #{ag.condition}"
-
           can(ag.actions, ag.model, ag.condition)
         else
           output << "# #{ag.model} does not respond to #{parent} so we're not going to add an ability for the #{through} context"
         end
       end
-
       output
     end
   end

data/lib/roles/support.rb

@@ -13,16 +13,13 @@ module Roles
 
       def assignable_roles
         return Role.assignable if @allowed_roles.nil?
-
         Role.assignable.select { |role| @allowed_roles.include?(role.key.to_sym) }
       end
 
       # Note default_role is an ActiveRecord core class method so we need to use something else here
       def default_roles
         default_role = Role.default
-
         return [default_role] if @allowed_roles.nil?
-
         @allowed_roles.include?(default_role.key.to_sym) ? [default_role] : []
       end
     end
@@ -30,11 +27,7 @@ module Roles
     included do
       validate :validate_roles
 
-      # This query will return records that have a role "included" in a different role they have.
-      # For example, if you do with_roles(editor) it will return admin users if the admin role includes the editor role
-      scope :with_roles, ->(roles) { where("#{table_name}.role_ids ?| array[:keys]", keys: roles.map(&:key_plus_included_by_keys).flatten.uniq.map(&:to_s)) }
-
-      # This query will return roles that include the given role.  See with_roles above for details
+      # This query will return roles that include the given role.  See self.with_roles below for details
       scope :with_role, ->(role) { role.nil? ? all : with_roles([role]) }
       scope :viewers, -> { where("#{table_name}.role_ids = ?", [].to_json) }
       scope :editors, -> { with_role(Role.find_by_key("editor")) }
@@ -43,6 +36,26 @@ module Roles
       after_save :invalidate_cache
       after_destroy :invalidate_cache
 
+      # This query will return records that have a role "included" in a different role they have.
+      # For example, if you do with_roles(editor) it will return admin users if the admin role includes the editor role
+      def self.with_roles(roles)
+        # Mysql and postgres have different syntax for searching json or jsonb columns so we need different queries depending on the database
+        ActiveRecord::Base.connection.adapter_name.downcase.include?("mysql") ? with_roles_mysql(roles) : with_roles_postgres(roles)
+      end
+
+      def self.with_roles_mysql(roles)
+        queries = []
+        roles.map(&:key_plus_included_by_keys).flatten.uniq.map(&:to_s).each do |role|
+          queries << "JSON_CONTAINS(#{table_name}.role_ids, '\"#{role}\"')"
+        end
+        query = queries.join(" OR ")
+        where(query)
+      end
+
+      def self.with_roles_postgres(roles)
+        where("#{table_name}.role_ids ?| array[:keys]", keys: roles.map(&:key_plus_included_by_keys).flatten.uniq.map(&:to_s))
+      end
+
       def validate_roles
         self.role_ids = role_ids&.select(&:present?) || []
 
@@ -58,7 +71,7 @@ module Roles
       end
 
       def roles=(roles)
-        self.role_ids = roles.map(&:key)
+        update(role_ids: roles.map(&:key))
       end
 
       def assignable_roles

data/lib/roles/user.rb

@@ -9,17 +9,16 @@ module Roles
     included do
       def parent_ids_for(role, through, parent)
         parent_id_column = "#{parent}_id"
-        key = "#{role.key}_#{through}_#{parent_id_column}s"
+        # key = "#{role.key}_#{through}_#{parent_id_column}s"
         # TODO Maybe we should make ability caching a default feature of the gem?
         # If we do that, we would just make it check whether `ability_cache` exists.
         # return ability_cache[key] if ability_cache && ability_cache[key]
         role = nil if role.default?
-        value = send(through).with_role(role).distinct.pluck(parent_id_column)
+        send(through).with_role(role).distinct.pluck(parent_id_column)
         # TODO Maybe we should make ability caching a default feature of the gem?
         # current_cache = ability_cache || {}
         # current_cache[key] = value
         # update_column :ability_cache, current_cache
-        value
       end
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bullet_train-roles
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.7
 platform: ruby
 authors:
 - Prabin Poudel
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-10 00:00:00.000000000 Z
+date: 2022-04-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: byebug
@@ -215,7 +215,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.3.0
 signing_key:
 specification_version: 4
 summary: Yaml-backed ApplicationHash for CanCan Roles