bullet_train-roles 0.1.6 → 0.1.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 93fd2729ae287aa0389216798de23663aa3703bed3f5f11e571371c4b55bd30a
-  data.tar.gz: e094e75bec9daf0073e1d658dd0113b4743dfb7a138cf2f2e4eb34851ef85d23
+  metadata.gz: 22f9bcc3e444766f5813562e0506db8f9b921f141ce2ce77eb3d30156418c80f
+  data.tar.gz: 7db6d4154b2bd4e58e7d35455635b55b84f6e66424e1f4e9b26a82e908865dbb
 SHA512:
-  metadata.gz: 5a905f35fd471b0dfd2e82355f0ede399ac7d212825509ca180732392418d6af9d5821ae46808c85b183e89515f0aacd029142e1d3f9b23ea1e360a0c754fce9
-  data.tar.gz: 2cbcb69b7244c96854ae4841978ded8b7466e04c13a534de8819e35fd28a65b38c03e28f5dbdad9e039bfff5630702196d691f3e1b64490bab464c433d69e982
+  metadata.gz: 6ece8c36a0ae647489604813e15646ec1096d62f3980d032892ceefd21b8bf7a5f82430ad6a58219edf287994ee0019a7dc00dbe2939782ac7e24b1ff0b77188
+  data.tar.gz: 0a386a84154f7d192019ab68d5be0094b3fcd6827dd53f29bf629fa0ed15a8ff8546bbd2fb382b9a4e3b30e13d922de0b7e2d819c08c03fb4662516f193df0af

data/.circleci/config.yml

@@ -1,86 +1,124 @@
 version: 2.1
 orbs:
   ruby: circleci/ruby@0.1.2
-
+  browser-tools: circleci/browser-tools@1.1
 aliases:
   - &restore_bundler_cache
-    name: Restore Bundler cache
-    keys:
-      - gem-cache-v1-{{ .Branch }}-{{ checksum "Gemfile.lock" }}
-      - gem-cache-v1-{{ .Branch }}-
-      - gem-cache-v1-
+      name: Restore Bundler cache
+      keys:
+        - gem-cache-v1-{{ .Branch }}-{{ checksum "Gemfile.lock" }}
+        - gem-cache-v1-{{ .Branch }}-
+        - gem-cache-v1-
   - &restore_yarn_cache
-    name: Restore Yarn cache
-    keys:
-      - yarn-packages-v1-{{ .Branch }}-{{ checksum "yarn.lock" }}
-      - yarn-packages-v1-{{ .Branch }}-
-      - yarn-packages-
+      name: Restore Yarn cache
+      keys:
+        - yarn-packages-v1-{{ .Branch }}-{{ checksum "yarn.lock" }}
+        - yarn-packages-v1-{{ .Branch }}-
+        - yarn-packages-
   - &save_bundle_cache
-    name: Save Bundle cache
-    key: gem-cache-v1-{{ .Branch }}-{{ checksum "Gemfile.lock" }}
-    paths:
-      - vendor/bundle
+      name: Save Bundle cache
+      key: gem-cache-v1-{{ .Branch }}-{{ checksum "Gemfile.lock" }}
+      paths:
+        - vendor/bundle
   - &save_yarn_cache
-    name: Save Yarn cache
-    key: yarn-packages-v1-{{ .Branch }}-{{ checksum "yarn.lock" }}
-    paths:
-      - node_modules
-
+      name: Save Yarn cache
+      key: yarn-packages-v1-{{ .Branch }}-{{ checksum "yarn.lock" }}
+      paths:
+        - node_modules
+  - &ruby_node_browsers_docker_image
+      - image: cimg/ruby:3.1.2-browsers
+        environment:
+          PGHOST: localhost
+          PGUSER: untitled_application
+          RAILS_ENV: test
+  - &postgres_docker_image
+      - image: circleci/postgres
+        environment:
+          POSTGRES_HOST_AUTH_METHOD: trust
+          POSTGRES_DB: untitled_application_test
+          POSTGRES_USER: untitled_application
+  - &wait_for_docker
+      # We run this because the DB might not be available for a while due to a race condition.
+      run: dockerize -wait tcp://localhost:5432 -timeout 1m
 jobs:
-  'Standard Ruby':
+  'Local Minitest':
+    docker:
+      - <<: *ruby_node_browsers_docker_image
+      - <<: *postgres_docker_image
+      - image: circleci/redis
+    executor: ruby/default
+    steps:
+      - browser-tools/install-browser-tools
+      - checkout
+
+      # Install dependencies
+      - run: "bundle install"
+      - run: "bundle clean --force"
+      - run: "yarn install"
+      - *wait_for_docker
+      - run:
+          name: Run unit tests
+          command: bundle exec rails test
+
+  'Local Standard Ruby':
     docker:
-      # normal ruby image is also sufficient here but we are using node-browsers so that we can make use of caching and speed up the process since other jobs are also using the same image
-      - image: circleci/ruby:3.0.2-node-browsers
+      - <<: *ruby_node_browsers_docker_image
     steps:
       - checkout
 
-      # Restore dependency caches
-      - restore_cache: *restore_bundler_cache
-      - restore_cache: *restore_yarn_cache
+      # TODO Figure out how to make these work for `tmp/starter`
+      # # Restore dependency caches
+      # - restore_cache: *restore_bundler_cache
+      # - restore_cache: *restore_yarn_cache
 
       # Install dependencies
       - ruby/bundle-install
       - run: bundle clean --force
       - run: yarn install
 
-      # Save dependency caches
-      # We only do this as part of this job, because it's time consuming and we don't want it to slow down test runners.
-      - save_cache: *save_bundle_cache
-      - save_cache: *save_yarn_cache
+      # # Save dependency caches
+      # # We only do this as part of this job, because it's time consuming and we don't want it to slow down test runners.
+      # - save_cache: *save_bundle_cache
+      # - save_cache: *save_yarn_cache
 
       - run:
           name: Check Standard Ruby
           command: bundle exec standardrb
 
-  'Minitest':
+  'Starter Repo Minitest':
     docker:
-      - image: circleci/ruby:3.0.2-node-browsers
-        environment:
-          PGHOST: localhost
-          PGUSER: bullet_train
-          RAILS_ENV: test
-      - image: circleci/postgres
-        environment:
-          POSTGRES_HOST_AUTH_METHOD: trust
-          POSTGRES_DB: bullet_train_test
-          POSTGRES_USER: bullet_train
+      - <<: *ruby_node_browsers_docker_image
+      - <<: *postgres_docker_image
+      - image: circleci/redis
     executor: ruby/default
     parallelism: 16
     steps:
+      - browser-tools/install-browser-tools
       - checkout
-      - restore_cache: *restore_bundler_cache
-      - restore_cache: *restore_yarn_cache
+      - run: "git clone https://github.com/bullet-train-co/bullet_train.git tmp/starter"
+
+      - run:
+          name: Link starter repository to the Ruby gem being tested.
+          command: "grep -v 'gem \"bullet_train-roles\"' tmp/starter/Gemfile > tmp/starter/Gemfile.tmp && mv tmp/starter/Gemfile.tmp tmp/starter/Gemfile && echo 'gem \"bullet_train-roles\", path: \"../..\"' >> tmp/starter/Gemfile"
+
+      # TODO Figure out how to make these work for `tmp/starter`
+      # - restore_cache: *restore_bundler_cache
+      # - restore_cache: *restore_yarn_cache
 
       # Install dependencies
-      - ruby/bundle-install
-      - run: bundle clean --force
+      - run: "cd tmp/starter && bundle install"
+      - run: "cd tmp/starter && bundle clean --force"
+      - run: "cd tmp/starter && bundle exec rake bt:link"
+      - run: "cd tmp/starter && yarn install"
+      - run: "cd tmp/starter && yarn build"
+      - run: "cd tmp/starter && yarn build:css"
 
-      # We run this because the DB might not be available for a while due to a race condition.
-      - run: dockerize -wait tcp://localhost:5432 -timeout 1m
+      - *wait_for_docker
 
       - run:
           name: Run tests with Knapsack Pro
           command: |
+            cd tmp/starter
             export RAILS_ENV=test
             bundle exec rails "knapsack_pro:queue:minitest[--verbose]"
           environment:
@@ -102,9 +140,49 @@ jobs:
       # - store_test_results:
       #     path: test/reports
 
+  'Starter Repo Minitest for Super Scaffolding':
+    docker:
+      - <<: *ruby_node_browsers_docker_image
+      - <<: *postgres_docker_image
+      - image: circleci/redis
+    executor: ruby/default
+    steps:
+      - browser-tools/install-browser-tools
+      - checkout
+      - run: "git clone https://github.com/bullet-train-co/bullet_train.git tmp/starter"
+
+      - run:
+          name: Link starter repository to the Ruby gem being tested.
+          command: "grep -v 'gem \"bullet_train-roles\"' tmp/starter/Gemfile > tmp/starter/Gemfile.tmp && mv tmp/starter/Gemfile.tmp tmp/starter/Gemfile && echo 'gem \"bullet_train-roles\", path: \"../..\"' >> tmp/starter/Gemfile"
+
+      # TODO Figure out how to make these work for `tmp/starter`
+      # # Restore dependency caches
+      # - restore_cache: *restore_bundler_cache
+      # - restore_cache: *restore_yarn_cache
+
+      # Install dependencies
+      - run: "cd tmp/starter && bundle install"
+      - run: "cd tmp/starter && bundle clean --force"
+      - run: "cd tmp/starter && bundle exec rake bt:link"
+      - run: "cd tmp/starter && yarn install"
+      - run: "cd tmp/starter && yarn build"
+      - run: "cd tmp/starter && yarn build:css"
+
+      - *wait_for_docker
+
+      - run:
+          name: 'Setup Super Scaffolding System Test'
+          command: "cd tmp/starter && bundle exec test/bin/setup-super-scaffolding-system-test"
+      - run:
+          name: 'Run Super Scaffolding Test'
+          command: "cd tmp/starter && bundle exec rails test test/system/super_scaffolding_test.rb"
+
 workflows:
   version: 2
   build:
     jobs:
-      - 'Standard Ruby'
-      - 'Minitest'
+      - 'Local Minitest'
+      - 'Local Standard Ruby'
+      - 'Starter Repo Minitest'
+      # TODO Get this passing.
+      # - 'Starter Repo Minitest for Super Scaffolding'

data/Gemfile.lock

@@ -9,7 +9,7 @@ GIT
 PATH
   remote: .
   specs:
-    bullet_train-roles (0.1.6)
+    bullet_train-roles (0.1.9)
       active_hash
       activesupport
       cancancan
@@ -79,7 +79,7 @@ GEM
     ast (2.4.2)
     builder (3.2.4)
     byebug (11.1.3)
-    cancancan (3.3.0)
+    cancancan (3.4.0)
     concurrent-ruby (1.1.9)
     crass (1.0.6)
     erubi (1.10.0)
@@ -102,11 +102,11 @@ GEM
     marcel (1.0.2)
     method_source (1.0.0)
     mini_mime (1.1.2)
+    mini_portile2 (2.6.1)
     minitest (5.15.0)
     nio4r (2.5.8)
-    nokogiri (1.12.5-arm64-darwin)
-      racc (~> 1.4)
-    nokogiri (1.12.5-x86_64-darwin)
+    nokogiri (1.12.5)
+      mini_portile2 (~> 2.6.1)
       racc (~> 1.4)
     parallel (1.21.0)
     parser (3.0.3.2)
@@ -176,6 +176,7 @@ GEM
 PLATFORMS
   arm64-darwin-20
   arm64-darwin-21
+  ruby
   x86_64-darwin-21
 
 DEPENDENCIES
@@ -191,4 +192,4 @@ DEPENDENCIES
   standard (~> 1.5.0)
 
 BUNDLED WITH
-   2.3.4
+   2.3.13

data/README.md

@@ -68,7 +68,7 @@ editor:
   manageable_roles:
     - editor
   models:
-    Project: manage
+    Project: crud
 
 billing:
   manageable_roles:
@@ -98,7 +98,8 @@ The following things are true given the example configuration above:
  - By default, users on a team are read-only participants.
  - Users with the `editor` role:
    - can give other users the `editor` role.
-   - can modify project details.
+   - can perform crud actions on project (create, read, update and destroy).
+   - cannot perform any custom controller actions the projects controller responds to
  - Users with the `billing` role:
    - can give other users the `billing` role.
    - can create and update billing subscriptions.

data/lib/bullet_train/roles/engine.rb

@@ -0,0 +1,17 @@
+module BulletTrain
+  module Roles
+    class Engine < ::Rails::Engine
+      config.eager_load_paths << Role.full_path
+
+      initializer "bullet_train-roles.config" do |app|
+        role_reloader = ActiveSupport::FileUpdateChecker.new([Role.full_path]) do
+          Role.reload(true)
+        end
+
+        ActiveSupport::Reloader.to_prepare do
+          role_reloader.execute_if_updated
+        end
+      end
+    end
+  end
+end

data/lib/bullet_train/roles/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Roles
-  VERSION = "0.1.6"
+  VERSION = "0.1.9"
 end

data/lib/bullet_train/roles.rb

@@ -7,6 +7,8 @@ require_relative "../roles/permit"
 require_relative "../roles/support"
 require_relative "../roles/user"
 
+require_relative "roles/engine" if defined?(Rails)
+
 module Roles
   class Error < StandardError; end
 end

data/lib/models/role.rb

@@ -89,9 +89,9 @@ class Role < ActiveYaml::Base
     !default?
   end
 
-  def ability_generator(user, through, parent)
+  def ability_generator(user, through, parent, intermediary)
     models.each do |model_name, _|
-      ag = AbilityGenerator.new(self, model_name, user, through, parent)
+      ag = AbilityGenerator.new(self, model_name, user, through, parent, intermediary)
       yield(ag)
     end
   end
@@ -125,7 +125,7 @@ class Role < ActiveYaml::Base
   class AbilityGenerator
     attr_reader :model
 
-    def initialize(role, model_name, user, through, parent_name)
+    def initialize(role, model_name, user, through, parent_name, intermediary = nil)
       begin
         @model = model_name.constantize
       rescue NameError
@@ -137,6 +137,8 @@ class Role < ActiveYaml::Base
       @through = through
       @parent = user.send(through).reflect_on_association(parent_name)&.klass
       @parent_ids = user.parent_ids_for(@role, @through, parent_name) if @parent
+      @intermediary = intermediary
+      @intermediary_class = @model.reflect_on_association(intermediary)&.class_name&.constantize if @intermediary.present?
     end
 
     def valid?
@@ -145,9 +147,16 @@ class Role < ActiveYaml::Base
 
     def actions
       return @actions if @actions
-      actions = (@ability_data["actions"] if @ability_data.is_a?(Hash)) || @ability_data
-      actions = [actions] unless actions.is_a?(Array)
-      @actions = actions.map!(&:to_sym)
+      @actions = (@ability_data["actions"] if @ability_data.is_a?(Hash)) || @ability_data
+      # crud is a special value that we substitute for the 4 crud actions
+      # This is instead of :manage which covers all 4 actions _and_ any extra actions the controller may respond to
+      @actions = crud_actions if @actions.to_s.downcase == "crud"
+      @actions = [actions] unless actions.is_a?(Array)
+      @actions.map!(&:to_sym)
+    end
+
+    def crud_actions
+      [:create, :read, :update, :destroy]
     end
 
     def possible_parent_associations
@@ -167,17 +176,18 @@ class Role < ActiveYaml::Base
       if @model == @parent
         return @condition = {id: @parent_ids}
       end
-      parent_association = possible_parent_associations.find { |association| @model.method_defined?(association) || @model.method_defined?("#{association}_id") }
+      parent_association = possible_parent_associations.find { |association| @model.reflect_on_association(association) || @intermediary_class&.reflect_on_association(association) }
       return nil unless parent_association.present?
-      # If possible, use the team_id attribute because it saves us having to join all the way back to the sorce parent model
+      # If possible, use the team_id attribute because it saves us having to join all the way back to the source parent model
       # In some scenarios this may be quicker, or if the parent model is in a different database shard, it may not even
       # be possible to do the join
-      # using method_defined? will break with ActiveRecord 7 because now models have team_id defined if they include
-      # has_one :team, through: :membership
-      if @model.column_names.include?("#{parent_association}_id")
-        @condition = {"#{parent_association}_id".to_sym => @parent_ids}
+      parent_with_id = "#{parent_association}_id"
+      @condition = if @model.column_names.include?(parent_with_id)
+        {parent_with_id.to_sym => @parent_ids}
+      elsif @intermediary.present? && @model.reflect_on_association(@intermediary)
+        {@intermediary.to_sym => {parent_with_id.to_sym => @parent_ids}}
       else
-        @condition = {parent_association => {id: @parent_ids}}
+        {parent_association => {id: @parent_ids}}
       end
     end
   end

data/lib/roles/permit.rb

@@ -2,48 +2,66 @@
 
 module Roles
   module Permit
-    def permit(user, through:, parent:, debug: false)
-      # Without this, you need to restart the server each time you make changes to the config/models/role.yml file
-      Role.reload(true) if Rails.env.development?
-
+    def permit(user, through:, parent:, debug: false, intermediary: nil, cache_key: nil)
       # When changing permissions during development, you may also want to do this on each request:
       # User.update_all ability_cache: nil if Rails.env.development?
-      output = []
+      permissions = if cache_key
+        Rails.cache.fetch(cache_key) do
+          build_permissions(user, through, parent, intermediary)
+        end
+      else
+        build_permissions(user, through, parent, intermediary)
+      end
+
+      permissions.each do |permission|
+        can(permission.actions, permission.model.constantize, permission.condition) unless permission.is_debug
+      end
+
+      if debug
+        puts "###########################"
+        puts "Auto generated `ability.rb` content:"
+        permissions.map do |permission|
+          if permission.is_debug
+            puts permission.info
+          else
+            puts "can #{permission.actions}, #{permission.model}, #{permission.condition}"
+          end
+        end
+        puts "############################"
+      end
+    end
+
+    def build_permissions(user, through, parent, intermediary)
       added_roles = Set.new
+      permissions = []
       user.send(through).map(&:roles).flatten.uniq.each do |role|
         unless added_roles.include?(role)
-          output << "########### ROLE: #{role.key}"
-          output += add_abilities_for(role, user, through, parent)
+          permissions << OpenStruct.new(is_debug: true, info: "########### ROLE: #{role.key}")
+          permissions += add_abilities_for(role, user, through, parent, intermediary)
           added_roles << role
         end
 
         role.included_roles.each do |included_role|
           unless added_roles.include?(included_role)
-            output << "############# INCLUDED ROLE: #{included_role.key}"
-            output += add_abilities_for(included_role, user, through, parent)
+            permissions << OpenStruct.new(is_debug: true, info: "############# INCLUDED ROLE: #{included_role.key}")
+            permissions += add_abilities_for(included_role, user, through, parent, intermediary)
           end
         end
       end
 
-      if debug
-        puts "###########################"
-        puts "Auto generated `ability.rb` content:"
-        puts output
-        puts "############################"
-      end
+      permissions
     end
 
-    def add_abilities_for(role, user, through, parent)
-      output = []
-      role.ability_generator(user, through, parent) do |ag|
-        if ag.valid?
-          output << "can #{ag.actions}, #{ag.model}, #{ag.condition}"
-          can(ag.actions, ag.model, ag.condition)
+    def add_abilities_for(role, user, through, parent, intermediary)
+      permissions = []
+      role.ability_generator(user, through, parent, intermediary) do |ag|
+        permissions << if ag.valid?
+          OpenStruct.new(is_debug: false, actions: ag.actions, model: ag.model.to_s, condition: ag.condition)
         else
-          output << "# #{ag.model} does not respond to #{parent} so we're not going to add an ability for the #{through} context"
+          OpenStruct.new(is_debug: true, info: "# #{ag.model} does not respond to #{parent} so we're not going to add an ability for the #{through} context")
         end
       end
-      output
+      permissions
     end
   end
 end

data/lib/roles/support.rb

@@ -71,7 +71,7 @@ module Roles
       end
 
       def roles=(roles)
-        self.update(role_ids: roles.map(&:key))
+        update(role_ids: roles.map(&:key))
       end
 
       def assignable_roles

data/lib/roles/user.rb

@@ -10,16 +10,23 @@ module Roles
       def parent_ids_for(role, through, parent)
         parent_id_column = "#{parent}_id"
         key = "#{role.key}_#{through}_#{parent_id_column}s"
+
+        @_parent_ids_for_cache ||= {}
+        return @_parent_ids_for_cache[key] if @_parent_ids_for_cache[key]
+
         # TODO Maybe we should make ability caching a default feature of the gem?
         # If we do that, we would just make it check whether `ability_cache` exists.
         # return ability_cache[key] if ability_cache && ability_cache[key]
         role = nil if role.default?
-        value = send(through).with_role(role).distinct.pluck(parent_id_column)
+        @_parent_ids_for_cache[key] = send(through).with_role(role).distinct.pluck(parent_id_column)
         # TODO Maybe we should make ability caching a default feature of the gem?
         # current_cache = ability_cache || {}
         # current_cache[key] = value
         # update_column :ability_cache, current_cache
-        value
+      end
+
+      def invalidate_ability_cache
+        update_column :ability_cache, {}
       end
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bullet_train-roles
 version: !ruby/object:Gem::Version
-  version: 0.1.6
+  version: 0.1.9
 platform: ruby
 authors:
 - Prabin Poudel
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-03 00:00:00.000000000 Z
+date: 2022-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: byebug
@@ -185,6 +185,7 @@ files:
 - bin/setup
 - bullet_train-roles.gemspec
 - lib/bullet_train/roles.rb
+- lib/bullet_train/roles/engine.rb
 - lib/bullet_train/roles/version.rb
 - lib/generators/bullet_train/roles/install/USAGE
 - lib/generators/bullet_train/roles/install/install_generator.rb
@@ -215,7 +216,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.0
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: Yaml-backed ApplicationHash for CanCan Roles