bullet_train-roles 0.1.9 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/README.md +25 -0
  4. data/bullet_train-roles.gemspec +1 -1
  5. data/lib/bullet_train/roles/version.rb +1 -1
  6. data/lib/roles/permit.rb +28 -12
  7. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 22f9bcc3e444766f5813562e0506db8f9b921f141ce2ce77eb3d30156418c80f
4
- data.tar.gz: 7db6d4154b2bd4e58e7d35455635b55b84f6e66424e1f4e9b26a82e908865dbb
3
+ metadata.gz: 30730d97710a95ccb3a1607d68ec6e41316d421555be035900fbb7e112546bd1
4
+ data.tar.gz: f22d482d9382f630b7fb200f48469644bca171d12535fef117880a69cfcca5e3
5
5
  SHA512:
6
- metadata.gz: 6ece8c36a0ae647489604813e15646ec1096d62f3980d032892ceefd21b8bf7a5f82430ad6a58219edf287994ee0019a7dc00dbe2939782ac7e24b1ff0b77188
7
- data.tar.gz: 0a386a84154f7d192019ab68d5be0094b3fcd6827dd53f29bf629fa0ed15a8ff8546bbd2fb382b9a4e3b30e13d922de0b7e2d819c08c03fb4662516f193df0af
6
+ metadata.gz: bf8243e967c09351262fbc615f2b61f3d78d72d741a5c6c18ba62cfe8a0c3621ad4219a65768e640d91eaea4b52c930652ecf94323c31861d5222b5738e71790
7
+ data.tar.gz: 6a8048e3d64762d1578f25b202660606768d38ba6508e89cc7ec33812878d87e139b015286840360d66f04a248b87c2dc3d6b7ef05b76bda70bc1905aa57491b
data/Gemfile.lock CHANGED
@@ -9,7 +9,7 @@ GIT
9
9
  PATH
10
10
  remote: .
11
11
  specs:
12
- bullet_train-roles (0.1.9)
12
+ bullet_train-roles (1.2.0)
13
13
  active_hash
14
14
  activesupport
15
15
  cancancan
data/README.md CHANGED
@@ -142,6 +142,31 @@ permit user, through: :projects_collaborators, parent: :project
142
142
 
143
143
  In this example, `permit` is smart enough to only apply the permissions granted by a `Projects::Collaborator` record at the level of the `Project` it belongs to. You can turn any model into a grant model by adding `include Roles::Support` and adding a `role_ids:jsonb` attribute. You can look at `Scaffolding::AbsolutelyAbstract::CreativeConcepts::Collaborator` for an example.
144
144
 
145
+
146
+ ## Restricting Available Roles
147
+
148
+ In some situations, you don't want all roles to be available to all Grant Models. For example, you might have a `project_editor` role that only makes sense when applied at the Project level. Note that this is only necessary if you want your project_editor to have more limited permissions than an admin user. If a `project_editor` has full control of their project, you should probably just use the `admin` role.
149
+
150
+ By default all Grant Models will show all roles as options. If you want to limit the roles available to a model, use the `roles_only` class method:
151
+
152
+ ```
153
+ class Membership < ApplicationRecord
154
+ include Roles::Support
155
+ roles_only :admin, :editor, :reader # Add this line to restrict the Membership model to only these roles
156
+ end
157
+ ```
158
+
159
+ To access the array of all roles available for a particular model, use the `assignable_roles` class method. For example, in your Membership form, you probably _only_ want to show the assignable_roles as options. Your view could look like this:
160
+
161
+ ```
162
+ <% Membership.assignable_roles.each do |role| %>
163
+ <% if role.manageable_by?(current_membership.roles) %>
164
+ <!-- View component for showing a role option. Probably a checkbox -->
165
+ <% end %>
166
+ <% end %>
167
+ ```
168
+
169
+
145
170
  ## Debugging
146
171
  If you want to see what CanCanCan directives are being created by your permit calls, you can add the `debug: true` option to your `permit` statement in `app/models/ability.rb`.
147
172
 
data/bullet_train-roles.gemspec CHANGED
@@ -12,7 +12,7 @@ Gem::Specification.new do |spec|
12
12
  spec.description = "Yaml-backed ApplicationHash for CanCan Roles"
13
13
  spec.homepage = "https://github.com/bullet-train-co/bullet_train-roles"
14
14
  spec.license = "MIT"
15
- spec.required_ruby_version = Gem::Requirement.new(">= 2.4.0")
15
+ spec.required_ruby_version = Gem::Requirement.new(">= 2.7.0")
16
16
 
17
17
  spec.metadata["homepage_uri"] = spec.homepage
18
18
  spec.metadata["source_code_uri"] = "https://github.com/bullet-train-co/bullet_train-roles"
data/lib/bullet_train/roles/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Roles
4
- VERSION = "0.1.9"
4
+ VERSION = "1.2.0"
5
5
  end
data/lib/roles/permit.rb CHANGED
@@ -2,48 +2,64 @@
2
2
 
3
3
  module Roles
4
4
  module Permit
5
- def permit(user, through:, parent:, debug: false, intermediary: nil, cache_key: nil)
5
+ def permit(user, through:, parent:, debug: false, intermediary: nil, rails_cache_key: nil)
6
6
  # When changing permissions during development, you may also want to do this on each request:
7
7
  # User.update_all ability_cache: nil if Rails.env.development?
8
- permissions = if cache_key
9
- Rails.cache.fetch(cache_key) do
8
+ permissions = if rails_cache_key
9
+ Rails.cache.fetch(rails_cache_key) do
10
10
  build_permissions(user, through, parent, intermediary)
11
11
  end
12
12
  else
13
13
  build_permissions(user, through, parent, intermediary)
14
14
  end
15
15
 
16
- permissions.each do |permission|
17
- can(permission.actions, permission.model.constantize, permission.condition) unless permission.is_debug
16
+ begin
17
+ assign_permissions(permissions)
18
+ rescue NameError => e
19
+ if rails_cache_key
20
+ # Cache has become stale with model classes that no longer exist
21
+ Rails.logger.info "Found missing models in cache - #{e.message.squish} - building fresh permissions"
22
+ Rails.cache.delete(rails_cache_key)
23
+ permissions = build_permissions(user, through, parent, intermediary)
24
+ assign_permissions(permissions)
25
+ else
26
+ raise e
27
+ end
18
28
  end
19
29
 
20
30
  if debug
21
31
  puts "###########################"
22
32
  puts "Auto generated `ability.rb` content:"
23
33
  permissions.map do |permission|
24
- if permission.is_debug
25
- puts permission.info
34
+ if permission[:is_debug]
35
+ puts permission[:info]
26
36
  else
27
- puts "can #{permission.actions}, #{permission.model}, #{permission.condition}"
37
+ puts "can #{permission[:actions]}, #{permission[:model]}, #{permission[:condition]}"
28
38
  end
29
39
  end
30
40
  puts "############################"
31
41
  end
32
42
  end
33
43
 
44
+ def assign_permissions(permissions)
45
+ permissions.each do |permission|
46
+ can(permission[:actions], permission[:model].constantize, permission[:condition]) unless permission[:is_debug]
47
+ end
48
+ end
49
+
34
50
  def build_permissions(user, through, parent, intermediary)
35
51
  added_roles = Set.new
36
52
  permissions = []
37
53
  user.send(through).map(&:roles).flatten.uniq.each do |role|
38
54
  unless added_roles.include?(role)
39
- permissions << OpenStruct.new(is_debug: true, info: "########### ROLE: #{role.key}")
55
+ permissions << {is_debug: true, info: "########### ROLE: #{role.key}"}
40
56
  permissions += add_abilities_for(role, user, through, parent, intermediary)
41
57
  added_roles << role
42
58
  end
43
59
 
44
60
  role.included_roles.each do |included_role|
45
61
  unless added_roles.include?(included_role)
46
- permissions << OpenStruct.new(is_debug: true, info: "############# INCLUDED ROLE: #{included_role.key}")
62
+ permissions << {is_debug: true, info: "############# INCLUDED ROLE: #{included_role.key}"}
47
63
  permissions += add_abilities_for(included_role, user, through, parent, intermediary)
48
64
  end
49
65
  end
@@ -56,9 +72,9 @@ module Roles
56
72
  permissions = []
57
73
  role.ability_generator(user, through, parent, intermediary) do |ag|
58
74
  permissions << if ag.valid?
59
- OpenStruct.new(is_debug: false, actions: ag.actions, model: ag.model.to_s, condition: ag.condition)
75
+ {is_debug: false, actions: ag.actions, model: ag.model.to_s, condition: ag.condition}
60
76
  else
61
- OpenStruct.new(is_debug: true, info: "# #{ag.model} does not respond to #{parent} so we're not going to add an ability for the #{through} context")
77
+ {is_debug: true, info: "# #{ag.model} does not respond to #{parent} so we're not going to add an ability for the #{through} context"}
62
78
  end
63
79
  end
64
80
  permissions
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bullet_train-roles
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.9
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Prabin Poudel
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2022-08-31 00:00:00.000000000 Z
12
+ date: 2022-12-15 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: byebug
@@ -209,7 +209,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
209
209
  requirements:
210
210
  - - ">="
211
211
  - !ruby/object:Gem::Version
212
- version: 2.4.0
212
+ version: 2.7.0
213
213
  required_rubygems_version: !ruby/object:Gem::Requirement
214
214
  requirements:
215
215
  - - ">="