concerns_on_rails 1.14.1 → 1.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0cbda4a7f45769f7997d0f5367d04a594946bee53e45e759a461bb73a535522e
-  data.tar.gz: 692b5092f4b784a113dd09935eda88fc16bd1f0a484f349ae53c77f8b945b14d
+  metadata.gz: 9d0ca1b10759cf285948bef864e3cba343b3d1caa5e461b000af0486b4d51781
+  data.tar.gz: 1006768d58216c32a190c551ede050eb2e12ac24d13daf847600e83d1f219f52
 SHA512:
-  metadata.gz: 215b94501afdbb59bfed5633eaa649efb244e2c9a01e21ac30a63ea1bf4de0ffa9f5b2c71da92d5fd980f90cc7d8ef397f17fa0c708d16be31059f7d29facf91
-  data.tar.gz: 3778aa7588aef6315a40707fdfd1d01b2092d65fb4b5717a16a4ac4f81300f23086aa4a3f0133d86a84d84acbb9b210a7ee45f23d2806e6c9d8ade8797238733
+  metadata.gz: 7b8c99595c6fbdd34ba4eb2ed011dee168c6178cffbee5bd1803195e83d5e2301bb87db99bc2dbf1143ba6d5e584f708d44aefbbea13248af2bc0d6eba0772d2
+  data.tar.gz: b43057a24fd64599ee62ef31dcbddd0daf3b985193a36dd02811c17721ebebf0e73f5793c73ffb41c98524ca9b5bec1a100c9c3619ccf8ceb896ce5ce11051cc

data/CHANGELOG.md

@@ -1,5 +1,41 @@
 <!-- CHANGELOG.md -->
 
+## 1.15.0 (2026-06-10)
+
+A review-driven release: 23 correctness/safety fixes (each with a regression spec) and 7 backward-compatible enhancements. 510 examples, 0 failures.
+
+### Fixed
+- **Controllers::SecureHeadable**: `content_security_policy_for(report_only: true)` no longer silently drops the policy block — the policy is defined via `content_security_policy` and report-only mode is toggled separately (a report-only rollout previously registered no policy at all).
+- **Controllers::Authorizable**: `require_role` / actor resolution now find a private or `helper_method` `current_user` (`respond_to?(.., true)`), so Devise-style private `current_user` is no longer denied.
+- **Controllers::Sortable**: uses `reorder` so the requested sort replaces a model `default_scope` ORDER BY instead of becoming a silent secondary key.
+- **Controllers::Paginatable**: the total count no longer breaks on grouped relations (it returned a Hash); it collapses to the group count.
+- **Controllers::Filterable**: a nested-hash param in direct-where mode no longer raises a user-triggerable 500 — non-scalar values are ignored.
+- **Controllers::Localizable**: the `Accept-Language` parser honors q-values (rejects `q=0`, orders by preference) per RFC 7231.
+- **Controllers::ErrorHandleable**: the 404 handler renders a generic message instead of the raw `RecordNotFound` message, which leaked the model class name and queried attribute/value.
+- **Models::SoftDeletable**: `deleted_within` uses an explicit `>=` predicate (the previous endless range was unsupported on Rails 5.x); `soft_delete_all` / `restore_all` roll the whole batch back when a record fails.
+- **Models::Sluggable**: backfills a blank slug on save even when the source is unchanged, and no longer overwrites an explicitly-assigned slug.
+- **Models::Publishable**: scopes branch on the column type so a boolean publishable column uses equality predicates instead of nonsensical timestamp comparisons.
+- **Models::Hashable**: validates that `length` is positive; `:integer` drops dead padding code.
+- **Models::Taggable**: `tagged_with` matches consistently (all branches use LIKE) and escapes the delimiter so a wildcard delimiter matches literally.
+- **Models::Monetizable** / **Support::Money**: no spurious `-` for amounts that round to zero; `subunit_to_unit: 0` is rejected.
+- **Models::Sequenceable**: the generation-time clock is memoized so a record's period anchor stays consistent (no boundary straddle).
+- **gemspec**: `spec.metadata` is merged rather than reassigned, preserving the `license` key.
+
+### Added
+- **Models::Activatable** / **Models::Expirable**: `prefix:` / `suffix:` options to affix scope names, so `.active` / `.expired` can coexist with the same-named scopes from sibling concerns on one model.
+- **Models::Publishable**: `before/after_publish` and `before/after_unpublish` lifecycle hooks.
+- **Models::Stateable**: `before/after_transition` hooks fired by guarded `<event>!` transitions.
+- **Models::Hashable**: `unique: true` retries on an in-Ruby collision before insert (parity with Tokenizable).
+- **Controllers::Sortable**: applies multiple whitelisted columns from a comma-separated `params[:sort]`.
+- **Controllers::Paginatable**: `pagination_meta(relation)` for body-based pagination (composes with `Respondable`'s `meta:`).
+
+### Changed
+- **Controllers::ErrorHandleable**: the default 404 message is now generic (`"Resource not found"`); override `handle_record_not_found` to surface detail in non-production environments.
+
+### Docs
+- Rewrote `CLAUDE.md` to cover all 29 concerns and 7 support modules, the model/controller layout, the macro conventions, the supported dependency ranges, and the release process.
+- Noted native Rails 7.1+ alternatives (`normalizes`, `generates_token_for`) in `Normalizable` / `Tokenizable`.
+
 ## 1.14.1 (2026-06-07)
 
 ### Fixed

data/lib/concerns_on_rails/controllers/authorizable.rb

@@ -50,8 +50,11 @@ module ConcernsOnRails
 
           wanted = roles.map(&:to_s)
           check = proc do
-            actor = respond_to?(via) ? send(via) : nil
-            actor.respond_to?(role_method) && wanted.include?(actor.public_send(role_method).to_s)
+            # respond_to?(via, true): current_user is usually private (Devise) or
+            # a helper_method (which keeps it private on the instance), so the
+            # default public-only check would resolve nil and deny everyone.
+            actor = respond_to?(via, true) ? send(via) : nil
+            actor.respond_to?(role_method, true) && wanted.include?(actor.send(role_method).to_s)
           end
           add_authorization_rule(check: check, only: only, except: except, status: status, message: message)
         end
@@ -113,7 +116,8 @@ module ConcernsOnRails
       end
 
       def authorization_actor
-        respond_to?(:current_user) ? current_user : nil
+        # include_private: true — current_user is typically private/helper_method.
+        respond_to?(:current_user, true) ? current_user : nil
       end
 
       def authorization_action_name

data/lib/concerns_on_rails/controllers/error_handleable.rb

@@ -30,9 +30,12 @@ module ConcernsOnRails
         rescue_from "ActiveRecord::RecordInvalid",        with: :handle_record_invalid
       end
 
-      def handle_record_not_found(error)
+      def handle_record_not_found(_error)
+        # Use a generic message: the raw RecordNotFound message leaks the model
+        # class name and the queried attribute/value to API clients. Subclasses
+        # can override this method to surface detail in non-production envs.
         render_error_envelope(
-          message: error.message,
+          message: "Resource not found",
           code: "not_found",
           status: :not_found
         )

data/lib/concerns_on_rails/controllers/filterable.rb

@@ -60,10 +60,24 @@ module ConcernsOnRails
           options[:with].call(relation, value)
         elsif options[:scope]
           relation.public_send(options[:scope])
-        else
+        elsif filterable_scalar?(value)
           relation.where(field => value)
+        else
+          # A nested/structured param (e.g. ?status[gt]=5) in direct-where mode
+          # would raise TypeError ("can't quote Hash") and surface as a 500.
+          # Ignore it instead — hash/array shaping must go through a `with:` lambda.
+          relation
         end
       end
+
+      # Scalars (and arrays, which AR turns into `IN (...)`) are safe to pass to
+      # .where; a Hash / ActionController::Parameters is not.
+      def filterable_scalar?(value)
+        return false if value.is_a?(Hash)
+        return false if defined?(ActionController::Parameters) && value.is_a?(ActionController::Parameters)
+
+        true
+      end
     end
   end
 end

data/lib/concerns_on_rails/controllers/localizable.rb

@@ -77,14 +77,36 @@ module ConcernsOnRails
       end
 
       def parse_accept_language(header, allowed)
-        header.split(",").each do |part|
-          lang = part.split(";").first.to_s.strip.split("-").first
+        ranked_accept_languages(header).each do |lang|
           match = match_locale(lang, allowed)
           return match if match
         end
         nil
       end
 
+      # Languages from an Accept-Language header, q=0 dropped, highest-q first
+      # (RFC 7231 preference order).
+      def ranked_accept_languages(header)
+        pairs = header.split(",").filter_map do |part|
+          token, *params = part.split(";").map(&:strip)
+          quality = accept_language_quality(params)
+          next if quality <= 0.0
+
+          lang = token.to_s.split("-").first
+          [lang, quality] if lang.present?
+        end
+        pairs.sort_by { |(_lang, quality)| -quality }.map(&:first)
+      end
+
+      # The q-value (relative quality) of an Accept-Language part: 1.0 when
+      # absent, 0.0 when malformed. q=0 means "not acceptable" and is dropped.
+      def accept_language_quality(params)
+        qparam = params.find { |p| p.start_with?("q=") }
+        return 1.0 unless qparam
+
+        Float(qparam[2..], exception: false) || 0.0
+      end
+
       def match_locale(candidate, allowed)
         return nil if candidate.blank?
 

data/lib/concerns_on_rails/controllers/paginatable.rb

@@ -41,7 +41,10 @@ module ConcernsOnRails
         per_page = pagination_per_page
         offset = (page - 1) * per_page
 
-        total = relation.except(:order, :limit, :offset).count
+        counted = relation.except(:order, :limit, :offset).count
+        # `.count` on a grouped relation returns a Hash (group => count); for
+        # offset pagination the meaningful total is the number of groups.
+        total = counted.is_a?(Hash) ? counted.length : counted
         total_pages = per_page.positive? ? (total.to_f / per_page).ceil : 0
 
         records = relation.limit(per_page).offset(offset)
@@ -50,6 +53,21 @@ module ConcernsOnRails
         records
       end
 
+      # Pagination metadata for a relation WITHOUT applying limit/offset — handy
+      # for body-based pagination (compose with Respondable's `meta:`).
+      def pagination_meta(relation)
+        page = pagination_page
+        per_page = pagination_per_page
+        counted = relation.except(:order, :limit, :offset).count
+        total = counted.is_a?(Hash) ? counted.length : counted
+        {
+          total: total,
+          page: page,
+          per_page: per_page,
+          total_pages: per_page.positive? ? (total.to_f / per_page).ceil : 0
+        }
+      end
+
       private
 
       def pagination_page

data/lib/concerns_on_rails/controllers/secure_headable.rb

@@ -85,11 +85,13 @@ module ConcernsOnRails
                   "ActionController::ContentSecurityPolicy (Rails 5.2+)"
           end
 
-          if report_only
-            content_security_policy_report_only(true, **action_opts, &block)
-          else
-            content_security_policy(**action_opts, &block)
-          end
+          # The policy block is ONLY accepted by content_security_policy; the
+          # report-only variant is a flag toggle that takes no block. So always
+          # define the policy via content_security_policy, then additionally mark
+          # it report-only when requested — otherwise a report-only rollout would
+          # silently register no policy at all (the block would be dropped).
+          content_security_policy(**action_opts, &block)
+          content_security_policy_report_only(true, **action_opts) if report_only
         end
       end
 

data/lib/concerns_on_rails/controllers/sortable.rb

@@ -44,21 +44,27 @@ module ConcernsOnRails
       # Apply ordering to a relation based on params[:sort] / params[:direction].
       # Falls back to defaults; never orders by a non-whitelisted column.
       def sorted(relation)
-        field = sort_field
-        return relation unless field
+        fields = sort_fields
+        return relation if fields.empty?
 
-        relation.order(field => sort_direction)
+        # reorder (not order) so the user-requested columns REPLACE any prior
+        # ORDER BY — including a model default_scope order. Multiple whitelisted
+        # columns (comma-separated in params[:sort]) are applied in request order.
+        direction = sort_direction
+        ordering = fields.to_h { |field| [field, direction] }
+        relation.reorder(ordering)
       end
 
       private
 
-      def sort_field
-        requested = params[:sort]&.to_sym
-        if requested && self.class.sortable_allowed_fields.include?(requested)
-          requested
-        else
-          self.class.sortable_default_field
-        end
+      # Whitelisted sort columns from params[:sort] (comma-separated), preserving
+      # request order; falls back to the configured default when none are valid.
+      def sort_fields
+        requested = params[:sort].to_s.split(",").map { |token| token.strip.to_sym }
+        allowed = requested & self.class.sortable_allowed_fields
+        return allowed unless allowed.empty?
+
+        Array(self.class.sortable_default_field).compact
       end
 
       def sort_direction

data/lib/concerns_on_rails/models/activatable.rb

@@ -30,12 +30,20 @@ module ConcernsOnRails
       class_methods do
         include ConcernsOnRails::Support::ColumnGuard
 
-        def activatable_by(field = DEFAULT_FIELD)
+        def activatable_by(field = DEFAULT_FIELD, prefix: nil, suffix: nil)
           self.activatable_field = field.to_sym
           ensure_columns!("ConcernsOnRails::Models::Activatable", activatable_field)
 
-          scope :active,   -> { where(activatable_field => true) }
-          scope :inactive, -> { where(activatable_field => [false, nil]) }
+          # Affix the scope names so two concerns that each define `.active`
+          # (e.g. SoftDeletable / Expirable) can coexist on one model.
+          scope activatable_scope_name(:active, prefix, suffix),   -> { where(activatable_field => true) }
+          scope activatable_scope_name(:inactive, prefix, suffix), -> { where(activatable_field => [false, nil]) }
+        end
+
+        private
+
+        def activatable_scope_name(base, prefix, suffix)
+          [prefix, base, suffix].compact.join("_").to_sym
         end
       end
 
@@ -56,7 +64,9 @@ module ConcernsOnRails
       end
 
       def toggle_active!
-        active? ? deactivate! : activate!
+        # Lock the row for the read-modify-write so concurrent toggles don't lose
+        # an update (with_lock wraps a transaction + SELECT ... FOR UPDATE).
+        with_lock { active? ? deactivate! : activate! }
       end
     end
   end

data/lib/concerns_on_rails/models/expirable.rb

@@ -9,21 +9,6 @@ module ConcernsOnRails
 
       included do
         class_attribute :expirable_field, instance_accessor: false, default: DEFAULT_FIELD
-
-        scope :active, lambda {
-          column = arel_table[expirable_field]
-          where(column.eq(nil).or(column.gt(Time.zone.now)))
-        }
-
-        scope :expired, lambda {
-          where(arel_table[expirable_field].lteq(Time.zone.now))
-        }
-
-        scope :expiring_within, lambda { |duration|
-          column = arel_table[expirable_field]
-          now = Time.zone.now
-          where(column.gt(now)).where(column.lteq(now + duration))
-        }
       end
 
       class_methods do
@@ -33,9 +18,34 @@ module ConcernsOnRails
         # Example:
         #   expirable_by                  # uses :expires_at
         #   expirable_by :valid_until
-        def expirable_by(field = DEFAULT_FIELD)
+        def expirable_by(field = DEFAULT_FIELD, prefix: nil, suffix: nil)
           self.expirable_field = field.to_sym
           ensure_columns!("ConcernsOnRails::Models::Expirable", expirable_field)
+          define_expirable_scopes(prefix, suffix)
+        end
+
+        private
+
+        # Scopes live here (not in `included do`) so their names can be affixed —
+        # letting Expirable's `.active`/`.expired` coexist with the same-named
+        # scopes from SoftDeletable / Activatable on a single model.
+        def define_expirable_scopes(prefix, suffix)
+          scope expirable_scope_name(:active, prefix, suffix), lambda {
+            column = arel_table[expirable_field]
+            where(column.eq(nil).or(column.gt(Time.zone.now)))
+          }
+          scope expirable_scope_name(:expired, prefix, suffix), lambda {
+            where(arel_table[expirable_field].lteq(Time.zone.now))
+          }
+          scope expirable_scope_name(:expiring_within, prefix, suffix), lambda { |duration|
+            column = arel_table[expirable_field]
+            now = Time.zone.now
+            where(column.gt(now)).where(column.lteq(now + duration))
+          }
+        end
+
+        def expirable_scope_name(base, prefix, suffix)
+          [prefix, base, suffix].compact.join("_").to_sym
         end
       end
 
@@ -74,8 +84,6 @@ module ConcernsOnRails
         (value - now).seconds
       end
 
-      private
-
       def expiry_extension_base
         value = self[self.class.expirable_field]
         now = Time.zone.now

data/lib/concerns_on_rails/models/hashable.rb

@@ -7,12 +7,14 @@ module ConcernsOnRails
       extend ActiveSupport::Concern
 
       VALID_TYPES = %i[hex uuid integer custom].freeze
+      MAX_GENERATION_ATTEMPTS = 10
 
       included do
         class_attribute :hashable_field, instance_accessor: false
         class_attribute :hashable_type, instance_accessor: false, default: :hex
         class_attribute :hashable_length, instance_accessor: false, default: 16
         class_attribute :hashable_alphabet, instance_accessor: false, default: nil
+        class_attribute :hashable_unique, instance_accessor: false, default: false
       end
 
       class_methods do
@@ -25,11 +27,12 @@ module ConcernsOnRails
         #   hashable_by :external_id, type: :uuid
         #   hashable_by :code, type: :integer, length: 6
         #   hashable_by :code, type: :custom, length: 8, alphabet: "ABCDEFGHJKMNPQRSTUVWXYZ23456789"
-        def hashable_by(field, type: :hex, length: 16, alphabet: nil)
+        def hashable_by(field, type: :hex, length: 16, alphabet: nil, unique: false)
           self.hashable_field = field.to_sym
           self.hashable_type = type.to_sym
           self.hashable_length = length.to_i
           self.hashable_alphabet = alphabet
+          self.hashable_unique = unique
 
           ensure_columns!("ConcernsOnRails::Models::Hashable", hashable_field)
           validate_hashable_options!
@@ -47,7 +50,7 @@ module ConcernsOnRails
           case hashable_type
           when :hex     then SecureRandom.hex(hashable_length)
           when :uuid    then SecureRandom.uuid
-          when :integer then SecureRandom.random_number(10**hashable_length).to_s.rjust(hashable_length, "0").to_i
+          when :integer then SecureRandom.random_number(10**hashable_length)
           when :custom  then ConcernsOnRails::Support::RandomValue.from_alphabet(hashable_alphabet, hashable_length)
           end
         end
@@ -60,10 +63,19 @@ module ConcernsOnRails
                   "ConcernsOnRails::Models::Hashable: unknown type '#{hashable_type}'. Valid types: #{VALID_TYPES.join(', ')}"
           end
 
+          if length_bearing_hashable_type? && !hashable_length.positive?
+            raise ArgumentError, "ConcernsOnRails::Models::Hashable: length must be a positive integer"
+          end
+
           return unless hashable_type == :custom && (!hashable_alphabet.is_a?(String) || hashable_alphabet.empty?)
 
           raise ArgumentError, "ConcernsOnRails::Models::Hashable: type :custom requires a non-empty alphabet: String"
         end
+
+        # :uuid ignores length; the others derive their size from it.
+        def length_bearing_hashable_type?
+          %i[hex integer custom].include?(hashable_type)
+        end
       end
 
       # Assigns the generated value only when the field is blank,
@@ -72,7 +84,22 @@ module ConcernsOnRails
         field = self.class.hashable_field
         return if self[field].present?
 
-        self[field] = self.class.generate_hashable_value
+        self[field] = if self.class.hashable_unique
+                        unique_hashable_value(field)
+                      else
+                        self.class.generate_hashable_value
+                      end
+      end
+
+      # Best-effort uniqueness: retry on an in-Ruby collision before insert. Pair
+      # with a unique DB index for the real guarantee (mirrors Tokenizable).
+      def unique_hashable_value(field)
+        ConcernsOnRails::Models::Hashable::MAX_GENERATION_ATTEMPTS.times do
+          candidate = self.class.generate_hashable_value
+          return candidate unless self.class.unscoped.exists?(field => candidate)
+        end
+        raise "ConcernsOnRails::Models::Hashable: could not generate a unique value for '#{field}' " \
+              "after #{ConcernsOnRails::Models::Hashable::MAX_GENERATION_ATTEMPTS} attempts"
       end
     end
   end

data/lib/concerns_on_rails/models/monetizable.rb

@@ -42,6 +42,10 @@ module ConcernsOnRails
 
           raise ArgumentError, "ConcernsOnRails::Models::Monetizable: :as cannot be combined with multiple fields" if as && fields.size > 1
 
+          unless subunit_to_unit.to_i.positive?
+            raise ArgumentError, "ConcernsOnRails::Models::Monetizable: :subunit_to_unit must be a positive integer"
+          end
+
           ensure_columns!("ConcernsOnRails::Models::Monetizable", fields)
           config = { unit: unit, precision: precision, delimiter: delimiter, separator: separator, subunit_to_unit: subunit_to_unit }
           fields.each { |cents_field| define_money_accessors(cents_field.to_sym, as, config) }

data/lib/concerns_on_rails/models/normalizable.rb

@@ -2,6 +2,10 @@ require "active_support/concern"
 
 module ConcernsOnRails
   module Models
+    # Declarative attribute normalization that runs in before_validation.
+    #
+    # On Rails 7.1+ you may prefer the framework-native `normalizes` macro for
+    # new code; this concern provides the same ergonomics on Rails 5.0–7.0.
     module Normalizable
       extend ActiveSupport::Concern
 

data/lib/concerns_on_rails/models/publishable.rb

@@ -5,18 +5,42 @@ module ConcernsOnRails
     module Publishable
       extend ActiveSupport::Concern
 
-      included do
+      included do # rubocop:disable Metrics/BlockLength
         class_attribute :publishable_field, instance_accessor: false, default: :published_at
 
-        scope :published, -> { where(arel_table[publishable_field].lteq(Time.zone.now)) }
+        # All scopes branch on the column type: a boolean publishable column (which
+        # the macro and instance methods also accept) needs equality predicates,
+        # not the timestamp `<= now` / `> now` comparisons that produce nonsensical
+        # SQL against a boolean.
+        scope :published, lambda {
+          if publishable_boolean_column?
+            where(publishable_field => true)
+          else
+            where(arel_table[publishable_field].lteq(Time.zone.now))
+          end
+        }
         scope :unpublished, lambda {
-          column = arel_table[publishable_field]
-          unscope(where: publishable_field).where(column.eq(nil).or(column.gt(Time.zone.now)))
+          if publishable_boolean_column?
+            unscope(where: publishable_field).where(publishable_field => [nil, false])
+          else
+            column = arel_table[publishable_field]
+            unscope(where: publishable_field).where(column.eq(nil).or(column.gt(Time.zone.now)))
+          end
+        }
+        # Set, but the publish time is still in the future (timestamp columns only).
+        scope :scheduled, lambda {
+          next none if publishable_boolean_column?
+
+          unscope(where: publishable_field).where(arel_table[publishable_field].gt(Time.zone.now))
+        }
+        # Never published — a true draft.
+        scope :draft, lambda {
+          if publishable_boolean_column?
+            unscope(where: publishable_field).where(publishable_field => [nil, false])
+          else
+            unscope(where: publishable_field).where(publishable_field => nil)
+          end
         }
-        # Set, but the publish time is still in the future.
-        scope :scheduled, -> { unscope(where: publishable_field).where(arel_table[publishable_field].gt(Time.zone.now)) }
-        # Never set — a true draft.
-        scope :draft, -> { unscope(where: publishable_field).where(publishable_field => nil) }
       end
 
       class_methods do
@@ -31,6 +55,12 @@ module ConcernsOnRails
           enable_published_default_scope if default_scope
         end
 
+        # True when the configured column is a boolean (vs a datetime timestamp);
+        # the scopes use this to pick equality vs time-comparison predicates.
+        def publishable_boolean_column?
+          columns_hash[publishable_field.to_s]&.type == :boolean
+        end
+
         private
 
         # Routed through a helper so the `default_scope:` keyword doesn't shadow
@@ -44,15 +74,27 @@ module ConcernsOnRails
       # Publish the record
       # Example:
       #   record.publish!
+      # Lifecycle hooks — override in the model (mirrors SoftDeletable's hooks).
+      def before_publish; end
+      def after_publish; end
+      def before_unpublish; end
+      def after_unpublish; end
+
       def publish!
-        update(self.class.publishable_field => Time.zone.now)
+        before_publish
+        result = update(self.class.publishable_field => Time.zone.now)
+        after_publish if result
+        result
       end
 
       # Unpublish the record
       # Example:
       #   record.unpublish!
       def unpublish!
-        update(self.class.publishable_field => nil)
+        before_unpublish
+        result = update(self.class.publishable_field => nil)
+        after_unpublish if result
+        result
       end
 
       # Check if the record is published

data/lib/concerns_on_rails/models/searchable.rb

@@ -23,6 +23,9 @@ module ConcernsOnRails
     #                   :all splits on whitespace and requires every term to match.
     #   match:          :contains (default, "%q%"), :prefix ("q%"), or :exact ("q").
     #   case_sensitive: false (default) emits ILIKE on Postgres; true emits LIKE.
+    #                   NOTE: this only affects Postgres. On MySQL/SQLite, LIKE
+    #                   case sensitivity is governed by the column collation, so
+    #                   the flag is effectively a no-op there.
     #
     # Uses Arel's `matches`. The query is escaped before interpolation, so
     # `%` / `_` / `\` from user input are treated as literals.

data/lib/concerns_on_rails/models/sluggable.rb

@@ -23,7 +23,21 @@ module ConcernsOnRails
         # if we don't override this method, friendly_id will not generate the new slug when update
         define_method :should_generate_new_friendly_id? do
           field = self.class.sluggable_field
-          respond_to?("will_save_change_to_#{field}?") && send("will_save_change_to_#{field}?")
+          slug_column = self.class.friendly_id_config.slug_column
+
+          # An explicitly-assigned slug wins — don't overwrite it with a generated
+          # one when the slug column itself is being changed in this save.
+          changing_slug = respond_to?("will_save_change_to_#{slug_column}?") &&
+                          send("will_save_change_to_#{slug_column}?")
+          return false if changing_slug
+
+          source_changed = respond_to?("will_save_change_to_#{field}?") &&
+                           send("will_save_change_to_#{field}?")
+          # Backfill a missing slug even when the source did not change, so
+          # legacy/imported rows with a NULL slug still self-heal.
+          slug_missing = send(slug_column).blank? && slug_source.present?
+
+          source_changed || slug_missing
         end
       end
 

data/lib/concerns_on_rails/models/soft_deletable.rb

@@ -23,7 +23,12 @@ module ConcernsOnRails
         # `with_deleted` peels off the default scope so deleted + non-deleted are both returned.
         scope :with_deleted, -> { unscope(where: soft_delete_field) }
         # Records soft-deleted within the last `duration` (e.g. `deleted_within(7.days)`).
-        scope :deleted_within, ->(duration) { soft_deleted.where(soft_delete_field => duration.ago..) }
+        # Uses an explicit `>=` rather than an endless range (`x..`): AR only
+        # translates an endless range to a `>=` predicate on Rails 6.0+, but this
+        # gem supports Rails >= 5.0.
+        scope :deleted_within, lambda { |duration|
+          soft_deleted.where("#{connection.quote_column_name(soft_delete_field.to_s)} >= ?", duration.ago)
+        }
 
         # Hide soft-deleted rows from `.all` only when enabled (the default). The block is
         # evaluated lazily, so toggling `soft_delete_default_scope` via the macro takes effect.
@@ -46,7 +51,10 @@ module ConcernsOnRails
 
         # Soft-delete every matching record, wrapped in a transaction so the batch is atomic.
         def soft_delete_all
-          transaction { all.each(&:soft_delete!) }
+          # Roll the whole batch back if any record fails to soft-delete, so the
+          # documented atomicity actually holds (soft_delete! returns falsey on a
+          # validation failure rather than raising).
+          transaction { all.each { |record| record.soft_delete! || raise(ActiveRecord::Rollback) } }
         end
 
         # Override destroy_all to soft delete. Kept for backwards compatibility, but prefer the

data/lib/concerns_on_rails/models/stateable.rb

@@ -60,6 +60,11 @@ module ConcernsOnRails
         update!(self.class.stateable_field => state.to_s)
       end
 
+      # Transition lifecycle hooks — override in the model. Fired by guarded
+      # <event>! transitions (not by direct <state>! setters or transition_to!).
+      def before_transition(_event, _from, _to); end
+      def after_transition(_event, _from, _to); end
+
       # Defined as a real module (not `class_methods do`) so all the private
       # builder helpers live under a single `private` and aren't constrained by
       # Metrics/BlockLength. ActiveSupport::Concern auto-extends `ClassMethods`.
@@ -154,11 +159,13 @@ module ConcernsOnRails
 
       # Instance-level guarded transition body, shared by every `<event>!`.
       def stateable_perform_transition!(field, to, from, event)
-        unless from.empty? || from.include?(self[field].to_s)
-          raise InvalidTransition, "#{self.class.name}: cannot #{event} from '#{self[field]}'"
-        end
+        current = self[field].to_s
+        raise InvalidTransition, "#{self.class.name}: cannot #{event} from '#{self[field]}'" unless from.empty? || from.include?(current)
 
-        update!(field => to)
+        before_transition(event, current, to)
+        result = update!(field => to)
+        after_transition(event, current, to)
+        result
       end
     end
   end

data/lib/concerns_on_rails/models/taggable.rb

@@ -96,11 +96,15 @@ module ConcernsOnRails
         # LIKE escape), so a tag containing `_` or `%` matches literally.
         def taggable_clause(tag)
           column = "#{connection.quote_table_name(table_name)}.#{connection.quote_column_name(taggable_field)}"
-          delim = taggable_delimiter
+          # Escape the delimiter too (not just the tag): a delimiter that is a LIKE
+          # wildcard (% or _) must match literally. Use LIKE for the whole-column
+          # branch as well, so casing is uniform across all four branches — the
+          # previous `= ?` was case-sensitive while LIKE is not.
+          delim = taggable_escape_like(taggable_delimiter)
           escaped = taggable_escape_like(tag)
           esc = " ESCAPE '\\'"
-          ["(#{column} = ? OR #{column} LIKE ?#{esc} OR #{column} LIKE ?#{esc} OR #{column} LIKE ?#{esc})",
-           [tag, "#{escaped}#{delim}%", "%#{delim}#{escaped}", "%#{delim}#{escaped}#{delim}%"]]
+          ["(#{column} LIKE ?#{esc} OR #{column} LIKE ?#{esc} OR #{column} LIKE ?#{esc} OR #{column} LIKE ?#{esc})",
+           [escaped, "#{escaped}#{delim}%", "%#{delim}#{escaped}", "%#{delim}#{escaped}#{delim}%"]]
         end
 
         # Treat the user's tag as a LIKE literal: %, _ and \ are not wildcards.

data/lib/concerns_on_rails/models/tokenizable.rb

@@ -20,11 +20,14 @@ module ConcernsOnRails
     #   user.api_token?                           # true if present
     #
     #   User.find_by_api_token(token)             # Rails default
-    #   User.authenticate_by_api_token(token)     # timing-safe lookup, returns record or nil
+    #   User.authenticate_by_api_token(token)     # constant-time compare; returns record or nil
     #
     # Unlike Hashable, one model can declare multiple token fields, generation is
     # URL-safe by default, and `assign_tokenizable_value` retries on uniqueness
     # collisions before insert (best-effort; pair with a unique DB index).
+    #
+    # For stateless / self-expiring tokens (password resets, email confirmations)
+    # on Rails 7.1+, consider the framework-native `generates_token_for` instead.
     module Tokenizable
       extend ActiveSupport::Concern
 
@@ -88,6 +91,10 @@ module ConcernsOnRails
           define_singleton_method("authenticate_by_#{field}") { |value| timing_safe_find(field, value) }
         end
 
+        # NOTE: the find_by below is an indexed SQL equality, which is not itself
+        # timing-safe; secure_compare only hardens the in-Ruby comparison of the
+        # already-fetched candidate. For a truly constant-time lookup, store and
+        # query a digest instead of the raw token.
         def timing_safe_find(field, value)
           return nil if value.blank?
 

data/lib/concerns_on_rails/support/money.rb

@@ -26,7 +26,10 @@ module ConcernsOnRails
         whole = delimit(whole, delimiter)
         number = precision.positive? ? "#{whole}#{separator}#{frac.ljust(precision, '0')[0, precision]}" : whole
 
-        "#{'-' if decimal.negative?}#{unit}#{number}"
+        # Take the sign from the ROUNDED magnitude so a value that rounds to zero
+        # (e.g. -0.001 at precision 2) never prints a spurious "-".
+        sign = decimal.negative? && !rounded.zero? ? "-" : ""
+        "#{sign}#{unit}#{number}"
       end
 
       # Insert the thousands delimiter into a non-negative integer string.

data/lib/concerns_on_rails/support/sequence_calculator.rb

@@ -67,7 +67,14 @@ module ConcernsOnRails
       # during before_create — fall back to the current time, which is what the
       # timestamp will resolve to anyway.
       def base_time(record)
-        record&.created_at || Time.current
+        return Time.current unless record
+
+        # Memoize the fallback "now" on the record so every base_time call within a
+        # single create resolves to the SAME instant — otherwise two Time.current
+        # reads could straddle a period boundary (year/month/day) and disagree.
+        record.created_at ||
+          record.instance_variable_get(:@_sequenceable_now) ||
+          record.instance_variable_set(:@_sequenceable_now, Time.current)
       end
     end
   end

data/lib/concerns_on_rails/version.rb

@@ -1,3 +1,3 @@
 module ConcernsOnRails
-  VERSION = "1.14.1".freeze
+  VERSION = "1.15.0".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: concerns_on_rails
 version: !ruby/object:Gem::Version
-  version: 1.14.1
+  version: 1.15.0
 platform: ruby
 authors:
 - Ethan Nguyen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-06-06 00:00:00.000000000 Z
+date: 2026-06-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -112,6 +112,7 @@ homepage: https://vsn2015.github.io/concerns_on_rails
 licenses:
 - MIT
 metadata:
+  license: MIT
   homepage_uri: https://vsn2015.github.io/concerns_on_rails
   source_code_uri: https://github.com/VSN2015/concerns_on_rails
   changelog_uri: https://github.com/VSN2015/concerns_on_rails/blob/master/CHANGELOG.md