do_role 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 0e0656ea0457c67f9aff8a0e70bde325a857891a4e6e12df2ac9b29df757a330
+  data.tar.gz: b178335b7e1938fcb1aae1d49c0592995db7cc62236ec0b26bc369d08e4e4aff
+SHA512:
+  metadata.gz: 1494eb63a948ff541d2473bb5c119b0783e14b2e10b0f36758b72e11058e647e2358c63750ce7866c2335a7bf7cf97f81f0b9e4784e7a54d1dd4ebcc079af4bf
+  data.tar.gz: f3b52ea6aea1c23688e5ac48ed0e4fae822e0c0ac584bd3a857ef8ac523604c26322ffe7fea0617c2bd6a8188b50b73c41a8d7541ff96bd0a7f330b09a13ba05

data/README.md

@@ -0,0 +1,141 @@
+# DoRole
+
+一个简单而灵活的Ruby on Rails角色权限管理解决方案。DoRole提供了直观的方式来管理Rails应用中的角色和权限。
+
+## 特性
+
+- 简单直观的API设计
+- 灵活的权限配置系统
+- 支持权限继承
+- 支持条件权限
+- 内置权限审计功能
+- 完全兼容Rails 7.0+
+
+## 安装
+
+在你的Gemfile中添加：
+
+```ruby
+gem 'do_role'
+```
+
+然后执行：
+
+```bash
+$ bundle install
+```
+
+## 基本配置
+
+### 生成迁移文件
+
+```bash
+$ rails generate do_role:install
+$ rails db:migrate
+```
+
+### 配置权限
+
+在`config/initializers/do_role.rb`中定义权限：
+
+```ruby
+DoRole.permission_set do
+  # 使用namespace组织权限
+  namespace :posts do
+    permission :index
+    permission :create
+    permission :update
+    permission :destroy
+  end
+
+  namespace :users do
+    permission :manage
+    permission :view
+  end
+
+  # 可以添加自定义选项
+  namespace :admin do
+    permission :dashboard, description: "访问管理后台"
+  end
+
+  # 支持权限继承
+  namespace :articles do
+    permission :create
+    permission :update
+    permission :destroy
+    permission :manage, requires: [:create, :update, :destroy]
+  end
+
+  # 条件权限
+  namespace :comments do
+    permission :moderate, user_id: ->(user_id) { user_id == @user.id }
+  end
+end
+```
+
+## 使用方法
+
+### 在模型中包含DoRole
+
+```ruby
+class User < ApplicationRecord
+  include DoRole::Model
+  # 自动提供以下方法：
+  # - roles
+  # - permissions
+  # - has_permission?
+ end
+```
+
+### 创建和管理角色
+
+```ruby
+# 创建角色
+role = user.roles.create(name: "编辑", permissions: ["posts.create", "posts.update"])
+
+# 添加权限
+role.add_permission("posts.destroy")
+
+# 移除权限
+role.remove_permission("posts.destroy")
+
+# 检查权限
+role.has_permission?("posts.create") # => true
+```
+
+### 用户权限验证
+
+```ruby
+# 检查用户是否拥有特定权限
+user.has_permission?("posts.create")
+
+# 带条件的权限检查
+user.has_permission?("comments.moderate", comment)
+
+# 获取用户所有权限
+user.permissions # => ["posts.create", "posts.update", ...]
+```
+
+### 权限审计
+
+```ruby
+# 启用权限审计
+DoRole.configure do |config|
+  config.enable_permission_audit = true
+end
+
+# 查看权限变更记录
+user.permission_audits
+```
+
+## 贡献
+
+1. Fork 项目
+2. 创建特性分支 (`git checkout -b my-new-feature`)
+3. 提交你的改动 (`git commit -am 'Add some feature'`)
+4. 推送到分支 (`git push origin my-new-feature`)
+5. 创建一个 Pull Request
+
+## 许可证
+
+本项目基于 [MIT License](https://opensource.org/licenses/MIT) 开源。

data/Rakefile

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/**/*_test.rb"]
+  t.warning = false
+end
+
+Rake::TestTask.new(:integration) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList["test/integration/**/*_test.rb"]
+  t.warning = false
+end
+
+task default: :test
+
+desc "运行所有测试（单元测试和集成测试）"
+task :all_tests do
+  Rake::Task["test"].invoke
+  Rake::Task["integration"].invoke
+end
+
+desc "构建和安装gem包"
+task :build_and_install do
+  system "gem build do_role.gemspec"
+  system "gem install do_role-*.gem"
+end

data/lib/do_role/ability.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+module DoRole
+  class Ability
+    attr_reader :user
+
+    def initialize(user)
+      @user = user
+    end
+
+    def can?(action, subject, *extra_args)
+      conditions = extra_args.extract_options!
+      permission_name = build_permission_name(action, subject)
+
+      return false unless has_base_permission?(permission_name)
+
+      permission = DoRole.permission_set.get(permission_name)
+      if permission && permission[:requires].present?
+        return false unless permission[:requires].all? { |req| can?(req, subject, conditions) }
+      end
+
+      # # 如果是对类进行检查且没有条件权限，则只检查基本权限
+      # return false if subject.is_a?(Class) && permission[:conditions].present?
+      # # 如果是对类进行检查且有条件权限，则返回false
+      return true if subject.is_a?(Class) #&& permission[:conditions].empty?
+
+      conditions_to_check = conditions
+      if permission && !permission[:conditions].empty?
+        conditions_to_check = permission[:conditions].merge(conditions)
+      end
+
+      check_conditions(subject, conditions_to_check)
+    end
+
+    private
+
+    def has_base_permission?(permission_name)
+      namespace, action = permission_name.to_s.split('.')
+      return false unless namespace && action
+      user.roles.any? { |role| role.has_permission?(permission_name) } ||
+      user.permissions[namespace]&.include?(action)
+    end
+
+    def check_conditions(subject, conditions)
+      return true if conditions.empty? 
+
+      conditions.all? do |key, value|
+        subject_value = if subject.is_a?(Hash)
+          subject[key]
+        else
+          subject.respond_to?(key) ? subject.public_send(key) : nil
+        end
+
+        if value.is_a?(Proc)
+          instance_exec(subject_value, &value)
+        else
+          subject_value == value
+        end
+      end
+    end
+
+    def build_permission_name(action, subject)
+      subject_name = if subject.is_a?(Class)
+        if defined?(ActiveRecord) && subject.respond_to?(:base_class)
+          subject.base_class.name.underscore
+        else
+          subject.superclass.name.underscore
+        end
+      elsif subject.is_a?(Hash)
+        subject[:resource_type]&.to_s&.underscore || raise(ArgumentError, "resource_type is required when subject is a Hash")
+      else
+        get_base_class_name(subject.class)
+      end
+      [subject_name.pluralize, action].join('.')
+    end
+
+    def get_base_class_name(klass)
+      return klass.name.underscore if !defined?(ActiveRecord) || !klass.respond_to?(:base_class)
+      klass.base_class.name.underscore
+    end
+  end
+end

data/lib/do_role/concerns/model.rb

@@ -0,0 +1,28 @@
+module DoRole
+  module Model
+    extend ActiveSupport::Concern
+    
+    class_methods do
+      def do_role(options = {})
+        role_association = options[:role_association] || :user_roles
+        role_class = options[:role_class] || 'DoRole::Role'
+
+        has_many role_association, dependent: :destroy
+        has_many :roles, through: role_association, class_name: role_class
+      end
+    end
+
+    included do
+      do_role
+    end
+   
+    def has_permission?(permission)
+      return false unless permission
+      roles.any? { |role| role.has_permission?(permission) }
+    end
+   
+    def computed_permissions
+      roles.map(&:computed_permissions).flatten.uniq
+    end
+  end
+end

data/lib/do_role/concerns/permission_manageable.rb

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+
+module DoRole
+  module PermissionManageable
+    extend ActiveSupport::Concern
+
+    included do
+      serialize :permissions, coder: JSON
+      validates :permissions, presence: true
+
+      after_initialize :initialize_permissions
+    end
+
+    # 检查是否拥有某个权限
+    def has_permission?(permission)
+      return false if permission.blank?
+      namespace, action = parse_permission(permission)
+      cached_permissions.dig(namespace)&.include?(action)
+    end
+
+    # 添加权限
+    def add_permission(permission)
+      validate_permission!(permission)
+      modify_permission(permission, :add)
+    end
+
+    # 移除权限
+    def remove_permission(permission)
+      return if permission.blank?
+      modify_permission(permission, :remove)
+    end
+
+    # 获取所有权限
+    def all_permissions
+      cached_permissions
+    end
+
+    # 计算完整权限路径
+    def computed_permissions
+      all_permissions.flat_map do |namespace, actions|
+        if actions.is_a?(Hash)
+          actions.flat_map do |sub_namespace, sub_actions|
+            Array.wrap(sub_actions).map { |action| "#{namespace}.#{sub_namespace}.#{action}" }
+          end
+        else
+          Array.wrap(actions).map { |action| "#{namespace}.#{action}" }
+        end
+      end
+    end
+
+    # 带缓存的权限
+    def cached_permissions
+      @cached_permissions ||= begin
+        all_permissions = permissions.deep_dup
+        if parent_role
+          parent_permissions = parent_role.cached_permissions
+          all_permissions.deep_merge!(parent_permissions) { |_, old_val, new_val| Array.wrap(old_val) | Array.wrap(new_val) }
+        end
+        all_permissions
+      end
+    end
+
+    private
+
+    # 初始化权限
+    def initialize_permissions
+      self.permissions = permissions.presence || {}.with_indifferent_access
+      self.permissions = convert_array_to_hash if permissions.is_a?(Array)
+    end
+
+    # 修改权限（添加或删除）
+    def modify_permission(permission, action)
+      namespace, action_name = parse_permission(permission)
+      current_permissions = permissions.deep_dup
+
+      *path, last = namespace.split('.')
+      target = path.inject(current_permissions) { |hash, ns| hash[ns] ||= {} }
+
+      case action
+      when :add
+        target[last] = Array.wrap(target[last]) | [action_name]
+      when :remove
+        if actions = target[last]
+          Array.wrap(actions).delete(action_name)
+          target.delete(last) if actions.blank?
+        end
+      end
+
+      self.permissions = current_permissions
+      clear_permissions_cache
+      save if persisted?
+    end
+
+    # 解析权限字符串
+    def parse_permission(permission)
+      raise ArgumentError, "Permission cannot be nil or empty" if permission.blank?
+      permission.to_s.strip.split('.').then { |parts| [parts[0..-2].join('.'), parts.last] }
+    end
+
+    # 验证权限格式
+    def validate_permission!(permission)
+      normalized = normalize_permission(permission)
+      raise ArgumentError, "Invalid permission format" unless normalized.match?(/\A[\w]+(?:\.[\w]+)+\z/)
+      raise ArgumentError, "Permission must contain only letters, numbers, and dots" unless normalized.match?(/\A[a-zA-Z0-9_.]+\z/)
+      raise ArgumentError if normalized != permission
+    end
+
+    # 规范化权限字符串
+    def normalize_permission(permission)
+      permission.to_s.strip.downcase
+    end
+
+    # 将数组格式的权限转换为哈希
+    def convert_array_to_hash
+      return unless permissions.is_a?(Array)
+      permissions.select(&:present?).map(&:strip).each_with_object({}.with_indifferent_access) do |permission, hash|
+        namespace, action = parse_permission(permission)
+        *path, last = namespace.split('.')
+        current = path.inject(hash) { |h, ns| h[ns] ||= {} }
+        current[last] = Array.wrap(current[last]) | [action]
+      end
+    end
+
+    # 清除权限缓存
+    def clear_permissions_cache
+      @cached_permissions = nil
+      child_roles.each(&:clear_permissions_cache)
+    end
+  end
+end

data/lib/do_role/concerns/role_model.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module DoRole
+  module RoleModel
+    extend ActiveSupport::Concern
+
+    included do
+      has_many :user_roles, dependent: :destroy
+      has_many :roles, through: :user_roles
+
+      serialize :permissions, coder: JSON
+
+      after_initialize do
+        self.permissions ||= {}
+      end
+    end
+
+    def has_permission?(permission)
+      return true if check_direct_permission(permission)
+      return true if roles.any? { |role| role.has_permission?(permission) }
+      false
+    end
+
+    def add_permission(permission)
+      self.permissions = (Array(permissions) + [permission.to_s]).uniq
+    end
+
+    def remove_permission(permission)
+      return unless permission
+      self.permissions = Array(permissions) - [permission.to_s]
+    end
+
+    def computed_permissions
+      role_permissions = roles.map(&:computed_permissions).flatten
+      direct_permissions = DoRole.permission_set.computed_permissions(permissions)
+      (role_permissions + direct_permissions).uniq
+    end
+
+    private
+
+    def check_direct_permission(permission)
+      return false unless permission
+      permissions.include?(permission.to_s)
+    end
+
+    def parse_permission(permission)
+      permission = permission.to_s.strip
+      namespace, action = permission.split('.')
+      [namespace, action]
+    end
+  end
+end

data/lib/do_role/conditions_proxy.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module DoRole
+  class ConditionsProxy
+    attr_reader :conditions
+    def initialize(conditions)
+      @conditions = conditions
+    end
+
+    def condition(name, value)
+      @conditions[name.to_sym] = value
+    end
+
+    def requires(*permissions)
+      @conditions[:requires] = permissions.flatten.map(&:to_s)
+    end
+  end
+end

data/lib/do_role/permission_audit.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module DoRole
+  class PermissionAudit
+    class << self
+      def log_changes(action, namespace, permission_name, options = {})
+        @audit_logs ||= []
+        @audit_logs << {
+          action: action,
+          namespace: namespace,
+          permission_name: permission_name,
+          options: options,
+          timestamp: Time.now
+        }
+      end
+
+      def clear_logs
+        @audit_logs = []
+      end
+
+      def get_logs(filters = {})
+        return [] if @audit_logs.nil?
+        
+        logs = @audit_logs.dup
+        logs = logs.select { |log| log[:namespace] == filters[:namespace] } if filters[:namespace]
+        logs = logs.select { |log| log[:action] == filters[:action] } if filters[:action]
+        logs
+      end
+
+      def get_recent_logs(limit = 10)
+        return [] if @audit_logs.nil?
+        @audit_logs.last(limit)
+      end
+    end
+  end
+end

data/lib/do_role/permission_set.rb

@@ -0,0 +1,137 @@
+# frozen_string_literal: true
+
+module DoRole
+  class PermissionSet
+    attr_reader :registered_permissions
+    alias :permissions :registered_permissions
+
+    RESERVED_OPTIONS = [:priority, :description, :requires, :default, :conditions].freeze
+
+    def initialize
+      @registered_permissions = {}.with_indifferent_access
+      @namespace_stack = []
+    end
+
+    def draw(&block)
+      instance_eval(&block) if block_given?
+    end
+
+    def namespace(name, options = {}, &block)
+      raise ArgumentError, "name can't be blank" if name.blank?
+      
+      name = name.to_s
+      @namespace_stack.push(name)
+      
+      instance_eval(&block) if block_given?
+
+      @namespace_stack.pop
+    end
+
+    def permission(name, options = {}, &block)
+      name = name.to_s
+      raise ArgumentError, "name can't be blank" if name.blank?
+      
+      conditions = if block_given?
+        ConditionsProxy.new({}).tap { |proxy| proxy.instance_eval(&block) }.conditions
+      else
+        non_reserved_options = options.except(*RESERVED_OPTIONS)
+        options.except!(*non_reserved_options.keys)
+        non_reserved_options
+      end
+
+      options.reverse_merge!(
+        conditions: conditions,
+        priority: 0,
+        description: "",
+        requires: Array.wrap(options[:requires]).map(&:to_s)
+      )
+      
+      register_permission(name, options)
+    end
+
+    def get(permission_name)
+      permission = registered_permissions[permission_name.to_s]
+      return permission if permission&.key?(:priority)
+      nil
+    end
+
+    def valid_permission?(permission_name)
+      permission = get(permission_name)
+      !permission.nil?
+    end
+
+    def computed_permissions(base_permissions)
+      base_permissions
+        .map(&:to_s)
+        .select { |p| valid_permission?(p) }
+        .tap { |result| result.concat(collect_required_permissions(result)) }
+        .uniq
+    end
+
+    def namespaces
+      collect_namespaces(registered_permissions, [], []).uniq
+    end
+
+    def permissions_in_namespace(namespace)
+      current = registered_permissions.dig(*namespace.to_s.split('.'))
+      return {} unless current.is_a?(Hash)
+      
+      flatten_permissions(current, namespace.to_s)
+    end
+
+    private
+
+    def collect_required_permissions(permissions)
+      permissions.flat_map do |permission|
+        permission_config = get(permission)
+        next [] unless permission_config&.dig(:requires)&.present?
+
+        permission_config[:requires].map { |req| build_full_permission_path(permission, req) }
+      end
+    end
+
+    def build_full_permission_path(permission, req)
+      return req if req.include?('.')
+      
+      namespace = permission.split('.')[0..-2].join('.')
+      "#{namespace}.#{req}"
+    end
+
+    def collect_namespaces(hash, current_path, result)
+      hash.each do |key, value|
+        if value.is_a?(Hash) && RESERVED_OPTIONS.none? { |opt| value.key?(opt) }
+          result << (current_path + [key]).join('.')
+          collect_namespaces(value, current_path + [key], result)
+        end
+      end
+      result
+    end
+
+    def flatten_permissions(hash, prefix)
+      hash.each_with_object({}) do |(key, value), result|
+        next unless value.is_a?(Hash)
+        
+        full_key = prefix.presence ? "#{prefix}.#{key}" : key
+        if (RESERVED_OPTIONS & value.keys).present?
+          result[full_key] = value
+        else
+          result.merge!(flatten_permissions(value, full_key))
+        end
+      end
+    end
+    
+    def register_permission(name, options = {})
+      options.reverse_merge!(conditions: {}, priority: 0, description: "")
+      options[:requires] = Array.wrap(options[:requires]).map(&:to_s) if options[:requires].present?
+
+      full_path = (@namespace_stack + [name]).join('.')
+      
+      current_hash = @namespace_stack.inject(registered_permissions) do |hash, part|
+        hash[part] ||= {}
+      end
+      
+      current_hash[name] = options.deep_dup
+      registered_permissions[full_path] = options.deep_dup
+    end
+  end
+end

data/lib/do_role/permission_set_manager.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module DoRole
+  class PermissionSetManager
+    delegate :clear, to: :@permission_sets
+
+    def initialize
+      @permission_sets = {}.with_indifferent_access
+    end
+
+    def for_namespace(namespace)
+      @permission_sets[namespace.to_s] ||= PermissionSet.new
+    end
+
+    def namespaces
+      @permission_sets.keys
+    end
+
+    def namespace_exists?(namespace)
+      @permission_sets.key?(namespace.to_s)
+    end
+
+    def remove_namespace(namespace)
+      @permission_sets.delete(namespace.to_s)
+    end
+
+    def permissions_for(namespace)
+      @permission_sets[namespace.to_s].try(:permissions) || {}
+    end
+
+    def valid_permission?(namespace, permission_name)
+      @permission_sets[namespace.to_s].try(:valid_permission?, permission_name)
+    end
+
+    def set_inheritance(namespace, inherit_from)
+      target_set = for_namespace(namespace)
+      Array(inherit_from).each do |parent_namespace|
+        if (parent_set = @permission_sets[parent_namespace])
+          target_set.registered_permissions.deep_merge!(parent_set.registered_permissions)
+        end
+      end
+    end
+  end
+end

data/lib/do_role/role.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module DoRole
+  class Role < ActiveRecord::Base
+    include PermissionManageable
+
+    has_many :user_roles, dependent: :destroy
+    has_many :users, through: :user_roles
+    belongs_to :parent_role, class_name: 'DoRole::Role', optional: true
+    has_many :child_roles, class_name: 'DoRole::Role', foreign_key: 'parent_role_id'
+
+    validates :name, presence: true
+
+    def self.define_role_association(association_name, options = {})
+      has_many association_name, options.merge(dependent: :destroy)
+      has_many options[:through_model].to_s.pluralize.to_sym, through: association_name if options[:through_model]
+    end
+  end
+end

data/lib/do_role/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module DoRole
+  VERSION = "0.2.0"
+end

data/lib/do_role.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+require "active_record"
+require "active_support"
+require "do_role/version"
+require "do_role/conditions_proxy"
+require "do_role/concerns/model"
+require "do_role/concerns/role_model"
+require "do_role/concerns/permission_manageable"
+require "do_role/permission_audit"
+require "do_role/permission_set"
+require "do_role/permission_set_manager"
+require "do_role/ability"
+require "do_role/role"
+
+module DoRole
+  class Error < StandardError; end
+
+  class << self
+    def permission_set_manager
+      @permission_set_manager ||= PermissionSetManager.new
+    end
+
+    def permission_set(namespace = :default, inherit_from: [], &block)
+      set = permission_set_manager.for_namespace(namespace)
+      if inherit_from.any?
+        permission_set_manager.set_inheritance(namespace, inherit_from)
+      end
+      set.draw(&block) if block_given?
+      set
+    end
+
+    def reset_permissions(namespace = :default)
+      if namespace == :all
+        permission_set_manager.clear
+      else
+        permission_set_manager.remove_namespace(namespace)
+      end
+    end
+
+    def permissions(namespace = :default)
+      permission_set_manager.permissions_for(namespace)
+    end
+
+    def valid_permission?(permission_name, namespace = :default)
+      permission_set_manager.valid_permission?(namespace, permission_name)
+    end
+
+    def ability_for(user)
+      Ability.new(user)
+    end
+  end
+end
+
+# ActiveSupport.on_load(:active_record) do
+#   include DoRole::Model
+# end

data/lib/generators/do_role/install/install_generator.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module DoRole
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+
+      source_root File.expand_path('templates', __dir__)
+
+      def self.next_migration_number(dirname)
+        if ActiveRecord::Base.timestamped_migrations
+          Time.now.utc.strftime("%Y%m%d%H%M%S")
+        else
+          format("%03d", current_migration_number(dirname) + 1)
+        end
+      end
+
+      def create_migration_file
+        migration_template(
+          'create_do_role_tables.rb',
+          'db/migrate/create_do_role_tables.rb'
+        )
+      end
+
+      def create_initializer
+        template 'do_role.rb', 'config/initializers/do_role.rb'
+      end
+    end
+  end
+end

data/lib/generators/do_role/install/templates/create_do_role_tables.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+class CreateDoRoleTables < ActiveRecord::Migration[7.0]
+  def change
+    create_table :roles do |t|
+      t.string :name, null: false
+      t.text :permissions
+      t.text :description
+
+      t.timestamps
+    end
+
+    add_index :roles, :name, unique: true
+
+    create_table :user_roles do |t|
+      t.references :user, null: false, foreign_key: true
+      t.references :role, null: false, foreign_key: true
+
+      t.timestamps
+    end
+
+    add_index :user_roles, [:user_id, :role_id], unique: true
+  end
+end

data/lib/generators/do_role/install/templates/do_role.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+DoRole.permission_set do
+  # 使用namespace组织权限
+  namespace :posts do
+    permission :index
+    permission :create
+    permission :update
+    permission :destroy
+  end
+
+  namespace :users do
+    permission :manage
+    permission :view
+  end
+
+  # 可以添加自定义选项
+  namespace :admin do
+    permission :dashboard, description: "访问管理后台"
+  end
+end

data/lib/generators/do_role/templates/permission_form.html.erb

@@ -0,0 +1,24 @@
+<%= form_with model: @role do |f| %>
+  <div class="permission-form">
+    <% DoRole.permission_set.registered_permissions.group_by { |name, _| name.split('.').first }.each do |namespace, permissions| %>
+      <div class="permission-group">
+        <h3><%= namespace.titleize %></h3>
+        <div class="permission-items">
+          <% permissions.each do |permission_name, permission| %>
+            <div class="permission-item">
+              <%= check_box_tag "role[permissions][]", permission_name, @role.has_permission?(permission_name), id: "permission_#{permission_name.gsub('.', '_')}" %>
+              <%= label_tag "permission_#{permission_name.gsub('.', '_')}", permission_name %>
+              <% if permission[:description].present? %>
+                <small class="permission-description"><%= permission[:description] %></small>
+              <% end %>
+            </div>
+          <% end %>
+        </div>
+      </div>
+    <% end %>
+  </div>
+
+  <div class="form-actions">
+    <%= f.submit "保存", class: "btn btn-primary" %>
+  </div>
+<% end %>

metadata

@@ -0,0 +1,145 @@
+--- !ruby/object:Gem::Specification
+name: do_role
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- doabit
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2025-02-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.0
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.0
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.0
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: DoRole provides a clean and intuitive way to manage roles and permissions
+  in Rails applications
+email:
+- doinsist@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- Rakefile
+- lib/do_role.rb
+- lib/do_role/ability.rb
+- lib/do_role/concerns/model.rb
+- lib/do_role/concerns/permission_manageable.rb
+- lib/do_role/concerns/role_model.rb
+- lib/do_role/conditions_proxy.rb
+- lib/do_role/permission_audit.rb
+- lib/do_role/permission_set.rb
+- lib/do_role/permission_set_manager.rb
+- lib/do_role/role.rb
+- lib/do_role/version.rb
+- lib/generators/do_role/install/install_generator.rb
+- lib/generators/do_role/install/templates/create_do_role_tables.rb
+- lib/generators/do_role/install/templates/do_role.rb
+- lib/generators/do_role/templates/permission_form.html.erb
+homepage: https://github.com/doabit/do_role
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.22
+signing_key:
+specification_version: 4
+summary: A simple and flexible role management solution for Rails applications
+test_files: []