RubyGems - effective_roles - Versions diffs - 2.0.1 → 2.1.0 - Mend

effective_roles 2.0.1 → 2.1.0

Files changed (14) hide show

checksums.yaml +4 -4
data/MIT-LICENSE +1 -1
data/README.md +2 -8
data/app/controllers/admin/roles_controller.rb +8 -3
data/app/helpers/effective_roles_helper.rb +106 -2
data/app/models/concerns/acts_as_role_restricted.rb +15 -14
data/app/views/effective/roles/_summary_table.html.haml +2 -1
data/config/effective_roles.rb +6 -29
data/lib/effective_roles.rb +68 -151
data/lib/effective_roles/engine.rb +2 -14
data/lib/effective_roles/version.rb +1 -1
metadata +20 -8
data/app/models/effective/access_denied.rb +0 -17
data/lib/effective_roles/set_current_user.rb +0 -15

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 06f6a3d9bee34bb09cb46dca52cf1d7837ed636c9a1888e244aff16c1f8b772c
-  data.tar.gz: 708a5daa2f874de24e5fe8b80f1cd1e4731d9fc30630f18ab16c666d47749e34
+  metadata.gz: 7f392991013eeab38fcc7b6092c1014078fc2a356833bd5033b9a268987dc512
+  data.tar.gz: 38bb573be4e391b9cfd6141713bd89d29914e46148705588f1859642a5269bed
 SHA512:
-  metadata.gz: a960a0fc29fbfec810675e507628dcf4c6aa2327685866c02e51d267a163869e3ed19c9f6cb92b3ceb7f21315c4d6c42f1f7e19efa374f944970778cf62ad3c7
-  data.tar.gz: 5d51969cfd0d88df911f5c79c550ce5085422ba82670250bb93781f5d95c298578d8c5b5c74bc3dfe4744f04b216ea2aaa00bccfefd097cf24491a5548d1f4a6
+  metadata.gz: ef6d332b9c6d93d8e28b61e856c93ec20e8c731b2fd02678fd1dcd8e52c2bcd12e1f5b68c891d82a265054065fe5694cc2bd59baa72ddaf2bb4553af28a93739
+  data.tar.gz: e7f10cde194b45115445a09bd99d0da254c81dd611c97cb9f1c25e8cd33181941449aaa20eb45b5b24d4bea0af8397720cf1156865ef0bf217b1798bf103225a

data/MIT-LICENSE CHANGED Viewed

@@ -1,4 +1,4 @@
-Copyright 2019 Code and Effect Inc.
+Copyright 2021 Code and Effect Inc.
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md CHANGED Viewed

@@ -8,10 +8,6 @@ Includes a mixin for adding authentication for any model.
 SQL Finders for returning an ActiveRecord::Relation with all permitted records.
-Handy formtastic and simple_form helpers for assigning roles.
-Rails 3.2.x and Rails 4
 ## Getting Started
@@ -158,8 +154,8 @@ When using assignable roles, you must assign the acts_as_role_restricted resourc
 You can do this in one of three ways:
-1. Setting resource.current_user = current_user in your controller directly.
-2. Add `before_action :set_effective_roles_current_user` to your ApplicationController
+1. Setting resource.current_user = current_user in your controller update action directly.
+2. Add `before_action -> { @thing.current_user = current_user }` to your ApplicationController
 3. Using `Effective::CrudController` to do this automatically.
 This restriction is only applied when running within the rails server. Not on rails console or db:seeds.
@@ -319,5 +315,3 @@ This model implements the https://github.com/ryanb/cancan/wiki/Role-Based-Author
 4. Push to the branch (`git push origin my-new-feature`)
 5. Bonus points for test coverage
 6. Create new Pull Request

data/app/controllers/admin/roles_controller.rb CHANGED Viewed

@@ -1,12 +1,17 @@
 module Admin
   class RolesController < ApplicationController
-    before_action :authenticate_user!
+    before_action(:authenticate_user!) if defined?(Devise)
+    before_action { EffectiveResources.authorize!(self, :admin, :effective_roles) }
-    layout (EffectiveRoles.layout.kind_of?(Hash) ? EffectiveRoles.layout[:admin_roles] : EffectiveRoles.layout)
+    include Effective::CrudController
+    if (config = EffectiveRoles.config.layout)
+      layout(config.kind_of?(Hash) ? config[:admin] : config)
+    end
     def index
       @page_title = 'Roles'
-      EffectiveRoles.authorize!(self, :admin, :effective_roles)
     end
   end
 end

data/app/helpers/effective_roles_helper.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module EffectiveRolesHelper
   def effective_roles_summary(obj, options = {}) # User or a Post, any acts_as_roleable
     raise 'expected an acts_as_roleable object' unless obj.respond_to?(:roles)
-    descriptions = EffectiveRoles.role_descriptions[obj.class.name] || EffectiveRoles.role_descriptions || {}
+    descriptions = EffectiveRoles.config.role_descriptions[obj.class.name] || EffectiveRoles.config.role_descriptions || {}
     opts = { obj: obj, roles: obj.roles, descriptions: descriptions }.merge(options)
     render partial: 'effective/roles/summary', locals: opts
@@ -17,7 +17,7 @@ module EffectiveRolesHelper
     raise 'Expected argument to be a Hash' unless opts.kind_of?(Hash)
     roles = Array(opts[:roles]).presence
-    roles ||= [:public, :signed_in] + EffectiveRoles.roles
+    roles ||= [:public, :signed_in] + EffectiveRoles.config.roles
     if opts[:only].present?
       klasses = Array(opts[:only])
@@ -101,4 +101,108 @@ module EffectiveRolesHelper
     klass.respond_to?(:name) ? klass.name : klass.to_s
   end
+  # This is used by the effective_roles_summary_table helper method
+  def effective_roles_authorization_level(controller, role, resource)
+    authorization_method = EffectiveRoles.config.authorization_method
+    raise('expected an authorization method') unless (authorization_method.respond_to?(:call) || authorization_method.kind_of?(Symbol))
+    return :unknown unless (controller.current_user rescue nil).respond_to?(:roles=)
+    # Store the current ability (cancan support) and roles
+    current_ability = controller.instance_variable_get(:@current_ability)
+    current_user = controller.instance_variable_get(:@current_user)
+    current_user_roles = controller.current_user.roles
+    # Set up the user, so the check is done with the desired permission level
+    controller.instance_variable_set(:@current_ability, nil)
+    level = nil
+    case role
+    when :signed_in
+      controller.current_user.roles = []
+    when :public
+      controller.instance_variable_set(:@current_user, nil)
+      if defined?(EffectiveLogging)
+        EffectiveLogging.supressed { (controller.request.env['warden'].set_user(false) rescue nil) }
+      else
+        (controller.request.env['warden'].set_user(false) rescue nil)
+      end
+    else
+      controller.current_user.roles = [role]
+    end
+    # Find the actual authorization level
+    level = effective_roles_item_authorization_level(controller, role, resource, authorization_method)
+    # Restore the existing current_user stuff
+    if role == :public
+      ActiveRecord::Base.transaction do
+        if defined?(EffectiveLogging)
+          EffectiveLogging.supressed { (controller.request.env['warden'].set_user(current_user) rescue nil) }
+        else
+          (controller.request.env['warden'].set_user(current_user) rescue nil)
+        end
+        raise ActiveRecord::Rollback
+      end
+    end
+    controller.instance_variable_set(:@current_ability, current_ability)
+    controller.instance_variable_set(:@current_user, current_user)
+    controller.current_user.roles = current_user_roles
+    level
+  end
+  def effective_roles_item_authorization_level(controller, role, resource, auth_method)
+    resource = (resource.new() rescue resource) if resource.kind_of?(ActiveRecord::Base)
+    # Custom actions
+    if resource.kind_of?(Hash)
+      resource.each do |key, value|
+        return (controller.instance_exec(controller, key, value, &auth_method) rescue false) ? :yes : :no
+      end
+    end
+    # Check for Manage
+    return :manage if (
+      (controller.instance_exec(controller, :create, resource, &auth_method) rescue false) &&
+      (controller.instance_exec(controller, :update, resource, &auth_method) rescue false) &&
+      (controller.instance_exec(controller, :show, resource, &auth_method) rescue false) &&
+      (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
+    )
+    # Check for Update
+    return :update if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
+    # Check for Update Own
+    if resource.respond_to?('user=')
+      resource.user = controller.current_user
+      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
+      resource.user = nil
+    elsif resource.respond_to?('user_id=')
+      resource.user_id = controller.current_user.id
+      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
+      resource.user_id = nil
+    elsif resource.class.name.end_with?('User')
+      return :update_own if (controller.instance_exec(controller, :update, controller.current_user, &auth_method) rescue false)
+    end
+    # Check for Create
+    return :create if (controller.instance_exec(controller, :create, resource, &auth_method) rescue false)
+    # Check for Show
+    return :show if (controller.instance_exec(controller, :show, resource, &auth_method) rescue false)
+    # Check for Index
+    return :index if (controller.instance_exec(controller, :index, resource, &auth_method) rescue false)
+    # Check for Destroy
+    return :destroy if (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
+    :none
+  end
 end

data/app/models/concerns/acts_as_role_restricted.rb CHANGED Viewed

@@ -14,7 +14,7 @@
 module ActsAsRoleRestricted
   extend ActiveSupport::Concern
-  module ActiveRecord
+  module Base
     def acts_as_role_restricted(multiple: false)
       @acts_as_role_restricted_opts = { multiple: multiple }
       include ::ActsAsRoleRestricted
@@ -29,22 +29,24 @@ module ActsAsRoleRestricted
     validates :roles_mask, numericality: true, allow_nil: true
-    validate(if: -> { changes.include?(:roles_mask) }) do
-      user = current_user || EffectiveRoles.current_user || (EffectiveLogging.current_user if defined?(EffectiveLogging))
-      if user.blank? && EffectiveRoles.assignable_roles.present? && defined?(Rails::Server)
-        self.errors.add(:roles, 'current_user must be present when assigning roles')
-      end
+    validate(if: -> { changes.include?(:roles_mask) && EffectiveRoles.assignable_roles_present?(self) }) do
       roles_was = EffectiveRoles.roles_for(changes[:roles_mask].first)
       changed = (roles + roles_was) - (roles & roles_was)  # XOR
-      assignable = EffectiveRoles.assignable_roles_collection(self, user) # Returns all roles when user is blank
+      assignable = EffectiveRoles.assignable_roles_collection(self, current_user) # Returns all roles when user is blank
       unauthorized = changed - assignable
       authorized = roles.dup
       unauthorized.each { |role| authorized.include?(role) ? authorized.delete(role) : authorized.push(role) }
+      if unauthorized.present?
+        Rails.logger.info "\e[31m unassignable roles: #{unauthorized.map { |role| ":#{role}" }.to_sentence}"
+      end
+      if unauthorized.present? && current_user.blank? && defined?(Rails::Server)
+        self.errors.add(:roles, 'current_user must be present when assigning roles')
+      end
       self.roles_mask = EffectiveRoles.roles_mask_for(authorized)
     end
@@ -69,18 +71,18 @@ module ActsAsRoleRestricted
     def with_role_sql(*roles)
       roles = roles.flatten.compact
       roles = roles.first.roles if roles.length == 1 && roles.first.respond_to?(:roles)
-      roles = (roles.map { |role| role.to_sym } & EffectiveRoles.roles)
+      roles = (roles.map { |role| role.to_sym } & EffectiveRoles.config.roles)
-      roles.map { |role| "(#{self.table_name}.roles_mask & %d > 0)" % 2**EffectiveRoles.roles.index(role) }.join(' OR ')
+      roles.map { |role| "(#{self.table_name}.roles_mask & %d > 0)" % 2**EffectiveRoles.config.roles.index(role) }.join(' OR ')
     end
     def without_role(*roles)
       roles = roles.flatten.compact
       roles = roles.first.roles if roles.length == 1 && roles.first.respond_to?(:roles)
-      roles = (roles.map { |role| role.to_sym } & EffectiveRoles.roles)
+      roles = (roles.map { |role| role.to_sym } & EffectiveRoles.config.roles)
       where(
-        roles.map { |role| "NOT(#{self.table_name}.roles_mask & %d > 0)" % 2**EffectiveRoles.roles.index(role) }.join(' AND ')
+        roles.map { |role| "NOT(#{self.table_name}.roles_mask & %d > 0)" % 2**EffectiveRoles.config.roles.index(role) }.join(' AND ')
       ).or(where(roles_mask: nil))
     end
   end
@@ -127,4 +129,3 @@ module ActsAsRoleRestricted
   end
 end

data/app/views/effective/roles/_summary_table.html.haml CHANGED Viewed

@@ -13,4 +13,5 @@
         %td= effective_roles_authorization_label(klass)
         - roles.each do |role|
           %td.text-center
-            = effective_roles_authorization_badge(EffectiveRoles.authorization_level(controller, role, klass))
+            - level = effective_roles_authorization_level(controller, role, klass)
+            = effective_roles_authorization_badge(level)

data/config/effective_roles.rb CHANGED Viewed

@@ -53,6 +53,8 @@ EffectiveRoles.setup do |config|
   #     :superadmin => [:superadmin, :admin, :member],  # Superadmins may create Pages for any role
   #     :admin => [:admin, :member],                    # Admins may create Pages for admin and members
   #     :member => [:member]                            # Members may create Pages for members
+  #   },
+  #   'Post' => false                                   # Don't enforce assignable roles validation
   #   }
   #
   # Or just keep it simple, and use this Hash syntax of permissions for every resource
@@ -60,38 +62,13 @@ EffectiveRoles.setup do |config|
   # config.assignable_roles = {
   #   :superadmin => [:superadmin, :admin, :member], # Superadmins may assign any resource any role
   #   :admin => [:admin, :member],                   # Admins may only assign the :admin or :member role
-  #   :member => []                                  # Members may not assign any roles
+  #   :member => [],                                 # Members may not assign any roles
+  #   :new_record => [:member]                       # Member may be assigned to a new_record without a current_user
   # }
   # Authorization Method
-  #
-  # This doesn't have anything to do with the roles themselves.
-  # It's only used in two places:
-  # - For the effective_roles_summary_table() helper method
-  # - The /admin/roles page check
-  #
-  # It should match the authorization check used by your application
-  #
-  # This method is called by all controller actions with the appropriate action and resource
-  # If the method returns false, an Effective::AccessDenied Error will be raised (see README.md for complete info)
-  #
-  # Use via Proc (and with CanCan):
-  # config.authorization_method = Proc.new { |controller, action, resource| can?(action, resource) }
-  #
-  # Use via custom method:
-  # config.authorization_method = :my_authorization_method
-  #
-  # And then in your application_controller.rb:
-  #
-  # def my_authorization_method(action, resource)
-  #   current_user.is?(:admin)
-  # end
-  #
-  # Or disable the check completely:
-  # config.authorization_method = false
-  config.authorization_method = Proc.new { |controller, action, resource| authorize!(action, resource) } # CanCanCan
+  # This gem serves an /admin/roles endpoint that calls EffectiveResources.authorize!
   # Layout Settings
-  # Configure the Layout per controller, or all at once
-  config.layout = 'application'
+  # config.layout = 'admin'
 end

data/lib/effective_roles.rb CHANGED Viewed

@@ -1,46 +1,30 @@
+require 'effective_resources'
 require 'effective_roles/engine'
 require 'effective_roles/version'
 module EffectiveRoles
-  mattr_accessor :roles
-  mattr_accessor :role_descriptions
-  mattr_accessor :assignable_roles
+  # mattr_accessor :roles
+  # mattr_accessor :role_descriptions
+  # mattr_accessor :assignable_roles
+  # mattr_accessor :layout
-  mattr_accessor :layout
-  mattr_accessor :authorization_method
+  def self.config(namespace = nil)
+    @config ||= ActiveSupport::OrderedOptions.new
+    namespace ||= Tenant.current if defined?(Tenant)
-  def self.setup
-    yield self
-  end
-  def self.permitted_params
-    { roles: [] }
-  end
-  def self.authorized?(controller, action, resource)
-    @_exceptions ||= [Effective::AccessDenied, (CanCan::AccessDenied if defined?(CanCan)), (Pundit::NotAuthorizedError if defined?(Pundit))].compact
-    return !!authorization_method unless authorization_method.respond_to?(:call)
-    controller = controller.controller if controller.respond_to?(:controller)
-    begin
-      !!(controller || self).instance_exec((controller || self), action, resource, &authorization_method)
-    rescue *@_exceptions
-      false
+    if namespace
+      @config[namespace] ||= ActiveSupport::OrderedOptions.new
+    else
+      @config
     end
   end
-  def self.authorize!(controller, action, resource)
-    raise Effective::AccessDenied unless authorized?(controller, action, resource)
+  def self.setup(namespace = nil, &block)
+    yield(config(namespace))
   end
-  # This is set by the "set_effective_roles_current_user" before_filter.
-  def self.current_user=(user)
-    @effective_roles_current_user = user
-  end
-  def self.current_user
-    @effective_roles_current_user
+  def self.permitted_params
+    { roles: [] }
   end
   # This method converts whatever is given into its roles
@@ -49,11 +33,11 @@ module EffectiveRoles
     if obj.respond_to?(:is_role_restricted?)
      obj.roles
     elsif obj.kind_of?(Integer)
-      roles.reject { |r| (obj & 2**roles.index(r)).zero? }
+      config.roles.reject { |r| (obj & 2 ** config.roles.index(r)).zero? }
     elsif obj.kind_of?(Symbol)
-      [roles.find { |role| role == obj }].compact
+      Array(config.roles.find { |role| role == obj })
     elsif obj.kind_of?(String)
-      [roles.find { |role| role == obj.to_sym }].compact
+      Array(config.roles.find { |role| role == obj.to_sym })
     elsif obj.kind_of?(Array)
       obj.map { |obj| roles_for(obj) }.flatten.compact
     elsif obj.nil?
@@ -65,11 +49,11 @@ module EffectiveRoles
   # EffectiveRoles.roles_mask_for(:admin, :member)
   def self.roles_mask_for(*roles)
-    roles_for(roles).map { |r| 2**EffectiveRoles.roles.index(r) }.sum
+    roles_for(roles).map { |r| 2 ** config.roles.index(r) }.sum
   end
   def self.roles_collection(resource, current_user = nil, only: nil, except: nil, multiple: nil)
-    if assignable_roles.present?
+    if config.assignable_roles.present?
       raise('expected object to respond to is_role_restricted?') unless resource.respond_to?(:is_role_restricted?)
       raise('expected current_user to respond to is_role_restricted?') if current_user && !current_user.respond_to?(:is_role_restricted?)
     end
@@ -79,7 +63,7 @@ module EffectiveRoles
     multiple = resource.acts_as_role_restricted_options[:multiple] if multiple.nil?
     assignable = assignable_roles_collection(resource, current_user, multiple: multiple)
-    roles.map do |role|
+    config.roles.map do |role|
       next if only.present? && !only.include?(role)
       next if except.present? && except.include?(role)
@@ -92,139 +76,72 @@ module EffectiveRoles
   end
   def self.assignable_roles_collection(resource, current_user = nil, multiple: nil)
-    return roles if assignable_roles.nil?
-    raise 'EffectiveRoles config.assignable_roles_for must be a Hash, Array or nil' unless [Hash, Array].include?(assignable_roles.class)
-    raise('expected resource to respond to is_role_restricted?') unless resource.respond_to?(:is_role_restricted?)
-    raise('expected current_user to respond to is_role_restricted?') if current_user && !current_user.respond_to?(:is_role_restricted?)
-    multiple = resource.acts_as_role_restricted_options[:multiple] if multiple.nil?
-    current_user ||= (EffectiveRoles.current_user || (EffectiveLogging.current_user if defined?(EffectiveLogging)))
+    return config.roles unless assignable_roles_present?(resource)
-    assignable = if assignable_roles.kind_of?(Array)
-      assignable_roles
-    elsif current_user.present?
-      current_roles = assignable_roles[resource.class.to_s] || assignable_roles || {}
-      current_user.roles.map { |role| current_roles[role] }.flatten.compact.uniq
-    else
-      current_roles = assignable_roles[resource.class.to_s] || assignable_roles || {}
-      current_roles.values.flatten.uniq
+    if current_user && !current_user.respond_to?(:is_role_restricted?)
+      raise('expected current_user to respond to is_role_restricted?')
     end
-    # Check boxes
-    return assignable if multiple
-    # Radios
-    (resource.roles - assignable).present? ? [] : assignable
-  end
-  # This is used by the effective_roles_summary_table helper method
-  def self.authorization_level(controller, role, resource)
-    return :unknown unless (authorization_method.respond_to?(:call) || authorization_method.kind_of?(Symbol))
-    return :unknown unless (controller.current_user rescue nil).respond_to?(:roles=)
-    # Store the current ability (cancan support) and roles
-    current_ability = controller.instance_variable_get(:@current_ability)
-    current_user = controller.instance_variable_get(:@current_user)
-    current_user_roles = controller.current_user.roles
-    # Set up the user, so the check is done with the desired permission level
-    controller.instance_variable_set(:@current_ability, nil)
-    level = nil
+    if !resource.respond_to?(:is_role_restricted?)
+      raise('expected current_user to respond to is_role_restricted?')
+    end
-    case role
-    when :signed_in
-      controller.current_user.roles = []
-    when :public
-      controller.instance_variable_set(:@current_user, nil)
+    assigned_roles = if config.assignable_roles.kind_of?(Hash)
+      assignable = (config.assignable_roles[resource.class.to_s] || config.assignable_roles || {})
+      assigned = [] # our return value
-      if defined?(EffectiveLogging)
-        EffectiveLogging.supressed { (controller.request.env['warden'].set_user(false) rescue nil) }
-      else
-        (controller.request.env['warden'].set_user(false) rescue nil)
+      if current_user.blank?
+        assigned = assignable.values.flatten
       end
-    else
-      controller.current_user.roles = [role]
-    end
-    # Find the actual authorization level
-    level = _authorization_level(controller, role, resource, authorization_method)
-    # Restore the existing current_user stuff
-    if role == :public
-      ActiveRecord::Base.transaction do
-        if defined?(EffectiveLogging)
-          EffectiveLogging.supressed { (controller.request.env['warden'].set_user(current_user) rescue nil) }
-        else
-          (controller.request.env['warden'].set_user(current_user) rescue nil)
-        end
+      if current_user.present?
+        assigned = current_user.roles.map { |role| assignable[role] }.flatten.compact
+      end
-        raise ActiveRecord::Rollback
+      if assignable[:new_record] && resource.new_record?
+        assigned += Array(assignable[:new_record])
       end
-    end
-    controller.instance_variable_set(:@current_ability, current_ability)
-    controller.instance_variable_set(:@current_user, current_user)
-    controller.current_user.roles = current_user_roles
+      if assignable[:persisted] && resource.persisted?
+        assigned += Array(assignable[:persisted])
+      end
-    level
-  end
+      assigned
+    elsif config.assignable_roles.kind_of?(Array)
+      config.assignable_roles
+    end.uniq
-  private
+    # Check boxes
+    multiple = resource.acts_as_role_restricted_options[:multiple] if multiple.nil?
+    return assigned_roles if multiple
-  def self.role_description(role, obj = nil)
-    raise 'EffectiveRoles config.role_descriptions must be a Hash' unless role_descriptions.kind_of?(Hash)
-    (role_descriptions[obj.try(:class).to_s] || {})[role] || role_descriptions[role] || ''
+    # Radios
+    (resource.roles - assigned_roles).present? ? [] : assigned_roles
   end
-  def self._authorization_level(controller, role, resource, auth_method)
-    resource = (resource.new() rescue resource) if resource.kind_of?(ActiveRecord::Base)
-    # Custom actions
-    if resource.kind_of?(Hash)
-      resource.each do |key, value|
-        return (controller.instance_exec(controller, key, value, &auth_method) rescue false) ? :yes : :no
-      end
-    end
-    # Check for Manage
-    return :manage if (
-      (controller.instance_exec(controller, :create, resource, &auth_method) rescue false) &&
-      (controller.instance_exec(controller, :update, resource, &auth_method) rescue false) &&
-      (controller.instance_exec(controller, :show, resource, &auth_method) rescue false) &&
-      (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
-    )
-    # Check for Update
-    return :update if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
-    # Check for Update Own
-    if resource.respond_to?('user=')
-      resource.user = controller.current_user
-      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
-      resource.user = nil
-    elsif resource.respond_to?('user_id=')
-      resource.user_id = controller.current_user.id
-      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
-      resource.user_id = nil
-    elsif resource.kind_of?(User)
-      return :update_own if (controller.instance_exec(controller, :update, controller.current_user, &auth_method) rescue false)
-    end
+  def self.assignable_roles_present?(resource)
+    return false unless config.assignable_roles.present?
-    # Check for Create
-    return :create if (controller.instance_exec(controller, :create, resource, &auth_method) rescue false)
+    raise 'EffectiveRoles config.assignable_roles_for must be a Hash or Array' unless [Hash, Array].include?(config.assignable_roles.class)
+    raise('expected resource to respond to is_role_restricted?') unless resource.respond_to?(:is_role_restricted?)
-    # Check for Show
-    return :show if (controller.instance_exec(controller, :show, resource, &auth_method) rescue false)
+    if config.assignable_roles.kind_of?(Array)
+      config.assignable_roles
+    elsif config.assignable_roles.key?(resource.class.to_s)
+      config.assignable_roles[resource.class.to_s]
+    else
+      config.assignable_roles
+    end.present?
+  end
-    # Check for Index
-    return :index if (controller.instance_exec(controller, :index, resource, &auth_method) rescue false)
+  private
-    # Check for Destroy
-    return :destroy if (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
+  def self.role_description(role, obj = nil)
+    raise 'EffectiveRoles config.role_descriptions must be a Hash' unless config.role_descriptions.kind_of?(Hash)
-    :none
+    description = config.role_descriptions.dig(obj.class.to_s, role) if obj.present?
+    description ||= config.role_descriptions[role]
+    description || ''
   end
 end

data/lib/effective_roles/engine.rb CHANGED Viewed

@@ -2,27 +2,15 @@ module EffectiveRoles
   class Engine < ::Rails::Engine
     engine_name 'effective_roles'
-    config.autoload_paths += Dir["#{config.root}/app/models/concerns", "#{config.root}/lib/"]
     # Include acts_as_addressable concern and allow any ActiveRecord object to call it
     initializer 'effective_roles.active_record' do |app|
       ActiveSupport.on_load :active_record do
-        ActiveRecord::Base.extend(ActsAsRoleRestricted::ActiveRecord)
-      end
-    end
-    # Register the log_page_views concern so that it can be called in ActionController or elsewhere
-    initializer 'effective_logging.log_changes_action_controller' do |app|
-      Rails.application.config.to_prepare do
-        ActiveSupport.on_load :action_controller do
-          require 'effective_roles/set_current_user'
-          ActionController::Base.include(EffectiveRoles::SetCurrentUser::ActionController)
-        end
+        ActiveRecord::Base.extend(ActsAsRoleRestricted::Base)
       end
     end
     # Set up our default configuration options.
-    initializer "effective_roles.defaults", :before => :load_config_initializers do |app|
+    initializer "effective_roles.defaults", before: :load_config_initializers do |app|
       eval File.read("#{config.root}/config/effective_roles.rb")
     end

data/lib/effective_roles/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module EffectiveRoles
-  VERSION = '2.0.1'.freeze
+  VERSION = '2.1.0'.freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: effective_roles
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.1.0
 platform: ruby
 authors:
 - Code and Effect
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-05-28 00:00:00.000000000 Z
+date: 2021-02-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 3.2.0
+- !ruby/object:Gem::Dependency
+  name: effective_resources
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Assign multiple roles to any User or other ActiveRecord object. Select
   only the appropriate objects based on intelligent, chainable ActiveRecord::Relation
   finder methods.
@@ -38,7 +52,6 @@ files:
 - app/controllers/admin/roles_controller.rb
 - app/helpers/effective_roles_helper.rb
 - app/models/concerns/acts_as_role_restricted.rb
-- app/models/effective/access_denied.rb
 - app/views/admin/roles/index.html.haml
 - app/views/effective/roles/_summary.html.haml
 - app/views/effective/roles/_summary_table.html.haml
@@ -46,14 +59,13 @@ files:
 - config/routes.rb
 - lib/effective_roles.rb
 - lib/effective_roles/engine.rb
-- lib/effective_roles/set_current_user.rb
 - lib/effective_roles/version.rb
 - lib/generators/effective_roles/install_generator.rb
 homepage: https://github.com/code-and-effect/effective_roles
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -68,8 +80,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key:
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Assign multiple roles to any User or other ActiveRecord object. Select only
   the appropriate objects based on intelligent, chainable ActiveRecord::Relation finder

data/app/models/effective/access_denied.rb DELETED Viewed

@@ -1,17 +0,0 @@
-unless defined?(Effective::AccessDenied)
-  module Effective
-    class AccessDenied < StandardError
-      attr_reader :action, :subject
-      def initialize(message = nil, action = nil, subject = nil)
-        @message = message
-        @action = action
-        @subject = subject
-      end
-      def to_s
-        @message || I18n.t(:'unauthorized.default', :default => 'Access Denied')
-      end
-    end
-  end
-end

data/lib/effective_roles/set_current_user.rb DELETED Viewed

@@ -1,15 +0,0 @@
-module EffectiveRoles
-  module SetCurrentUser
-    module ActionController
-      # Add me to your ApplicationController
-      # before_action :set_effective_roles_current_user
-      def set_effective_roles_current_user
-        EffectiveRoles.current_user = current_user
-      end
-    end
-  end
-end