RubyGems - effective_roles - Versions diffs - 2.0.1 → 2.1.0 - Mend

effective_roles 2.0.1 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

checksums.yaml +4 -4
data/MIT-LICENSE +1 -1
data/README.md +2 -8
data/app/controllers/admin/roles_controller.rb +8 -3
data/app/helpers/effective_roles_helper.rb +106 -2
data/app/models/concerns/acts_as_role_restricted.rb +15 -14
data/app/views/effective/roles/_summary_table.html.haml +2 -1
data/config/effective_roles.rb +6 -29
data/lib/effective_roles.rb +68 -151
data/lib/effective_roles/engine.rb +2 -14
data/lib/effective_roles/version.rb +1 -1
metadata +20 -8
data/app/models/effective/access_denied.rb +0 -17
data/lib/effective_roles/set_current_user.rb +0 -15

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 06f6a3d9bee34bb09cb46dca52cf1d7837ed636c9a1888e244aff16c1f8b772c
-  data.tar.gz: 708a5daa2f874de24e5fe8b80f1cd1e4731d9fc30630f18ab16c666d47749e34
+  metadata.gz: 7f392991013eeab38fcc7b6092c1014078fc2a356833bd5033b9a268987dc512
+  data.tar.gz: 38bb573be4e391b9cfd6141713bd89d29914e46148705588f1859642a5269bed
 SHA512:
-  metadata.gz: a960a0fc29fbfec810675e507628dcf4c6aa2327685866c02e51d267a163869e3ed19c9f6cb92b3ceb7f21315c4d6c42f1f7e19efa374f944970778cf62ad3c7
-  data.tar.gz: 5d51969cfd0d88df911f5c79c550ce5085422ba82670250bb93781f5d95c298578d8c5b5c74bc3dfe4744f04b216ea2aaa00bccfefd097cf24491a5548d1f4a6
+  metadata.gz: ef6d332b9c6d93d8e28b61e856c93ec20e8c731b2fd02678fd1dcd8e52c2bcd12e1f5b68c891d82a265054065fe5694cc2bd59baa72ddaf2bb4553af28a93739
+  data.tar.gz: e7f10cde194b45115445a09bd99d0da254c81dd611c97cb9f1c25e8cd33181941449aaa20eb45b5b24d4bea0af8397720cf1156865ef0bf217b1798bf103225a

data/MIT-LICENSE CHANGED Viewed

@@ -1,4 +1,4 @@
-Copyright 2019 Code and Effect Inc.
+Copyright 2021 Code and Effect Inc.
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md CHANGED Viewed

@@ -8,10 +8,6 @@ Includes a mixin for adding authentication for any model.
 SQL Finders for returning an ActiveRecord::Relation with all permitted records.
-Handy formtastic and simple_form helpers for assigning roles.
-Rails 3.2.x and Rails 4
 ## Getting Started
@@ -158,8 +154,8 @@ When using assignable roles, you must assign the acts_as_role_restricted resourc
 You can do this in one of three ways:
-1. Setting resource.current_user = current_user in your controller directly.
-2. Add `before_action :set_effective_roles_current_user` to your ApplicationController
+1. Setting resource.current_user = current_user in your controller update action directly.
+2. Add `before_action -> { @thing.current_user = current_user }` to your ApplicationController
 3. Using `Effective::CrudController` to do this automatically.
 This restriction is only applied when running within the rails server. Not on rails console or db:seeds.
@@ -319,5 +315,3 @@ This model implements the https://github.com/ryanb/cancan/wiki/Role-Based-Author
 4. Push to the branch (`git push origin my-new-feature`)
 5. Bonus points for test coverage
 6. Create new Pull Request

data/app/controllers/admin/roles_controller.rb CHANGED Viewed

@@ -1,12 +1,17 @@
 module Admin
   class RolesController < ApplicationController
-    before_action :authenticate_user!
+    before_action(:authenticate_user!) if defined?(Devise)
+    before_action { EffectiveResources.authorize!(self, :admin, :effective_roles) }
-    layout (EffectiveRoles.layout.kind_of?(Hash) ? EffectiveRoles.layout[:admin_roles] : EffectiveRoles.layout)
+    include Effective::CrudController
+    if (config = EffectiveRoles.config.layout)
+      layout(config.kind_of?(Hash) ? config[:admin] : config)
+    end
     def index
       @page_title = 'Roles'
-      EffectiveRoles.authorize!(self, :admin, :effective_roles)
     end
   end
 end

data/app/helpers/effective_roles_helper.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module EffectiveRolesHelper
   def effective_roles_summary(obj, options = {}) # User or a Post, any acts_as_roleable
     raise 'expected an acts_as_roleable object' unless obj.respond_to?(:roles)
-    descriptions = EffectiveRoles.role_descriptions[obj.class.name] || EffectiveRoles.role_descriptions || {}
+    descriptions = EffectiveRoles.config.role_descriptions[obj.class.name] || EffectiveRoles.config.role_descriptions || {}
     opts = { obj: obj, roles: obj.roles, descriptions: descriptions }.merge(options)
     render partial: 'effective/roles/summary', locals: opts
@@ -17,7 +17,7 @@ module EffectiveRolesHelper
     raise 'Expected argument to be a Hash' unless opts.kind_of?(Hash)
     roles = Array(opts[:roles]).presence
-    roles ||= [:public, :signed_in] + EffectiveRoles.roles
+    roles ||= [:public, :signed_in] + EffectiveRoles.config.roles
     if opts[:only].present?
       klasses = Array(opts[:only])
@@ -101,4 +101,108 @@ module EffectiveRolesHelper
     klass.respond_to?(:name) ? klass.name : klass.to_s
   end
+  # This is used by the effective_roles_summary_table helper method
+  def effective_roles_authorization_level(controller, role, resource)
+    authorization_method = EffectiveRoles.config.authorization_method
+    raise('expected an authorization method') unless (authorization_method.respond_to?(:call) || authorization_method.kind_of?(Symbol))
+    return :unknown unless (controller.current_user rescue nil).respond_to?(:roles=)
+    # Store the current ability (cancan support) and roles
+    current_ability = controller.instance_variable_get(:@current_ability)
+    current_user = controller.instance_variable_get(:@current_user)
+    current_user_roles = controller.current_user.roles
+    # Set up the user, so the check is done with the desired permission level
+    controller.instance_variable_set(:@current_ability, nil)
+    level = nil
+    case role
+    when :signed_in
+      controller.current_user.roles = []
+    when :public
+      controller.instance_variable_set(:@current_user, nil)
+      if defined?(EffectiveLogging)
+        EffectiveLogging.supressed { (controller.request.env['warden'].set_user(false) rescue nil) }
+      else
+        (controller.request.env['warden'].set_user(false) rescue nil)
+      end
+    else
+      controller.current_user.roles = [role]
+    end
+    # Find the actual authorization level
+    level = effective_roles_item_authorization_level(controller, role, resource, authorization_method)
+    # Restore the existing current_user stuff
+    if role == :public
+      ActiveRecord::Base.transaction do
+        if defined?(EffectiveLogging)
+          EffectiveLogging.supressed { (controller.request.env['warden'].set_user(current_user) rescue nil) }
+        else
+          (controller.request.env['warden'].set_user(current_user) rescue nil)
+        end
+        raise ActiveRecord::Rollback
+      end
+    end
+    controller.instance_variable_set(:@current_ability, current_ability)
+    controller.instance_variable_set(:@current_user, current_user)
+    controller.current_user.roles = current_user_roles
+    level
+  end
+  def effective_roles_item_authorization_level(controller, role, resource, auth_method)
+    resource = (resource.new() rescue resource) if resource.kind_of?(ActiveRecord::Base)
+    # Custom actions
+    if resource.kind_of?(Hash)
+      resource.each do |key, value|
+        return (controller.instance_exec(controller, key, value, &auth_method) rescue false) ? :yes : :no
+      end
+    end
+    # Check for Manage
+    return :manage if (
+      (controller.instance_exec(controller, :create, resource, &auth_method) rescue false) &&
+      (controller.instance_exec(controller, :update, resource, &auth_method) rescue false) &&
+      (controller.instance_exec(controller, :show, resource, &auth_method) rescue false) &&
+      (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
+    )
+    # Check for Update
+    return :update if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
+    # Check for Update Own
+    if resource.respond_to?('user=')
+      resource.user = controller.current_user
+      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
+      resource.user = nil
+    elsif resource.respond_to?('user_id=')
+      resource.user_id = controller.current_user.id
+      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
+      resource.user_id = nil
+    elsif resource.class.name.end_with?('User')
+      return :update_own if (controller.instance_exec(controller, :update, controller.current_user, &auth_method) rescue false)
+    end
+    # Check for Create
+    return :create if (controller.instance_exec(controller, :create, resource, &auth_method) rescue false)
+    # Check for Show
+    return :show if (controller.instance_exec(controller, :show, resource, &auth_method) rescue false)
+    # Check for Index
+    return :index if (controller.instance_exec(controller, :index, resource, &auth_method) rescue false)
+    # Check for Destroy
+    return :destroy if (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
+    :none
+  end
 end

data/app/models/concerns/acts_as_role_restricted.rb CHANGED Viewed

@@ -14,7 +14,7 @@
 module ActsAsRoleRestricted
   extend ActiveSupport::Concern
-  module ActiveRecord
+  module Base
     def acts_as_role_restricted(multiple: false)
       @acts_as_role_restricted_opts = { multiple: multiple }
       include ::ActsAsRoleRestricted
@@ -29,22 +29,24 @@ module ActsAsRoleRestricted
     validates :roles_mask, numericality: true, allow_nil: true
-    validate(if: -> { changes.include?(:roles_mask) }) do
-      user = current_user || EffectiveRoles.current_user || (EffectiveLogging.current_user if defined?(EffectiveLogging))
-      if user.blank? && EffectiveRoles.assignable_roles.present? && defined?(Rails::Server)
-        self.errors.add(:roles, 'current_user must be present when assigning roles')
-      end
+    validate(if: -> { changes.include?(:roles_mask) && EffectiveRoles.assignable_roles_present?(self) }) do
       roles_was = EffectiveRoles.roles_for(changes[:roles_mask].first)
       changed = (roles + roles_was) - (roles & roles_was)  # XOR
-      assignable = EffectiveRoles.assignable_roles_collection(self, user) # Returns all roles when user is blank
+      assignable = EffectiveRoles.assignable_roles_collection(self, current_user) # Returns all roles when user is blank
       unauthorized = changed - assignable
       authorized = roles.dup
       unauthorized.each { |role| authorized.include?(role) ? authorized.delete(role) : authorized.push(role) }
+      if unauthorized.present?
+        Rails.logger.info "\e[31m unassignable roles: #{unauthorized.map { |role| ":#{role}" }.to_sentence}"
+      end
+      if unauthorized.present? && current_user.blank? && defined?(Rails::Server)
+        self.errors.add(:roles, 'current_user must be present when assigning roles')
+      end
       self.roles_mask = EffectiveRoles.roles_mask_for(authorized)
     end
@@ -69,18 +71,18 @@ module ActsAsRoleRestricted
     def with_role_sql(*roles)
       roles = roles.flatten.compact
       roles = roles.first.roles if roles.length == 1 && roles.first.respond_to?(:roles)
-      roles = (roles.map { |role| role.to_sym } & EffectiveRoles.roles)
+      roles = (roles.map { |role| role.to_sym } & EffectiveRoles.config.roles)
-      roles.map { |role| "(#{self.table_name}.roles_mask & %d > 0)" % 2**EffectiveRoles.roles.index(role) }.join(' OR ')
+      roles.map { |role| "(#{self.table_name}.roles_mask & %d > 0)" % 2**EffectiveRoles.config.roles.index(role) }.join(' OR ')
     end
     def without_role(*roles)
       roles = roles.flatten.compact
       roles = roles.first.roles if roles.length == 1 && roles.first.respond_to?(:roles)
-      roles = (roles.map { |role| role.to_sym } & EffectiveRoles.roles)
+      roles = (roles.map { |role| role.to_sym } & EffectiveRoles.config.roles)
       where(
-        roles.map { |role| "NOT(#{self.table_name}.roles_mask & %d > 0)" % 2**EffectiveRoles.roles.index(role) }.join(' AND ')
+        roles.map { |role| "NOT(#{self.table_name}.roles_mask & %d > 0)" % 2**EffectiveRoles.config.roles.index(role) }.join(' AND ')
       ).or(where(roles_mask: nil))
     end
   end
@@ -127,4 +129,3 @@ module ActsAsRoleRestricted
   end
 end

data/app/views/effective/roles/_summary_table.html.haml CHANGED Viewed

@@ -13,4 +13,5 @@
         %td= effective_roles_authorization_label(klass)
         - roles.each do |role|
           %td.text-center
-            = effective_roles_authorization_badge(EffectiveRoles.authorization_level(controller, role, klass))
+            - level = effective_roles_authorization_level(controller, role, klass)
+            = effective_roles_authorization_badge(level)

data/config/effective_roles.rb CHANGED Viewed

@@ -53,6 +53,8 @@ EffectiveRoles.setup do |config|
   #     :superadmin => [:superadmin, :admin, :member],  # Superadmins may create Pages for any role
   #     :admin => [:admin, :member],                    # Admins may create Pages for admin and members
   #     :member => [:member]                            # Members may create Pages for members
+  #   },
+  #   'Post' => false                                   # Don't enforce assignable roles validation
   #   }
   #
   # Or just keep it simple, and use this Hash syntax of permissions for every resource
@@ -60,38 +62,13 @@ EffectiveRoles.setup do |config|
   # config.assignable_roles = {
   #   :superadmin => [:superadmin, :admin, :member], # Superadmins may assign any resource any role
   #   :admin => [:admin, :member],                   # Admins may only assign the :admin or :member role
-  #   :member => []                                  # Members may not assign any roles
+  #   :member => [],                                 # Members may not assign any roles
+  #   :new_record => [:member]                       # Member may be assigned to a new_record without a current_user
   # }
   # Authorization Method
-  #
-  # This doesn't have anything to do with the roles themselves.
-  # It's only used in two places:
-  # - For the effective_roles_summary_table() helper method
-  # - The /admin/roles page check
-  #
-  # It should match the authorization check used by your application
-  #
-  # This method is called by all controller actions with the appropriate action and resource
-  # If the method returns false, an Effective::AccessDenied Error will be raised (see README.md for complete info)
-  #
-  # Use via Proc (and with CanCan):
-  # config.authorization_method = Proc.new { |controller, action, resource| can?(action, resource) }
-  #
-  # Use via custom method:
-  # config.authorization_method = :my_authorization_method
-  #
-  # And then in your application_controller.rb:
-  #
-  # def my_authorization_method(action, resource)
-  #   current_user.is?(:admin)
-  # end
-  #
-  # Or disable the check completely:
-  # config.authorization_method = false
-  config.authorization_method = Proc.new { |controller, action, resource| authorize!(action, resource) } # CanCanCan
+  # This gem serves an /admin/roles endpoint that calls EffectiveResources.authorize!
   # Layout Settings
-  # Configure the Layout per controller, or all at once
-  config.layout = 'application'
+  # config.layout = 'admin'
 end

data/lib/effective_roles.rb CHANGED Viewed

@@ -1,46 +1,30 @@
+require 'effective_resources'
 require 'effective_roles/engine'
 require 'effective_roles/version'
 module EffectiveRoles
-  mattr_accessor :roles
-  mattr_accessor :role_descriptions
-  mattr_accessor :assignable_roles
+  # mattr_accessor :roles
+  # mattr_accessor :role_descriptions
+  # mattr_accessor :assignable_roles
+  # mattr_accessor :layout
-  mattr_accessor :layout
-  mattr_accessor :authorization_method
+  def self.config(namespace = nil)
+    @config ||= ActiveSupport::OrderedOptions.new
+    namespace ||= Tenant.current if defined?(Tenant)
-  def self.setup
-    yield self
-  end
-  def self.permitted_params
-    { roles: [] }
-  end
-  def self.authorized?(controller, action, resource)
-    @_exceptions ||= [Effective::AccessDenied, (CanCan::AccessDenied if defined?(CanCan)), (Pundit::NotAuthorizedError if defined?(Pundit))].compact
-    return !!authorization_method unless authorization_method.respond_to?(:call)
-    controller = controller.controller if controller.respond_to?(:controller)
-    begin
-      !!(controller || self).instance_exec((controller || self), action, resource, &authorization_method)
-    rescue *@_exceptions
-      false
+    if namespace
+      @config[namespace] ||= ActiveSupport::OrderedOptions.new
+    else
+      @config
     end
   end
-  def self.authorize!(controller, action, resource)
-    raise Effective::AccessDenied unless authorized?(controller, action, resource)
+  def self.setup(namespace = nil, &block)
+    yield(config(namespace))
   end
-  # This is set by the "set_effective_roles_current_user" before_filter.
-  def self.current_user=(user)
-    @effective_roles_current_user = user
-  end
-  def self.current_user
-    @effective_roles_current_user
+  def self.permitted_params
+    { roles: [] }
   end
   # This method converts whatever is given into its roles
@@ -49,11 +33,11 @@ module EffectiveRoles
     if obj.respond_to?(:is_role_restricted?)
      obj.roles
     elsif obj.kind_of?(Integer)
-      roles.reject { |r| (obj & 2**roles.index(r)).zero? }
+      config.roles.reject { |r| (obj & 2 ** config.roles.index(r)).zero? }
     elsif obj.kind_of?(Symbol)
-      [roles.find { |role| role == obj }].compact
+      Array(config.roles.find { |role| role == obj })
     elsif obj.kind_of?(String)
-      [roles.find { |role| role == obj.to_sym }].compact
+      Array(config.roles.find { |role| role == obj.to_sym })
     elsif obj.kind_of?(Array)
       obj.map { |obj| roles_for(obj) }.flatten.compact
     elsif obj.nil?
@@ -65,11 +49,11 @@ module EffectiveRoles
   # EffectiveRoles.roles_mask_for(:admin, :member)
   def self.roles_mask_for(*roles)
-    roles_for(roles).map { |r| 2**EffectiveRoles.roles.index(r) }.sum
+    roles_for(roles).map { |r| 2 ** config.roles.index(r) }.sum
   end
   def self.roles_collection(resource, current_user = nil, only: nil, except: nil, multiple: nil)
-    if assignable_roles.present?
+    if config.assignable_roles.present?
       raise('expected object to respond to is_role_restricted?') unless resource.respond_to?(:is_role_restricted?)
       raise('expected current_user to respond to is_role_restricted?') if current_user && !current_user.respond_to?(:is_role_restricted?)
     end
@@ -79,7 +63,7 @@ module EffectiveRoles
     multiple = resource.acts_as_role_restricted_options[:multiple] if multiple.nil?
     assignable = assignable_roles_collection(resource, current_user, multiple: multiple)
-    roles.map do |role|
+    config.roles.map do |role|
       next if only.present? && !only.include?(role)
       next if except.present? && except.include?(role)
@@ -92,139 +76,72 @@ module EffectiveRoles
   end
   def self.assignable_roles_collection(resource, current_user = nil, multiple: nil)
-    return roles if assignable_roles.nil?
-    raise 'EffectiveRoles config.assignable_roles_for must be a Hash, Array or nil' unless [Hash, Array].include?(assignable_roles.class)
-    raise('expected resource to respond to is_role_restricted?') unless resource.respond_to?(:is_role_restricted?)
-    raise('expected current_user to respond to is_role_restricted?') if current_user && !current_user.respond_to?(:is_role_restricted?)
-    multiple = resource.acts_as_role_restricted_options[:multiple] if multiple.nil?
-    current_user ||= (EffectiveRoles.current_user || (EffectiveLogging.current_user if defined?(EffectiveLogging)))
+    return config.roles unless assignable_roles_present?(resource)
-    assignable = if assignable_roles.kind_of?(Array)
-      assignable_roles
-    elsif current_user.present?
-      current_roles = assignable_roles[resource.class.to_s] || assignable_roles || {}
-      current_user.roles.map { |role| current_roles[role] }.flatten.compact.uniq
-    else
-      current_roles = assignable_roles[resource.class.to_s] || assignable_roles || {}
-      current_roles.values.flatten.uniq
+    if current_user && !current_user.respond_to?(:is_role_restricted?)
+      raise('expected current_user to respond to is_role_restricted?')
     end
-    # Check boxes
-    return assignable if multiple
-    # Radios
-    (resource.roles - assignable).present? ? [] : assignable
-  end
-  # This is used by the effective_roles_summary_table helper method
-  def self.authorization_level(controller, role, resource)
-    return :unknown unless (authorization_method.respond_to?(:call) || authorization_method.kind_of?(Symbol))
-    return :unknown unless (controller.current_user rescue nil).respond_to?(:roles=)
-    # Store the current ability (cancan support) and roles
-    current_ability = controller.instance_variable_get(:@current_ability)
-    current_user = controller.instance_variable_get(:@current_user)
-    current_user_roles = controller.current_user.roles
-    # Set up the user, so the check is done with the desired permission level
-    controller.instance_variable_set(:@current_ability, nil)
-    level = nil
+    if !resource.respond_to?(:is_role_restricted?)
+      raise('expected current_user to respond to is_role_restricted?')
+    end
-    case role
-    when :signed_in
-      controller.current_user.roles = []
-    when :public
-      controller.instance_variable_set(:@current_user, nil)
+    assigned_roles = if config.assignable_roles.kind_of?(Hash)
+      assignable = (config.assignable_roles[resource.class.to_s] || config.assignable_roles || {})
+      assigned = [] # our return value
-      if defined?(EffectiveLogging)
-        EffectiveLogging.supressed { (controller.request.env['warden'].set_user(false) rescue nil) }
-      else
-        (controller.request.env['warden'].set_user(false) rescue nil)
+      if current_user.blank?
+        assigned = assignable.values.flatten
       end
-    else
-      controller.current_user.roles = [role]
-    end
-    # Find the actual authorization level
-    level = _authorization_level(controller, role, resource, authorization_method)
-    # Restore the existing current_user stuff
-    if role == :public
-      ActiveRecord::Base.transaction do
-        if defined?(EffectiveLogging)
-          EffectiveLogging.supressed { (controller.request.env['warden'].set_user(current_user) rescue nil) }
-        else
-          (controller.request.env['warden'].set_user(current_user) rescue nil)
-        end
+      if current_user.present?
+        assigned = current_user.roles.map { |role| assignable[role] }.flatten.compact
+      end
-        raise ActiveRecord::Rollback
+      if assignable[:new_record] && resource.new_record?
+        assigned += Array(assignable[:new_record])
       end
-    end
-    controller.instance_variable_set(:@current_ability, current_ability)
-    controller.instance_variable_set(:@current_user, current_user)
-    controller.current_user.roles = current_user_roles
+      if assignable[:persisted] && resource.persisted?
+        assigned += Array(assignable[:persisted])
+      end
-    level
-  end
+      assigned
+    elsif config.assignable_roles.kind_of?(Array)
+      config.assignable_roles
+    end.uniq
-  private
+    # Check boxes
+    multiple = resource.acts_as_role_restricted_options[:multiple] if multiple.nil?
+    return assigned_roles if multiple
-  def self.role_description(role, obj = nil)
-    raise 'EffectiveRoles config.role_descriptions must be a Hash' unless role_descriptions.kind_of?(Hash)
-    (role_descriptions[obj.try(:class).to_s] || {})[role] || role_descriptions[role] || ''
+    # Radios
+    (resource.roles - assigned_roles).present? ? [] : assigned_roles
   end
-  def self._authorization_level(controller, role, resource, auth_method)
-    resource = (resource.new() rescue resource) if resource.kind_of?(ActiveRecord::Base)
-    # Custom actions
-    if resource.kind_of?(Hash)
-      resource.each do |key, value|
-        return (controller.instance_exec(controller, key, value, &auth_method) rescue false) ? :yes : :no
-      end
-    end
-    # Check for Manage
-    return :manage if (
-      (controller.instance_exec(controller, :create, resource, &auth_method) rescue false) &&
-      (controller.instance_exec(controller, :update, resource, &auth_method) rescue false) &&
-      (controller.instance_exec(controller, :show, resource, &auth_method) rescue false) &&
-      (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
-    )
-    # Check for Update
-    return :update if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
-    # Check for Update Own
-    if resource.respond_to?('user=')
-      resource.user = controller.current_user
-      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
-      resource.user = nil
-    elsif resource.respond_to?('user_id=')
-      resource.user_id = controller.current_user.id
-      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
-      resource.user_id = nil
-    elsif resource.kind_of?(User)
-      return :update_own if (controller.instance_exec(controller, :update, controller.current_user, &auth_method) rescue false)
-    end
+  def self.assignable_roles_present?(resource)
+    return false unless config.assignable_roles.present?
-    # Check for Create
-    return :create if (controller.instance_exec(controller, :create, resource, &auth_method) rescue false)
+    raise 'EffectiveRoles config.assignable_roles_for must be a Hash or Array' unless [Hash, Array].include?(config.assignable_roles.class)
+    raise('expected resource to respond to is_role_restricted?') unless resource.respond_to?(:is_role_restricted?)
-    # Check for Show
-    return :show if (controller.instance_exec(controller, :show, resource, &auth_method) rescue false)
+    if config.assignable_roles.kind_of?(Array)
+      config.assignable_roles
+    elsif config.assignable_roles.key?(resource.class.to_s)
+      config.assignable_roles[resource.class.to_s]
+    else
+      config.assignable_roles
+    end.present?
+  end
-    # Check for Index
-    return :index if (controller.instance_exec(controller, :index, resource, &auth_method) rescue false)
+  private
-    # Check for Destroy
-    return :destroy if (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
+  def self.role_description(role, obj = nil)
+    raise 'EffectiveRoles config.role_descriptions must be a Hash' unless config.role_descriptions.kind_of?(Hash)
-    :none
+    description = config.role_descriptions.dig(obj.class.to_s, role) if obj.present?
+    description ||= config.role_descriptions[role]
+    description || ''
   end
 end

data/lib/effective_roles/engine.rb CHANGED Viewed

@@ -2,27 +2,15 @@ module EffectiveRoles
   class Engine < ::Rails::Engine
     engine_name 'effective_roles'
-    config.autoload_paths += Dir["#{config.root}/app/models/concerns", "#{config.root}/lib/"]
     # Include acts_as_addressable concern and allow any ActiveRecord object to call it
     initializer 'effective_roles.active_record' do |app|
       ActiveSupport.on_load :active_record do
-        ActiveRecord::Base.extend(ActsAsRoleRestricted::ActiveRecord)
-      end
-    end
-    # Register the log_page_views concern so that it can be called in ActionController or elsewhere
-    initializer 'effective_logging.log_changes_action_controller' do |app|
-      Rails.application.config.to_prepare do
-        ActiveSupport.on_load :action_controller do
-          require 'effective_roles/set_current_user'
-          ActionController::Base.include(EffectiveRoles::SetCurrentUser::ActionController)
-        end
+        ActiveRecord::Base.extend(ActsAsRoleRestricted::Base)
       end
     end
     # Set up our default configuration options.
-    initializer "effective_roles.defaults", :before => :load_config_initializers do |app|
+    initializer "effective_roles.defaults", before: :load_config_initializers do |app|
       eval File.read("#{config.root}/config/effective_roles.rb")
     end

data/lib/effective_roles/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module EffectiveRoles
-  VERSION = '2.0.1'.freeze
+  VERSION = '2.1.0'.freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: effective_roles
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.1.0
 platform: ruby
 authors:
 - Code and Effect
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-05-28 00:00:00.000000000 Z
+date: 2021-02-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 3.2.0
+- !ruby/object:Gem::Dependency
+  name: effective_resources
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Assign multiple roles to any User or other ActiveRecord object. Select
   only the appropriate objects based on intelligent, chainable ActiveRecord::Relation
   finder methods.
@@ -38,7 +52,6 @@ files:
 - app/controllers/admin/roles_controller.rb
 - app/helpers/effective_roles_helper.rb
 - app/models/concerns/acts_as_role_restricted.rb
-- app/models/effective/access_denied.rb
 - app/views/admin/roles/index.html.haml
 - app/views/effective/roles/_summary.html.haml
 - app/views/effective/roles/_summary_table.html.haml
@@ -46,14 +59,13 @@ files:
 - config/routes.rb
 - lib/effective_roles.rb
 - lib/effective_roles/engine.rb
-- lib/effective_roles/set_current_user.rb
 - lib/effective_roles/version.rb
 - lib/generators/effective_roles/install_generator.rb
 homepage: https://github.com/code-and-effect/effective_roles
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -68,8 +80,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key:
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Assign multiple roles to any User or other ActiveRecord object. Select only
   the appropriate objects based on intelligent, chainable ActiveRecord::Relation finder

data/app/models/effective/access_denied.rb DELETED Viewed

@@ -1,17 +0,0 @@
-unless defined?(Effective::AccessDenied)
-  module Effective
-    class AccessDenied < StandardError
-      attr_reader :action, :subject
-      def initialize(message = nil, action = nil, subject = nil)
-        @message = message
-        @action = action
-        @subject = subject
-      end
-      def to_s
-        @message || I18n.t(:'unauthorized.default', :default => 'Access Denied')
-      end
-    end
-  end
-end

data/lib/effective_roles/set_current_user.rb DELETED Viewed

@@ -1,15 +0,0 @@
-module EffectiveRoles
-  module SetCurrentUser
-    module ActionController
-      # Add me to your ApplicationController
-      # before_action :set_effective_roles_current_user
-      def set_effective_roles_current_user
-        EffectiveRoles.current_user = current_user
-      end
-    end
-  end
-end