effective_roles 2.0.3 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c4de9cee717076b8282e1f92ec075ebc708a2547d13dea34be7c0ece27a14bda
-  data.tar.gz: 857e95906133cc6850e2e2d6e3c4e74d1e1d1c95a666290adf6c30f6c556d7d0
+  metadata.gz: 77423c072ab8659b9e632cebcd9fe939743abac4d0b374f12b3e144a70bcdfe1
+  data.tar.gz: 929bbf885819e6303f7a09ffe7c58988f4607403903b3dfdc3c141f175714eee
 SHA512:
-  metadata.gz: 4e5c8535bf6364ff85d8a667f83266e9add5fa025e3377f7fa66201c32116f8dfd7b3541c9378b521262c19c144184fc6ff05ee376270886076382feb7536681
-  data.tar.gz: 10b1a3e174852d4b6e1833dfe0ae28a084949139d923074822a4b1033511715cba42e977864447ac85e35fcaa17971d06237e787e33e62dcd6427b788f8eab4a
+  metadata.gz: a6917b11179747ff215fd926a595594de592b6881a3ca74c7b699fb52a1a0b482259ff2edddd0cd02d2eaebf8d265ebea506128641d32fb7f296567bad2466bf
+  data.tar.gz: 90a7d053382163c74cf8df9dee3d03b84239f4f39bd199d1b0ada04f124fd88b8ff4d7222dd8e3fce9f0eb37544c2bf386ab0a0d8c3a38ee9384b6b04b861907

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright 2019 Code and Effect Inc.
+Copyright 2021 Code and Effect Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -8,10 +8,6 @@ Includes a mixin for adding authentication for any model.
 
 SQL Finders for returning an ActiveRecord::Relation with all permitted records.
 
-Handy formtastic and simple_form helpers for assigning roles.
-
-Rails 3.2.x and Rails 4
-
 
 ## Getting Started
 
@@ -158,8 +154,8 @@ When using assignable roles, you must assign the acts_as_role_restricted resourc
 
 You can do this in one of three ways:
 
-1. Setting resource.current_user = current_user in your controller directly.
-2. Add `before_action :set_effective_roles_current_user` to your ApplicationController
+1. Setting resource.current_user = current_user in your controller update action directly.
+2. Add `before_action -> { @thing.current_user = current_user }` to your ApplicationController
 3. Using `Effective::CrudController` to do this automatically.
 
 This restriction is only applied when running within the rails server. Not on rails console or db:seeds.
@@ -319,5 +315,3 @@ This model implements the https://github.com/ryanb/cancan/wiki/Role-Based-Author
 4. Push to the branch (`git push origin my-new-feature`)
 5. Bonus points for test coverage
 6. Create new Pull Request
-
-

data/app/controllers/admin/roles_controller.rb

@@ -1,12 +1,17 @@
 module Admin
   class RolesController < ApplicationController
-    before_action :authenticate_user!
+    before_action(:authenticate_user!) if defined?(Devise)
+    before_action { EffectiveResources.authorize!(self, :admin, :effective_roles) }
 
-    layout (EffectiveRoles.layout.kind_of?(Hash) ? EffectiveRoles.layout[:admin_roles] : EffectiveRoles.layout)
+    include Effective::CrudController
+
+    if (config = EffectiveRoles.layout)
+      layout(config.kind_of?(Hash) ? config[:admin] : config)
+    end
 
     def index
       @page_title = 'Roles'
-      EffectiveRoles.authorize!(self, :admin, :effective_roles)
     end
+
   end
 end

data/app/helpers/effective_roles_helper.rb

@@ -101,4 +101,108 @@ module EffectiveRolesHelper
     klass.respond_to?(:name) ? klass.name : klass.to_s
   end
 
+  # This is used by the effective_roles_summary_table helper method
+  def effective_roles_authorization_level(controller, role, resource)
+    authorization_method = EffectiveResources.authorization_method
+
+    raise('expected an authorization method') unless (authorization_method.respond_to?(:call) || authorization_method.kind_of?(Symbol))
+    return :unknown unless (controller.current_user rescue nil).respond_to?(:roles=)
+
+    # Store the current ability (cancan support) and roles
+    current_ability = controller.instance_variable_get(:@current_ability)
+    current_user = controller.instance_variable_get(:@current_user)
+    current_user_roles = controller.current_user.roles
+
+    # Set up the user, so the check is done with the desired permission level
+    controller.instance_variable_set(:@current_ability, nil)
+
+    level = nil
+
+    case role
+    when :signed_in
+      controller.current_user.roles = []
+    when :public
+      controller.instance_variable_set(:@current_user, nil)
+
+      if defined?(EffectiveLogging)
+        EffectiveLogging.supressed { (controller.request.env['warden'].set_user(false) rescue nil) }
+      else
+        (controller.request.env['warden'].set_user(false) rescue nil)
+      end
+    else
+      controller.current_user.roles = [role]
+    end
+
+    # Find the actual authorization level
+    level = effective_roles_item_authorization_level(controller, role, resource, authorization_method)
+
+    # Restore the existing current_user stuff
+    if role == :public
+      ActiveRecord::Base.transaction do
+        if defined?(EffectiveLogging)
+          EffectiveLogging.supressed { (controller.request.env['warden'].set_user(current_user) rescue nil) }
+        else
+          (controller.request.env['warden'].set_user(current_user) rescue nil)
+        end
+
+        raise ActiveRecord::Rollback
+      end
+    end
+
+    controller.instance_variable_set(:@current_ability, current_ability)
+    controller.instance_variable_set(:@current_user, current_user)
+    controller.current_user.roles = current_user_roles
+
+    level
+  end
+
+  def effective_roles_item_authorization_level(controller, role, resource, auth_method)
+    resource = (resource.new() rescue resource) if resource.kind_of?(ActiveRecord::Base)
+
+    # Custom actions
+    if resource.kind_of?(Hash)
+      resource.each do |key, value|
+        return (controller.instance_exec(controller, key, value, &auth_method) rescue false) ? :yes : :no
+      end
+    end
+
+    # Check for Manage
+    return :manage if (
+      (controller.instance_exec(controller, :create, resource, &auth_method) rescue false) &&
+      (controller.instance_exec(controller, :update, resource, &auth_method) rescue false) &&
+      (controller.instance_exec(controller, :show, resource, &auth_method) rescue false) &&
+      (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
+    )
+
+    # Check for Update
+    return :update if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
+
+    # Check for Update Own
+    if resource.respond_to?('user=')
+      resource.user = controller.current_user
+      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
+      resource.user = nil
+    elsif resource.respond_to?('user_id=')
+      resource.user_id = controller.current_user.id
+      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
+      resource.user_id = nil
+    elsif resource.class.name.end_with?('User')
+      return :update_own if (controller.instance_exec(controller, :update, controller.current_user, &auth_method) rescue false)
+    end
+
+    # Check for Create
+    return :create if (controller.instance_exec(controller, :create, resource, &auth_method) rescue false)
+
+    # Check for Show
+    return :show if (controller.instance_exec(controller, :show, resource, &auth_method) rescue false)
+
+    # Check for Index
+    return :index if (controller.instance_exec(controller, :index, resource, &auth_method) rescue false)
+
+    # Check for Destroy
+    return :destroy if (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
+
+    :none
+  end
+
 end

data/app/models/concerns/acts_as_role_restricted.rb

@@ -14,7 +14,7 @@
 module ActsAsRoleRestricted
   extend ActiveSupport::Concern
 
-  module ActiveRecord
+  module Base
     def acts_as_role_restricted(multiple: false)
       @acts_as_role_restricted_opts = { multiple: multiple }
       include ::ActsAsRoleRestricted
@@ -29,13 +29,11 @@ module ActsAsRoleRestricted
 
     validates :roles_mask, numericality: true, allow_nil: true
 
-    validate(if: -> { changes.include?(:roles_mask) && EffectiveRoles.assignable_roles_present?(self) }) do
-      user = current_user || EffectiveRoles.current_user || (EffectiveLogging.current_user if defined?(EffectiveLogging))
-
+    validate(if: -> { changes.include?(:roles_mask) && EffectiveRoles.assignable_roles_present?(self) && current_user.present? }) do
       roles_was = EffectiveRoles.roles_for(changes[:roles_mask].first)
       changed = (roles + roles_was) - (roles & roles_was)  # XOR
 
-      assignable = EffectiveRoles.assignable_roles_collection(self, user) # Returns all roles when user is blank
+      assignable = EffectiveRoles.assignable_roles_collection(self, current_user) # Returns all roles when user is blank
       unauthorized = changed - assignable
 
       authorized = roles.dup
@@ -45,7 +43,7 @@ module ActsAsRoleRestricted
         Rails.logger.info "\e[31m unassignable roles: #{unauthorized.map { |role| ":#{role}" }.to_sentence}"
       end
 
-      if unauthorized.present? && user.blank? && defined?(Rails::Server)
+      if unauthorized.present? && current_user.blank? && defined?(Rails::Server)
         self.errors.add(:roles, 'current_user must be present when assigning roles')
       end
 
@@ -131,4 +129,3 @@ module ActsAsRoleRestricted
   end
 
 end
-

data/app/views/effective/roles/_summary_table.html.haml

@@ -13,4 +13,5 @@
         %td= effective_roles_authorization_label(klass)
         - roles.each do |role|
           %td.text-center
-            = effective_roles_authorization_badge(EffectiveRoles.authorization_level(controller, role, klass))
+            - level = effective_roles_authorization_level(controller, role, klass)
+            = effective_roles_authorization_badge(level)

data/config/effective_roles.rb

@@ -67,34 +67,8 @@ EffectiveRoles.setup do |config|
   # }
 
   # Authorization Method
-  #
-  # This doesn't have anything to do with the roles themselves.
-  # It's only used in two places:
-  # - For the effective_roles_summary_table() helper method
-  # - The /admin/roles page check
-  #
-  # It should match the authorization check used by your application
-  #
-  # This method is called by all controller actions with the appropriate action and resource
-  # If the method returns false, an Effective::AccessDenied Error will be raised (see README.md for complete info)
-  #
-  # Use via Proc (and with CanCan):
-  # config.authorization_method = Proc.new { |controller, action, resource| can?(action, resource) }
-  #
-  # Use via custom method:
-  # config.authorization_method = :my_authorization_method
-  #
-  # And then in your application_controller.rb:
-  #
-  # def my_authorization_method(action, resource)
-  #   current_user.is?(:admin)
-  # end
-  #
-  # Or disable the check completely:
-  # config.authorization_method = false
-  config.authorization_method = Proc.new { |controller, action, resource| authorize!(action, resource) } # CanCanCan
+  # This gem serves an /admin/roles endpoint that calls EffectiveResources.authorize!
 
   # Layout Settings
-  # Configure the Layout per controller, or all at once
-  config.layout = 'application'
+  # config.layout = 'admin'
 end

data/lib/effective_roles.rb

@@ -1,59 +1,30 @@
+require 'effective_resources'
 require 'effective_roles/engine'
 require 'effective_roles/version'
 
 module EffectiveRoles
-  mattr_accessor :roles
-  mattr_accessor :role_descriptions
-  mattr_accessor :assignable_roles
 
-  mattr_accessor :layout
-  mattr_accessor :authorization_method
-
-  def self.setup
-    yield self
+  def self.config_keys
+    [:roles, :role_descriptions, :assignable_roles, :layout]
   end
 
+  include EffectiveGem
+
   def self.permitted_params
     { roles: [] }
   end
 
-  def self.authorized?(controller, action, resource)
-    @_exceptions ||= [Effective::AccessDenied, (CanCan::AccessDenied if defined?(CanCan)), (Pundit::NotAuthorizedError if defined?(Pundit))].compact
-
-    return !!authorization_method unless authorization_method.respond_to?(:call)
-    controller = controller.controller if controller.respond_to?(:controller)
-
-    begin
-      !!(controller || self).instance_exec((controller || self), action, resource, &authorization_method)
-    rescue *@_exceptions
-      false
-    end
-  end
-
-  def self.authorize!(controller, action, resource)
-    raise Effective::AccessDenied unless authorized?(controller, action, resource)
-  end
-
-  # This is set by the "set_effective_roles_current_user" before_filter.
-  def self.current_user=(user)
-    @effective_roles_current_user = user
-  end
-
-  def self.current_user
-    @effective_roles_current_user
-  end
-
   # This method converts whatever is given into its roles
   # Pass an object, Integer, or Symbol to find corresponding role
   def self.roles_for(obj)
     if obj.respond_to?(:is_role_restricted?)
      obj.roles
     elsif obj.kind_of?(Integer)
-      roles.reject { |r| (obj & 2**roles.index(r)).zero? }
+      roles.reject { |r| (obj & 2 ** config.roles.index(r)).zero? }
     elsif obj.kind_of?(Symbol)
-      [roles.find { |role| role == obj }].compact
+      Array(roles.find { |role| role == obj })
     elsif obj.kind_of?(String)
-      [roles.find { |role| role == obj.to_sym }].compact
+      Array(roles.find { |role| role == obj.to_sym })
     elsif obj.kind_of?(Array)
       obj.map { |obj| roles_for(obj) }.flatten.compact
     elsif obj.nil?
@@ -65,7 +36,7 @@ module EffectiveRoles
 
   # EffectiveRoles.roles_mask_for(:admin, :member)
   def self.roles_mask_for(*roles)
-    roles_for(roles).map { |r| 2**EffectiveRoles.roles.index(r) }.sum
+    roles_for(roles).map { |r| 2 ** config.roles.index(r) }.sum
   end
 
   def self.roles_collection(resource, current_user = nil, only: nil, except: nil, multiple: nil)
@@ -94,14 +65,12 @@ module EffectiveRoles
   def self.assignable_roles_collection(resource, current_user = nil, multiple: nil)
     return roles unless assignable_roles_present?(resource)
 
-    current_user ||= (EffectiveRoles.current_user || (EffectiveLogging.current_user if defined?(EffectiveLogging)))
-
     if current_user && !current_user.respond_to?(:is_role_restricted?)
-      raise('expected current_user to respond to is_role_restricted?') 
+      raise('expected current_user to respond to is_role_restricted?')
     end
 
     if !resource.respond_to?(:is_role_restricted?)
-      raise('expected current_user to respond to is_role_restricted?') 
+      raise('expected current_user to respond to is_role_restricted?')
     end
 
     assigned_roles = if assignable_roles.kind_of?(Hash)
@@ -138,13 +107,11 @@ module EffectiveRoles
   end
 
   def self.assignable_roles_present?(resource)
-    return false if assignable_roles.nil?
+    return false unless assignable_roles.present?
 
-    raise 'EffectiveRoles config.assignable_roles_for must be a Hash, Array or nil' unless [Hash, Array].include?(assignable_roles.class)
+    raise 'EffectiveRoles config.assignable_roles_for must be a Hash or Array' unless [Hash, Array].include?(assignable_roles.class)
     raise('expected resource to respond to is_role_restricted?') unless resource.respond_to?(:is_role_restricted?)
 
-    return assignable_roles.present? if assignable_roles.kind_of?(Array)
-
     if assignable_roles.kind_of?(Array)
       assignable_roles
     elsif assignable_roles.key?(resource.class.to_s)
@@ -154,113 +121,14 @@ module EffectiveRoles
     end.present?
   end
 
-  # This is used by the effective_roles_summary_table helper method
-  def self.authorization_level(controller, role, resource)
-    return :unknown unless (authorization_method.respond_to?(:call) || authorization_method.kind_of?(Symbol))
-    return :unknown unless (controller.current_user rescue nil).respond_to?(:roles=)
-
-    # Store the current ability (cancan support) and roles
-    current_ability = controller.instance_variable_get(:@current_ability)
-    current_user = controller.instance_variable_get(:@current_user)
-    current_user_roles = controller.current_user.roles
-
-    # Set up the user, so the check is done with the desired permission level
-    controller.instance_variable_set(:@current_ability, nil)
-
-    level = nil
-
-    case role
-    when :signed_in
-      controller.current_user.roles = []
-    when :public
-      controller.instance_variable_set(:@current_user, nil)
-
-      if defined?(EffectiveLogging)
-        EffectiveLogging.supressed { (controller.request.env['warden'].set_user(false) rescue nil) }
-      else
-        (controller.request.env['warden'].set_user(false) rescue nil)
-      end
-    else
-      controller.current_user.roles = [role]
-    end
-
-    # Find the actual authorization level
-    level = _authorization_level(controller, role, resource, authorization_method)
-
-    # Restore the existing current_user stuff
-    if role == :public
-      ActiveRecord::Base.transaction do
-        if defined?(EffectiveLogging)
-          EffectiveLogging.supressed { (controller.request.env['warden'].set_user(current_user) rescue nil) }
-        else
-          (controller.request.env['warden'].set_user(current_user) rescue nil)
-        end
-
-        raise ActiveRecord::Rollback
-      end
-    end
-
-    controller.instance_variable_set(:@current_ability, current_ability)
-    controller.instance_variable_set(:@current_user, current_user)
-    controller.current_user.roles = current_user_roles
-
-    level
-  end
-
   private
 
   def self.role_description(role, obj = nil)
     raise 'EffectiveRoles config.role_descriptions must be a Hash' unless role_descriptions.kind_of?(Hash)
-    (role_descriptions[obj.try(:class).to_s] || {})[role] || role_descriptions[role] || ''
-  end
-
-  def self._authorization_level(controller, role, resource, auth_method)
-    resource = (resource.new() rescue resource) if resource.kind_of?(ActiveRecord::Base)
-
-    # Custom actions
-    if resource.kind_of?(Hash)
-      resource.each do |key, value|
-        return (controller.instance_exec(controller, key, value, &auth_method) rescue false) ? :yes : :no
-      end
-    end
-
-    # Check for Manage
-    return :manage if (
-      (controller.instance_exec(controller, :create, resource, &auth_method) rescue false) &&
-      (controller.instance_exec(controller, :update, resource, &auth_method) rescue false) &&
-      (controller.instance_exec(controller, :show, resource, &auth_method) rescue false) &&
-      (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
-    )
-
-    # Check for Update
-    return :update if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
-
-    # Check for Update Own
-    if resource.respond_to?('user=')
-      resource.user = controller.current_user
-      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
-      resource.user = nil
-    elsif resource.respond_to?('user_id=')
-      resource.user_id = controller.current_user.id
-      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
-      resource.user_id = nil
-    elsif resource.kind_of?(User)
-      return :update_own if (controller.instance_exec(controller, :update, controller.current_user, &auth_method) rescue false)
-    end
-
-    # Check for Create
-    return :create if (controller.instance_exec(controller, :create, resource, &auth_method) rescue false)
-
-    # Check for Show
-    return :show if (controller.instance_exec(controller, :show, resource, &auth_method) rescue false)
-
-    # Check for Index
-    return :index if (controller.instance_exec(controller, :index, resource, &auth_method) rescue false)
-
-    # Check for Destroy
-    return :destroy if (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
 
-    :none
+    description = role_descriptions.dig(obj.class.to_s, role) if obj.present?
+    description ||= role_descriptions[role]
+    description || ''
   end
 
 end

data/lib/effective_roles/engine.rb

@@ -2,27 +2,15 @@ module EffectiveRoles
   class Engine < ::Rails::Engine
     engine_name 'effective_roles'
 
-    config.autoload_paths += Dir["#{config.root}/app/models/concerns", "#{config.root}/lib/"]
-
     # Include acts_as_addressable concern and allow any ActiveRecord object to call it
     initializer 'effective_roles.active_record' do |app|
       ActiveSupport.on_load :active_record do
-        ActiveRecord::Base.extend(ActsAsRoleRestricted::ActiveRecord)
-      end
-    end
-
-    # Register the log_page_views concern so that it can be called in ActionController or elsewhere
-    initializer 'effective_logging.log_changes_action_controller' do |app|
-      Rails.application.config.to_prepare do
-        ActiveSupport.on_load :action_controller do
-          require 'effective_roles/set_current_user'
-          ActionController::Base.include(EffectiveRoles::SetCurrentUser::ActionController)
-        end
+        ActiveRecord::Base.extend(ActsAsRoleRestricted::Base)
       end
     end
 
     # Set up our default configuration options.
-    initializer "effective_roles.defaults", :before => :load_config_initializers do |app|
+    initializer "effective_roles.defaults", before: :load_config_initializers do |app|
       eval File.read("#{config.root}/config/effective_roles.rb")
     end
 

data/lib/effective_roles/version.rb

@@ -1,3 +1,3 @@
 module EffectiveRoles
-  VERSION = '2.0.3'.freeze
+  VERSION = '2.2.0'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: effective_roles
 version: !ruby/object:Gem::Version
-  version: 2.0.3
+  version: 2.2.0
 platform: ruby
 authors:
 - Code and Effect
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-06-13 00:00:00.000000000 Z
+date: 2021-06-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 3.2.0
+- !ruby/object:Gem::Dependency
+  name: effective_resources
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Assign multiple roles to any User or other ActiveRecord object. Select
   only the appropriate objects based on intelligent, chainable ActiveRecord::Relation
   finder methods.
@@ -38,7 +52,6 @@ files:
 - app/controllers/admin/roles_controller.rb
 - app/helpers/effective_roles_helper.rb
 - app/models/concerns/acts_as_role_restricted.rb
-- app/models/effective/access_denied.rb
 - app/views/admin/roles/index.html.haml
 - app/views/effective/roles/_summary.html.haml
 - app/views/effective/roles/_summary_table.html.haml
@@ -46,14 +59,13 @@ files:
 - config/routes.rb
 - lib/effective_roles.rb
 - lib/effective_roles/engine.rb
-- lib/effective_roles/set_current_user.rb
 - lib/effective_roles/version.rb
 - lib/generators/effective_roles/install_generator.rb
 homepage: https://github.com/code-and-effect/effective_roles
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -68,8 +80,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Assign multiple roles to any User or other ActiveRecord object. Select only
   the appropriate objects based on intelligent, chainable ActiveRecord::Relation finder

data/app/models/effective/access_denied.rb

@@ -1,17 +0,0 @@
-unless defined?(Effective::AccessDenied)
-  module Effective
-    class AccessDenied < StandardError
-      attr_reader :action, :subject
-
-      def initialize(message = nil, action = nil, subject = nil)
-        @message = message
-        @action = action
-        @subject = subject
-      end
-
-      def to_s
-        @message || I18n.t(:'unauthorized.default', :default => 'Access Denied')
-      end
-    end
-  end
-end

data/lib/effective_roles/set_current_user.rb

@@ -1,15 +0,0 @@
-module EffectiveRoles
-  module SetCurrentUser
-    module ActionController
-
-      # Add me to your ApplicationController
-      # before_action :set_effective_roles_current_user
-
-      def set_effective_roles_current_user
-        EffectiveRoles.current_user = current_user
-      end
-
-    end
-  end
-end
-