effective_roles 2.0.5 → 2.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '068af67420f4d68373480a8b0f738ae2cc01913b3ec327cff95a01c8dcec0f24'
-  data.tar.gz: b5cc82efb23a36fa31475bfd27bfe69a8d9d2f41813a3ad3397f131a69669814
+  metadata.gz: c7ff9e1eeeb8d78b3f50617feee6d0de9d591478bb8a8cc69f11d2a94bb7c4d0
+  data.tar.gz: 66289a8ec1e2206d24a3e612b43b1da5e34311fdaff50973d7995b23052d5ee8
 SHA512:
-  metadata.gz: cb8776abf2ed21d03a6c83d51458581143cca3fa0fa2fba64342ec7c05f441fc396a257cf2b4f3d858ff3a5a3bc6479ff1a08af3f5612a6cae8363f6b3f1a8db
-  data.tar.gz: 3d60cf7e471cf5858ba94f60b959e91000a143551d7a15cbe4f4c2759e8aa7e57e7e381452cd45f9ad67b5bd1a42be8235aa5cc067cba339a8d6ea9c567fe198
+  metadata.gz: dc6fccdfa2a4e1b534218b0d37ca175e6b5e339bc493130569ee3e0649c4a4505e52d358d28be3ab2de90c9b2cc7f74beb4c8fed9afffaadc2ab7f3877ed5e33
+  data.tar.gz: 0a5c756b3e12e9dd69c156ba2fe8360dd7caf3612a623641c45f08bf18b8fcffe9790687bf344141cd149f877907b41fbb9a2f0270a4546dbf3e555b031e7a66

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright 2019 Code and Effect Inc.
+Copyright 2021 Code and Effect Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -8,10 +8,6 @@ Includes a mixin for adding authentication for any model.
 
 SQL Finders for returning an ActiveRecord::Relation with all permitted records.
 
-Handy formtastic and simple_form helpers for assigning roles.
-
-Rails 3.2.x and Rails 4
-
 
 ## Getting Started
 
@@ -158,8 +154,8 @@ When using assignable roles, you must assign the acts_as_role_restricted resourc
 
 You can do this in one of three ways:
 
-1. Setting resource.current_user = current_user in your controller directly.
-2. Add `before_action :set_effective_roles_current_user` to your ApplicationController
+1. Setting resource.current_user = current_user in your controller update action directly.
+2. Add `before_action -> { @thing.current_user = current_user }` to your ApplicationController
 3. Using `Effective::CrudController` to do this automatically.
 
 This restriction is only applied when running within the rails server. Not on rails console or db:seeds.
@@ -319,5 +315,3 @@ This model implements the https://github.com/ryanb/cancan/wiki/Role-Based-Author
 4. Push to the branch (`git push origin my-new-feature`)
 5. Bonus points for test coverage
 6. Create new Pull Request
-
-

data/app/controllers/admin/roles_controller.rb

@@ -1,12 +1,17 @@
 module Admin
   class RolesController < ApplicationController
-    before_action :authenticate_user!
+    before_action(:authenticate_user!) if defined?(Devise)
+    before_action { EffectiveResources.authorize!(self, :admin, :effective_roles) }
 
-    layout (EffectiveRoles.layout.kind_of?(Hash) ? EffectiveRoles.layout[:admin_roles] : EffectiveRoles.layout)
+    include Effective::CrudController
+
+    if (config = EffectiveRoles.layout)
+      layout(config.kind_of?(Hash) ? config[:admin] : config)
+    end
 
     def index
       @page_title = 'Roles'
-      EffectiveRoles.authorize!(self, :admin, :effective_roles)
     end
+
   end
 end

data/app/helpers/effective_roles_helper.rb

@@ -101,4 +101,108 @@ module EffectiveRolesHelper
     klass.respond_to?(:name) ? klass.name : klass.to_s
   end
 
+  # This is used by the effective_roles_summary_table helper method
+  def effective_roles_authorization_level(controller, role, resource)
+    authorization_method = EffectiveResources.authorization_method
+
+    raise('expected an authorization method') unless (authorization_method.respond_to?(:call) || authorization_method.kind_of?(Symbol))
+    return :unknown unless (controller.current_user rescue nil).respond_to?(:roles=)
+
+    # Store the current ability (cancan support) and roles
+    current_ability = controller.instance_variable_get(:@current_ability)
+    current_user = controller.instance_variable_get(:@current_user)
+    current_user_roles = controller.current_user.roles
+
+    # Set up the user, so the check is done with the desired permission level
+    controller.instance_variable_set(:@current_ability, nil)
+
+    level = nil
+
+    case role
+    when :signed_in
+      controller.current_user.roles = []
+    when :public
+      controller.instance_variable_set(:@current_user, nil)
+
+      if defined?(EffectiveLogging)
+        EffectiveLogging.supressed { (controller.request.env['warden'].set_user(false) rescue nil) }
+      else
+        (controller.request.env['warden'].set_user(false) rescue nil)
+      end
+    else
+      controller.current_user.roles = [role]
+    end
+
+    # Find the actual authorization level
+    level = effective_roles_item_authorization_level(controller, role, resource, authorization_method)
+
+    # Restore the existing current_user stuff
+    if role == :public
+      ActiveRecord::Base.transaction do
+        if defined?(EffectiveLogging)
+          EffectiveLogging.supressed { (controller.request.env['warden'].set_user(current_user) rescue nil) }
+        else
+          (controller.request.env['warden'].set_user(current_user) rescue nil)
+        end
+
+        raise ActiveRecord::Rollback
+      end
+    end
+
+    controller.instance_variable_set(:@current_ability, current_ability)
+    controller.instance_variable_set(:@current_user, current_user)
+    controller.current_user.roles = current_user_roles
+
+    level
+  end
+
+  def effective_roles_item_authorization_level(controller, role, resource, auth_method)
+    resource = (resource.new() rescue resource) if resource.kind_of?(ActiveRecord::Base)
+
+    # Custom actions
+    if resource.kind_of?(Hash)
+      resource.each do |key, value|
+        return (controller.instance_exec(controller, key, value, &auth_method) rescue false) ? :yes : :no
+      end
+    end
+
+    # Check for Manage
+    return :manage if (
+      (controller.instance_exec(controller, :create, resource, &auth_method) rescue false) &&
+      (controller.instance_exec(controller, :update, resource, &auth_method) rescue false) &&
+      (controller.instance_exec(controller, :show, resource, &auth_method) rescue false) &&
+      (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
+    )
+
+    # Check for Update
+    return :update if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
+
+    # Check for Update Own
+    if resource.respond_to?('user=')
+      resource.user = controller.current_user
+      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
+      resource.user = nil
+    elsif resource.respond_to?('user_id=')
+      resource.user_id = controller.current_user.id
+      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
+      resource.user_id = nil
+    elsif resource.class.name.end_with?('User')
+      return :update_own if (controller.instance_exec(controller, :update, controller.current_user, &auth_method) rescue false)
+    end
+
+    # Check for Create
+    return :create if (controller.instance_exec(controller, :create, resource, &auth_method) rescue false)
+
+    # Check for Show
+    return :show if (controller.instance_exec(controller, :show, resource, &auth_method) rescue false)
+
+    # Check for Index
+    return :index if (controller.instance_exec(controller, :index, resource, &auth_method) rescue false)
+
+    # Check for Destroy
+    return :destroy if (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
+
+    :none
+  end
+
 end

data/app/models/concerns/acts_as_role_restricted.rb

@@ -29,13 +29,11 @@ module ActsAsRoleRestricted
 
     validates :roles_mask, numericality: true, allow_nil: true
 
-    validate(if: -> { changes.include?(:roles_mask) && EffectiveRoles.assignable_roles_present?(self) }) do
-      user = current_user || EffectiveRoles.current_user || (EffectiveLogging.current_user if defined?(EffectiveLogging))
-
+    validate(if: -> { changes.include?(:roles_mask) && EffectiveRoles.assignable_roles_present?(self) && current_user.present? }) do
       roles_was = EffectiveRoles.roles_for(changes[:roles_mask].first)
       changed = (roles + roles_was) - (roles & roles_was)  # XOR
 
-      assignable = EffectiveRoles.assignable_roles_collection(self, user) # Returns all roles when user is blank
+      assignable = EffectiveRoles.assignable_roles_collection(self, current_user) # Returns all roles when user is blank
       unauthorized = changed - assignable
 
       authorized = roles.dup
@@ -45,7 +43,7 @@ module ActsAsRoleRestricted
         Rails.logger.info "\e[31m unassignable roles: #{unauthorized.map { |role| ":#{role}" }.to_sentence}"
       end
 
-      if unauthorized.present? && user.blank? && defined?(Rails::Server)
+      if unauthorized.present? && current_user.blank? && defined?(Rails::Server)
         self.errors.add(:roles, 'current_user must be present when assigning roles')
       end
 
@@ -131,4 +129,3 @@ module ActsAsRoleRestricted
   end
 
 end
-

data/app/views/effective/roles/_summary_table.html.haml

@@ -13,4 +13,5 @@
         %td= effective_roles_authorization_label(klass)
         - roles.each do |role|
           %td.text-center
-            = effective_roles_authorization_badge(EffectiveRoles.authorization_level(controller, role, klass))
+            - level = effective_roles_authorization_level(controller, role, klass)
+            = effective_roles_authorization_badge(level)

data/config/effective_roles.rb

@@ -67,34 +67,8 @@ EffectiveRoles.setup do |config|
   # }
 
   # Authorization Method
-  #
-  # This doesn't have anything to do with the roles themselves.
-  # It's only used in two places:
-  # - For the effective_roles_summary_table() helper method
-  # - The /admin/roles page check
-  #
-  # It should match the authorization check used by your application
-  #
-  # This method is called by all controller actions with the appropriate action and resource
-  # If the method returns false, an Effective::AccessDenied Error will be raised (see README.md for complete info)
-  #
-  # Use via Proc (and with CanCan):
-  # config.authorization_method = Proc.new { |controller, action, resource| can?(action, resource) }
-  #
-  # Use via custom method:
-  # config.authorization_method = :my_authorization_method
-  #
-  # And then in your application_controller.rb:
-  #
-  # def my_authorization_method(action, resource)
-  #   current_user.is?(:admin)
-  # end
-  #
-  # Or disable the check completely:
-  # config.authorization_method = false
-  config.authorization_method = Proc.new { |controller, action, resource| authorize!(action, resource) } # CanCanCan
+  # This gem serves an /admin/roles endpoint that calls EffectiveResources.authorize!
 
   # Layout Settings
-  # Configure the Layout per controller, or all at once
-  config.layout = 'application'
+  # config.layout = 'admin'
 end

data/lib/effective_roles/engine.rb

@@ -1,5 +1,3 @@
-require 'effective_roles/set_current_user'
-
 module EffectiveRoles
   class Engine < ::Rails::Engine
     engine_name 'effective_roles'
@@ -11,18 +9,8 @@ module EffectiveRoles
       end
     end
 
-    # Register the log_page_views concern so that it can be called in ActionController or elsewhere
-    initializer 'effective_logging.log_changes_action_controller' do |app|
-      Rails.application.config.to_prepare do
-        ActiveSupport.on_load :action_controller do
-          require 'effective_roles/set_current_user'
-          ActionController::Base.include(EffectiveRoles::SetCurrentUser::ActionController)
-        end
-      end
-    end
-
     # Set up our default configuration options.
-    initializer "effective_roles.defaults", :before => :load_config_initializers do |app|
+    initializer "effective_roles.defaults", before: :load_config_initializers do |app|
       eval File.read("#{config.root}/config/effective_roles.rb")
     end
 

data/lib/effective_roles/version.rb

@@ -1,3 +1,3 @@
 module EffectiveRoles
-  VERSION = '2.0.5'.freeze
+  VERSION = '2.2.1'.freeze
 end

data/lib/effective_roles.rb

@@ -1,59 +1,30 @@
+require 'effective_resources'
 require 'effective_roles/engine'
 require 'effective_roles/version'
 
 module EffectiveRoles
-  mattr_accessor :roles
-  mattr_accessor :role_descriptions
-  mattr_accessor :assignable_roles
 
-  mattr_accessor :layout
-  mattr_accessor :authorization_method
-
-  def self.setup
-    yield self
+  def self.config_keys
+    [:roles, :role_descriptions, :assignable_roles, :layout]
   end
 
+  include EffectiveGem
+
   def self.permitted_params
     { roles: [] }
   end
 
-  def self.authorized?(controller, action, resource)
-    @_exceptions ||= [Effective::AccessDenied, (CanCan::AccessDenied if defined?(CanCan)), (Pundit::NotAuthorizedError if defined?(Pundit))].compact
-
-    return !!authorization_method unless authorization_method.respond_to?(:call)
-    controller = controller.controller if controller.respond_to?(:controller)
-
-    begin
-      !!(controller || self).instance_exec((controller || self), action, resource, &authorization_method)
-    rescue *@_exceptions
-      false
-    end
-  end
-
-  def self.authorize!(controller, action, resource)
-    raise Effective::AccessDenied unless authorized?(controller, action, resource)
-  end
-
-  # This is set by the "set_effective_roles_current_user" before_filter.
-  def self.current_user=(user)
-    @effective_roles_current_user = user
-  end
-
-  def self.current_user
-    @effective_roles_current_user
-  end
-
   # This method converts whatever is given into its roles
   # Pass an object, Integer, or Symbol to find corresponding role
   def self.roles_for(obj)
     if obj.respond_to?(:is_role_restricted?)
      obj.roles
     elsif obj.kind_of?(Integer)
-      roles.reject { |r| (obj & 2**roles.index(r)).zero? }
+      roles.reject { |r| (obj & 2 ** config.roles.index(r)).zero? }
     elsif obj.kind_of?(Symbol)
-      [roles.find { |role| role == obj }].compact
+      Array(roles.find { |role| role == obj })
     elsif obj.kind_of?(String)
-      [roles.find { |role| role == obj.to_sym }].compact
+      Array(roles.find { |role| role == obj.to_sym })
     elsif obj.kind_of?(Array)
       obj.map { |obj| roles_for(obj) }.flatten.compact
     elsif obj.nil?
@@ -65,10 +36,10 @@ module EffectiveRoles
 
   # EffectiveRoles.roles_mask_for(:admin, :member)
   def self.roles_mask_for(*roles)
-    roles_for(roles).map { |r| 2**EffectiveRoles.roles.index(r) }.sum
+    roles_for(roles).map { |r| 2 ** config.roles.index(r) }.sum
   end
 
-  def self.roles_collection(resource, current_user = nil, only: nil, except: nil, multiple: nil)
+  def self.roles_collection(resource, current_user = nil, only: nil, except: nil, multiple: nil, skip_disabled: nil)
     if assignable_roles.present?
       raise('expected object to respond to is_role_restricted?') unless resource.respond_to?(:is_role_restricted?)
       raise('expected current_user to respond to is_role_restricted?') if current_user && !current_user.respond_to?(:is_role_restricted?)
@@ -78,15 +49,19 @@ module EffectiveRoles
     except = Array(except).compact
     multiple = resource.acts_as_role_restricted_options[:multiple] if multiple.nil?
     assignable = assignable_roles_collection(resource, current_user, multiple: multiple)
+    skip_disabled = assignable_roles.kind_of?(Hash) if skip_disabled.nil?
 
     roles.map do |role|
       next if only.present? && !only.include?(role)
       next if except.present? && except.include?(role)
 
+      disabled = !assignable.include?(role)
+      next if disabled && skip_disabled
+
       [
         "#{role}<p class='help-block text-muted'>#{role_description(role, resource)}</p>".html_safe,
         role,
-        ({:disabled => :disabled} unless assignable.include?(role))
+        ({:disabled => :disabled} if disabled)
       ]
     end.compact
   end
@@ -94,14 +69,12 @@ module EffectiveRoles
   def self.assignable_roles_collection(resource, current_user = nil, multiple: nil)
     return roles unless assignable_roles_present?(resource)
 
-    current_user ||= (EffectiveRoles.current_user || (EffectiveLogging.current_user if defined?(EffectiveLogging)))
-
     if current_user && !current_user.respond_to?(:is_role_restricted?)
-      raise('expected current_user to respond to is_role_restricted?') 
+      raise('expected current_user to respond to is_role_restricted?')
     end
 
     if !resource.respond_to?(:is_role_restricted?)
-      raise('expected current_user to respond to is_role_restricted?') 
+      raise('expected current_user to respond to is_role_restricted?')
     end
 
     assigned_roles = if assignable_roles.kind_of?(Hash)
@@ -138,13 +111,11 @@ module EffectiveRoles
   end
 
   def self.assignable_roles_present?(resource)
-    return false if assignable_roles.nil?
+    return false unless assignable_roles.present?
 
-    raise 'EffectiveRoles config.assignable_roles_for must be a Hash, Array or nil' unless [Hash, Array].include?(assignable_roles.class)
+    raise 'EffectiveRoles config.assignable_roles_for must be a Hash or Array' unless [Hash, Array].include?(assignable_roles.class)
     raise('expected resource to respond to is_role_restricted?') unless resource.respond_to?(:is_role_restricted?)
 
-    return assignable_roles.present? if assignable_roles.kind_of?(Array)
-
     if assignable_roles.kind_of?(Array)
       assignable_roles
     elsif assignable_roles.key?(resource.class.to_s)
@@ -154,113 +125,14 @@ module EffectiveRoles
     end.present?
   end
 
-  # This is used by the effective_roles_summary_table helper method
-  def self.authorization_level(controller, role, resource)
-    return :unknown unless (authorization_method.respond_to?(:call) || authorization_method.kind_of?(Symbol))
-    return :unknown unless (controller.current_user rescue nil).respond_to?(:roles=)
-
-    # Store the current ability (cancan support) and roles
-    current_ability = controller.instance_variable_get(:@current_ability)
-    current_user = controller.instance_variable_get(:@current_user)
-    current_user_roles = controller.current_user.roles
-
-    # Set up the user, so the check is done with the desired permission level
-    controller.instance_variable_set(:@current_ability, nil)
-
-    level = nil
-
-    case role
-    when :signed_in
-      controller.current_user.roles = []
-    when :public
-      controller.instance_variable_set(:@current_user, nil)
-
-      if defined?(EffectiveLogging)
-        EffectiveLogging.supressed { (controller.request.env['warden'].set_user(false) rescue nil) }
-      else
-        (controller.request.env['warden'].set_user(false) rescue nil)
-      end
-    else
-      controller.current_user.roles = [role]
-    end
-
-    # Find the actual authorization level
-    level = _authorization_level(controller, role, resource, authorization_method)
-
-    # Restore the existing current_user stuff
-    if role == :public
-      ActiveRecord::Base.transaction do
-        if defined?(EffectiveLogging)
-          EffectiveLogging.supressed { (controller.request.env['warden'].set_user(current_user) rescue nil) }
-        else
-          (controller.request.env['warden'].set_user(current_user) rescue nil)
-        end
-
-        raise ActiveRecord::Rollback
-      end
-    end
-
-    controller.instance_variable_set(:@current_ability, current_ability)
-    controller.instance_variable_set(:@current_user, current_user)
-    controller.current_user.roles = current_user_roles
-
-    level
-  end
-
   private
 
   def self.role_description(role, obj = nil)
     raise 'EffectiveRoles config.role_descriptions must be a Hash' unless role_descriptions.kind_of?(Hash)
-    (role_descriptions[obj.try(:class).to_s] || {})[role] || role_descriptions[role] || ''
-  end
-
-  def self._authorization_level(controller, role, resource, auth_method)
-    resource = (resource.new() rescue resource) if resource.kind_of?(ActiveRecord::Base)
-
-    # Custom actions
-    if resource.kind_of?(Hash)
-      resource.each do |key, value|
-        return (controller.instance_exec(controller, key, value, &auth_method) rescue false) ? :yes : :no
-      end
-    end
-
-    # Check for Manage
-    return :manage if (
-      (controller.instance_exec(controller, :create, resource, &auth_method) rescue false) &&
-      (controller.instance_exec(controller, :update, resource, &auth_method) rescue false) &&
-      (controller.instance_exec(controller, :show, resource, &auth_method) rescue false) &&
-      (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
-    )
-
-    # Check for Update
-    return :update if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
-
-    # Check for Update Own
-    if resource.respond_to?('user=')
-      resource.user = controller.current_user
-      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
-      resource.user = nil
-    elsif resource.respond_to?('user_id=')
-      resource.user_id = controller.current_user.id
-      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
-      resource.user_id = nil
-    elsif resource.kind_of?(User)
-      return :update_own if (controller.instance_exec(controller, :update, controller.current_user, &auth_method) rescue false)
-    end
-
-    # Check for Create
-    return :create if (controller.instance_exec(controller, :create, resource, &auth_method) rescue false)
-
-    # Check for Show
-    return :show if (controller.instance_exec(controller, :show, resource, &auth_method) rescue false)
-
-    # Check for Index
-    return :index if (controller.instance_exec(controller, :index, resource, &auth_method) rescue false)
-
-    # Check for Destroy
-    return :destroy if (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
 
-    :none
+    description = role_descriptions.dig(obj.class.to_s, role) if obj.present?
+    description ||= role_descriptions[role]
+    description || ''
   end
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: effective_roles
 version: !ruby/object:Gem::Version
-  version: 2.0.5
+  version: 2.2.1
 platform: ruby
 authors:
 - Code and Effect
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-08-13 00:00:00.000000000 Z
+date: 2021-12-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 3.2.0
+- !ruby/object:Gem::Dependency
+  name: effective_resources
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Assign multiple roles to any User or other ActiveRecord object. Select
   only the appropriate objects based on intelligent, chainable ActiveRecord::Relation
   finder methods.
@@ -38,7 +52,6 @@ files:
 - app/controllers/admin/roles_controller.rb
 - app/helpers/effective_roles_helper.rb
 - app/models/concerns/acts_as_role_restricted.rb
-- app/models/effective/access_denied.rb
 - app/views/admin/roles/index.html.haml
 - app/views/effective/roles/_summary.html.haml
 - app/views/effective/roles/_summary_table.html.haml
@@ -46,7 +59,6 @@ files:
 - config/routes.rb
 - lib/effective_roles.rb
 - lib/effective_roles/engine.rb
-- lib/effective_roles/set_current_user.rb
 - lib/effective_roles/version.rb
 - lib/generators/effective_roles/install_generator.rb
 homepage: https://github.com/code-and-effect/effective_roles

data/app/models/effective/access_denied.rb

@@ -1,17 +0,0 @@
-unless defined?(Effective::AccessDenied)
-  module Effective
-    class AccessDenied < StandardError
-      attr_reader :action, :subject
-
-      def initialize(message = nil, action = nil, subject = nil)
-        @message = message
-        @action = action
-        @subject = subject
-      end
-
-      def to_s
-        @message || I18n.t(:'unauthorized.default', :default => 'Access Denied')
-      end
-    end
-  end
-end

data/lib/effective_roles/set_current_user.rb

@@ -1,15 +0,0 @@
-module EffectiveRoles
-  module SetCurrentUser
-    module ActionController
-
-      # Add me to your ApplicationController
-      # before_action :set_effective_roles_current_user
-
-      def set_effective_roles_current_user
-        EffectiveRoles.current_user = current_user
-      end
-
-    end
-  end
-end
-