i_am_i_can 3.0.1 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 56545e764dcd1ae9cae7fc388f12df0db09c7628
-  data.tar.gz: c8dc0126bdd98e472472cb6a105442979a19ef86
+  metadata.gz: bd4d579c7635be07c436c9d2f76913fdbaf14638
+  data.tar.gz: 4028733df55abde29ef7a4365e538211bf6192cb
 SHA512:
-  metadata.gz: fea3768f4b9d4391cb2fb7b0c2be7dfe7f553ead20e004bfdea97ad1a50366b85eb02ebbf905a9d85b72dab2fe4c344c1db58ba23e67bb71ee2d80bbe0c3ddc2
-  data.tar.gz: aa61ca4f7801fc754cb9b3516a1168de3779ad5c9a6205eb2f18f52acca4d10d0686d71e4e9907553ac50d54e5e4dc612478b07b8f5bb82903cd12473947d27c
+  metadata.gz: 187dad10491e715a62224579b03906d75ae8716e399d4bc73f006eb3a1bf672693120f14b2d9221daab958a6c6aebdb05ec19dbc738a68f8ebafd1ef31ba6bd7
+  data.tar.gz: 8ad7aff9edb8342d472e08dfaf86e2dc63c26f2b5a90efcf491d637c69f9a60248cc1d730385a0c46a1aff1757cf709ee927ae4a252e8fcabc6a3ec795faac53

data/.gitignore

@@ -13,3 +13,4 @@
 .rspec_status
 
 *.log
+Gemfile.lock

data/README.md

@@ -19,7 +19,6 @@ he.is? :admin           # role querying => true
 he.is? :someone_else    # role querying => false
 
 # Role Group
-#   role definition and grouping
 People.have_and_group_roles :dev, :master, :committer, by_name: :team
 he.becomes_a :master    # role assignment
 he.in_role_group? :team # role group querying => true
@@ -48,11 +47,43 @@ he.falls_from :admin
 Roles.which(name: :coder).cannot :fly
 
 # Get allowed resources:
-Resource.that_allow(user).to(:manage) # => Active::Relation
+Resource.that_allow(user, to: :manage) # => ActiveRecord_Relation[]
 ```
 
+## Table of Content
+
+1. [Concepts and Overview](#concepts-and-overview)
+    - [In one word](#in-one-word)
+    - [Definition and uniqueness of nouns](#definition-and-uniqueness-of-nouns)
+    - [About role group](#about-role-group)
+    - [Three steps to use this gem](#three-steps-to-use-this-gem)
+    - [Two Concepts of this gem](#two-concepts-of-this-gem)
+
+2. [Installation And Setup](#installation-and-setup)
+
+3. [Usage](#usage)
+    - [Config Options](#config-options)
+    - [Methods and helpers](#methods-and-helpers)
+        - [A. Role Definition](#a-role-definition)
+        - [B. Grouping Roles](#b-grouping-roles)
+        - [C. Role Assignment](#c-role-assignment)
+        - [D. Role / Group Querying](#d-role--group-querying)
+        - [E. Permission Definition](#e-permission-definition)
+        - [F. Permission Assignment](#f-permission-assignment)
+        - [G. Permission Querying](#g-permission-querying)
+        - [H. Shortcut Combinations - which_can](#h-shortcut-combinations---which_can)
+        - [I. Resource Querying](#i-resource-querying)
+        - [J. Useful Helpers](#j-useful-helpers)
+
 ## Concepts and Overview
 
+### In one word:
+```
+- role has permissions
+- subject has the roles
+> subject has the permissions through the roles.
+```
+
 ### Definition and uniqueness of nouns
 
 0. Subject
@@ -70,17 +101,9 @@ Resource.that_allow(user).to(:manage) # => Active::Relation
     - Also see wiki [RBAC](https://en.wikipedia.org/wiki/Role-based_access_control)
     - Uniquely identified by `predicate( + object)` (name),
       or we can say, `action( + resource)`
-4. Resource
+4. Object (Resource)
     - Polymorphic association with permissions
 
-
-### In one word:
-```
-- role has permissions
-- subject has the roles
-> subject has the permissions through the roles.
-```
-
 ### About role group?
 ```
 - role group has permissions
@@ -89,7 +112,7 @@ Resource.that_allow(user).to(:manage) # => Active::Relation
 > subject has the permissions through the role which is in the group
 ```
 
-### Three steps of this gem
+### Three steps to use this gem
 
 1. Querying
     - Find if the given role is assigned to the subject
@@ -100,7 +123,7 @@ Resource.that_allow(user).to(:manage) # => Active::Relation
     - instance methods, like: `user.has_role :admin`
 3. Definition
     - the role or permission you want to assign **MUST** be defined before
-    - option :auto_define_before (before assignment) you may need in some cases
+    - option :auto_definition (before assignment) you may need in some cases
     - class methods, like: `UserRoleGroup.have_permission :fly`
 
 **Definition => Assignment => Querying**
@@ -108,7 +131,7 @@ Resource.that_allow(user).to(:manage) # => Active::Relation
 ### Two Concepts of this gem
 
 1. Stored (save in database) TODO
-2. Local (variable value) TODO
+2. Temporary (save in instance variable) TODO
 
 [Feature List: needs you](https://github.com/zhandao/i_am_i_can/issues/2)
 
@@ -135,7 +158,7 @@ Resource.that_allow(user).to(:manage) # => Active::Relation
     class User
       has_and_belongs_to_many :stored_roles,
                               join_table: 'users_and_user_roles', foreign_key: 'user_role_id', class_name: 'UserRole', association_foreign_key: 'user_id'
-   
+      has_many_temporary_roles
       acts_as_subject
     end
     ```
@@ -148,123 +171,127 @@ That's all!
 
 ## Usage
 
-### Customization
+### Config Options
 
-1. association names TODO
+1. auto_definition: Auto definition before assignment if it's set to `true`. defaults to `false`.
 
-### Config Options
+2. strict_mode: Raise error when doing wrong definition or assignment if it's
+set to `true`. defaults to `false`.
 
-TODO
+3. without_group: Unable `role group` feature if it's set to `true`. defaults to `false`.
 
-### Methods and their Aliases
+4. **relation names**: you can change the names in model declarations, defaults to `stored_roles`, `permissions`, `stored_users` and so on.
+
+### Methods and helpers
 
 #### A. [Role Definition](https://github.com/zhandao/i_am_i_can/blob/master/lib/i_am_i_can/role/definition.rb)
 
-1. Caller: Subject Model, like `User`
-2. methods:
-    1. save to database: `have_role`. aliases:
-        1. `have_roles`
-        2. `has_role` & `has_roles`
-    2. save to local variable: `declare_role`. alias `declare_roles`
-3. helpers:
-    1. `defined_local_roles`
-    2. `defined_stored_roles` & `defined_stored_role_names`
-    3. `defined_roles`
-    
-Methods Explanation:
+1. caller: Subject Model, like `User`
+2. method: `have_role`. aliases:
+    1. `have_roles`
+    2. `has_role` & `has_roles`
+
+Explanation:
 ```ruby
-# === Save to DB ===
-# method signature
-have_role *names, desc: nil, save: default_save#, which_can: [ ], obj: nil
-# examples
-User.have_roles :admin, :master # => 'Role Definition Done' or error message
-User.defined_stored_roles.keys.count # => 2
+# === method signature ===
+have_role *names, which_can: [ ], obj: nil
 
-# === Save in Local ===
-# signature as `have_role`
-# examples
-User.declare_role :coder # => 'Role Definition Done' or error message
-User.defined_local_roles.keys.count # => 1
+# === examples ===
+User.have_roles :admin, :master # => 'Role Definition Done' or error message
+# is the same as: `UserRole.create([{ name: :admin }, ...])`
 
-User.defined_roles.keys.count # => 3
+# then:
+UserRole.count # => 2
 ```
 
 #### B. [Grouping Roles](https://github.com/zhandao/i_am_i_can/blob/master/lib/i_am_i_can/role/definition.rb)
 
-**Tips:**  
-1. Role Group must be saved in database currently
-2. Roles that you're going to group should be defined
+**Tip:** Roles that you're going to group should be defined
 
-Overview:  
-1. Caller: Subject Model, like `User`
+1. caller: Subject Model, like `User`
 2. method: `group_roles`. aliases:
     1. `group_role`
     2. `groups_role` & `groups_roles`
 3. shortcut combination method: `have_and_group_roles` (alias `has_and_groups_roles`)  
-    it will do: roles definition => roles grouping
+    it will do: roles definition && roles grouping
 4. helpers:
-    1. `defined_role_groups` & `defined_role_group_names`
-    2. `members_of_role_group`
-    
-Methods Explanation:
+    1. relation with role (member), defaults to `members`.
+
+Explanation:
 ```ruby
-# method signature
-group_roles *members, by_name:, #which_can: [ ], obj: nil
-# examples
+# === method signature ===
+group_roles *members, by_name:, which_can: [ ], obj: nil
+
+# === examples ===
+# 1. normal usage
+User.have_roles :vip1, :vip2, :vip3
+User.group_roles :vip1, :vip2, :vip3, by_name: :vip
+
+# 2. shortcut combination
 User.have_and_group_roles :vip1, :vip2, :vip3, by_name: :vip
-User.defined_role_group_names # => [:vip]
-User.members_of_role_group(:vip) # => %i[vip1 vip2 vip3]
+
+UserRoleGroup.count # => 1
+UserRoleGroup.which(name: :vip).members.names # => %i[vip1 vip2 vip3]
 ```
 
 #### C. [Role Assignment](https://github.com/zhandao/i_am_i_can/blob/master/lib/i_am_i_can/role/definition.rb)
 
-1. Caller: subject instance, like `User.find(1)`
-2. assign methods:
-    1. save to database: `becomes_a`. aliases:
-        1. `is` & `is_a_role` & `is_roles`
-        2. `has_role` & `has_roles`
-        3. `role_is` & `role_are`
-    2. save to local variable: `temporarily_is`. alias `locally_is`
-3. cancel assign method: `falls_from`. aliases:
-    1. `removes_role`
-    2. `leaves`
-    3. `is_not_a` & `has_not_role` & `has_not_roles`
-    4. `will_not_be`
+1. caller: subject instance, like `User.first`
+2. assignment by calling:
+    1. `becomes_a`, or it's aliases:
+        1. `is` / `is_a_role` / `is_roles`
+        2. `has_role` / `has_roles`
+        3. `role_is` / `role_are`
+    2. `is_a_temporary`: just like the name, the assignment occurs only
+       in instance variable (will be in the cache).
+3. cancel assignment by calling:
+    1. `falls_from`, or it's aliases:
+        1. `removes_role`
+        2. `leaves`
+        3. `is_not_a` / `has_not_role` / `has_not_roles`
+        4. `will_not_be`
+    2. `is_not_a_temporary`
 4. helpers:
-    1. `local_roles` & `local_role_names`
-    2. `stored_roles` & `stored_role_names`
+    1. relation with stored role, defaults to `stored_roles`.
+    2. `temporary_roles` and `valid_temporary_roles`
     3. `roles`
 
-Methods Explanation:
+Explanation:
 ```ruby
 he = User.take
-# === Save to DB ===
+# Dont't forget to define roles before assignment
+User.have_roles :admin, :coder
+
+# === Stored Assignment ===
 # method signature
-becomes_a *roles, auto_define_before: auto_define_before, save:  default_save#, which_can: [ ], obj: nil
+becomes_a *roles, which_can: [ ], obj: nil,
+                  _d: config.auto_definition,
+                  auto_definition: _d || which_can.present?
 # examples
-he.becomes_a :admin # => 'Role Definition Done' or error message
-he.stored_roles   # => [<#UserRole id: 1>]
+he.becomes_a :admin # => 'Role Assignment Done' or error message
+he.stored_roles     # => [<#UserRole id: 1>]
 
-# === Save in Local ===
+# === Temporary Assignment ===
 # signature as `becomes_a`
 # examples
-he.temporarily_is :coder # => 'Role Assignment Done' or error message
-he.local_roles # => [{ coder: { .. } }]
+he.is_a_temporary :coder # => 'Role Assignment Done' or error message
+he.temporary_roles       # => [<#UserRole id: 2>]
 
 he.roles # => [:admin, :coder]
 
-# === Cancel ===
+# === Cancel Assignment ===
 # method signature
-falls_from *roles, saved: default_save
+falls_from *roles
+is_not_a_temporary *roles
 # examples
-he.falls_from :admin # => 'Role Assignment Done' or error message
-he.removes_roles :coder, saved: false # => 'Role Assignment Done' or error message
+he.falls_from :admin         # => 'Role Assignment Done' or error message
+he.is_not_a_temporary :coder # => 'Role Assignment Done' or error message
 he.roles # => []
 ```
 
 #### D. [Role / Group Querying](https://github.com/zhandao/i_am_i_can/blob/master/lib/i_am_i_can/subject/role_querying.rb)
 
-1. Caller: subject instance, like `User.find(1)`
+1. caller: subject instance, like `User.first`
 2. role querying methods:
     1. `is?` / `is_role?` / `has_role?`
     2. `isnt?`
@@ -280,7 +307,7 @@ he.roles # => []
 all the `?` methods will return `true` or `false`  
 all the `!` bang methods will return `true` or raise `IAmICan::VerificationFailed`
     
-Methods Examples:
+Examples:
 ```ruby
 he = User.take
 
@@ -288,136 +315,95 @@ he.is?   :admin
 he.isnt? :admin
 he.is!   :admin
 
-he.is_every?  :admin, :master # return false if he is not a admin or master
-he.is_one_of! :admin, :master # return true if he is a master or admin
+he.is_every?  :admin, :master # return false if he is not a `admin` or `master`
+he.is_one_of! :admin, :master # return true if he is a `master` or `admin`
 
-he.is_in_role_group? :vip # return true if he has a role which is in the group :vip
+he.is_in_role_group? :vip # return true if he has at least one role of the group `vip`
 ```
 
 #### E. [Permission Definition](https://github.com/zhandao/i_am_i_can/blob/master/lib/i_am_i_can/permission/definition.rb)
 
-1. Caller: Role / Role Group Model, like `UserRole` / `UserRoleGroup`
-2. methods:
-    1. save to database: `have_permission`. aliases:
-        1. `have_permissions`
-        2. `has_permission` & `has_permissions`
-    2. save to local variable: `declare_permission`. alias `declare_permissions`
-3. helpers:
-    1. `defined_local_permissions`
-    2. `defined_stored_permissions`
-    3. `defined_permissions`
-4. class method: `which(name:)`
-5. Permission
-    1. class method: `which(pred:, obj:)`
-    2. instance methods: `#pred`, `#obj`, `#name`
-    
-Methods Explanation:
-```ruby
-# === Save to DB ===
-# method signature
-have_permission *preds, obj: nil, desc: nil, save: default_save
-# examples
-UserRole.have_permission :fly # => 'Permission Definition Done' or error message
-UserRole.defined_stored_permissions.keys.count # => 1
-UserRoleGroup.have_permissions *%i[read write], obj: Book.find(1) # => 'Permission Definition Done' or error message
-UserRoleGroup.defined_stored_permissions.keys.count # => 1
-
-# === Save in Local ===
-# signature as `have_permission`
-# examples
-UserRole.declare_permission :perform, obj: :magic # => 'Permission Definition Done' or error message
-UserRole.defined_local_permissions.keys.count # => 1
+1. caller: Role / Role Group Model, like `UserRole` / `UserRoleGroup`
+2. method: `have_permission`. aliases:
+    1. `have_permissions`
+    2. `has_permission` & `has_permissions`
 
-UserRole.defined_permissions.keys.count # => 2
+Explanation:
+```ruby
+# === method signature ===
+have_permission *actions, obj: nil
+# It is not recommended to pass an array of objects
 
-# === class methods ===
-UserRole.which(name: :admin)
-# as same as
-UserRole.find_by_name!(:admin)
+# === examples ===
+UserRole.have_permission :fly # => 'Permission Definition Done' or error message
+UserPermission.count          # => 1
 
-# === Permission ===
-p = UserPermission.which(pred: :read, obj: Book.find(1))
-p.pred == 'read'
-p.obj == Book.find(1)
-p.name == :read_Book_1
+UserRoleGroup.have_permissions :read, :write, obj: book # => 'Permission Definition Done' or error message
+UserPermission.count # => 1 + 2
 ```
 
 #### F. [Permission Assignment](https://github.com/zhandao/i_am_i_can/blob/master/lib/i_am_i_can/permission/assignment.rb)
 
-**What is Wrong Assignment - Covered?**
-> Before: he can manage User  
-> When you do: he can manage User.find(1)  
-> will get an Error, tell you that User is cover User.find(1), no need to assign
+1. caller: role / role group instance, like `UserRole.which(name: :admin)`
+2. assignment by calling `can`. alias `has_permission`
+3. cancel assignment by calling `cannot`. alias `is_not_allowed_to`
+4. helpers:
+    1. relation with stored permission, defaults to `permissions`.
 
-Overview:  
-1. Caller: role / role group instance, like `UserRole.which(name: :admin)`
-2. methods:
-    1. save to database: `can`. aliases: `has_permission`
-    2. save to local variable: `temporarily_can`. alias `locally_can`
-3. cancel assign method: `cannot`. alias `is_not_allowed_to`
-3. helpers:
-    1. `local_permissions`
-    2. `stored_permissions`
-    3. `permissions`
-    
-Methods Explanation:
+
+Explanation:
 ```ruby
 role = UserRole.which(name: :admin)
+# Dont't forget to define permission before assginment
+UserRole.have_permission :fly
 
-# === Save to DB ===
+# === Assignment ===
 # method signature
-can *preds, obj: nil, strict_mode: false, auto_define_before: auto_define_before
+can *actions, resource: nil, obj: resource,
+    _d: config.auto_definition, auto_definition: _d
 # examples
 role.can :fly # => 'Permission Assignment Done' or error message
-role.stored_permissions # => [<#UserPermission id: ..>]
-
-# === Save in Local
-# signature as `can`
-# examples
-role.temporarily_can :perform, obj: :magic # => 'Permission Assignment Done' or error message
-role.local_permissions # => [:perform_magic]
-
-role.permissions.keys.count # => 3
+role.permissions # => [<#UserPermission id: ..>]
 ```
 
 #### G. [Permission Querying](https://github.com/zhandao/i_am_i_can/blob/master/lib/i_am_i_can/subject/role_querying.rb)
 
-1. Caller: 
+1. caller: 
     1. subject instance, like `User.find(1)`
-    2. role / role group instance, like `Role.which(name: :master)`  
-        notice that this caller have only `can?` and `temporarily_can?` methods.
+    2. role / role group instance, like `Role.which(name: :master)`
+        (only have `can?` method)
 2. methods:
     1. `can?`
     2. `cannot?`
     3. `can!`
     4. `can_each?` & `can_each!`
     4. `can_one_of!` & `can_one_of!`
-    5. `temporarily_can?` / `locally_can?`
+    5. `temporarily_can?`
     6. `stored_can?`
     7. `group_can?`
-3. helpers:
-    1. `permissions_of_stored_roles`
-    2. `permissions_of_local_roles`
-    3. `permissions_of_role_groups`
     
 all the `?` methods will return `true` or `false`  
 all the `!` bang methods will return `true` or raise `IAmICan::InsufficientPermission`
     
-Methods Examples:
+Examples:
 ```ruby
 he = User.take
 
+# `perform` is action, and `magic` is object (resource)
 he.can?    :perform, :magic
+# the same as:
+he.can?    :perform, obj: :magic
+
 he.cannot? :perform, :magic
 he.can!    :perform, :magic
 
-he.can_each?   :fly, :jump # return false if he can not fly or jump
-he.can_one_of! :fly, :jump # return true if he can fly or jump
+he.can_each?   %i[fly jump] # return false if he can not `fly` or `jump`
+he.can_one_of! %i[fly jump] # return true if he can `fly` or `jump`
 ```
 
 #### H. Shortcut Combinations - which_can
 
-Faster way to assign, define roles and thier permissions.  
+Faster way to assign, define roles and their permissions.  
 You can use it when defining role even assigning role.
 
 ```ruby
@@ -427,9 +413,6 @@ You can use it when defining role even assigning role.
 #   2. define & assign the permission to the role
 User.have_role :coder, which_can: [:perform], obj: :magic
 UserRole.which(name: :coder).can? :perform, :magic # => true
-# save in local
-User.local_role_which(name: :local_role, can: [:perform], obj: :magic)
-UserRole.new(name: :local_role).temporarily_can? :perform, :magic # => true
 
 # === use when assigning role ===
 # it does:
@@ -444,7 +427,86 @@ user.can? :read, :book # => true
 
 #### I. Resource Querying
 
-TODO
+1. caller: Resource Collection or Instance
+2. scopes:
+    1. `that_allow`
+
+Explanation:
+```ruby
+# === method signature ===
+scope :that_allow, -> (subject, to:) { }
+
+# === examples ===
+Book.that_allow(User.all, to: :read)
+Book.that_allow(User.last, to: :write)
+```
+
+#### J. Useful Helpers
+
+1. for Subject (e.g. User)
+
+    ```ruby
+    # declaration in User
+    has_and_belongs_to_many :identities # stored_roles
+    
+    # 1. [scope] with_<stored_roles>
+    #   is the same as `includes(:stored_roles)` for avoiding N+1 querying
+    User.with_identities.where(identities: { name: 'teacher' })
+    ```
+
+2. for Role / RoleGroup (e.g. UserRole)
+
+    ```ruby
+    # declaration in UserRole
+    has_and_belongs_to_many :related_users
+    has_and_belongs_to_many :related_role_groups
+    has_and_belongs_to_many :permissions
+    
+    # 1. [class method] which(name:, **conditions)
+    #    the same as `find_by!`
+    UserRole.which(name: :admin)
+ 
+    # 2. [class method] names
+    UserRole.all.names # => symbol array
+ 
+    # 3. [class method] <related_*>
+    #    returns a ActiveRecord_Relation
+    #    for example, to get the users of the role `admin` and `dev`:
+    UserRole.where(name: ['admin', 'dev']).related_users
+    #    to get the groups of the role `admin` and `dev`:
+    UserRole.where(name: ['admin', 'dev']).related_role_groups
+ 
+    # 4. [scope] with_<permissions>
+    #   is the same as `includes(:permissions)` for avoiding N+1 querying
+    UserRole.with_permissions.where(permissions: { id: 1 })
+    ```
+
+3. for `Permission` (e.g. UserPermission)
+
+    ```ruby
+    # declaration in UserPermission
+    has_and_belongs_to_many :related_roles
+    has_and_belongs_to_many :related_role_groups
+ 
+    # 1. [class method] which(action:, obj: nil, **conditions)
+    #    the same as `find_by!`
+    UserPermission.which(action: :read, obj: Book.first)
+    UserPermission.which(action: :read, obj_type: 'Book', obj_id: 1)
+
+    # 2. [class method] names
+    UserPermission.all.names # => symbol array
+ 
+    # 3. [class method] <related_*>
+    #    returns a ActiveRecord_Relation as above
+    UserPermission.where(..).related_roles
+    UserPermission.where(..).related_role_groups
+ 
+    # 4. [instance method] name
+    UserPermission.first.name # => :read_Book_1
+ 
+    # 5. [instance method] obj
+    UserPermission.first.obj # => nil / Book / book / :book
+    ```
 
 ## Development
 

data/lib/generators/i_am_i_can/setup_generator.rb

@@ -26,17 +26,11 @@ module IAmICan
           @ii_opts[:without_group] = true
         end
 
-        unless yes?('Do yo want it to save role and permission to database by default? y (default) / n')
-          @ii_opts[:default_save] = false
-        end
-        # if @ii_opts[:default_save] != false && yes?('Don\'t you need **local** definition and assignment feature? y / n (default)')
-        #   TODO
-        # end
         if yes?('Do you want it to raise error when you are doing wrong definition or assignment? y / n (default)')
           @ii_opts[:strict_mode] = true
         end
         if yes?('Do you want it to auto define the role/permission which is not defined when assigning to subject? y / n (default)')
-          @ii_opts[:auto_define_before] = true
+          @ii_opts[:auto_definition] = true
         end
       end
 
@@ -61,6 +55,8 @@ module IAmICan
           |  has_and_belongs_to_many :stored_roles,
           |                          join_table: '#{subj_role_tb}', foreign_key: '#{role_u}_id', class_name: '#{role_c}', association_foreign_key: '#{name_u}_id'
           |
+          |  has_many_temporary_roles  
+          |
           |  acts_as_subject
           |
         TIPS

data/lib/generators/i_am_i_can/templates/migrations/i_am_i_can.erb

@@ -1,8 +1,8 @@
 class <%= name_c %>Am<%= name_c %>Can < ActiveRecord::Migration::Current
   def change
     create_table :<%= role_up %>, force: :cascade do |t|
-      t.string  :name, null: false
-      t.string  :desc
+      t.string  :name,    null: false
+      t.string  :remarks
 
       t.timestamps
     end
@@ -12,8 +12,8 @@ class <%= name_c %>Am<%= name_c %>Can < ActiveRecord::Migration::Current
     # === end of role table ===
 <% unless @ii_opts[:without_group] %>
     create_table :<%= group_up %>, force: :cascade do |t|
-      t.string  :name, null: false
-      t.string  :desc
+      t.string  :name,    null: false
+      t.string  :remarks
 
       t.timestamps
     end
@@ -24,17 +24,17 @@ class <%= name_c %>Am<%= name_c %>Can < ActiveRecord::Migration::Current
 
 <% end %>
     create_table :<%= permission_up %>, force: :cascade do |t|
-      t.string  :pred,     null: false
+      t.string  :action,   null: false
       t.string  :obj_type
       t.integer :obj_id
-      t.string  :desc
+      t.string  :remarks
 
       t.timestamps
     end
 
-    add_index :<%= permission_up %>, %i[ pred obj_type obj_id ], unique: true, name: '<%= permission_up %>_unique_index'
+    add_index :<%= permission_up %>, %i[ action obj_type obj_id ], unique: true, name: '<%= permission_up %>_unique_index'
     ### Open below if you want to use `Resource.that_allow` frequently
-    # add_index :<%= permission_up %>, %i[ pred obj_type ], name: '<%= permission_up %>_resource_search_index'
+    # add_index :<%= permission_up %>, %i[ action obj_type ], name: '<%= permission_up %>_resource_search_index'
 
     # === end of permission table ===