permisi 0.1.0 → 0.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 47559ea904f406010a7979cd77de853bf8c3628c7e4c1020e45742ae439a7e06
-  data.tar.gz: b8c814331a90cbc7e4d2d3560cfb939419b001f1e88e731a3e67e9b180ead167
+  metadata.gz: 20d261fa05615f1a2b28f377d652b0f74af4df86de9e7fbabd820259fcdb619f
+  data.tar.gz: e1b86647d121b1e8f975be3f29165bbc8527285a742edd7453d3e26aa3b476d5
 SHA512:
-  metadata.gz: bdfbfbadcc257c15ded64521607e062d2d51ba3c9fc5209f4af273f69473df981e2bbbc74457e0bbd3cc0576e9c51e67895f66685bba7dada2e88d3b4513199c
-  data.tar.gz: a095961d001eb1495f7d084434f8bef182add89e86f9a147013a34f0b7c171cff4da65373798442e45e962264f03c6d0c07eb23f58ca520e742c61adbd94d8e6
+  metadata.gz: 202a1ce6aced43df306e00eb02ea82058b57b22459ffbe76749836bf37d2649417ccc1fcf5e868720638789a09c00a390e0968488e3d9003efb2432f3e298435
+  data.tar.gz: 5cf4ed22ff8b0531542d17e37e11bb0dd4d8ce9fc8f4cc744625fa815b77285065f952abcd53c1af8dcc81e0ba59410f163068e5a5e427dd06e26393d2a40862

data/.github/workflows/ci.yml

@@ -0,0 +1,53 @@
+name: Lint and test
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - '!*'
+  pull_request:
+    paths:
+      - '!*.MD'
+      - '!*.md'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Set up Ruby 2.7
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.7
+
+    - name: Generate lockfile for cache key
+      run: bundle lock
+
+    - name: Cache gems
+      uses: actions/cache@v1
+      with:
+        path: vendor/bundle
+        key: ${{ runner.os }}-rspec-${{ hashFiles('**/Gemfile.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-rspec-
+
+    - name: Install gems
+      run: |
+        bundle config path vendor/bundle
+        bundle install --jobs 4 --retry 3
+
+    - name: Run RuboCop
+      uses: reviewdog/action-rubocop@v1
+      with:
+        rubocop_version: gemfile
+        rubocop_extensions: rubocop-rails:gemfile rubocop-rspec:gemfile
+        github_token: ${{ secrets.github_token }}
+        reporter: github-pr-check # Default is github-pr-check
+
+    - name: Run RSpec
+      run: bundle exec rake spec
+      env:
+        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

data/.rubocop.yml

@@ -1,5 +1,10 @@
 AllCops:
   TargetRubyVersion: 2.4
+  NewCops: enable
+  Exclude:
+    - "lib/generators/**/*"
+    - "spec/**/*" # stuff for later
+    - "lib/permisi/permission_util.rb" # The necessary evil (for now)
 
 Style/StringLiterals:
   Enabled: true
@@ -11,3 +16,7 @@ Style/StringLiteralsInInterpolation:
 
 Layout/LineLength:
   Max: 120
+
+# Stuff for later
+Documentation:
+  Enabled: false

data/CHANGELOG.md

@@ -1,13 +1,63 @@
 # Changelog
 
+# 0.1.5
+
+[_View the docs._](https://github.com/ukazap/permisi/blob/v0.1.5/README.md)
+
+- Remove `-> { distinct }` from actor-roles has_many association
+- Add option to mute pre-0.1.4 ActiveRecord backend initialization warning:
+
+  ```ruby
+  # config/initializers/permisi.rb
+
+  Permisi.init do |config|
+    # Mute pre-0.1.4 ActiveRecord backend initialization warning
+    config.mute_pre_0_1_4_warning = true
+  end
+  ```
+
+# 0.1.4
+
+[_View the docs._](https://github.com/ukazap/permisi/blob/v0.1.4/README.md)
+
+- Add actor-role uniqueness constraint (previously it was possible to append the same role to an actor many times), if you are upgrading from previous versions, please create the following migration: `add_index :permisi_actor_roles, [:actor_id, :role_id], unique: true`
+- Show warning when calling "roles.delete" because it won't invalidate the cache
+
+# 0.1.3
+
+[_View the docs._](https://github.com/ukazap/permisi/blob/v0.1.3/README.md)
+
+- Correct grammars and examples in the docs
+- Change actor permissions cache key
+
+# 0.1.2
+
+[_View the docs._](https://github.com/ukazap/permisi/blob/v0.1.2/README.md)
+
+- Fix namespaces/actions should no longer contain periods
+- Implement cache config for faster access to actor permissions
+
+# 0.1.1
+
+[_View the docs._](https://github.com/ukazap/permisi/blob/v0.1.1/README.md)
+
+- General code refactoring
+- Improvements on ActiveRecord backend:
+  - Code refactoring
+  - Implement cache invalidation
+
 # 0.1.0
 
+[_View the docs._](https://github.com/ukazap/permisi/blob/v0.1.0/README.md)
+
 Finished extraction work from my past projects.
 
-- Implemented ActiveRecord backend
-- Implemented `Actable` mixin
-- Implemented permissions hash sanitization and checking
+- Implement ActiveRecord backend
+- Implement `Actable` mixin
+- Implement permissions hash sanitization and checking
 
 # 0.0.1
 
+[_View the docs._](https://github.com/ukazap/permisi/blob/v0.0.1/README.md)
+
 Reserved the gem name: https://en.wiktionary.org/wiki/permisi

data/CONTRIBUTING.md

@@ -0,0 +1,25 @@
+# How to contribute
+
+This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/ukazap/permisi/blob/master/CODE_OF_CONDUCT.md).
+
+## Found a bug?
+
+- Search the [issues labeled "bug"](https://github.com/ukazap/permisi/issues?q=is%3Aissue+label%3Abug) to see if it's already reported.
+- Make sure you are using the latest version of Permisi [![Gem Version](https://badge.fury.io/rb/permisi.svg)](https://badge.fury.io/rb/permisi)
+- If you are still having an issue, create an issue including:
+  - Ruby version
+  - Gemfile.lock contents or at least major gem versions, such as Rails version
+  - Steps to reproduce the issue
+  - Full backtrace for any errors encountered
+
+## Submitting changes
+
+If you want to contribute an enhancement or a fix:
+
+- Fork the project on GitHub
+- After checking out the repo, run `bin/setup` to install dependencies
+- Make your changes with tests
+- Run `bundle exec rubocop -A` to auto-format your code
+- Run `rake spec` to run the tests
+- Commit the changes without making changes to the Rakefile or any other files that aren't related to your enhancement or fix
+- Send a pull request

data/Gemfile

@@ -6,6 +6,7 @@ source "https://rubygems.org"
 gemspec
 
 gem "byebug", "~> 11.1"
+gem "codecov", "~> 0.4.3"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
 gem "rubocop", "~> 1.9"

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    permisi (0.1.0)
+    permisi (0.1.5)
       activemodel (>= 3.2.0)
       activerecord (>= 3.2.0)
       activesupport (>= 3.2.0)
@@ -10,12 +10,12 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (6.1.2.1)
-      activesupport (= 6.1.2.1)
-    activerecord (6.1.2.1)
-      activemodel (= 6.1.2.1)
-      activesupport (= 6.1.2.1)
-    activesupport (6.1.2.1)
+    activemodel (6.1.3)
+      activesupport (= 6.1.3)
+    activerecord (6.1.3)
+      activemodel (= 6.1.3)
+      activesupport (= 6.1.3)
+    activesupport (6.1.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -23,6 +23,8 @@ GEM
       zeitwerk (~> 2.3)
     ast (2.4.2)
     byebug (11.1.3)
+    codecov (0.4.3)
+      simplecov (>= 0.15, < 0.22)
     concurrent-ruby (1.1.8)
     diff-lcs (1.4.4)
     docile (1.3.5)
@@ -49,7 +51,7 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
     rspec-support (3.10.2)
-    rubocop (1.9.1)
+    rubocop (1.10.0)
       parallel (~> 1.10)
       parser (>= 3.0.0.0)
       rainbow (>= 2.2.2, < 4.0)
@@ -78,6 +80,7 @@ PLATFORMS
 
 DEPENDENCIES
   byebug (~> 11.1)
+  codecov (~> 0.4.3)
   permisi!
   rake (~> 13.0)
   rspec (~> 3.0)

data/README.md

@@ -1,3 +1,5 @@
+If you're viewing this at https://github.com/ukazap/permisi, you're reading the documentation for the main branch. [Go to specific version.](https://github.com/ukazap/permisi/blob/main/CHANGELOG.md)
+
 <table>
   <tr>
     <th>
@@ -9,8 +11,15 @@
       <h1>Permisi</h1>
       <p><em>Simple and dynamic role-based access control for Rails</em></p>
       <p>
-        <a href="https://badge.fury.io/rb/permisi"><img src="https://badge.fury.io/rb/permisi.svg" alt="Gem Version"></a>
-        <a href="https://codeclimate.com/github/ukazap/permisi/maintainability"><img src="https://api.codeclimate.com/v1/badges/0b1238302f2012b20740/maintainability" /></a>
+        <a href="https://badge.fury.io/rb/permisi">
+          <img src="https://badge.fury.io/rb/permisi.svg" alt="Gem Version">
+        </a>
+        <a href="https://codeclimate.com/github/ukazap/permisi/maintainability">
+          <img src="https://api.codeclimate.com/v1/badges/0b1238302f2012b20740/maintainability" />
+        </a>
+        <a href="https://codecov.io/gh/ukazap/permisi">
+          <img src="https://codecov.io/gh/ukazap/permisi/branch/main/graph/badge.svg?token=9YRMVFCDA8"/>
+        </a>
       </p>
     </th>
     <th>
@@ -133,21 +142,21 @@ admin_role = Permisi.roles.create(slug: :admin, name: "Administrator", permissio
 })
 
 # Ask specific role permission
-admin_role.allows? "books.delete" # == false
+admin_role.allows?("books.delete") # == false
 
 # Update existing role
-admin.permissions[:books].merge!({ delete: true })
-admin.save
-admin_role.allows? "books.delete" # == true
+admin_role.permissions[:books].merge!({ delete: true })
+admin_role.save
+admin_role.allows?("books.delete") # == true
 ```
 
 ## Configuring actors
 
-You can then give or take multiple roles to an actor which will allow or prevent them to perform certain actions in a flexible manner. But before you can do that, you have to wire up your user model with Permisi.
+You can then give or take multiple roles to an actor which will allow or prevent them to perform certain actions in a flexible manner. But before you can do that, you have to wire up your user model with Permisi using via `Permisi::Actable` mixin.
 
 Permisi does not hold an assumption that a specific model is present (e.g. User model). Instead, it keeps track of "actors" internally. The goal is to support multiple use cases such as actor polymorphism, user _groups_, etc.
 
-For example, you can map your user model to Permisi's actor model by including the `Permisi::Actable` mixin like so:
+For example, you can map your user model to Permisi's actor model like so:
 
 ```ruby
 # app/models/user.rb
@@ -157,30 +166,84 @@ class User < ApplicationRecord
 end
 ```
 
-You can then interact with the new `#permisi` method:
+You can then interact using `#permisi` method:
 
 ```ruby
-user = User.find_by_email "esther@example.com"
+user = User.find_by_email("esther@example.com")
 user.permisi # => instance of Actor
 
-user.permisi.has_role? :admin # == false
-user.permisi.may? "books.delete" # == false
+admin_role = Permisi.roles.find_by_slug(:admin)
+admin_role.allows?("books.delete") # == true
+
+user.permisi.roles << admin_role
+
+user.permisi.role?(:admin) # == true
+user.permisi.has_role?(:admin) # == user.permisi.role? :admin
+
+user.permisi.may_i?("books.delete") # == true
+user.permisi.may?("books.delete") # == user.permisi.may_i? "books.delete"
 
-user.permisi.roles << Permisi.roles.find_by_slug(:admin)
+user.permisi.roles.destroy(admin_role)
 
-user.permisi.has_role? :admin # == true
-user.permisi.may? "books.delete" # == true
+user.permisi.role?(:admin) # == false
+user.permisi.may_i?("books.delete") # == false
 ```
 
-## Development
+## Caching
+
+Permisi has several optimizations out of the box: actor roles eager loading, actor permissions memoization, and the optional actor permissions caching.
+
+### Actor roles eager loading
+
+Although checking whether an actor has a role goes against a good RBAC practice, it is still possible on Permisi. Calling `role?` multiple times will only make one call to the database:
+
+```ruby
+user = User.find_by_email("esther@example.com")
+user.permisi.role?(:admin) # eager loads roles
+user.permisi.role?(:admin) # uses the eager-loaded roles
+user.permisi.has_role?(:admin) # uses the eager-loaded roles
+```
+
+### Actor permissions memoization
+
+To check whether or not an actor is allowed to perform a specific action (`#may_i?`), Permisi will check on the actor's permissions which is constructed in the following steps:
+
+- load all the roles an actor have from the database
+- initialize an empty aggregate hash
+- for each role, merge its permissions hash to the aggregate hash
+
+Deserializing the hashes from the database and deeply-merging them into an aggregate hash can be expensive, so it will only happen to an instance of actor only once through memoization.
+
+### Actor permissions caching
+
+Although memoization helps, the permission hash construction will still occur every time an actor is initialized. To alleviate this, we can introduce a caching layer so that we can skip the hash construction for fresh actors. You must configure a cache store to use caching:
+
+```ruby
+# config/initializers/permisi.rb
+
+Permisi.init do |config|
+  # You can use the default Rails cache store
+  config.cache_store = Rails.cache
+  # or use other cache stores
+  config.cache_store = ActiveSupport::Cache::RedisCacheStore.new(url: ENV['REDIS_URL'])
+  # or
+  config.cache_store = ActiveSupport::Cache::FileStore.new("/home/ukazap/permisi_cache/")
+end
+```
+
+You can also roll your own [custom cache store](https://guides.rubyonrails.org/caching_with_rails.html#custom-cache-stores).
+
+### Cache/memo invalidation
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+The following will trigger actor's permissions cache/memo invalidation:
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+- adding roles to the actor
+- removing roles from the actor
+- editing roles that belongs to the actor
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/ukazap/permisi. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/ukazap/permisi/blob/master/CODE_OF_CONDUCT.md).
+For development and how to submit improvements, please refer to the [contribution guide](https://github.com/ukazap/permisi/blob/main/CONTRIBUTING.md).
 
 ## License
 
@@ -188,4 +251,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
 
 ## Code of Conduct
 
-Everyone interacting in the Permisi project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/ukazap/permisi/blob/master/CODE_OF_CONDUCT.md).
+Everyone interacting in the Permisi project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/ukazap/permisi/blob/main/CODE_OF_CONDUCT.md).

data/lib/generators/permisi/install_generator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "rails/generators"
 require "rails/generators/migration"
 require "rails/generators/active_record"
@@ -7,26 +9,24 @@ module Permisi
     class InstallGenerator < Rails::Generators::Base
       include Rails::Generators::Migration
 
-      source_root File.expand_path('../templates', __FILE__)
+      source_root File.expand_path("templates", __dir__)
 
       def self.next_migration_number(path)
         ActiveRecord::Generators::Base.next_migration_number(path)
       end
 
       def create_initializer
-        template 'initializer.rb', 'config/initializers/permisi.rb'
+        template "initializer.rb", "config/initializers/permisi.rb"
       end
 
       def create_migrations
-        migration_template 'migration.rb', 'db/migrate/create_permisi_tables.rb', migration_version: migration_version
+        migration_template "migration.rb", "db/migrate/create_permisi_tables.rb", migration_version: migration_version
       end
 
       private
 
       def migration_version
-        if ActiveRecord.version.version > '5'
-          "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
-        end
+        "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]" if ActiveRecord.version.version > "5"
       end
     end
   end

data/lib/generators/permisi/templates/initializer.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "permisi"
 
 Permisi.init do |config|
@@ -8,4 +10,11 @@ Permisi.init do |config|
   # Define all permissions available in the system
   # See https://github.com/ukazap/permisi#configuring-permissions
   config.permissions = {}
+
+  # Define cache store
+  # See https://github.com/ukazap/permisi#caching
+  config.cache_store = Rails.cache
+
+  # Mute pre-0.1.4 ActiveRecord backend initialization warning
+  config.mute_pre_0_1_4_warning = true
 end

data/lib/generators/permisi/templates/migration.rb

@@ -18,6 +18,8 @@ class CreatePermisiTables < ActiveRecord::Migration<%= migration_version %>
       t.belongs_to :actor
       t.belongs_to :role
     end
+
+    add_index :permisi_actor_roles, [:actor_id, :role_id], unique: true
   end
 
   def down

data/lib/permisi.rb

@@ -1,41 +1,35 @@
 # frozen_string_literal: true
 
+require "active_model/type"
+require "active_support"
 require "zeitwerk"
-$permisi_loader = Zeitwerk::Loader.for_gem
-$permisi_loader.ignore("#{__dir__}/generators")
-$permisi_loader.ignore("#{__dir__}/permisi/backend/mongoid.rb") # todo
-$permisi_loader.setup
 
 module Permisi
+  LOADER = Zeitwerk::Loader.for_gem
+
   class << self
-    def init(&block)
+    def init
       yield config if block_given?
     end
 
     def config
-      @@config ||= Config.new
+      @config ||= Config.new
     end
 
     def actors
-      __backend.actors
+      config.backend.actors
     end
 
     def actor(aka)
-      __backend.findsert_actor(aka)
+      config.backend.findsert_actor(aka)
     end
 
     def roles
-      __backend.roles
-    end
-
-    private
-
-    def __backend
-      if config.backend.nil? || !(config.backend <= Backend::Base)
-        raise Backend::InvalidBackend
-      end
-
-      config.backend
+      config.backend.roles
     end
   end
 end
+
+Permisi::LOADER.ignore("#{__dir__}/generators")
+Permisi::LOADER.ignore("#{__dir__}/permisi/backend/mongoid.rb") # todo
+Permisi::LOADER.setup

data/lib/permisi/actable.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Permisi
   module Actable
     def permisi_actor

data/lib/permisi/backend.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Permisi
+  module Backend
+    class InvalidBackend < StandardError
+      def initialize(message = "Please check https://github.com/ukazap/permisi#configuring-backend")
+        super
+      end
+    end
+
+    module NullBackend
+      class << self
+        def findsert_actor(_aka)
+          raise InvalidBackend
+        end
+
+        def actors
+          raise InvalidBackend
+        end
+
+        def roles
+          raise InvalidBackend
+        end
+      end
+    end
+  end
+end

data/lib/permisi/backend/active_record.rb

@@ -1,22 +1,26 @@
+# frozen_string_literal: true
+
 require "active_record"
 
 module Permisi
-  class Backend::ActiveRecord < Backend::Base
-    class << self
-      def table_name_prefix
-        "permisi_"
-      end
+  module Backend
+    module ActiveRecord
+      class << self
+        def table_name_prefix
+          "permisi_"
+        end
 
-      def findsert_actor(aka)
-        Actor.find_or_create_by(aka: aka)
-      end
+        def findsert_actor(aka)
+          Actor.find_or_create_by(aka: aka)
+        end
 
-      def actors
-        Actor.all
-      end
+        def actors
+          Actor.all
+        end
 
-      def roles
-        Role.all
+        def roles
+          Role.all
+        end
       end
     end
   end

data/lib/permisi/backend/active_record/actor.rb

@@ -1,15 +1,61 @@
+# frozen_string_literal: true
+
 module Permisi
-  class Backend::ActiveRecord::Actor < ::ActiveRecord::Base
-    belongs_to :aka, polymorphic: true
-    has_many :actor_roles
-    has_many :roles, through: :actor_roles
+  module Backend
+    module ActiveRecord
+      class Actor < ::ActiveRecord::Base
+        belongs_to :aka, polymorphic: true, touch: true
+        has_many :actor_roles, dependent: :destroy
+        has_many :roles, through: :actor_roles
 
-    def has_role?(role_slug)
-      roles.load.any? { |role| role.slug == role_slug.to_s }
-    end
+        after_commit :reset_permissions
+
+        def roles
+          super.extend(ActorRolesCollectionProxy)
+        end
+
+        def role?(role_slug)
+          roles.load.any? { |role| role.slug == role_slug.to_s }
+        end
+
+        def may_i?(action_path)
+          PermissionUtil.allows?(permissions, action_path)
+        end
+
+        # Memoized and cached actor permissions
+        def permissions
+          @permissions ||= Permisi.config.cache_store.fetch("#{cache_key}-p") { aggregate_permissions }
+        end
+
+        # Aggregate permissions from all roles an actor plays
+        def aggregate_permissions
+          roles.load.inject(HashWithIndifferentAccess.new) do |aggregate, role|
+            aggregate.deep_merge(role.permissions) do |_key, effect, another_effect|
+              effect == true || another_effect == true
+            end
+          end
+        end
+
+        def reset_permissions
+          @permissions = nil
+        end
+
+        alias may? may_i?
+        alias has_role? role?
+
+        module ActorRolesCollectionProxy
+          def <<(new_role)
+            super
+          rescue ::ActiveRecord::RecordNotUnique
+            self
+          end
 
-    def may?(action_path)
-      roles.load.any? { |role| role.allows?(action_path) }
+          def delete(*records)
+            warn "WARNING: `#delete(*records)` won't invalidate the cache, use `#destroy(*records)` instead."
+            super
+          end
+        end
+      end
     end
   end
 end

data/lib/permisi/backend/active_record/actor_role.rb

@@ -1,6 +1,20 @@
+# frozen_string_literal: true
+
 module Permisi
-  class Backend::ActiveRecord::ActorRole < ::ActiveRecord::Base
-    belongs_to :actor
-    belongs_to :role
+  module Backend
+    module ActiveRecord
+      class ActorRole < ::ActiveRecord::Base
+        belongs_to :actor, touch: true
+        belongs_to :role
+
+        after_destroy :touch_actor
+
+        private
+
+        def touch_actor
+          actor.touch
+        end
+      end
+    end
   end
 end

data/lib/permisi/backend/active_record/role.rb

@@ -1,27 +1,41 @@
+# frozen_string_literal: true
+
 module Permisi
-  class Backend::ActiveRecord::Role < ::ActiveRecord::Base
-    has_many :actor_roles
-    has_many :actors, through: :actor_roles
-    has_many :akas, through: :actors
+  module Backend
+    module ActiveRecord
+      class Role < ::ActiveRecord::Base
+        has_many :actor_roles, dependent: :destroy
+        has_many :actors, through: :actor_roles
+        has_many :akas, through: :actors
 
-    validates_presence_of :name, :slug
-    validates_uniqueness_of :name, :slug
+        validates_presence_of :name, :slug
+        validates_uniqueness_of :name, :slug
 
-    after_initialize :set_default_permissions
-    before_validation :sanitize_permissions
+        after_initialize :set_default_permissions
+        before_validation :sanitize_attributes
+        after_update :touch_actor_roles
 
-    serialize :permissions, Permisi::PermissionUtil::Serializer
+        serialize :permissions, Permisi::PermissionUtil::Serializer
 
-    def allows?(action_path)
-      Permisi::PermissionUtil.allows?(self.permissions, action_path)
-    end
+        def allows?(action_path)
+          Permisi::PermissionUtil.allows?(permissions, action_path)
+        end
 
-    def set_default_permissions
-      self.permissions ||= Permisi.config.default_permissions if self.new_record?
-    end
+        private
+
+        def set_default_permissions
+          self.permissions ||= HashWithIndifferentAccess.new if new_record?
+        end
+
+        def sanitize_attributes
+          self.name ||= slug.try(:titleize)
+          self.permissions = Permisi::PermissionUtil.sanitize_permissions(self.permissions)
+        end
 
-    def sanitize_permissions
-      self.permissions = Permisi::PermissionUtil.sanitize_permissions(self.permissions)
+        def touch_actor_roles
+          actor_roles.each(&:touch)
+        end
+      end
     end
   end
 end

data/lib/permisi/backend/mongoid.rb

@@ -1,5 +1,9 @@
+# frozen_string_literal: true
+
 module Permisi
-  class Backend::Mongoid < Backend::Base
-    raise "under construction"
+  module Backend
+    module Mongoid
+      raise "under construction"
+    end
   end
 end

data/lib/permisi/config.rb

@@ -1,9 +1,13 @@
-require "active_support/core_ext/class/attribute_accessors"
+# frozen_string_literal: true
 
 module Permisi
   class Config
-    attr_accessor :backend, :permissions
-    attr_reader :default_permissions
+    class InvalidCacheStore < StandardError; end
+
+    NULL_CACHE_STORE = ActiveSupport::Cache::NullStore.new
+
+    attr_reader :permissions, :default_permissions
+    attr_accessor :mute_pre_0_1_4_warning
 
     def initialize
       @permissions = ::HashWithIndifferentAccess.new
@@ -11,8 +15,15 @@ module Permisi
     end
 
     def backend=(chosen_backend)
-      if chosen_backend.is_a? Symbol
-        chosen_backend = "::Permisi::Backend::#{chosen_backend.to_s.classify}".constantize
+      chosen_backend = "::Permisi::Backend::#{chosen_backend.to_s.classify}".constantize if chosen_backend.is_a? Symbol
+
+      if !mute_pre_0_1_4_warning && chosen_backend == Backend::ActiveRecord
+        warn <<~MESSAGE
+
+          WARNING: If you are upgrading from Permisi <v0.1.4, please create the following migration:
+          `add_index :permisi_actor_roles, [:actor_id, :role_id], unique: true`
+
+        MESSAGE
       end
 
       @backend = chosen_backend
@@ -20,10 +31,24 @@ module Permisi
       raise Backend::InvalidBackend
     end
 
+    def backend
+      @backend || Backend::NullBackend
+    end
+
     def permissions=(permissions_hash)
       permissions_hash = HashWithIndifferentAccess.new(permissions_hash)
       @default_permissions = PermissionUtil.transform_namespace(permissions_hash)
       @permissions = permissions_hash
     end
+
+    def cache_store=(cache_store)
+      raise InvalidCacheStore unless cache_store.respond_to?(:fetch)
+
+      @cache_store = cache_store
+    end
+
+    def cache_store
+      @cache_store || NULL_CACHE_STORE
+    end
   end
 end

data/lib/permisi/permission_util.rb

@@ -1,5 +1,4 @@
-require "active_model/type"
-require "active_support/hash_with_indifferent_access"
+# frozen_string_literal: true
 
 module Permisi
   module PermissionUtil
@@ -7,32 +6,47 @@ module Permisi
 
     class << self
       def allows?(hash, action_path)
-        return false unless hash.kind_of?(Hash)
+        return false unless hash.is_a?(Hash)
 
         action_path_arr = action_path.split(".")
-        (!Permisi.config.default_permissions.dig(*action_path_arr).nil? rescue false) &&
+        begin
+          !Permisi.config.default_permissions.dig(*action_path_arr).nil?
+        rescue StandardError
+          false
+        end &&
           hash.dig(*action_path_arr) == true
       end
 
       def transform_namespace(namespace, current_path: nil)
         HashWithIndifferentAccess.new.tap do |transformed|
           namespace.each_pair do |key, value|
-            raise InvalidNamespace,
-                  "`#{[current_path, key].compact.join(".")}` should be an array" unless value.is_a? Array
+            if !value.is_a? Array
+              raise InvalidNamespace,
+                    "`#{[current_path, key].compact.join(".")}` should be an array"
+            end
+
+            if key.to_s.include?(".")
+              raise InvalidNamespace, "namespace or action should not contain period: `#{key}`"
+            end
 
             value.each.with_index do |arr_v, arr_i|
-              if arr_v.is_a?(Symbol)
+              case arr_v
+              when Symbol
+                if arr_v.to_s.include?(".")
+                  raise InvalidNamespace, "namespace or action should not contain period: `#{arr_v}`"
+                end
+
                 transformed[key] ||= ::HashWithIndifferentAccess.new
-                if transformed[key].has_key? arr_v
+                if transformed[key].key? arr_v
                   raise InvalidNamespace, "duplicate entry: `#{[current_path, key, arr_v].compact.join(".")}`"
                 end
 
                 transformed[key][arr_v] = false
-              elsif arr_v.is_a?(Hash)
+              when Hash
                 transform_namespace(arr_v,
                                     current_path: [current_path, key].compact.join(".")).each_pair do |ts_k, ts_v|
                   transformed[key] ||= ::HashWithIndifferentAccess.new
-                  if transformed[key].has_key? ts_k
+                  if transformed[key].key? ts_k
                     raise InvalidNamespace, "duplicate entry: `#{[current_path, key, ts_k].compact.join(".")}`"
                   end
 
@@ -56,13 +70,13 @@ module Permisi
       def __deeply_sanitize_permissions(permission_hash, template: {})
         HashWithIndifferentAccess.new.tap do |sanitized|
           permission_hash.each_pair do |key, value|
-            next unless template.has_key?(key)
+            next unless template.key?(key)
 
-            if value.is_a?(Hash)
-              sanitized[key] = __deeply_sanitize_permissions(value, template: template[key])
-            else
-              sanitized[key] = __cast_value_to_boolean(value)
-            end
+            sanitized[key] = if value.is_a?(Hash)
+                               __deeply_sanitize_permissions(value, template: template[key])
+                             else
+                               __cast_value_to_boolean(value)
+                             end
           end
         end
       end

data/lib/permisi/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Permisi
-  VERSION = "0.1.0"
+  VERSION = "0.1.5"
 end

data/permisi.gemspec

@@ -33,9 +33,9 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "activesupport", ">= 3.2.0"
-  spec.add_dependency "activerecord", ">= 3.2.0"
   spec.add_dependency "activemodel", ">= 3.2.0"
+  spec.add_dependency "activerecord", ">= 3.2.0"
+  spec.add_dependency "activesupport", ">= 3.2.0"
   spec.add_dependency "zeitwerk", ["~> 2.4", ">= 2.4.2"]
 
   # For more information and examples about making a new gem, checkout our

metadata

@@ -1,17 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: permisi
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.5
 platform: ruby
 authors:
 - Ukaza Perdana
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-02-15 00:00:00.000000000 Z
+date: 2021-02-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: activesupport
+  name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -39,7 +39,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 3.2.0
 - !ruby/object:Gem::Dependency
-  name: activemodel
+  name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -82,12 +82,13 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/workflows/main.yml"
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
+- CONTRIBUTING.md
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
@@ -100,12 +101,11 @@ files:
 - lib/generators/permisi/templates/migration.rb
 - lib/permisi.rb
 - lib/permisi/actable.rb
+- lib/permisi/backend.rb
 - lib/permisi/backend/active_record.rb
 - lib/permisi/backend/active_record/actor.rb
 - lib/permisi/backend/active_record/actor_role.rb
 - lib/permisi/backend/active_record/role.rb
-- lib/permisi/backend/base.rb
-- lib/permisi/backend/invalid_backend.rb
 - lib/permisi/backend/mongoid.rb
 - lib/permisi/config.rb
 - lib/permisi/permission_util.rb

data/.github/workflows/main.yml

@@ -1,18 +0,0 @@
-name: Ruby
-
-on: [push,pull_request]
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 3.0.0
-    - name: Run the default task
-      run: |
-        gem install bundler -v 2.2.5
-        bundle install
-        bundle exec rake

data/lib/permisi/backend/base.rb

@@ -1,6 +0,0 @@
-module Permisi
-  module Backend
-    class Base
-    end
-  end
-end

data/lib/permisi/backend/invalid_backend.rb

@@ -1,9 +0,0 @@
-module Permisi
-  module Backend
-    class InvalidBackend < StandardError
-      def initialize(message = "Please specify a backend. For details, check https://github.com/ukazap/permisi#configuring-backend")
-        super
-      end
-    end
-  end
-end