rabarber 1.0.5 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e54ea7ddbb816cbc279edf4cb5d8863086fb452528f1403da9c944e4d23b862a
-  data.tar.gz: a6cc1c88ced2c76561c368669e6413a476b7590fa105a9876a6dfcbd139c2b41
+  metadata.gz: e7eaa4eaef0f5c6d072e3a5b545b0ce152651df15b521be933aac78e1add85ba
+  data.tar.gz: d0557fcd900f2bebd58f6489c2f3f79c2f95c7c14bbeeeb59a294fdfcbcb3f49
 SHA512:
-  metadata.gz: ae10eca6248824b4dab6a7038b813933ee9ecaab1fd1cce67ef07ed95fdb0a77f5f70b3138574e9b42ea5d570da2a56186845978950b1fda03240e836cb07f8f
-  data.tar.gz: f8f4e00a8b76a8eb7a23e7ad7088ab38325e23ebd2ccab43b744def1d977b531f02866025c56f982578d3af8894582756bd980057159095a1bfe9eb3f6d261d5
+  metadata.gz: cadc08751bf39ab0c6eb8a357854fe00bb478533a7f5a7e0760929d6acedad0fcecb31e17c21c980c764d59302a569df74e847f09c778b2e3f1c257c520c4336
+  data.tar.gz: 7067e81820ce07c0929e3f18ad079c9cfa44b0dc473138b042e4e882b8db1cda17bbc680a431634c42695434a088605fd897ab4a2e25a4d4d2b9bac7c8180fd5

data/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 1.2.0
+
+- Enhance handling of missing actions and roles specified in `grant_access` method by raising an error for missing actions and logging a warning for missing roles.
+- Introduce `when_actions_missing` and `when_roles_missing` configuration options, allowing to customize the behavior when actions or roles are not found.
+
+## 1.1.0
+
+- Add support for `unless` argument in `grant_access` method, allowing to define negated dynamic rules
+- Fix a bug where specifying a dynamic rule as a symbol without specifying an action would result in an error
+
 ## 1.0.5
 
 - Add co-author: [trafium](https://github.com/trafium)

data/README.md

@@ -3,13 +3,13 @@
 [![Gem Version](https://badge.fury.io/rb/rabarber.svg)](http://badge.fury.io/rb/rabarber)
 [![Github Actions badge](https://github.com/enjaku4/rabarber/actions/workflows/ci.yml/badge.svg)](https://github.com/enjaku4/rabarber/actions/workflows/ci.yml)
 
-Rabarber is an authorization library for Ruby on Rails, primarily designed for use in the web layer of your application but not limited to that. It provides a set of useful tools for managing user roles and defining authorization rules.
+Rabarber is a role-based authorization library for Ruby on Rails, primarily designed for use in the application layer but not limited to that. It offers a set of useful tools for managing user roles and defining authorization rules.
 
 ---
 
 **Example of Usage**:
 
-Consider a CRM where users with different roles have distinct access levels. For instance, the role 'accountant' can interact with invoices but cannot access marketing information, while the role 'marketer' has access to marketing-related data. Such authorization rules can be easily defined with Rabarber.
+Consider a CRM where users with different roles have distinct access levels. For instance, the role `accountant` can interact with invoices but cannot access marketing information, while the role `marketer` has access to marketing-related data. Such authorization rules can be easily defined with Rabarber.
 
 ---
 
@@ -63,20 +63,26 @@ rails db:migrate
 
 ## Configuration
 
-Rabarber can be configured by adding the following code into an initializer:
+Rabarber can be configured by using `.configure` method in an initializer:
 
 ```rb
 Rabarber.configure do |config|
   config.current_user_method = :authenticated_user
   config.must_have_roles = true
-  config.when_unauthorized = ->(controller) {
-    controller.head 418
-  }
+  config.when_actions_missing = -> (missing_actions, context) { ... }
+  config.when_roles_missing = -> (missing_roles, context) { ... }
+  config.when_unauthorized = -> (controller) { ... }
 end
 ```
 - `current_user_method` must be a symbol representing the method that returns the currently authenticated user. The default value is `:current_user`.
+
 - `must_have_roles` must be a boolean determining whether a user with no roles can access endpoints permitted to everyone. The default value is `false` (allowing users without roles to access endpoints permitted to everyone).
-- `when_unauthorized` must be a lambda where you can define your actions when access is not authorized (`controller` is an instance of the controller where the code is executed). By default, the user is redirected back if the request format is HTML; otherwise, a 401 Unauthorized response is sent.
+
+- `when_actions_missing` must be a proc where you can define the behaviour when the actions specified in `grant_access` method cannot be found in the controller (`missing_actions` is an array of missing actions, `context` is a hash that looks like this: `{ controller: "InvoicesController" }`). This check is performed on every request and when the application is initialized if `eager_load` configuration is enabled in Rails. By default, an error is raised when actions are missing.
+
+- `when_roles_missing` must be a proc where you can define the behaviour when the roles specified in `grant_access` method cannot be found in the database (`missing_roles` is an array of missing roles, `context` is a hash that looks like this: `{ controller: "InvoicesController", action: "index" }`). This check is performed on every request and when the application is initialized if `eager_load` configuration is enabled in Rails. By default, only a warning is logged when roles are missing.
+
+- `when_unauthorized` must be a proc where you can define the behaviour when access is not authorized (`controller` is an instance of the controller where the code is executed). By default, the user is redirected back if the request format is HTML; otherwise, a 401 Unauthorized response is sent.
 
 ## Roles
 
@@ -108,7 +114,7 @@ You can also explicitly create new roles simply by using:
 ```rb
 Rabarber::Role.create(name: "manager")
 ```
-The role names are unique.
+The role names must be unique.
 
 **`#revoke_roles`**
 
@@ -145,8 +151,6 @@ Rabarber::Role.names
 
 `Rabarber::Role` is a model that represents roles within your application. It has a single attribute, `name`, which is validated for both uniqueness and presence. You can treat `Rabarber::Role` as a regular Rails model and use Active Record methods on it if necessary.
 
-Utilize the aforementioned methods to manipulate user roles. For example, create a custom UI for managing roles or assign necessary roles during migration or runtime (e.g., when the user is created). You can also write custom authorization policies based on `#has_role?` method (e.g., to scope the data that the user can access). Adapt these methods to fit the requirements of your application.
-
 ## Authorization Rules
 
 Include `Rabarber::Authorization` module into the controller that needs authorization rules to be applied (authorization rules will be applied to the controller and its children). Typically, it is `ApplicationController`, but it can be any controller.
@@ -221,11 +225,12 @@ This allows everyone to access `OrdersController` and its children and `index` a
 
 If you've set `must_have_roles` setting to `true`, then, only the users with at least one role can have access. This setting can be useful if your requirements are such that users without roles are not allowed to see anything.
 
-For more complex rules, Rabarber provides the following:
+For more complex cases, Rabarber provides dynamic rules:
 
 ```rb
 class OrdersController < ApplicationController
   grant_access if: :user_has_access?
+  grant_access unless: :user_has_no_access?
   ...
 
   private
@@ -233,6 +238,10 @@ class OrdersController < ApplicationController
   def user_has_access?
     ...
   end
+
+  def user_has_no_access?
+    ...
+  end
 end
 
 class InvoicesController < ApplicationController
@@ -240,11 +249,16 @@ class InvoicesController < ApplicationController
   def index
     ...
   end
+
+  grant_access action: :show, roles: :client, unless: -> { current_user.banned? }
+  def show
+    ...
+  end
 end
 ```
-You can pass a custom rule as `if` argument. It can be a symbol (the method with the same name will be called) or a lambda.
+You can pass a dynamic rule as `if` or `unless` argument. It can be a symbol (the method with the same name will be called) or a proc.
 
-Rules defined in children don't override parent rules but rather add to them:
+Rules defined in child classes don't override parent rules but rather add to them:
 ```rb
 class Crm::BaseController < ApplicationController
   grant_access roles: :admin

data/lib/generators/rabarber/templates/create_rabarber_roles.rb.erb

@@ -12,6 +12,6 @@ class CreateRabarberRoles < ActiveRecord::Migration[<%= ActiveRecord::Migration.
       t.belongs_to :roleable, null: false, index: true, foreign_key: { to_table: raise(Rabarber::Error, "Please specify your user model's table name") }
     end
 
-    add_index :rabarber_roles_roleables, %i[role_id roleable_id], unique: true
+    add_index :rabarber_roles_roleables, [:role_id, :roleable_id], unique: true
   end
 end

data/lib/rabarber/access.rb

@@ -2,25 +2,25 @@
 
 module Rabarber
   module Access
-    def access_granted?(roles, controller, action, custom_rule_receiver)
-      controller_accessible?(roles, controller, custom_rule_receiver) ||
-        action_accessible?(roles, controller, action, custom_rule_receiver)
+    def access_granted?(roles, controller, action, dynamic_rule_receiver)
+      controller_accessible?(roles, controller, dynamic_rule_receiver) ||
+        action_accessible?(roles, controller, action, dynamic_rule_receiver)
     end
 
-    def controller_accessible?(roles, controller, custom_rule_receiver)
-      accessible_controllers(roles, custom_rule_receiver).any? do |accessible_controller|
+    def controller_accessible?(roles, controller, dynamic_rule_receiver)
+      accessible_controllers(roles, dynamic_rule_receiver).any? do |accessible_controller|
         controller <= accessible_controller
       end
     end
 
-    def action_accessible?(roles, controller, action, custom_rule_receiver)
-      action_rules[controller].any? { |rule| rule.verify_access(roles, custom_rule_receiver, action) }
+    def action_accessible?(roles, controller, action, dynamic_rule_receiver)
+      action_rules[controller].any? { |rule| rule.verify_access(roles, dynamic_rule_receiver, action) }
     end
 
     private
 
-    def accessible_controllers(roles, custom_rule_receiver)
-      controller_rules.select { |_, rule| rule.verify_access(roles, custom_rule_receiver) }.keys
+    def accessible_controllers(roles, dynamic_rule_receiver)
+      controller_rules.select { |_, rule| rule.verify_access(roles, dynamic_rule_receiver) }.keys
     end
   end
 end

data/lib/rabarber/configuration.rb

@@ -6,38 +6,78 @@ module Rabarber
   class Configuration
     include Singleton
 
-    attr_reader :current_user_method, :must_have_roles, :when_unauthorized
+    attr_reader :current_user_method, :must_have_roles, :when_actions_missing, :when_roles_missing, :when_unauthorized
 
     def initialize
-      @current_user_method = :current_user
-      @must_have_roles = false
-      @when_unauthorized = ->(controller) do
-        if controller.request.format.html?
-          controller.redirect_back fallback_location: controller.main_app.root_path
-        else
-          controller.head(:unauthorized)
-        end
-      end
+      @current_user_method = default_current_user_method
+      @must_have_roles = default_must_have_roles
+      @when_actions_missing = default_when_actions_missing
+      @when_roles_missing = default_when_roles_missing
+      @when_unauthorized = default_when_unauthorized
     end
 
     def current_user_method=(method_name)
-      unless (method_name.is_a?(Symbol) || method_name.is_a?(String)) && method_name.present?
-        raise ConfigurationError, "Configuration 'current_user_method' must be a Symbol or a String"
-      end
-
-      @current_user_method = method_name.to_sym
+      @current_user_method = Rabarber::Input::Types::Symbols.new(
+        method_name, Rabarber::ConfigurationError, "Configuration 'current_user_method' must be a Symbol or a String"
+      ).process
     end
 
     def must_have_roles=(value)
-      raise ConfigurationError, "Configuration 'must_have_roles' must be a Boolean" unless [true, false].include?(value)
+      @must_have_roles = Rabarber::Input::Types::Booleans.new(
+        value, Rabarber::ConfigurationError, "Configuration 'must_have_roles' must be a Boolean"
+      ).process
+    end
+
+    def when_actions_missing=(callable)
+      @when_actions_missing = Rabarber::Input::Types::Procs.new(
+        callable, Rabarber::ConfigurationError, "Configuration 'when_actions_missing' must be a Proc"
+      ).process
+    end
 
-      @must_have_roles = value
+    def when_roles_missing=(callable)
+      @when_roles_missing = Rabarber::Input::Types::Procs.new(
+        callable, Rabarber::ConfigurationError, "Configuration 'when_roles_missing' must be a Proc"
+      ).process
     end
 
     def when_unauthorized=(callable)
-      raise ConfigurationError, "Configuration 'when_unauthorized' must be a Proc" unless callable.is_a?(Proc)
+      @when_unauthorized = Rabarber::Input::Types::Procs.new(
+        callable, Rabarber::ConfigurationError, "Configuration 'when_unauthorized' must be a Proc"
+      ).process
+    end
+
+    private
 
-      @when_unauthorized = callable
+    def default_current_user_method
+      :current_user
+    end
+
+    def default_must_have_roles
+      false
+    end
+
+    def default_when_actions_missing
+      -> (missing_actions, context) {
+        raise Rabarber::Error, "Missing actions: #{missing_actions}, context: #{context[:controller]}"
+      }
+    end
+
+    def default_when_roles_missing
+      -> (missing_roles, context) {
+        delimiter = context[:action] ? "#" : ""
+        message = "Missing roles: #{missing_roles}, context: #{context[:controller]}#{delimiter}#{context[:action]}"
+        Rails.logger.tagged("Rabarber") { Rails.logger.warn message }
+      }
+    end
+
+    def default_when_unauthorized
+      -> (controller) do
+        if controller.request.format.html?
+          controller.redirect_back fallback_location: controller.main_app.root_path
+        else
+          controller.head(:unauthorized)
+        end
+      end
     end
   end
 end

data/lib/rabarber/controllers/concerns/authorization.rb

@@ -9,19 +9,30 @@ module Rabarber
     end
 
     class_methods do
-      def grant_access(action: nil, roles: nil, if: nil)
-        Permissions.write(self, action, roles, binding.local_variable_get(:if))
+      def grant_access(action: nil, roles: nil, if: nil, unless: nil)
+        dynamic_rule, negated_dynamic_rule = binding.local_variable_get(:if), binding.local_variable_get(:unless)
+
+        Rabarber::Permissions.add(
+          self,
+          Rabarber::Input::Actions.new(action).process,
+          Rabarber::Input::Roles.new(roles).process,
+          Rabarber::Input::DynamicRules.new(dynamic_rule).process,
+          Rabarber::Input::DynamicRules.new(negated_dynamic_rule).process
+        )
       end
     end
 
     private
 
     def verify_access
-      return if Permissions.access_granted?(
-        send(::Rabarber::Configuration.instance.current_user_method).roles, self.class, action_name.to_sym, self
+      Rabarber::Missing::Actions.new(self.class).handle
+      Rabarber::Missing::Roles.new(self.class).handle
+
+      return if Rabarber::Permissions.access_granted?(
+        send(Rabarber::Configuration.instance.current_user_method).roles, self.class, action_name.to_sym, self
       )
 
-      ::Rabarber::Configuration.instance.when_unauthorized.call(self)
+      Rabarber::Configuration.instance.when_unauthorized.call(self)
     end
   end
 end

data/lib/rabarber/helpers/helpers.rb

@@ -3,13 +3,13 @@
 module Rabarber
   module Helpers
     def visible_to(*roles, &block)
-      return unless send(::Rabarber::Configuration.instance.current_user_method).has_role?(*roles)
+      return unless send(Rabarber::Configuration.instance.current_user_method).has_role?(*roles)
 
       capture(&block)
     end
 
     def hidden_from(*roles, &block)
-      return if send(::Rabarber::Configuration.instance.current_user_method).has_role?(*roles)
+      return if send(Rabarber::Configuration.instance.current_user_method).has_role?(*roles)
 
       capture(&block)
     end

data/lib/rabarber/input/actions.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Input
+    class Actions < Rabarber::Input::Base
+      def initialize(
+        value,
+        error_type = Rabarber::InvalidArgumentError,
+        error_message = "Action name must be a Symbol or a String"
+      )
+        super
+      end
+
+      private
+
+      def valid?
+        (value.is_a?(String) || value.is_a?(Symbol)) && value.present? || value.nil?
+      end
+
+      def processed_value
+        case value
+        when String, Symbol
+          value.to_sym
+        when nil
+          value
+        end
+      end
+    end
+  end
+end

data/lib/rabarber/input/base.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Input
+    class Base
+      attr_reader :value, :error_type, :error_message
+
+      def initialize(value, error_type, error_message)
+        @value = value
+        @error_type = error_type
+        @error_message = error_message
+      end
+
+      def process
+        valid? ? processed_value : raise_error
+      end
+
+      private
+
+      def valid?
+        raise NotImplementedError
+      end
+
+      def processed_value
+        raise NotImplementedError
+      end
+
+      def raise_error
+        raise error_type, error_message
+      end
+    end
+  end
+end

data/lib/rabarber/input/dynamic_rules.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Input
+    class DynamicRules < Rabarber::Input::Base
+      def initialize(
+        value,
+        error_type = Rabarber::InvalidArgumentError,
+        error_message = "Dynamic rule must be a Symbol, a String, or a Proc"
+      )
+        super
+      end
+
+      private
+
+      def valid?
+        (value.is_a?(String) || value.is_a?(Symbol)) && value.present? || value.nil? || value.is_a?(Proc)
+      end
+
+      def processed_value
+        case value
+        when String, Symbol
+          value.to_sym
+        when Proc, nil
+          value
+        end
+      end
+    end
+  end
+end

data/lib/rabarber/input/roles.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Input
+    class Roles < Rabarber::Input::Base
+      REGEX = /\A[a-z0-9_]+\z/
+
+      def initialize(
+        value,
+        error_type = Rabarber::InvalidArgumentError,
+        error_message =
+          "Role names must be Symbols or Strings and may only contain lowercase letters, numbers and underscores"
+      )
+        super
+      end
+
+      def value
+        Array(super)
+      end
+
+      private
+
+      def valid?
+        value.all? { |role_name| (role_name.is_a?(Symbol) || role_name.is_a?(String)) && role_name.to_s.match?(REGEX) }
+      end
+
+      def processed_value
+        value.map(&:to_sym)
+      end
+    end
+  end
+end

data/lib/rabarber/input/types/booleans.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Input
+    module Types
+      class Booleans < Rabarber::Input::Base
+        private
+
+        def valid?
+          [true, false].include?(value)
+        end
+
+        def processed_value
+          value
+        end
+      end
+    end
+  end
+end

data/lib/rabarber/input/types/procs.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Input
+    module Types
+      class Procs < Rabarber::Input::Base
+        private
+
+        def valid?
+          value.is_a?(Proc)
+        end
+
+        def processed_value
+          value
+        end
+      end
+    end
+  end
+end

data/lib/rabarber/input/types/symbols.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Input
+    module Types
+      class Symbols < Rabarber::Input::Base
+        private
+
+        def valid?
+          (value.is_a?(Symbol) || value.is_a?(String)) && value.present?
+        end
+
+        def processed_value
+          value.to_sym
+        end
+      end
+    end
+  end
+end

data/lib/rabarber/missing/actions.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Missing
+    class Actions < Rabarber::Missing::Base
+      private
+
+      def check_controller_rules
+        nil
+      end
+
+      def check_action_rules
+        action_rules.each do |controller, controller_action_rules|
+          missing_actions = controller_action_rules.map(&:action) - controller.action_methods.map(&:to_sym)
+          missing_list << Rabarber::Missing::Item.new(missing_actions, controller, nil) if missing_actions.present?
+        end
+      end
+
+      def configuration_name
+        :when_actions_missing
+      end
+    end
+  end
+end

data/lib/rabarber/missing/base.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Missing
+    class Base
+      attr_reader :controller
+
+      def initialize(controller = nil)
+        @controller = controller
+      end
+
+      def handle
+        check_controller_rules
+        check_action_rules
+
+        return if missing_list.empty?
+
+        missing_list.each do |item|
+          Rabarber::Configuration.instance.public_send(configuration_name).call(
+            item.missing, controller: item.controller, action: item.action
+          )
+        end
+      end
+
+      private
+
+      def check_controller_rules
+        raise NotImplementedError
+      end
+
+      def check_action_rules
+        raise NotImplementedError
+      end
+
+      def configuration_name
+        raise NotImplementedError
+      end
+
+      def missing_list
+        @missing_list ||= []
+      end
+
+      def controller_rules
+        if controller
+          { controller => Rabarber::Permissions.controller_rules[controller] }
+        else
+          Rabarber::Permissions.controller_rules
+        end
+      end
+
+      def action_rules
+        if controller
+          { controller => Rabarber::Permissions.action_rules[controller] }
+        else
+          Rabarber::Permissions.action_rules
+        end
+      end
+    end
+
+    Item = Struct.new(:missing, :controller, :action)
+  end
+end

data/lib/rabarber/missing/roles.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Missing
+    class Roles < Rabarber::Missing::Base
+      private
+
+      def check_controller_rules
+        controller_rules.each do |controller, controller_rule|
+          missing_roles = controller_rule.roles - all_roles if controller_rule.present?
+          missing_list << Rabarber::Missing::Item.new(missing_roles, controller, nil) if missing_roles.present?
+        end
+      end
+
+      def check_action_rules
+        action_rules.each do |controller, controller_action_rules|
+          controller_action_rules.each do |action_rule|
+            missing_roles = action_rule.roles - all_roles
+            if missing_roles.any?
+              missing_list << Rabarber::Missing::Item.new(missing_roles, controller, action_rule.action)
+            end
+          end
+        end
+      end
+
+      def configuration_name
+        :when_roles_missing
+      end
+
+      def all_roles
+        @all_roles ||= Rabarber::Role.names
+      end
+    end
+  end
+end

data/lib/rabarber/models/concerns/has_roles.rb

@@ -5,7 +5,9 @@ module Rabarber
     extend ActiveSupport::Concern
 
     included do
-      raise Error, "Rabarber::HasRoles can only be included once" if defined?(@@included) && @@included != name
+      if defined?(@@included) && @@included != name
+        raise Rabarber::Error, "Rabarber::HasRoles can only be included once"
+      end
 
       @@included = name
 
@@ -19,26 +21,30 @@ module Rabarber
     end
 
     def has_role?(*role_names)
-      (roles & RoleNames.pre_process(role_names)).any?
+      (roles & process_role_names(role_names)).any?
     end
 
     def assign_roles(*role_names, create_new: true)
-      roles_to_assign = RoleNames.pre_process(role_names)
+      roles_to_assign = process_role_names(role_names)
 
       create_new_roles(roles_to_assign) if create_new
 
-      rabarber_roles << Role.where(name: roles_to_assign) - rabarber_roles
+      rabarber_roles << Rabarber::Role.where(name: roles_to_assign) - rabarber_roles
     end
 
     def revoke_roles(*role_names)
-      self.rabarber_roles = rabarber_roles - Role.where(name: RoleNames.pre_process(role_names))
+      self.rabarber_roles = rabarber_roles - Rabarber::Role.where(name: process_role_names(role_names))
     end
 
     private
 
     def create_new_roles(role_names)
-      new_roles = role_names - Role.names
-      new_roles.each { |role_name| Role.create!(name: role_name) }
+      new_roles = role_names - Rabarber::Role.names
+      new_roles.each { |role_name| Rabarber::Role.create!(name: role_name) }
+    end
+
+    def process_role_names(role_names)
+      Rabarber::Input::Roles.new(role_names).process
     end
   end
 end

data/lib/rabarber/models/role.rb

@@ -4,7 +4,7 @@ module Rabarber
   class Role < ActiveRecord::Base
     self.table_name = "rabarber_roles"
 
-    validates :name, presence: true, uniqueness: true, format: { with: RoleNames::REGEX }
+    validates :name, presence: true, uniqueness: true, format: { with: Rabarber::Input::Roles::REGEX }
 
     def self.names
       pluck(:name).map(&:to_sym)

data/lib/rabarber/permissions.rb

@@ -15,8 +15,8 @@ module Rabarber
       @storage = { controller_rules: Hash.new({}), action_rules: Hash.new([]) }
     end
 
-    def self.write(controller, action, roles, custom_rule)
-      rule = Rule.new(action, roles, custom_rule)
+    def self.add(controller, action, roles, dynamic_rule, negated_dynamic_rule)
+      rule = Rabarber::Rule.new(action, roles, dynamic_rule, negated_dynamic_rule)
 
       if action
         instance.storage[:action_rules][controller] += [rule]

data/lib/rabarber/railtie.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require "rails/railtie"
+
+module Rabarber
+  class Railtie < Rails::Railtie
+    initializer "rabarber.after_initialize" do |app|
+      app.config.after_initialize do
+        Rabarber::Missing::Actions.new.handle
+        Rabarber::Missing::Roles.new.handle
+      end
+    end
+  end
+end

data/lib/rabarber/rule.rb

@@ -2,16 +2,17 @@
 
 module Rabarber
   class Rule
-    attr_reader :action, :roles, :custom
+    attr_reader :action, :roles, :dynamic_rule, :negated_dynamic_rule
 
-    def initialize(action, roles, custom)
-      @action = pre_process_action(action)
-      @roles = RoleNames.pre_process(Array(roles))
-      @custom = pre_process_custom_rule(custom)
+    def initialize(action, roles, dynamic_rule, negated_dynamic_rule)
+      @action = action
+      @roles = Array(roles)
+      @dynamic_rule = dynamic_rule
+      @negated_dynamic_rule = negated_dynamic_rule
     end
 
-    def verify_access(user_roles, custom_rule_receiver, action_name = nil)
-      action_accessible?(action_name) && roles_permitted?(user_roles) && custom_rule_followed?(custom_rule_receiver)
+    def verify_access(user_roles, dynamic_rule_receiver, action_name = nil)
+      action_accessible?(action_name) && roles_permitted?(user_roles) && dynamic_rule_followed?(dynamic_rule_receiver)
     end
 
     def action_accessible?(action_name)
@@ -19,37 +20,29 @@ module Rabarber
     end
 
     def roles_permitted?(user_roles)
-      return false if ::Rabarber::Configuration.instance.must_have_roles && user_roles.empty?
+      return false if Rabarber::Configuration.instance.must_have_roles && user_roles.empty?
 
       roles.empty? || (roles & user_roles).any?
     end
 
-    def custom_rule_followed?(custom_rule_receiver)
-      custom.nil? || execute_custom_rule(custom_rule_receiver)
+    def dynamic_rule_followed?(dynamic_rule_receiver)
+      !!(execute_dynamic_rule(dynamic_rule_receiver, false) && execute_dynamic_rule(dynamic_rule_receiver, true))
     end
 
     private
 
-    def execute_custom_rule(custom_rule_receiver)
-      if custom.is_a?(Proc)
-        custom_rule_receiver.instance_exec(&custom)
-      else
-        custom_rule_receiver.send(custom)
-      end
-    end
-
-    def pre_process_action(action)
-      return action.to_sym if (action.is_a?(String) || action.is_a?(Symbol)) && action.present?
-      return action if action.nil?
+    def execute_dynamic_rule(dynamic_rule_receiver, is_negated)
+      rule = is_negated ? negated_dynamic_rule : dynamic_rule
 
-      raise InvalidArgumentError, "Action name must be a Symbol or a String"
-    end
+      return true if rule.nil?
 
-    def pre_process_custom_rule(custom)
-      return custom.to_sym if (custom.is_a?(String) || custom.is_a?(Symbol)) && action.present?
-      return custom if custom.nil? || custom.is_a?(Proc)
+      result = if rule.is_a?(Proc)
+                 dynamic_rule_receiver.instance_exec(&rule)
+               else
+                 dynamic_rule_receiver.send(rule)
+               end
 
-      raise InvalidArgumentError, "Custom rule must be a Symbol, a String, or a Proc"
+      is_negated ? !result : result
     end
   end
 end

data/lib/rabarber/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Rabarber
-  VERSION = "1.0.5"
+  VERSION = "1.2.0"
 end

data/lib/rabarber.rb

@@ -6,7 +6,17 @@ require_relative "rabarber/configuration"
 require "active_record"
 require "active_support"
 
-require_relative "rabarber/role_names"
+require_relative "rabarber/input/base"
+require_relative "rabarber/input/actions"
+require_relative "rabarber/input/dynamic_rules"
+require_relative "rabarber/input/roles"
+require_relative "rabarber/input/types/booleans"
+require_relative "rabarber/input/types/procs"
+require_relative "rabarber/input/types/symbols"
+
+require_relative "rabarber/missing/base"
+require_relative "rabarber/missing/actions"
+require_relative "rabarber/missing/roles"
 
 require_relative "rabarber/controllers/concerns/authorization"
 require_relative "rabarber/helpers/helpers"
@@ -14,14 +24,16 @@ require_relative "rabarber/models/concerns/has_roles"
 require_relative "rabarber/models/role"
 require_relative "rabarber/permissions"
 
+require_relative "rabarber/railtie"
+
 module Rabarber
   module_function
 
+  class Error < StandardError; end
+  class ConfigurationError < Rabarber::Error; end
+  class InvalidArgumentError < Rabarber::Error; end
+
   def configure
-    yield(Configuration.instance)
+    yield(Rabarber::Configuration.instance)
   end
-
-  class Error < StandardError; end
-  class ConfigurationError < Error; end
-  class InvalidArgumentError < Error; end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rabarber
 version: !ruby/object:Gem::Version
-  version: 1.0.5
+  version: 1.2.0
 platform: ruby
 authors:
 - enjaku4
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-10 00:00:00.000000000 Z
+date: 2024-01-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -42,10 +42,20 @@ files:
 - lib/rabarber/configuration.rb
 - lib/rabarber/controllers/concerns/authorization.rb
 - lib/rabarber/helpers/helpers.rb
+- lib/rabarber/input/actions.rb
+- lib/rabarber/input/base.rb
+- lib/rabarber/input/dynamic_rules.rb
+- lib/rabarber/input/roles.rb
+- lib/rabarber/input/types/booleans.rb
+- lib/rabarber/input/types/procs.rb
+- lib/rabarber/input/types/symbols.rb
+- lib/rabarber/missing/actions.rb
+- lib/rabarber/missing/base.rb
+- lib/rabarber/missing/roles.rb
 - lib/rabarber/models/concerns/has_roles.rb
 - lib/rabarber/models/role.rb
 - lib/rabarber/permissions.rb
-- lib/rabarber/role_names.rb
+- lib/rabarber/railtie.rb
 - lib/rabarber/rule.rb
 - lib/rabarber/version.rb
 - rabarber.gemspec

data/lib/rabarber/role_names.rb

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-module Rabarber
-  module RoleNames
-    module_function
-
-    REGEX = /\A[a-z0-9_]+\z/
-
-    def pre_process(role_names)
-      return role_names.map(&:to_sym) if role_names.all? do |role_name|
-        (role_name.is_a?(Symbol) || role_name.is_a?(String)) && role_name.to_s.match?(REGEX)
-      end
-
-      raise(
-        InvalidArgumentError,
-        "Role names must be Symbols or Strings and may only contain lowercase letters, numbers and underscores"
-      )
-    end
-  end
-end