rabarber 1.1.0 → 1.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bf7a31c94f695cb0edb8209562d07971f3fc712bd868bf589fd4b1ee4ffb2865
-  data.tar.gz: 2c5d939673b685beba64910dc4ee361f811d760cc8bb6982b502b3e0f4354c5b
+  metadata.gz: 3ae0f6a7f272a6d718ddf591e61b236a20b26da7c7eddc56f838637e6fd16b72
+  data.tar.gz: 07bb483c2ed0fc8e04b12fab9183d333cddae5ef4d3b3690d98119e1d9d97c5b
 SHA512:
-  metadata.gz: c513a7ea4140a12b37384b0bc91969eec5305f1d422a24d3a6117607d9b1b0dbdaa77398f4ce49fa2025b9fb1101439c09c274cded09acbb58a46b0bd54b9b3b
-  data.tar.gz: 93f18fe608254896b97e772e05d9c94e31f17f769fd4d4f5314460450d19408c7f3f41a1197a7834b43ab81e6bbf694446ed94b23df9af6b9e904040534afc1a
+  metadata.gz: 8c87020ec8feb37dc344f332843eb49498197edbeab72d3c7b57edfb5e727029627aa5b8289fa506bdcb262d2df47fc378ca3d17f138879b3a64e51e998d22ab
+  data.tar.gz: d4e83ff02a8dfc17e8a2706756fa84f4e93035bd09c98455e8f5f2eb92f9c48636135200ed42fe6b6a6bda94671c187de97c1a85d6a21425d93191423c38711f

data/CHANGELOG.md

@@ -1,3 +1,15 @@
+## 1.2.1
+
+- Cache roles to avoid unnecessary database queries
+- Introduce `cache_enabled` configuration option allowing to enable or disable role caching
+- Enhance the migration generator so that it can receive the table name of the model representing users in the application as an argument
+- Various minor improvements
+
+## 1.2.0
+
+- Enhance handling of missing actions and roles specified in `grant_access` method by raising an error for missing actions and logging a warning for missing roles
+- Introduce `when_actions_missing` and `when_roles_missing` configuration options, allowing to customize the behavior when actions or roles are not found
+
 ## 1.1.0
 
 - Add support for `unless` argument in `grant_access` method, allowing to define negated dynamic rules

data/LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2023 enjaku4, trafium
+Copyright (c) 2023 enjaku4 (https://github.com/enjaku4), trafium (https://github.com/trafium)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -3,7 +3,9 @@
 [![Gem Version](https://badge.fury.io/rb/rabarber.svg)](http://badge.fury.io/rb/rabarber)
 [![Github Actions badge](https://github.com/enjaku4/rabarber/actions/workflows/ci.yml/badge.svg)](https://github.com/enjaku4/rabarber/actions/workflows/ci.yml)
 
-Rabarber is an authorization library for Ruby on Rails, primarily designed for use in the application layer but not limited to that. It offers a set of useful tools for managing user roles and defining authorization rules.
+Rabarber is a role-based authorization library for Ruby on Rails, designed primarily for use in the web layer (specifically controllers and views) but not limited to that. It provides tools for managing user roles and defining authorization rules, mainly focusing on answering the question of 'Who can access which endpoint?'.
+
+Unlike some other libraries, Rabarber does not handle data scoping. Instead, it focuses on providing a lightweight and flexible solution for role-based access control, allowing developers to implement data scoping according to their specific business rules directly within their application's code.
 
 ---
 
@@ -45,16 +47,14 @@ Install the gem:
 bundle install
 ```
 
-Next, generate a migration to create tables for storing roles in the database:
+Next, generate a migration to create tables for storing roles in the database. Make sure to specify the table name of the model representing users in your application as an argument. For instance, if the table name is `users`, run:
 
 ```
-rails g rabarber:roles
+rails g rabarber:roles users
 ```
 
 This will create a migration file in `db/migrate` directory.
 
-Replace `raise(Rabarber::Error, "Please specify your user model's table name")` in that file with the name of your user model's table.
-
 Finally, run the migration to apply the changes to the database:
 
 ```
@@ -63,20 +63,30 @@ rails db:migrate
 
 ## Configuration
 
-Rabarber can be configured by adding the following code into an initializer:
+Rabarber can be configured by using `.configure` method in an initializer:
 
 ```rb
 Rabarber.configure do |config|
+  config.cache_enabled = false
   config.current_user_method = :authenticated_user
   config.must_have_roles = true
-  config.when_unauthorized = ->(controller) {
-    controller.head 418
-  }
+  config.when_actions_missing = -> (missing_actions, context) { ... }
+  config.when_roles_missing = -> (missing_roles, context) { ... }
+  config.when_unauthorized = -> (controller) { ... }
 end
 ```
+
+- `cache_enabled` must be a boolean determining whether roles are cached. Roles are cached by default to avoid unnecessary database queries. If you want to disable caching, set this option to `false`. If caching is enabled and you need to clear the cache, use the `Rabarber::Cache.clear` method.
+
 - `current_user_method` must be a symbol representing the method that returns the currently authenticated user. The default value is `:current_user`.
+
 - `must_have_roles` must be a boolean determining whether a user with no roles can access endpoints permitted to everyone. The default value is `false` (allowing users without roles to access endpoints permitted to everyone).
-- `when_unauthorized` must be a lambda where you can define your actions when access is not authorized (`controller` is an instance of the controller where the code is executed). By default, the user is redirected back if the request format is HTML; otherwise, a 401 Unauthorized response is sent.
+
+- `when_actions_missing` must be a proc where you can define the behaviour when the actions specified in `grant_access` method cannot be found in the controller (`missing_actions` is an array of missing actions, `context` is a hash that looks like this: `{ controller: "InvoicesController" }`). This check is performed on every request and when the application is initialized if `eager_load` configuration is enabled in Rails. By default, an error is raised when actions are missing.
+
+- `when_roles_missing` must be a proc where you can define the behaviour when the roles specified in `grant_access` method cannot be found in the database (`missing_roles` is an array of missing roles, `context` is a hash that looks like this: `{ controller: "InvoicesController", action: "index" }`). This check is performed on every request and when the application is initialized if `eager_load` configuration is enabled in Rails. By default, only a warning is logged when roles are missing.
+
+- `when_unauthorized` must be a proc where you can define the behaviour when access is not authorized (`controller` is an instance of the controller where the code is executed). By default, the user is redirected back if the request format is HTML; otherwise, a 401 Unauthorized response is sent.
 
 ## Roles
 
@@ -103,13 +113,6 @@ By default, `#assign_roles` method will automatically create any roles that don'
 user.assign_roles(:accountant, :marketer, create_new: false)
 ```
 
-You can also explicitly create new roles simply by using:
-
-```rb
-Rabarber::Role.create(name: "manager")
-```
-The role names are unique.
-
 **`#revoke_roles`**
 
 To revoke roles, use:
@@ -143,14 +146,6 @@ If you need to list all the role names available in your application, use:
 Rabarber::Role.names
 ```
 
-`Rabarber::Role` is a model that represents roles within your application. It has a single attribute, `name`, which is validated for both uniqueness and presence. You can treat `Rabarber::Role` as a regular Rails model and use Active Record methods on it if necessary.
-
-*Utilize the aforementioned methods to manipulate user roles. For example, create a UI for managing roles or assign roles during migration or runtime (e.g. when the user is created).*
-
-*You are also encouraged to write your own authorization policies based on `#has_role?` method (e.g. to scope the data that the role can access).*
-
-*Adapt the tools Rabarber provides to fit the requirements of your application.*
-
 ## Authorization Rules
 
 Include `Rabarber::Authorization` module into the controller that needs authorization rules to be applied (authorization rules will be applied to the controller and its children). Typically, it is `ApplicationController`, but it can be any controller.
@@ -221,9 +216,9 @@ class InvoicesController < ApplicationController
 end
 ```
 
-This allows everyone to access `OrdersController` and its children and `index` action in `InvoicesController`.
+This allows everyone to access `OrdersController` and its children and `index` action in `InvoicesController`. This also extends to scenarios where there is no user present, i.e. when the method responsible for returning the currently authenticated user in your application returns `nil`.
 
-If you've set `must_have_roles` setting to `true`, then, only the users with at least one role can have access. This setting can be useful if your requirements are such that users without roles are not allowed to see anything.
+If you've set `must_have_roles` setting to `true`, then, only the users with at least one role can have access. This setting can be useful if your requirements are such that users without roles are not allowed to access anything.
 
 For more complex cases, Rabarber provides dynamic rules:
 
@@ -256,7 +251,7 @@ class InvoicesController < ApplicationController
   end
 end
 ```
-You can pass a dynamic rule as `if` or `unless` argument. It can be a symbol (the method with the same name will be called) or a lambda.
+You can pass a dynamic rule as `if` or `unless` argument. It can be a symbol (the method with the same name will be called) or a proc.
 
 Rules defined in child classes don't override parent rules but rather add to them:
 ```rb
@@ -274,7 +269,16 @@ This means that `Crm::InvoicesController` is still accessible to `admin` but is
 
 ## View Helpers
 
-Rabarber also provides a couple of helpers that can be used in views: `visible_to` and `hidden_from`. The usage is straightforward:
+Rabarber also provides a couple of helpers that can be used in views: `visible_to` and `hidden_from`. To use them, simply include `Rabarber::Helpers` in the desired helper (usually `ApplicationHelper`, but it can be any helper):
+
+```rb
+module ApplicationHelper
+  include Rabarber::Helpers
+  ...
+end
+```
+
+The usage is straightforward:
 
 ```erb
 <%= visible_to(:admin, :manager) do %>
@@ -292,9 +296,17 @@ Rabarber also provides a couple of helpers that can be used in views: `visible_t
 
 Encountered a bug or facing a problem?
 
-- **Create an Issue**: If you've identified a problem or have a feature request, please create an issue on the gem's GitHub repository. Be sure to provide detailed information about the problem, including the steps to reproduce it.
-- **Contribute a Solution**: Found a fix for the issue or want to contribute to the project? Feel free to create a pull request with your changes.
+- **Create an Issue**: If you've identified a problem, please create an issue on the gem's GitHub repository. Be sure to provide detailed information about the problem, including the steps to reproduce it.
+- **Contribute a Solution**: Found a fix for the issue? Feel free to create a pull request with your changes.
+
+## Contributing
+
+If you want to contribute, please read the [contributing guidelines](https://github.com/enjaku4/rabarber/blob/main/CONTRIBUTING.md).
 
 ## License
 
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the Rabarber project is expected to follow the [code of conduct](https://github.com/enjaku4/rabarber/blob/main/CODE_OF_CONDUCT.md).

data/lib/generators/rabarber/roles_generator.rb

@@ -8,6 +8,8 @@ module Rabarber
 
     source_root File.expand_path("templates", __dir__)
 
+    argument :table_name, type: :string, required: true
+
     def create_migrations
       migration_template "create_rabarber_roles.rb.erb", "db/migrate/create_rabarber_roles.rb"
     end

data/lib/generators/rabarber/templates/create_rabarber_roles.rb.erb

@@ -9,9 +9,9 @@ class CreateRabarberRoles < ActiveRecord::Migration[<%= ActiveRecord::Migration.
 
     create_table :rabarber_roles_roleables, id: false do |t|
       t.belongs_to :role, null: false, index: true, foreign_key: { to_table: :rabarber_roles }
-      t.belongs_to :roleable, null: false, index: true, foreign_key: { to_table: raise(Rabarber::Error, "Please specify your user model's table name") }
+      t.belongs_to :roleable, null: false, index: true, foreign_key: { to_table: <%= table_name.to_sym.inspect %> }
     end
 
-    add_index :rabarber_roles_roleables, %i[role_id roleable_id], unique: true
+    add_index :rabarber_roles_roleables, [:role_id, :roleable_id], unique: true
   end
 end

data/lib/rabarber/cache.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Cache
+    module_function
+
+    ALL_ROLES_KEY = "rabarber:roles"
+
+    def fetch(key, options, &block)
+      enabled? ? Rails.cache.fetch(key, options, &block) : yield
+    end
+
+    def delete(key)
+      Rails.cache.delete(key) if enabled?
+    end
+
+    def enabled?
+      Rabarber::Configuration.instance.cache_enabled
+    end
+
+    def key_for(record)
+      "rabarber:roles_#{record.public_send(record.class.primary_key)}"
+    end
+
+    def clear
+      Rails.cache.delete_matched(/^rabarber/)
+    end
+  end
+end

data/lib/rabarber/configuration.rb

@@ -6,38 +6,91 @@ module Rabarber
   class Configuration
     include Singleton
 
-    attr_reader :current_user_method, :must_have_roles, :when_unauthorized
+    attr_reader :cache_enabled, :current_user_method, :must_have_roles,
+                :when_actions_missing, :when_roles_missing, :when_unauthorized
 
     def initialize
-      @current_user_method = :current_user
-      @must_have_roles = false
-      @when_unauthorized = ->(controller) do
-        if controller.request.format.html?
-          controller.redirect_back fallback_location: controller.main_app.root_path
-        else
-          controller.head(:unauthorized)
-        end
-      end
+      @cache_enabled = default_cache_enabled
+      @current_user_method = default_current_user_method
+      @must_have_roles = default_must_have_roles
+      @when_actions_missing = default_when_actions_missing
+      @when_roles_missing = default_when_roles_missing
+      @when_unauthorized = default_when_unauthorized
     end
 
-    def current_user_method=(method_name)
-      unless (method_name.is_a?(Symbol) || method_name.is_a?(String)) && method_name.present?
-        raise ConfigurationError, "Configuration 'current_user_method' must be a Symbol or a String"
-      end
+    def cache_enabled=(value)
+      @cache_enabled = Rabarber::Input::Types::Booleans.new(
+        value, Rabarber::ConfigurationError, "Configuration 'cache_enabled' must be a Boolean"
+      ).process
+    end
 
-      @current_user_method = method_name.to_sym
+    def current_user_method=(method_name)
+      @current_user_method = Rabarber::Input::Types::Symbols.new(
+        method_name, Rabarber::ConfigurationError, "Configuration 'current_user_method' must be a Symbol or a String"
+      ).process
     end
 
     def must_have_roles=(value)
-      raise ConfigurationError, "Configuration 'must_have_roles' must be a Boolean" unless [true, false].include?(value)
+      @must_have_roles = Rabarber::Input::Types::Booleans.new(
+        value, Rabarber::ConfigurationError, "Configuration 'must_have_roles' must be a Boolean"
+      ).process
+    end
+
+    def when_actions_missing=(callable)
+      @when_actions_missing = Rabarber::Input::Types::Procs.new(
+        callable, Rabarber::ConfigurationError, "Configuration 'when_actions_missing' must be a Proc"
+      ).process
+    end
 
-      @must_have_roles = value
+    def when_roles_missing=(callable)
+      @when_roles_missing = Rabarber::Input::Types::Procs.new(
+        callable, Rabarber::ConfigurationError, "Configuration 'when_roles_missing' must be a Proc"
+      ).process
     end
 
     def when_unauthorized=(callable)
-      raise ConfigurationError, "Configuration 'when_unauthorized' must be a Proc" unless callable.is_a?(Proc)
+      @when_unauthorized = Rabarber::Input::Types::Procs.new(
+        callable, Rabarber::ConfigurationError, "Configuration 'when_unauthorized' must be a Proc"
+      ).process
+    end
 
-      @when_unauthorized = callable
+    private
+
+    def default_cache_enabled
+      true
+    end
+
+    def default_current_user_method
+      :current_user
+    end
+
+    def default_must_have_roles
+      false
+    end
+
+    def default_when_actions_missing
+      -> (missing_actions, context) {
+        raise Rabarber::Error, "Missing actions: #{missing_actions}, context: #{context[:controller]}"
+      }
+    end
+
+    def default_when_roles_missing
+      -> (missing_roles, context) {
+        delimiter = context[:action] ? "#" : ""
+        message = "Missing roles: #{missing_roles}, context: #{context[:controller]}#{delimiter}#{context[:action]}"
+        Rails.logger.tagged("Rabarber") { Rails.logger.warn message }
+      }
+    end
+
+    def default_when_unauthorized
+      -> (controller) do
+        Rails.logger.tagged("Rabarber") { Rails.logger.warn "Unauthorized attempt" }
+        if controller.request.format.html?
+          controller.redirect_back fallback_location: controller.main_app.root_path
+        else
+          controller.head(:unauthorized)
+        end
+      end
     end
   end
 end

data/lib/rabarber/controllers/concerns/authorization.rb

@@ -12,18 +12,30 @@ module Rabarber
       def grant_access(action: nil, roles: nil, if: nil, unless: nil)
         dynamic_rule, negated_dynamic_rule = binding.local_variable_get(:if), binding.local_variable_get(:unless)
 
-        Permissions.write(self, action, roles, dynamic_rule, negated_dynamic_rule)
+        Rabarber::Permissions.add(
+          self,
+          Rabarber::Input::Actions.new(action).process,
+          Rabarber::Input::Roles.new(roles).process,
+          Rabarber::Input::DynamicRules.new(dynamic_rule).process,
+          Rabarber::Input::DynamicRules.new(negated_dynamic_rule).process
+        )
       end
     end
 
     private
 
     def verify_access
-      return if Permissions.access_granted?(
-        send(::Rabarber::Configuration.instance.current_user_method).roles, self.class, action_name.to_sym, self
-      )
+      Rabarber::Missing::Actions.new(self.class).handle
+      Rabarber::Missing::Roles.new(self.class).handle
 
-      ::Rabarber::Configuration.instance.when_unauthorized.call(self)
+      return if Rabarber::Permissions.access_granted?(rabarber_roles, self.class, action_name.to_sym, self)
+
+      Rabarber::Configuration.instance.when_unauthorized.call(self)
+    end
+
+    def rabarber_roles
+      user = send(Rabarber::Configuration.instance.current_user_method)
+      user ? user.roles : []
     end
   end
 end

data/lib/rabarber/helpers/helpers.rb

@@ -3,13 +3,13 @@
 module Rabarber
   module Helpers
     def visible_to(*roles, &block)
-      return unless send(::Rabarber::Configuration.instance.current_user_method).has_role?(*roles)
+      return unless send(Rabarber::Configuration.instance.current_user_method).has_role?(*roles)
 
       capture(&block)
     end
 
     def hidden_from(*roles, &block)
-      return if send(::Rabarber::Configuration.instance.current_user_method).has_role?(*roles)
+      return if send(Rabarber::Configuration.instance.current_user_method).has_role?(*roles)
 
       capture(&block)
     end

data/lib/rabarber/input/actions.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Input
+    class Actions < Rabarber::Input::Base
+      def initialize(
+        value,
+        error_type = Rabarber::InvalidArgumentError,
+        error_message = "Action name must be a Symbol or a String"
+      )
+        super
+      end
+
+      private
+
+      def valid?
+        (value.is_a?(String) || value.is_a?(Symbol)) && value.present? || value.nil?
+      end
+
+      def processed_value
+        case value
+        when String, Symbol
+          value.to_sym
+        when nil
+          value
+        end
+      end
+    end
+  end
+end

data/lib/rabarber/input/base.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Input
+    class Base
+      attr_reader :value, :error_type, :error_message
+
+      def initialize(value, error_type, error_message)
+        @value = value
+        @error_type = error_type
+        @error_message = error_message
+      end
+
+      def process
+        valid? ? processed_value : raise_error
+      end
+
+      private
+
+      def valid?
+        raise NotImplementedError
+      end
+
+      def processed_value
+        raise NotImplementedError
+      end
+
+      def raise_error
+        raise error_type, error_message
+      end
+    end
+  end
+end

data/lib/rabarber/input/dynamic_rules.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Input
+    class DynamicRules < Rabarber::Input::Base
+      def initialize(
+        value,
+        error_type = Rabarber::InvalidArgumentError,
+        error_message = "Dynamic rule must be a Symbol, a String, or a Proc"
+      )
+        super
+      end
+
+      private
+
+      def valid?
+        (value.is_a?(String) || value.is_a?(Symbol)) && value.present? || value.nil? || value.is_a?(Proc)
+      end
+
+      def processed_value
+        case value
+        when String, Symbol
+          value.to_sym
+        when Proc, nil
+          value
+        end
+      end
+    end
+  end
+end

data/lib/rabarber/input/roles.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Input
+    class Roles < Rabarber::Input::Base
+      REGEX = /\A[a-z0-9_]+\z/
+
+      def initialize(
+        value,
+        error_type = Rabarber::InvalidArgumentError,
+        error_message =
+          "Role names must be Symbols or Strings and may only contain lowercase letters, numbers and underscores"
+      )
+        super
+      end
+
+      def value
+        Array(super)
+      end
+
+      private
+
+      def valid?
+        value.all? { |role_name| (role_name.is_a?(Symbol) || role_name.is_a?(String)) && role_name.to_s.match?(REGEX) }
+      end
+
+      def processed_value
+        value.map(&:to_sym)
+      end
+    end
+  end
+end

data/lib/rabarber/input/types/booleans.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Input
+    module Types
+      class Booleans < Rabarber::Input::Base
+        private
+
+        def valid?
+          [true, false].include?(value)
+        end
+
+        def processed_value
+          value
+        end
+      end
+    end
+  end
+end

data/lib/rabarber/input/types/procs.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Input
+    module Types
+      class Procs < Rabarber::Input::Base
+        private
+
+        def valid?
+          value.is_a?(Proc)
+        end
+
+        def processed_value
+          value
+        end
+      end
+    end
+  end
+end

data/lib/rabarber/input/types/symbols.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Input
+    module Types
+      class Symbols < Rabarber::Input::Base
+        private
+
+        def valid?
+          (value.is_a?(Symbol) || value.is_a?(String)) && value.present?
+        end
+
+        def processed_value
+          value.to_sym
+        end
+      end
+    end
+  end
+end

data/lib/rabarber/missing/actions.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Missing
+    class Actions < Rabarber::Missing::Base
+      private
+
+      def check_controller_rules
+        nil
+      end
+
+      def check_action_rules
+        action_rules.each do |controller, controller_action_rules|
+          missing_actions = controller_action_rules.map(&:action) - controller.action_methods.map(&:to_sym)
+          missing_list << Rabarber::Missing::Item.new(missing_actions, controller, nil) if missing_actions.present?
+        end
+      end
+
+      def configuration_name
+        :when_actions_missing
+      end
+    end
+  end
+end

data/lib/rabarber/missing/base.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Missing
+    class Base
+      attr_reader :controller
+
+      def initialize(controller = nil)
+        @controller = controller
+      end
+
+      def handle
+        check_controller_rules
+        check_action_rules
+
+        return if missing_list.empty?
+
+        missing_list.each do |item|
+          context = item.action ? { controller: item.controller, action: item.action } : { controller: item.controller }
+          Rabarber::Configuration.instance.public_send(configuration_name).call(item.missing, context)
+        end
+      end
+
+      private
+
+      def check_controller_rules
+        raise NotImplementedError
+      end
+
+      def check_action_rules
+        raise NotImplementedError
+      end
+
+      def configuration_name
+        raise NotImplementedError
+      end
+
+      def missing_list
+        @missing_list ||= []
+      end
+
+      def controller_rules
+        if controller
+          { controller => Rabarber::Permissions.controller_rules[controller] }
+        else
+          Rabarber::Permissions.controller_rules
+        end
+      end
+
+      def action_rules
+        if controller
+          { controller => Rabarber::Permissions.action_rules[controller] }
+        else
+          Rabarber::Permissions.action_rules
+        end
+      end
+    end
+
+    Item = Struct.new(:missing, :controller, :action)
+  end
+end

data/lib/rabarber/missing/roles.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Missing
+    class Roles < Rabarber::Missing::Base
+      private
+
+      def check_controller_rules
+        controller_rules.each do |controller, controller_rule|
+          missing_roles = controller_rule.roles - all_roles if controller_rule.present?
+          missing_list << Rabarber::Missing::Item.new(missing_roles, controller, nil) if missing_roles.present?
+        end
+      end
+
+      def check_action_rules
+        action_rules.each do |controller, controller_action_rules|
+          controller_action_rules.each do |action_rule|
+            missing_roles = action_rule.roles - all_roles
+            if missing_roles.any?
+              missing_list << Rabarber::Missing::Item.new(missing_roles, controller, action_rule.action)
+            end
+          end
+        end
+      end
+
+      def configuration_name
+        :when_roles_missing
+      end
+
+      def all_roles
+        @all_roles ||= Rabarber::Cache.fetch(
+          Rabarber::Cache::ALL_ROLES_KEY, expires_in: 1.day, race_condition_ttl: 10.seconds
+        ) { Rabarber::Role.names }
+      end
+    end
+  end
+end

data/lib/rabarber/models/concerns/has_roles.rb

@@ -5,7 +5,9 @@ module Rabarber
     extend ActiveSupport::Concern
 
     included do
-      raise Error, "Rabarber::HasRoles can only be included once" if defined?(@@included) && @@included != name
+      if defined?(@@included) && @@included != name
+        raise Rabarber::Error, "Rabarber::HasRoles can only be included once"
+      end
 
       @@included = name
 
@@ -15,30 +17,44 @@ module Rabarber
     end
 
     def roles
-      rabarber_roles.names
+      Rabarber::Cache.fetch(Rabarber::Cache.key_for(self), expires_in: 1.hour, race_condition_ttl: 5.seconds) do
+        rabarber_roles.names
+      end
     end
 
     def has_role?(*role_names)
-      (roles & RoleNames.pre_process(role_names)).any?
+      (roles & process_role_names(role_names)).any?
     end
 
     def assign_roles(*role_names, create_new: true)
-      roles_to_assign = RoleNames.pre_process(role_names)
+      roles_to_assign = process_role_names(role_names)
 
       create_new_roles(roles_to_assign) if create_new
 
-      rabarber_roles << Role.where(name: roles_to_assign) - rabarber_roles
+      rabarber_roles << Rabarber::Role.where(name: roles_to_assign) - rabarber_roles
+
+      delete_cache
     end
 
     def revoke_roles(*role_names)
-      self.rabarber_roles = rabarber_roles - Role.where(name: RoleNames.pre_process(role_names))
+      self.rabarber_roles = rabarber_roles - Rabarber::Role.where(name: process_role_names(role_names))
+
+      delete_cache
     end
 
     private
 
     def create_new_roles(role_names)
-      new_roles = role_names - Role.names
-      new_roles.each { |role_name| Role.create!(name: role_name) }
+      new_roles = role_names - Rabarber::Role.names
+      new_roles.each { |role_name| Rabarber::Role.create!(name: role_name) }
+    end
+
+    def process_role_names(role_names)
+      Rabarber::Input::Roles.new(role_names).process
+    end
+
+    def delete_cache
+      Rabarber::Cache.delete(Rabarber::Cache.key_for(self))
     end
   end
 end

data/lib/rabarber/models/role.rb

@@ -4,10 +4,18 @@ module Rabarber
   class Role < ActiveRecord::Base
     self.table_name = "rabarber_roles"
 
-    validates :name, presence: true, uniqueness: true, format: { with: RoleNames::REGEX }
+    validates :name, presence: true, uniqueness: true, format: { with: Rabarber::Input::Roles::REGEX }
+
+    after_commit :delete_cache
 
     def self.names
       pluck(:name).map(&:to_sym)
     end
+
+    private
+
+    def delete_cache
+      Rabarber::Cache.delete(Rabarber::Cache::ALL_ROLES_KEY)
+    end
   end
 end

data/lib/rabarber/permissions.rb

@@ -15,8 +15,8 @@ module Rabarber
       @storage = { controller_rules: Hash.new({}), action_rules: Hash.new([]) }
     end
 
-    def self.write(controller, action, roles, dynamic_rule, negated_dynamic_rule)
-      rule = Rule.new(action, roles, dynamic_rule, negated_dynamic_rule)
+    def self.add(controller, action, roles, dynamic_rule, negated_dynamic_rule)
+      rule = Rabarber::Rule.new(action, roles, dynamic_rule, negated_dynamic_rule)
 
       if action
         instance.storage[:action_rules][controller] += [rule]

data/lib/rabarber/railtie.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require "rails/railtie"
+
+module Rabarber
+  class Railtie < Rails::Railtie
+    initializer "rabarber.after_initialize" do |app|
+      app.config.after_initialize do
+        Rabarber::Missing::Actions.new.handle
+        Rabarber::Missing::Roles.new.handle if Rabarber::Role.table_exists?
+      end
+    end
+  end
+end

data/lib/rabarber/rule.rb

@@ -5,10 +5,10 @@ module Rabarber
     attr_reader :action, :roles, :dynamic_rule, :negated_dynamic_rule
 
     def initialize(action, roles, dynamic_rule, negated_dynamic_rule)
-      @action = pre_process_action(action)
-      @roles = RoleNames.pre_process(Array(roles))
-      @dynamic_rule = pre_process_dynamic_rule(dynamic_rule)
-      @negated_dynamic_rule = pre_process_dynamic_rule(negated_dynamic_rule)
+      @action = action
+      @roles = Array(roles)
+      @dynamic_rule = dynamic_rule
+      @negated_dynamic_rule = negated_dynamic_rule
     end
 
     def verify_access(user_roles, dynamic_rule_receiver, action_name = nil)
@@ -20,7 +20,7 @@ module Rabarber
     end
 
     def roles_permitted?(user_roles)
-      return false if ::Rabarber::Configuration.instance.must_have_roles && user_roles.empty?
+      return false if Rabarber::Configuration.instance.must_have_roles && user_roles.empty?
 
       roles.empty? || (roles & user_roles).any?
     end
@@ -44,19 +44,5 @@ module Rabarber
 
       is_negated ? !result : result
     end
-
-    def pre_process_action(action)
-      return action.to_sym if (action.is_a?(String) || action.is_a?(Symbol)) && action.present?
-      return action if action.nil?
-
-      raise InvalidArgumentError, "Action name must be a Symbol or a String"
-    end
-
-    def pre_process_dynamic_rule(rule)
-      return rule.to_sym if (rule.is_a?(String) || rule.is_a?(Symbol)) && rule.present?
-      return rule if rule.nil? || rule.is_a?(Proc)
-
-      raise InvalidArgumentError, "Dynamic rule must be a Symbol, a String, or a Proc"
-    end
   end
 end

data/lib/rabarber/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Rabarber
-  VERSION = "1.1.0"
+  VERSION = "1.2.1"
 end

data/lib/rabarber.rb

@@ -6,7 +6,19 @@ require_relative "rabarber/configuration"
 require "active_record"
 require "active_support"
 
-require_relative "rabarber/role_names"
+require_relative "rabarber/input/base"
+require_relative "rabarber/input/actions"
+require_relative "rabarber/input/dynamic_rules"
+require_relative "rabarber/input/roles"
+require_relative "rabarber/input/types/booleans"
+require_relative "rabarber/input/types/procs"
+require_relative "rabarber/input/types/symbols"
+
+require_relative "rabarber/missing/base"
+require_relative "rabarber/missing/actions"
+require_relative "rabarber/missing/roles"
+
+require_relative "rabarber/cache"
 
 require_relative "rabarber/controllers/concerns/authorization"
 require_relative "rabarber/helpers/helpers"
@@ -14,14 +26,16 @@ require_relative "rabarber/models/concerns/has_roles"
 require_relative "rabarber/models/role"
 require_relative "rabarber/permissions"
 
+require_relative "rabarber/railtie"
+
 module Rabarber
   module_function
 
+  class Error < StandardError; end
+  class ConfigurationError < Rabarber::Error; end
+  class InvalidArgumentError < Rabarber::Error; end
+
   def configure
-    yield(Configuration.instance)
+    yield(Rabarber::Configuration.instance)
   end
-
-  class Error < StandardError; end
-  class ConfigurationError < Error; end
-  class InvalidArgumentError < Error; end
 end

data/rabarber.gemspec

@@ -6,7 +6,7 @@ Gem::Specification.new do |spec|
   spec.name = "rabarber"
   spec.version = Rabarber::VERSION
   spec.authors = ["enjaku4", "trafium"]
-  spec.email = ["enjaku4@gmail.com"]
+  spec.email = ["rabarber_gem@icloud.com"]
 
   spec.summary = "Simple authorization library for Ruby on Rails."
   spec.homepage = "https://github.com/enjaku4/rabarber"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rabarber
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.1
 platform: ruby
 authors:
 - enjaku4
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-18 00:00:00.000000000 Z
+date: 2024-02-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -27,7 +27,7 @@ dependencies:
         version: '6.1'
 description:
 email:
-- enjaku4@gmail.com
+- rabarber_gem@icloud.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -39,13 +39,24 @@ files:
 - lib/generators/rabarber/templates/create_rabarber_roles.rb.erb
 - lib/rabarber.rb
 - lib/rabarber/access.rb
+- lib/rabarber/cache.rb
 - lib/rabarber/configuration.rb
 - lib/rabarber/controllers/concerns/authorization.rb
 - lib/rabarber/helpers/helpers.rb
+- lib/rabarber/input/actions.rb
+- lib/rabarber/input/base.rb
+- lib/rabarber/input/dynamic_rules.rb
+- lib/rabarber/input/roles.rb
+- lib/rabarber/input/types/booleans.rb
+- lib/rabarber/input/types/procs.rb
+- lib/rabarber/input/types/symbols.rb
+- lib/rabarber/missing/actions.rb
+- lib/rabarber/missing/base.rb
+- lib/rabarber/missing/roles.rb
 - lib/rabarber/models/concerns/has_roles.rb
 - lib/rabarber/models/role.rb
 - lib/rabarber/permissions.rb
-- lib/rabarber/role_names.rb
+- lib/rabarber/railtie.rb
 - lib/rabarber/rule.rb
 - lib/rabarber/version.rb
 - rabarber.gemspec

data/lib/rabarber/role_names.rb

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-module Rabarber
-  module RoleNames
-    module_function
-
-    REGEX = /\A[a-z0-9_]+\z/
-
-    def pre_process(role_names)
-      return role_names.map(&:to_sym) if role_names.all? do |role_name|
-        (role_name.is_a?(Symbol) || role_name.is_a?(String)) && role_name.to_s.match?(REGEX)
-      end
-
-      raise(
-        InvalidArgumentError,
-        "Role names must be Symbols or Strings and may only contain lowercase letters, numbers and underscores"
-      )
-    end
-  end
-end