rabarber 3.0.1 → 3.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5dd689c4149da8e0f11b3e959b116be20b8364ca9546986a6064454b2eb25c44
-  data.tar.gz: c5f15810b3434ab5275573f8d154c1dd765d5136f5a9d42c6f7cdd28a27c0133
+  metadata.gz: 577541d4928a55318bf4358aab22e46b094b873172c78ab3a5cdcd5c48e2fd1f
+  data.tar.gz: 8705e8907a36e9cc811784c951011b448fe37ec5cd5a63b70d263589af035164
 SHA512:
-  metadata.gz: b53349cbf3d1fffc9a8a5acc0183eb18a3c6e928b87d613deb6502f60e1ee0ef4b1f49538c51249f07b27666562654f51a70713c7d30d7b41031d0610d340956
-  data.tar.gz: 44930f95235e429db06e8deca63148a7b89187d9d79724cd0708e42bb46b7486552e0d459cc73fc9a8ab6b248b1e6e2d69cd6a647220275f08a8a7fecc2526f6
+  metadata.gz: b35a496964096d6ce0538f2d84d43786c86fb367b03afa1a8604cd9e9225f015266fb2d94c4df01513c07cbb1e639851f858fb12bcded98646718a586218fd8a
+  data.tar.gz: 8bab47c3abf70362eecd13237eca64db16c3b7a0bae06334efe8c7ba3e0f1cb48b39a1c443ce5456957ef643c7256693a8ac0e0d2ecbabb3b701463a00120dc9

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+## v3.0.2
+
+### Misc:
+
+- Improved performance for authorization checks
+- Refactored codebase for better maintainability
+
 ## v3.0.1
 
 ### Misc:

data/lib/rabarber/audit/events/base.rb

@@ -15,16 +15,10 @@ module Rabarber
         private
 
         def initialize(roleable, specifics)
-          raise ArgumentError, "Roleable is required for #{self.class} event" if roleable.nil? && !nil_roleable_allowed?
-
           @roleable = roleable
           @specifics = specifics
         end
 
-        def nil_roleable_allowed?
-          raise NotImplementedError
-        end
-
         def log
           Rabarber::Audit::Logger.log(log_level, message)
         end
@@ -38,14 +32,7 @@ module Rabarber
         end
 
         def identity
-          if roleable.is_a?(Rabarber::Core::NullRoleable)
-            "Unauthenticated #{Rabarber::HasRoles.roleable_class.model_name.human.downcase}"
-          else
-            model_name = roleable.model_name.human
-            roleable_id = roleable.public_send(roleable.class.primary_key)
-
-            "#{model_name}##{roleable_id}"
-          end
+          roleable.log_identity
         end
 
         def human_context

data/lib/rabarber/audit/events/roles_assigned.rb

@@ -6,10 +6,6 @@ module Rabarber
       class RolesAssigned < Base
         private
 
-        def nil_roleable_allowed?
-          false
-        end
-
         def log_level
           :info
         end

data/lib/rabarber/audit/events/roles_revoked.rb

@@ -6,10 +6,6 @@ module Rabarber
       class RolesRevoked < Base
         private
 
-        def nil_roleable_allowed?
-          false
-        end
-
         def log_level
           :info
         end

data/lib/rabarber/audit/events/unauthorized_attempt.rb

@@ -6,10 +6,6 @@ module Rabarber
       class UnauthorizedAttempt < Base
         private
 
-        def nil_roleable_allowed?
-          true
-        end
-
         def log_level
           :warn
         end

data/lib/rabarber/configuration.rb

@@ -9,22 +9,18 @@ module Rabarber
     attr_reader :audit_trail_enabled, :cache_enabled, :current_user_method, :must_have_roles
 
     def initialize
-      @audit_trail_enabled = default_audit_trail_enabled
-      @cache_enabled = default_cache_enabled
-      @current_user_method = default_current_user_method
-      @must_have_roles = default_must_have_roles
+      @audit_trail_enabled = true
+      @cache_enabled = true
+      @current_user_method = :current_user
+      @must_have_roles = false
     end
 
-    def audit_trail_enabled=(value)
-      @audit_trail_enabled = Rabarber::Input::Types::Boolean.new(
-        value, Rabarber::ConfigurationError, "Configuration 'audit_trail_enabled' must be a Boolean"
-      ).process
-    end
-
-    def cache_enabled=(value)
-      @cache_enabled = Rabarber::Input::Types::Boolean.new(
-        value, Rabarber::ConfigurationError, "Configuration 'cache_enabled' must be a Boolean"
-      ).process
+    [:audit_trail_enabled, :cache_enabled, :must_have_roles].each do |method_name|
+      define_method(:"#{method_name}=") do |value|
+        instance_variable_set(:"@#{method_name}", Rabarber::Input::Types::Boolean.new(
+          value, Rabarber::ConfigurationError, "Configuration '#{method_name}' must be a Boolean"
+        ).process)
+      end
     end
 
     def current_user_method=(method_name)
@@ -32,29 +28,5 @@ module Rabarber
         method_name, Rabarber::ConfigurationError, "Configuration 'current_user_method' must be a Symbol or a String"
       ).process
     end
-
-    def must_have_roles=(value)
-      @must_have_roles = Rabarber::Input::Types::Boolean.new(
-        value, Rabarber::ConfigurationError, "Configuration 'must_have_roles' must be a Boolean"
-      ).process
-    end
-
-    private
-
-    def default_audit_trail_enabled
-      true
-    end
-
-    def default_cache_enabled
-      true
-    end
-
-    def default_current_user_method
-      :current_user
-    end
-
-    def default_must_have_roles
-      false
-    end
   end
 end

data/lib/rabarber/controllers/concerns/authorization.rb

@@ -3,12 +3,9 @@
 module Rabarber
   module Authorization
     extend ActiveSupport::Concern
-
     include Rabarber::Core::Roleable
 
-    included do
-      before_action :verify_access
-    end
+    included { before_action :verify_access }
 
     class_methods do
       def skip_authorization(options = {})
@@ -16,15 +13,13 @@ module Rabarber
       end
 
       def grant_access(action: nil, roles: nil, context: nil, if: nil, unless: nil)
-        dynamic_rule, negated_dynamic_rule = binding.local_variable_get(:if), binding.local_variable_get(:unless)
-
         Rabarber::Core::Permissions.add(
           self,
           Rabarber::Input::Action.new(action).process,
           Rabarber::Input::Roles.new(roles).process,
           Rabarber::Input::AuthorizationContext.new(context).process,
-          Rabarber::Input::DynamicRule.new(dynamic_rule).process,
-          Rabarber::Input::DynamicRule.new(negated_dynamic_rule).process
+          Rabarber::Input::DynamicRule.new(binding.local_variable_get(:if)).process,
+          Rabarber::Input::DynamicRule.new(binding.local_variable_get(:unless)).process
         )
       end
     end

data/lib/rabarber/core/access.rb

@@ -9,7 +9,7 @@ module Rabarber
 
       def controller_accessible?(roleable, controller_instance)
         controller_rules.any? do |rule_controller, rule|
-          controller_instance.class <= rule_controller && rule.verify_access(roleable, controller_instance)
+          controller_instance.is_a?(rule_controller) && rule.verify_access(roleable, controller_instance)
         end
       end
 

data/lib/rabarber/core/cache.rb

@@ -5,22 +5,22 @@ require "digest/sha2"
 module Rabarber
   module Core
     module Cache
-      module_function
-
       CACHE_PREFIX = "rabarber"
       private_constant :CACHE_PREFIX
 
+      module_function
+
       def fetch(roleable_id, context:, &block)
-        if enabled?
-          Rails.cache.fetch(key_for(roleable_id, context), expires_in: 1.hour, race_condition_ttl: 5.seconds, &block)
-        else
-          yield
-        end
+        return yield unless enabled?
+
+        Rails.cache.fetch(key_for(roleable_id, context), expires_in: 1.hour, race_condition_ttl: 5.seconds, &block)
       end
 
       def delete(*roleable_ids, context:)
+        return unless enabled?
+
         keys = roleable_ids.map { |roleable_id| key_for(roleable_id, context) }
-        Rails.cache.delete_multi(keys) if enabled? && keys.any?
+        Rails.cache.delete_multi(keys) if keys.any?
       end
 
       def enabled?
@@ -38,9 +38,10 @@ module Rabarber
   end
 
   module Cache
+    module_function
+
     def clear
       Rabarber::Core::Cache.clear
     end
-    module_function :clear
   end
 end

data/lib/rabarber/core/null_roleable.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Core
+    class NullRoleable
+      def roles(context:) # rubocop:disable Lint/UnusedMethodArgument
+        []
+      end
+
+      def has_role?(*role_names, context: nil) # rubocop:disable Lint/UnusedMethodArgument
+        false
+      end
+
+      def log_identity
+        "Unauthenticated #{Rabarber::HasRoles.roleable_class.model_name.human.downcase}"
+      end
+    end
+  end
+end

data/lib/rabarber/core/permissions.rb

@@ -2,14 +2,12 @@
 
 require_relative "access"
 require_relative "rule"
-
 require "singleton"
 
 module Rabarber
   module Core
     class Permissions
       include Singleton
-
       extend Access
 
       attr_reader :storage
@@ -21,12 +19,7 @@ module Rabarber
       class << self
         def add(controller, action, roles, context, dynamic_rule, negated_dynamic_rule)
           rule = Rabarber::Core::Rule.new(action, roles, context, dynamic_rule, negated_dynamic_rule)
-
-          if action
-            instance.storage[:action_rules][controller] += [rule]
-          else
-            instance.storage[:controller_rules][controller] = rule
-          end
+          action ? action_rules[controller] += [rule] : controller_rules[controller] = rule
         end
 
         def controller_rules

data/lib/rabarber/core/permissions_integrity_checker.rb

@@ -28,11 +28,8 @@ module Rabarber
       end
 
       def action_rules
-        if controller
-          Rabarber::Core::Permissions.action_rules.slice(controller)
-        else
-          Rabarber::Core::Permissions.action_rules
-        end
+        rules = Rabarber::Core::Permissions.action_rules
+        controller ? rules.slice(controller) : rules
       end
     end
   end

data/lib/rabarber/core/roleable.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require_relative "null_roleable"
+
 module Rabarber
   module Core
     module Roleable
@@ -11,11 +13,5 @@ module Rabarber
         roleable.roles(context: context)
       end
     end
-
-    class NullRoleable
-      def roles(context:) # rubocop:disable Lint/UnusedMethodArgument
-        []
-      end
-    end
   end
 end

data/lib/rabarber/core/rule.rb

@@ -9,44 +9,32 @@ module Rabarber
         @action = action
         @roles = Array(roles)
         @context = context
-        @dynamic_rule = dynamic_rule
-        @negated_dynamic_rule = negated_dynamic_rule
+        @dynamic_rule = dynamic_rule || -> { true }
+        @negated_dynamic_rule = negated_dynamic_rule || -> { false }
       end
 
       def verify_access(roleable, controller_instance)
-        roles_permitted?(roleable, controller_instance) && dynamic_rule_followed?(controller_instance)
+        roles_permitted?(roleable, controller_instance) && dynamic_rules_followed?(controller_instance)
       end
 
       def roles_permitted?(roleable, controller_instance)
-        processed_context = get_context(controller_instance)
-        roleable_roles = roleable.roles(context: processed_context)
+        resolved_context = resolve_context(controller_instance)
+        return false if Rabarber::Configuration.instance.must_have_roles && roleable.roles(context: resolved_context).empty?
 
-        return false if Rabarber::Configuration.instance.must_have_roles && roleable_roles.empty?
-
-        roles.empty? || roles.intersection(roleable_roles).any?
+        roles.empty? || roleable.has_role?(*roles, context: resolved_context)
       end
 
-      def dynamic_rule_followed?(controller_instance)
-        !!(execute_dynamic_rule(controller_instance, false) && execute_dynamic_rule(controller_instance, true))
+      def dynamic_rules_followed?(controller_instance)
+        execute_rule(controller_instance, dynamic_rule) && !execute_rule(controller_instance, negated_dynamic_rule)
       end
 
       private
 
-      def execute_dynamic_rule(controller_instance, is_negated)
-        rule = is_negated ? negated_dynamic_rule : dynamic_rule
-
-        return true if rule.nil?
-
-        result = if rule.is_a?(Proc)
-                   controller_instance.instance_exec(&rule)
-                 else
-                   controller_instance.send(rule)
-                 end
-
-        is_negated ? !result : result
+      def execute_rule(controller_instance, rule)
+        !!(rule.is_a?(Proc) ? controller_instance.instance_exec(&rule) : controller_instance.send(rule))
       end
 
-      def get_context(controller_instance)
+      def resolve_context(controller_instance)
         case context
         when Proc then Rabarber::Input::Context.new(controller_instance.instance_exec(&context)).process
         when Symbol then Rabarber::Input::Context.new(controller_instance.send(context)).process

data/lib/rabarber/helpers/helpers.rb

@@ -5,15 +5,11 @@ module Rabarber
     include Rabarber::Core::Roleable
 
     def visible_to(*roles, context: nil, &block)
-      return if roleable_roles(context: Rabarber::Input::Context.new(context).process).intersection(Rabarber::Input::Roles.new(roles).process).none?
-
-      capture(&block)
+      capture(&block) if roleable.has_role?(*roles, context: context)
     end
 
     def hidden_from(*roles, context: nil, &block)
-      return if roleable_roles(context: Rabarber::Input::Context.new(context).process).intersection(Rabarber::Input::Roles.new(roles).process).any?
-
-      capture(&block)
+      capture(&block) unless roleable.has_role?(*roles, context: context)
     end
   end
 end

data/lib/rabarber/input/action.rb

@@ -10,10 +10,7 @@ module Rabarber
       private
 
       def processed_value
-        case value
-        when String, Symbol then value.to_sym
-        when nil then value
-        end
+        value&.to_sym
       end
 
       def default_error_message

data/lib/rabarber/input/authorization_context.rb

@@ -11,8 +11,8 @@ module Rabarber
 
       def processed_value
         case value
-        when Symbol, String then value.to_sym
-        when Proc then value
+        when String then value.to_sym
+        when Symbol, Proc then value
         else Rabarber::Input::Context.new(value).process
         end
       end

data/lib/rabarber/input/base.rb

@@ -5,10 +5,10 @@ module Rabarber
     class Base
       attr_reader :value, :error_type, :error_message
 
-      def initialize(value, error_type = Rabarber::InvalidArgumentError, error_message = default_error_message)
+      def initialize(value, error_type = Rabarber::InvalidArgumentError, error_message = nil)
         @value = value
         @error_type = error_type
-        @error_message = error_message
+        @error_message = error_message || default_error_message
       end
 
       def process

data/lib/rabarber/input/dynamic_rule.rb

@@ -10,10 +10,7 @@ module Rabarber
       private
 
       def processed_value
-        case value
-        when String, Symbol then value.to_sym
-        when Proc, nil then value
-        end
+        value.is_a?(String) ? value.to_sym : value
       end
 
       def default_error_message

data/lib/rabarber/input/role.rb

@@ -16,7 +16,7 @@ module Rabarber
       end
 
       def default_error_message
-        "Role name must be a Symbol or a String and may only contain lowercase letters, numbers and underscores"
+        "Role name must be a Symbol or a String and may only contain lowercase letters, numbers, and underscores"
       end
     end
   end

data/lib/rabarber/input/roles.rb

@@ -18,7 +18,7 @@ module Rabarber
       end
 
       def default_error_message
-        "Role names must be Symbols or Strings and may only contain lowercase letters, numbers and underscores"
+        "Role names must be Symbols or Strings and may only contain lowercase letters, numbers, and underscores"
       end
     end
   end

data/lib/rabarber/models/concerns/has_roles.rb

@@ -21,7 +21,8 @@ module Rabarber
 
     def has_role?(*role_names, context: nil)
       processed_context = process_context(context)
-      roles(context: processed_context).intersection(process_role_names(role_names)).any?
+      processed_roles = process_role_names(role_names)
+      roles(context: processed_context).any? { |role_name| processed_roles.include?(role_name) }
     end
 
     def assign_roles(*role_names, context: nil, create_new: true)
@@ -72,6 +73,10 @@ module Rabarber
       roles(context: processed_context)
     end
 
+    def log_identity
+      "#{model_name.human}##{roleable_id}"
+    end
+
     def roleable_class
       @@included.constantize
     end

data/lib/rabarber/models/role.rb

@@ -13,7 +13,7 @@ module Rabarber
 
     class << self
       def names(context: nil)
-        where(Rabarber::Input::Context.new(context).process).pluck(:name).map(&:to_sym)
+        where(process_context(context)).pluck(:name).map(&:to_sym)
       end
 
       def add(name, context: nil)
@@ -50,7 +50,7 @@ module Rabarber
 
       def assignees(name, context: nil)
         Rabarber::HasRoles.roleable_class.joins(:rabarber_roles).where(
-          rabarber_roles: { name: Rabarber::Input::Role.new(name).process, **process_context(context) }
+          rabarber_roles: { name: process_role_name(name), **process_context(context) }
         )
       end
 

data/lib/rabarber/railtie.rb

@@ -6,7 +6,7 @@ module Rabarber
   class Railtie < Rails::Railtie
     initializer "rabarber.after_initialize" do |app|
       app.config.after_initialize do
-        Rabarber::Core::PermissionsIntegrityChecker.new.run! if Rails.configuration.eager_load
+        Rabarber::Core::PermissionsIntegrityChecker.new.run! if app.config.eager_load
       end
     end
   end

data/lib/rabarber/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Rabarber
-  VERSION = "3.0.1"
+  VERSION = "3.0.2"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rabarber
 version: !ruby/object:Gem::Version
-  version: 3.0.1
+  version: 3.0.2
 platform: ruby
 authors:
 - enjaku4
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-08-14 00:00:00.000000000 Z
+date: 2024-10-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -53,6 +53,7 @@ files:
 - lib/rabarber/controllers/concerns/authorization.rb
 - lib/rabarber/core/access.rb
 - lib/rabarber/core/cache.rb
+- lib/rabarber/core/null_roleable.rb
 - lib/rabarber/core/permissions.rb
 - lib/rabarber/core/permissions_integrity_checker.rb
 - lib/rabarber/core/roleable.rb