rabarber 5.1.1 → 5.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 841b259e40b7e446647ee02fcca64cd183c64978c194edb6917ba344d9f12e92
-  data.tar.gz: 044c1aa8248f7b1b16f1c78648a0b4cafb0451f31d8fed5b72f6d3343a645c48
+  metadata.gz: 70a773c884c0e207de25a518ff864d25ff13cd1a05c712c88efd17d264782d52
+  data.tar.gz: 901200cff398f2355a307aff03c9e63f1bcdbecf07369bf768fe7f12ebed9151
 SHA512:
-  metadata.gz: a0880247a0c7f1af21dbb8099880d24ec200295e54f976855aac577fba55b692fee41a7ddfaf10f83848dfba20e2c0ac8289eb7bc94df21cabceb04da47925c1
-  data.tar.gz: 024e3093a753d53f158532c829ca245b159448d19901d884b4c09518e70b81d39d710ee0867339ca064bc0519fd06ef53a7af507149d29e80a2a2216ad92a096
+  metadata.gz: dd83d11d1c831f3ecb5ea36fb6d650113453f5e30b5cfdfb1affb58a515a5f77da33eb067a03abde379997f47c7e8c44d5abdf05c3a1b363d778215241406ad0
+  data.tar.gz: 130c1c65c3d5bc2e33b788e35f4a790586784ced24a20a110b106303729a2c5a798330e5e05abfe6ebf58902a63761af99909443a92b2dcec496f6d26136926e

data/CHANGELOG.md

@@ -1,3 +1,27 @@
+## v5.2.0
+
+### Features:
+
+- Added `Rabarber.prune` method to allow manual pruning of roles with deleted contexts
+
+### Misc:
+
+- `revoke_all_roles` now returns an empty array instead of `nil` for consistency with other role assignment methods
+- Deprecated the following role management methods in favor of new counterparts:
+  - `Rabarber::Role.names` -> `Rabarber.roles`
+  - `Rabarber::Role.all_names` -> `Rabarber.all_roles`
+  - `Rabarber::Role.add` -> `Rabarber.create_role`
+  - `Rabarber::Role.rename` -> `Rabarber.rename_role`
+  - `Rabarber::Role.remove` -> `Rabarber.delete_role`
+  - `Rabarber::Role.assignees` -> `User.with_role`
+
+## v5.1.2
+
+### Misc:
+
+- Minor performance improvements and code cleanup
+- Relaxed dependency versions
+
 ## v5.1.1
 
 ### Misc:
@@ -28,7 +52,7 @@
 - Added `with_authorization` method for more granular authorization control
 - `Rabarber::Role.rename` and `Rabarber::Role.remove` now require the role to exist
 
-To upgrade to v5.0.0, please refer to the [migration guide](https://github.com/brownboxdev/rabarber/discussions/77)
+To upgrade to v5.0.0, please refer to the [migration guide](https://github.com/enjaku4/rabarber/discussions/77)
 
 ### Features:
 
@@ -133,7 +157,7 @@ To upgrade to v5.0.0, please refer to the [migration guide](https://github.com/b
 
 - Changed Rabarber roles table structure
 
-To upgrade to v3.0.0, please refer to the [migration guide](https://github.com/brownboxdev/rabarber/discussions/58)
+To upgrade to v3.0.0, please refer to the [migration guide](https://github.com/enjaku4/rabarber/discussions/58)
 
 ### Features:
 
@@ -157,7 +181,7 @@ To upgrade to v3.0.0, please refer to the [migration guide](https://github.com/b
 - Replaced `when_unauthorized` configuration option with an overridable controller method
 - Renamed `Rabarber::Role.assignees_for` method to `Rabarber::Role.assignees`
 
-To upgrade to v2.0.0, please refer to the [migration guide](https://github.com/brownboxdev/rabarber/discussions/52)
+To upgrade to v2.0.0, please refer to the [migration guide](https://github.com/enjaku4/rabarber/discussions/52)
 
 ### Features:
 

data/README.md

@@ -1,7 +1,7 @@
 # Rabarber: Role-Based Authorization for Rails
 
 [![Gem Version](https://badge.fury.io/rb/rabarber.svg)](http://badge.fury.io/rb/rabarber)
-[![Github Actions badge](https://github.com/brownboxdev/rabarber/actions/workflows/ci.yml/badge.svg)](https://github.com/brownboxdev/rabarber/actions/workflows/ci.yml)
+[![Github Actions badge](https://github.com/enjaku4/rabarber/actions/workflows/ci.yml/badge.svg)](https://github.com/enjaku4/rabarber/actions/workflows/ci.yml)
 
 Rabarber is a role-based authorization library for Ruby on Rails that focuses on controller-level access control. Rather than answering domain questions like "can this user create a post?", Rabarber answers "can this user access the create post endpoint?", providing a clean separation between authorization and business logic.
 
@@ -25,7 +25,6 @@ Rabarber is a role-based authorization library for Ruby on Rails that focuses on
   - [Multi-tenancy / Context](#multi-tenancy--context)
   - [View Helpers](#view-helpers)
 
-
 **Community Resources:**
   - [Getting Help and Contributing](#getting-help-and-contributing)
   - [License](#license)
@@ -68,13 +67,13 @@ Configure Rabarber in an initializer if customization is needed:
 
 ```rb
 Rabarber.configure do |config|
-  config.cache_enabled = true                 # Enable role caching (default: true)
+  config.cache_enabled = true                 # Enable/disable role caching (default: true)
   config.current_user_method = :current_user  # Method to access current user (default: :current_user)
   config.user_model_name = "User"             # User model name (default: "User")
 end
 ```
 
-To clear the role cache manually:
+Roles are cached by default for performance. To clear the role cache manually:
 
 ```rb
 Rabarber::Cache.clear
@@ -100,17 +99,22 @@ user.revoke_roles(:accountant, :manager)
 user.revoke_all_roles
 ```
 
+All role assignment methods return the list of roles currently assigned to the user.
+
 ### Role Queries
 
 ```rb
 # Check if user has any of the specified roles
 user.has_role?(:accountant, :manager)
 
-# Get user's roles
+# Get user's roles in the global context
 user.roles
 
-# Get all roles grouped by context
+# Get all user's roles grouped by context
 user.all_roles
+
+# Get users with any of the specified roles
+User.with_role(:admin, :manager)
 ```
 
 ## Role Management
@@ -119,24 +123,25 @@ user.all_roles
 
 ```rb
 # Create a new role
-Rabarber::Role.add(:admin)
+Rabarber.create_role(:admin) # => true if created, false if already exists
 
 # Rename a role
-Rabarber::Role.rename(:admin, :administrator)
-Rabarber::Role.rename(:admin, :administrator, force: true) # Force if role is assigned to users
+Rabarber.rename_role(:admin, :administrator) # => true if renamed, false if new name exists or role is assigned
+Rabarber.rename_role(:admin, :administrator, force: true) # Force rename even if role is assigned
 
 # Remove a role
-Rabarber::Role.remove(:admin)
-Rabarber::Role.remove(:admin, force: true) # Force if role is assigned to users
+Rabarber.delete_role(:admin) # => true if deleted, false if role is assigned
+Rabarber.delete_role(:admin, force: true) # Force deletion even if role is assigned
 
-# List available roles
-Rabarber::Role.names
-Rabarber::Role.all_names # All roles grouped by context
+# List available roles in the global context
+Rabarber.roles
 
-# Get users assigned to a role
-Rabarber::Role.assignees(:admin)
+# List all available roles grouped by context
+Rabarber.all_roles
 ```
 
+> **Note:** Some methods have been deprecated in favor of the new API shown above. The deprecated methods still work but will be removed in a future major version. See the [changelog](https://github.com/enjaku4/rabarber/blob/main/CHANGELOG.md#v520) for the complete list of deprecated methods and their new counterparts.
+
 ## Controller Authorization
 
 ### Basic Setup
@@ -155,7 +160,7 @@ class InvoicesController < ApplicationController
 end
 ```
 
-Authorization requires an authenticated user.
+Authorization requires an authenticated user to be present.
 
 ### Skip Authorization
 
@@ -182,9 +187,8 @@ class TicketsController < ApplicationController
     # Accessible to admin, manager, and support roles
   end
 
-  grant_access action: :destroy, roles: :owner, context: -> { Ticket.find(params[:id]) }
   def destroy
-    # Accessible to admin and owner of the ticket
+    # Accessible to admin role only
   end
 end
 ```
@@ -215,7 +219,7 @@ Omit roles to allow unrestricted access:
 
 ```rb
 class UnrestrictedController < ApplicationController
-  grant_access # Allow all users
+  grant_access # Allow all users to access all actions
 end
 
 class MixedController < ApplicationController
@@ -244,14 +248,12 @@ class ApplicationController < ActionController::Base
   private
 
   def when_unauthorized
-    # Default behavior: redirect back (HTML) or return 403 (other formats)
-    # Custom behavior example:
-    head :not_found # Hide existence of protected resources
+    head :not_found # Custom behavior to hide existence of protected resources
   end
 end
 ```
 
-By default, Rabarber will redirect back (HTML format) or return 403 (other formats).
+By default, when unauthorized, Rabarber will redirect back (HTML format) or return 403 (other formats).
 
 ## Dynamic Rules
 
@@ -263,13 +265,13 @@ class OrdersController < ApplicationController
   grant_access roles: :manager, if: :company_manager?, unless: :suspended?
 
   # Proc-based conditions
-  grant_access action: :show, roles: :client, if: -> { current_user.company_id == Order.find(params[:id]).company_id }
+  grant_access action: :show, roles: :client, if: -> { current_user.company == Order.find(params[:id]).company }
   def show
     # Accessible to company managers unless suspended, and to clients if the client's company matches the order's company
   end
 
   # Dynamic-only rules (no roles required, can be used with custom policies)
-  grant_access action: :index, if: -> { OrdersPolicy.new(current_user).can_access?(:index) }
+  grant_access action: :index, if: -> { OrdersPolicy.new(current_user).index? }
   def index
     # Accessible to company managers unless suspended, and to users based on custom policy logic
   end
@@ -288,7 +290,7 @@ end
 
 ## Multi-tenancy / Context
 
-All Rabarber methods accept a `context` parameter, allowing you to work with roles within specific scopes rather than globally.
+All Rabarber methods accept a `context` parameter, allowing you to work with roles within specific scopes. By default, context is `nil`, meaning roles are global.
 
 ### Contextual Role Assignment
 
@@ -297,32 +299,52 @@ All Rabarber methods accept a `context` parameter, allowing you to work with rol
 user.assign_roles(:owner, context: project)
 user.assign_roles(:member, context: project)
 
-# Assign roles within a model class (e.g., project admin)
+# Assign roles within a model class
 user.assign_roles(:admin, context: Project)
 
 # Check contextual roles
 user.has_role?(:owner, context: project)
 user.has_role?(:admin, context: Project)
 
-# Get roles within context
-user.roles(context: project)
-Rabarber::Role.names(context: Project)
+# Revoke roles
+user.revoke_roles(:owner, context: project)
+
+# Get user roles
+user.roles(context: Project)
+
+# Get users with a role
+User.with_role(:member, context: project)
+```
+
+### Contextual Role Management
+
+```rb
+# Create a new role within a context
+Rabarber.create_role(:admin, context: Project)
+
+# Rename a role within a context
+Rabarber.rename_role(:admin, :owner, context: project)
+
+# Remove a contextual role
+Rabarber.delete_role(:admin, context: project)
+
+# List available roles within a specific context
+Rabarber.roles(context: project)
 ```
 
 ### Contextual Authorization
 
 ```rb
 class ProjectsController < ApplicationController
-  # Class-based context
   grant_access roles: :admin, context: Project
 
-  # Instance-based context (method)
+  # Method-based context resolution
   grant_access action: :show, roles: :member, context: :current_project
   def show
     # Accessible to Project admin and members of the current project
   end
 
-  # Instance-based context (proc)
+  # Proc-based context resolution
   grant_access action: :update, roles: :owner, context: -> { Project.find(params[:id]) }
   def update
     # Accessible to Project admin and owner of the current project
@@ -336,16 +358,26 @@ class ProjectsController < ApplicationController
 end
 ```
 
+### Orphaned Context
+
+When a context object is deleted from your database, its associated roles become orphaned and ignored by Rabarber.
+
+To clean up orphaned context roles, use:
+
+```rb
+Rabarber.prune
+```
+
 ### Context Migrations
 
 Handle context changes when models are renamed or removed. These are irreversible data migrations.
 
 ```rb
-# Rename a context class (e.g., when you rename your Project model to Campaign)
-migrate_authorization_context!("Project", "Campaign")
+# Rename a context class (e.g., when you rename your Ticket model to Task)
+migrate_authorization_context!("Ticket", "Task")
 
-# Remove orphaned context data (e.g., when you delete a model entirely)
-delete_authorization_context!("DeletedModel")
+# Remove orphaned context data (e.g., when you delete the Ticket model entirely)
+delete_authorization_context!("Ticket")
 ```
 
 ## View Helpers
@@ -373,22 +405,23 @@ Use conditional rendering based on roles:
   </div>
 <% end %>
 
-<!-- With context -->
 <%= visible_to(:owner, context: @project) do %>
-  <button>Delete Project</button>
+  <div class="project-owner-panel">
+    <!-- Content visible to project owners -->
+  </div>
 <% end %>
 ```
 
 ## Getting Help and Contributing
 
 ### Getting Help
-Have a question or need assistance? Open a discussion in our [discussions section](https://github.com/brownboxdev/rabarber/discussions) for:
+Have a question or need assistance? Open a discussion in our [discussions section](https://github.com/enjaku4/rabarber/discussions) for:
 - Usage questions
 - Implementation guidance
 - Feature suggestions
 
 ### Reporting Issues
-Found a bug? Please [create an issue](https://github.com/brownboxdev/rabarber/issues) with:
+Found a bug? Please [create an issue](https://github.com/enjaku4/rabarber/issues) with:
 - A clear description of the problem
 - Steps to reproduce the issue
 - Your environment details (Rails version, Ruby version, etc.)
@@ -397,21 +430,21 @@ Found a bug? Please [create an issue](https://github.com/brownboxdev/rabarber/is
 Ready to contribute? You can:
 - Fix bugs by submitting pull requests
 - Improve documentation
-- Add new features (please discuss first in our [discussions section](https://github.com/brownboxdev/rabarber/discussions))
+- Add new features (please discuss first in our [discussions section](https://github.com/enjaku4/rabarber/discussions))
 
-Before contributing, please read the [contributing guidelines](https://github.com/brownboxdev/rabarber/blob/main/CONTRIBUTING.md)
+Before contributing, please read the [contributing guidelines](https://github.com/enjaku4/rabarber/blob/main/CONTRIBUTING.md)
 
 ## License
 
-The gem is available as open source under the terms of the [MIT License](https://github.com/brownboxdev/rabarber/blob/main/LICENSE.txt).
+The gem is available as open source under the terms of the [MIT License](https://github.com/enjaku4/rabarber/blob/main/LICENSE.txt).
 
 ## Code of Conduct
 
-Everyone interacting in the Rabarber project is expected to follow the [code of conduct](https://github.com/brownboxdev/rabarber/blob/main/CODE_OF_CONDUCT.md).
+Everyone interacting in the Rabarber project is expected to follow the [code of conduct](https://github.com/enjaku4/rabarber/blob/main/CODE_OF_CONDUCT.md).
 
 ## Old Versions
 
 Only the latest major version is supported. Older versions are obsolete and not maintained, but their READMEs are available here for reference:
 
-[v4.x.x](https://github.com/brownboxdev/rabarber/blob/9353e70281971154d5acd70693620197a132c543/README.md) | [v3.x.x](https://github.com/brownboxdev/rabarber/blob/3bb273de7e342004abc7ef07fa4d0a9a3ce3e249/README.md)
- | [v2.x.x](https://github.com/brownboxdev/rabarber/blob/875b357ea949404ddc3645ad66eddea7ed4e2ee4/README.md) | [v1.x.x](https://github.com/brownboxdev/rabarber/blob/b81428429404e197d70317b763e7b2a21e02c296/README.md)
+[v4.x.x](https://github.com/enjaku4/rabarber/blob/9353e70281971154d5acd70693620197a132c543/README.md) | [v3.x.x](https://github.com/enjaku4/rabarber/blob/3bb273de7e342004abc7ef07fa4d0a9a3ce3e249/README.md)
+ | [v2.x.x](https://github.com/enjaku4/rabarber/blob/875b357ea949404ddc3645ad66eddea7ed4e2ee4/README.md) | [v1.x.x](https://github.com/enjaku4/rabarber/blob/b81428429404e197d70317b763e7b2a21e02c296/README.md)

data/lib/rabarber/configuration.rb

@@ -12,43 +12,39 @@ module Rabarber
             default: true,
             reader: true,
             constructor: -> (value) do
-              Rabarber::Inputs.process(
+              Rabarber::Inputs::Boolean.new(
                 value,
-                as: :boolean,
                 error: Rabarber::ConfigurationError,
                 message: "Invalid configuration `cache_enabled`, expected a boolean, got #{value.inspect}"
-              )
+              ).process
             end
     setting :current_user_method,
             default: :current_user,
             reader: true,
             constructor: -> (value) do
-              Rabarber::Inputs.process(
+              Rabarber::Inputs::Symbol.new(
                 value,
-                as: :symbol,
                 error: Rabarber::ConfigurationError,
                 message: "Invalid configuration `current_user_method`, expected a symbol or a string, got #{value.inspect}"
-              )
+              ).process
             end
     setting :user_model_name,
             default: "User",
             reader: true,
             constructor: -> (value) do
-              Rabarber::Inputs.process(
+              Rabarber::Inputs::NonEmptyString.new(
                 value,
-                as: :string,
                 error: Rabarber::ConfigurationError,
                 message: "Invalid configuration `user_model_name`, expected an ActiveRecord model name, got #{value.inspect}"
-              )
+              ).process
             end
 
     def user_model
-      Rabarber::Inputs.process(
+      Rabarber::Inputs::Model.new(
         user_model_name,
-        as: :model,
         error: Rabarber::ConfigurationError,
         message: "Invalid configuration `user_model_name`, expected an ActiveRecord model name, got #{user_model_name.inspect}"
-      )
+      ).process
     end
   end
 end

data/lib/rabarber/controllers/concerns/authorization.rb

@@ -19,36 +19,35 @@ module Rabarber
       end
 
       def grant_access(action: nil, roles: nil, context: nil, if: nil, unless: nil)
+        if_rule = binding.local_variable_get(:if)
+        unless_rule = binding.local_variable_get(:unless)
+
         Rabarber::Core::Permissions.add(
           self,
-          Rabarber::Inputs.process(
+          Rabarber::Inputs::Symbol.new(
             action,
-            as: :symbol,
             optional: true,
             message: "Expected a symbol or a string, got #{action.inspect}"
-          ),
-          Rabarber::Inputs.process(
+          ).process,
+          Rabarber::Inputs::Roles.new(
             roles,
-            as: :roles,
             message: "Expected an array of symbols or strings containing only lowercase letters, numbers, and underscores, got #{roles.inspect}"
-          ),
-          Rabarber::Inputs.process(
+          ).process,
+          Rabarber::Inputs::Contexts::Authorizational.new(
             context,
-            as: :authorization_context,
+            error: Rabarber::InvalidContextError,
             message: "Expected a Class, an instance of ActiveRecord model, a symbol, a string, or a proc, got #{context.inspect}"
-          ),
-          Rabarber::Inputs.process(
-            binding.local_variable_get(:if),
-            as: :dynamic_rule,
+          ).resolve,
+          Rabarber::Inputs::DynamicRule.new(
+            if_rule,
             optional: true,
-            message: "Expected a symbol, a string, or a proc, got #{binding.local_variable_get(:if).inspect}"
-          ),
-          Rabarber::Inputs.process(
-            binding.local_variable_get(:unless),
-            as: :dynamic_rule,
+            message: "Expected a symbol, a string, or a proc, got #{if_rule.inspect}"
+          ).process,
+          Rabarber::Inputs::DynamicRule.new(
+            unless_rule,
             optional: true,
-            message: "Expected a symbol, a string, or a proc, got #{binding.local_variable_get(:unless).inspect}"
-          )
+            message: "Expected a symbol, a string, or a proc, got #{unless_rule.inspect}"
+          ).process
         )
       end
     end

data/lib/rabarber/core/permissions.rb

@@ -22,7 +22,7 @@ module Rabarber
       class << self
         def add(controller, action, roles, context, dynamic_rule, negated_dynamic_rule)
           rule = Rabarber::Core::Rule.new(roles, context, dynamic_rule, negated_dynamic_rule)
-          action ? action_rules[controller][action] += [rule] : controller_rules[controller] += [rule]
+          action ? action_rules[controller][action] << rule : controller_rules[controller] << rule
         end
 
         def controller_rules

data/lib/rabarber/core/rule.rb

@@ -3,8 +3,6 @@
 module Rabarber
   module Core
     class Rule
-      attr_reader :roles, :context, :dynamic_rule, :negated_dynamic_rule
-
       DEFAULT_DYNAMIC_RULE = -> { true }.freeze
       DEFAULT_NEGATED_DYNAMIC_RULE = -> { false }.freeze
       private_constant :DEFAULT_DYNAMIC_RULE, :DEFAULT_NEGATED_DYNAMIC_RULE
@@ -21,11 +19,11 @@ module Rabarber
       end
 
       def roles_permitted?(roleable, controller_instance)
-        roles.empty? || roleable.has_role?(*roles, context: resolve_context(controller_instance))
+        @roles.empty? || roleable.has_role?(*@roles, context: resolve_context(controller_instance))
       end
 
       def dynamic_rules_followed?(controller_instance)
-        execute_rule(controller_instance, dynamic_rule) && !execute_rule(controller_instance, negated_dynamic_rule)
+        execute_rule(controller_instance, @dynamic_rule) && !execute_rule(controller_instance, @negated_dynamic_rule)
       end
 
       private
@@ -35,12 +33,17 @@ module Rabarber
       end
 
       def resolve_context(controller_instance)
-        resolved_context = case context
-                           when Proc then controller_instance.instance_exec(&context)
-                           when Symbol then controller_instance.send(context)
-                           else context
-                           end
-        Rabarber::Inputs.process(resolved_context, as: :role_context, message: "Expected an instance of ActiveRecord model, a Class, or nil, got #{resolved_context.inspect}")
+        context = case @context
+                  when Proc then controller_instance.instance_exec(&@context)
+                  when Symbol then controller_instance.send(@context)
+                  else @context
+                  end
+
+        Rabarber::Inputs::Context.new(
+          context,
+          error: Rabarber::InvalidContextError,
+          message: "Expected an instance of ActiveRecord model, a Class, or nil, got #{context.inspect}"
+        ).resolve
       end
     end
   end

data/lib/rabarber/inputs/base.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require "dry-types"
+
+module Rabarber
+  module Inputs
+    class Base
+      include Dry.Types()
+
+      def initialize(value, optional: false, error: Rabarber::InvalidArgumentError, message: nil)
+        @value = value
+        @optional = optional
+        @error = error
+        @message = message
+      end
+
+      def process
+        type_checker = @optional ? type.optional : type
+        type_checker[@value]
+      rescue Dry::Types::CoercionError
+        raise_error
+      end
+
+      private
+
+      def type
+        raise NotImplementedError
+      end
+
+      def raise_error
+        raise @error, @message
+      end
+    end
+  end
+end

data/lib/rabarber/inputs/boolean.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Inputs
+    class Boolean < Rabarber::Inputs::Base
+      private
+
+      def type = self.class::Strict::Bool
+    end
+  end
+end

data/lib/rabarber/inputs/context.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Inputs
+    class Context < Rabarber::Inputs::Base
+      def resolve
+        case context = process
+        when nil
+          { context_type: nil, context_id: nil }
+        when Class
+          { context_type: context.to_s, context_id: nil }
+        when ActiveRecord::Base
+          raise_error unless context.persisted?
+          { context_type: context.class.to_s, context_id: context.public_send(context.class.primary_key) }
+        else
+          context
+        end
+      end
+
+      private
+
+      def type
+        self.class::Strict::Class |
+          self.class::Instance(ActiveRecord::Base) |
+          self.class::Hash.schema(
+            context_type: self.class::Strict::String | self.class::Nil,
+            context_id: self.class::Strict::String | self.class::Strict::Integer | self.class::Nil
+          ) |
+          self.class::Nil
+      end
+    end
+  end
+end

data/lib/rabarber/inputs/contexts/authorizational.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Inputs
+    module Contexts
+      class Authorizational < Rabarber::Inputs::Context
+        private
+
+        def type = self.class::Coercible::Symbol.constrained(min_size: 1) | self.class::Instance(Proc) | super
+      end
+    end
+  end
+end

data/lib/rabarber/inputs/dynamic_rule.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Inputs
+    class DynamicRule < Rabarber::Inputs::Base
+      private
+
+      def type = self.class::Coercible::Symbol.constrained(min_size: 1) | self.class::Instance(Proc)
+    end
+  end
+end

data/lib/rabarber/inputs/model.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Inputs
+    class Model < Rabarber::Inputs::Base
+      private
+
+      def type = self.class::Strict::Class.constructor { _1.try(:safe_constantize) }.constrained(lt: ActiveRecord::Base)
+    end
+  end
+end

data/lib/rabarber/inputs/non_empty_string.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Inputs
+    class NonEmptyString < Rabarber::Inputs::Base
+      private
+
+      def type = self.class::Strict::String.constrained(min_size: 1)
+    end
+  end
+end

data/lib/rabarber/inputs/role.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Inputs
+    class Role < Rabarber::Inputs::Base
+      private
+
+      def type = self.class::Coercible::Symbol.constrained(min_size: 1, format: /\A[a-z0-9_]+\z/)
+    end
+  end
+end

data/lib/rabarber/inputs/roles.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Inputs
+    class Roles < Rabarber::Inputs::Base
+      private
+
+      def type
+        self.class::Array.of(self.class::Coercible::Symbol.constrained(min_size: 1, format: /\A[a-z0-9_]+\z/)).constructor { Kernel::Array(_1) }
+      end
+    end
+  end
+end

data/lib/rabarber/inputs/symbol.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Inputs
+    class Symbol < Rabarber::Inputs::Base
+      private
+
+      def type = self.class::Coercible::Symbol.constrained(min_size: 1)
+    end
+  end
+end

data/lib/rabarber/models/concerns/{has_roles.rb → roleable.rb}

@@ -1,17 +1,41 @@
 # frozen_string_literal: true
 
 module Rabarber
-  module HasRoles
+  module Roleable
     extend ActiveSupport::Concern
 
     included do
-      raise Rabarber::Error, "Rabarber::HasRoles can only be included once" if defined?(@@included) && @@included != name
+      raise Rabarber::Error, "Rabarber::Roleable can only be included once" if defined?(@@included) && @@included != name
 
       @@included = name
 
       has_and_belongs_to_many :rabarber_roles, class_name: "Rabarber::Role",
                                                foreign_key: "roleable_id",
                                                join_table: "rabarber_roles_roleables"
+
+      scope :with_role, -> (*role_names, context: nil) {
+        joins(:rabarber_roles).where(
+          rabarber_roles: { name: process_role_names(role_names), **process_context(context) }
+        ).distinct
+      }
+
+      class << self
+        def process_role_names(role_names)
+          Rabarber::Inputs::Roles.new(
+            role_names,
+            message: "Expected an array of symbols or strings containing only lowercase letters, numbers, and underscores, got #{role_names.inspect}"
+          ).process
+        end
+
+        def process_context(context)
+          Rabarber::Inputs::Context.new(
+            context,
+            error: Rabarber::InvalidContextError,
+            message: "Expected an instance of ActiveRecord model, a Class, or nil, got #{context.inspect}"
+          ).resolve
+        end
+      end
+      delegate :process_role_names, :process_context, to: :class, private: true
     end
 
     def roles(context: nil)
@@ -64,13 +88,15 @@ module Rabarber
     end
 
     def revoke_all_roles
-      return if rabarber_roles.none?
+      return [] if rabarber_roles.none?
 
       contexts = all_roles.keys.map { process_context(_1) }
 
       rabarber_roles.clear
 
       delete_roleable_cache(contexts:)
+
+      []
     end
 
     private
@@ -80,22 +106,6 @@ module Rabarber
       new_roles.each { |role_name| Rabarber::Role.create!(name: role_name, **context) }
     end
 
-    def process_role_names(role_names)
-      Rabarber::Inputs.process(
-        role_names,
-        as: :roles,
-        message: "Expected an array of symbols or strings containing only lowercase letters, numbers, and underscores, got #{role_names.inspect}"
-      )
-    end
-
-    def process_context(context)
-      Rabarber::Inputs.process(
-        context,
-        as: :role_context,
-        message: "Expected an instance of ActiveRecord model, a Class, or nil, got #{context.inspect}"
-      )
-    end
-
     def delete_roleable_cache(contexts:)
       Rabarber::Core::Cache.delete(*contexts.map { [roleable_id, _1] }, [roleable_id, :all])
     end

data/lib/rabarber/models/role.rb

@@ -12,10 +12,14 @@ module Rabarber
 
     class << self
       def names(context: nil)
+        deprecation_warning("names", "Rabarber.roles")
+
         where(process_context(context)).pluck(:name).map(&:to_sym)
       end
 
       def all_names
+        deprecation_warning("all_names", "Rabarber.all_roles")
+
         includes(:context).each_with_object({}) do |role, hash|
           (hash[role.context] ||= []) << role.name.to_sym
         rescue ActiveRecord::RecordNotFound
@@ -26,6 +30,8 @@ module Rabarber
       end
 
       def add(name, context: nil)
+        deprecation_warning("add", "Rabarber.create_role")
+
         name = process_role_name(name)
         processed_context = process_context(context)
 
@@ -35,6 +41,8 @@ module Rabarber
       end
 
       def rename(old_name, new_name, context: nil, force: false)
+        deprecation_warning("rename", "Rabarber.rename_role")
+
         processed_context = process_context(context)
         role = find_by(name: process_role_name(old_name), **processed_context)
 
@@ -50,6 +58,8 @@ module Rabarber
       end
 
       def remove(name, context: nil, force: false)
+        deprecation_warning("remove", "Rabarber.delete_role")
+
         processed_context = process_context(context)
         role = find_by(name: process_role_name(name), **processed_context)
 
@@ -63,31 +73,53 @@ module Rabarber
       end
 
       def assignees(name, context: nil)
+        deprecation_warning("assignees", "#{Rabarber::Configuration.user_model_name}.with_role")
+
         find_by(name: process_role_name(name), **process_context(context))&.roleables || Rabarber::Configuration.user_model.none
       end
 
+      def prune
+        orphaned_roles = where.not(context_id: nil).includes(:context).filter_map do |role|
+          !role.context
+        rescue ActiveRecord::RecordNotFound
+          role.id
+        end
+
+        return if orphaned_roles.empty?
+
+        ActiveRecord::Base.transaction do
+          ActiveRecord::Base.connection.execute(
+            ActiveRecord::Base.sanitize_sql(
+              ["DELETE FROM rabarber_roles_roleables WHERE role_id IN (?)", orphaned_roles]
+            )
+          )
+          where(id: orphaned_roles).delete_all
+        end
+      end
+
       private
 
+      def deprecation_warning(method, alternative)
+        ActiveSupport::Deprecation.new("6.0.0", "rabarber").warn("`Rabarber::Role.#{method}` method is deprecated and will be removed in the next major version, use `#{alternative}` instead.") if caller_locations.map(&:label).exclude?(alternative)
+      end
+
       def delete_roleables_cache(role, context:)
-        role.roleables.in_batches(of: 1000) do |batch|
-          Rabarber::Core::Cache.delete(*batch.pluck(:id).flat_map { [[_1, context], [_1, :all]] })
-        end
+        Rabarber::Core::Cache.delete(*role.roleables.pluck(:id).flat_map { [[_1, context], [_1, :all]] })
       end
 
       def process_role_name(name)
-        Rabarber::Inputs.process(
+        Rabarber::Inputs::Role.new(
           name,
-          as: :role,
           message: "Expected a symbol or a string containing only lowercase letters, numbers, and underscores, got #{name.inspect}"
-        )
+        ).process
       end
 
       def process_context(context)
-        Rabarber::Inputs.process(
+        Rabarber::Inputs::Context.new(
           context,
-          as: :role_context,
+          error: Rabarber::InvalidContextError,
           message: "Expected an instance of ActiveRecord model, a Class, or nil, got #{context.inspect}"
-        )
+        ).resolve
       end
     end
 

data/lib/rabarber/railtie.rb

@@ -6,26 +6,18 @@ module Rabarber
   class Railtie < Rails::Railtie
     initializer "rabarber.to_prepare" do |app|
       app.config.to_prepare do
-        unless app.config.eager_load
-          Rabarber::Core::Permissions.reset!
-          ApplicationController.class_eval do
-            before_action :check_integrity
-
-            private
-
-            def check_integrity
-              Rabarber::Core::IntegrityChecker.run!
-            end
+        if ActiveRecord::Base.connection.data_source_exists?("rabarber_roles")
+          Rabarber::Role.where.not(context_type: nil).distinct.pluck(:context_type).each do |context_class|
+            context_class.constantize
+          rescue NameError => e
+            raise Rabarber::Error, "Context not found: class `#{e.name}` may have been renamed or deleted"
           end
         end
-        user_model = Rabarber::Configuration.user_model
-        user_model.include Rabarber::HasRoles unless user_model < Rabarber::HasRoles
-      end
-    end
 
-    initializer "rabarber.after_initialize" do |app|
-      app.config.after_initialize do
-        Rabarber::Core::IntegrityChecker.run! if app.config.eager_load
+        Rabarber::Core::Permissions.reset! unless app.config.eager_load
+
+        user_model = Rabarber::Configuration.user_model
+        user_model.include Rabarber::Roleable unless user_model < Rabarber::Roleable
       end
     end
 

data/lib/rabarber/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Rabarber
-  VERSION = "5.1.1"
+  VERSION = "5.2.0"
 end

data/lib/rabarber.rb

@@ -5,18 +5,37 @@ require_relative "rabarber/version"
 require "active_record"
 require "active_support"
 
-require_relative "rabarber/inputs"
+require_relative "rabarber/inputs/base"
+require_relative "rabarber/inputs/boolean"
+require_relative "rabarber/inputs/context"
+require_relative "rabarber/inputs/contexts/authorizational"
+require_relative "rabarber/inputs/dynamic_rule"
+require_relative "rabarber/inputs/model"
+require_relative "rabarber/inputs/non_empty_string"
+require_relative "rabarber/inputs/role"
+require_relative "rabarber/inputs/roles"
+require_relative "rabarber/inputs/symbol"
 
 require_relative "rabarber/configuration"
 
 module Rabarber
   class Error < StandardError; end
-  class ConfigurationError < Rabarber::Error; end
   class InvalidArgumentError < Rabarber::Error; end
+  class ConfigurationError < Rabarber::InvalidArgumentError; end
+  class InvalidContextError < Rabarber::InvalidArgumentError; end
   class NotFoundError < Rabarber::Error; end
 
   delegate :configure, to: Rabarber::Configuration
   module_function :configure
+
+  class << self
+    def roles(context: nil) = Rabarber::Role.names(context:)
+    def all_roles = Rabarber::Role.all_names
+    def create_role(name, context: nil) = Rabarber::Role.add(name, context:)
+    def rename_role(old_name, new_name, context: nil, force: false) = Rabarber::Role.rename(old_name, new_name, context:, force:)
+    def delete_role(name, context: nil, force: false) = Rabarber::Role.remove(name, context:, force:)
+    def prune = Rabarber::Role.prune
+  end
 end
 
 require_relative "rabarber/core/cache"
@@ -26,10 +45,9 @@ require_relative "rabarber/core/roleable"
 require_relative "rabarber/controllers/concerns/authorization"
 require_relative "rabarber/helpers/helpers"
 require_relative "rabarber/helpers/migration_helpers"
-require_relative "rabarber/models/concerns/has_roles"
+require_relative "rabarber/models/concerns/roleable"
 require_relative "rabarber/models/role"
 
 require_relative "rabarber/core/permissions"
-require_relative "rabarber/core/integrity_checker"
 
 require_relative "rabarber/railtie"

data/rabarber.gemspec

@@ -6,7 +6,7 @@ Gem::Specification.new do |spec|
   spec.name = "rabarber"
   spec.version = Rabarber::VERSION
   spec.authors = ["enjaku4", "trafium"]
-  spec.homepage = "https://github.com/brownboxdev/rabarber"
+  spec.homepage = "https://github.com/enjaku4/rabarber"
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = spec.homepage
   spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/main/CHANGELOG.md"
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
 
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "dry-configurable", "~> 1.3"
-  spec.add_dependency "dry-types", "~> 1.8"
+  spec.add_dependency "dry-configurable", "~> 1.1"
+  spec.add_dependency "dry-types", "~> 1.7"
   spec.add_dependency "rails", ">= 7.1", "< 8.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rabarber
 version: !ruby/object:Gem::Version
-  version: 5.1.1
+  version: 5.2.0
 platform: ruby
 authors:
 - enjaku4
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: dry-types
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '1.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -72,25 +72,33 @@ files:
 - lib/rabarber/controllers/concerns/authorization.rb
 - lib/rabarber/core/access.rb
 - lib/rabarber/core/cache.rb
-- lib/rabarber/core/integrity_checker.rb
 - lib/rabarber/core/permissions.rb
 - lib/rabarber/core/roleable.rb
 - lib/rabarber/core/rule.rb
 - lib/rabarber/helpers/helpers.rb
 - lib/rabarber/helpers/migration_helpers.rb
-- lib/rabarber/inputs.rb
-- lib/rabarber/models/concerns/has_roles.rb
+- lib/rabarber/inputs/base.rb
+- lib/rabarber/inputs/boolean.rb
+- lib/rabarber/inputs/context.rb
+- lib/rabarber/inputs/contexts/authorizational.rb
+- lib/rabarber/inputs/dynamic_rule.rb
+- lib/rabarber/inputs/model.rb
+- lib/rabarber/inputs/non_empty_string.rb
+- lib/rabarber/inputs/role.rb
+- lib/rabarber/inputs/roles.rb
+- lib/rabarber/inputs/symbol.rb
+- lib/rabarber/models/concerns/roleable.rb
 - lib/rabarber/models/role.rb
 - lib/rabarber/railtie.rb
 - lib/rabarber/version.rb
 - rabarber.gemspec
-homepage: https://github.com/brownboxdev/rabarber
+homepage: https://github.com/enjaku4/rabarber
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/brownboxdev/rabarber
-  source_code_uri: https://github.com/brownboxdev/rabarber
-  changelog_uri: https://github.com/brownboxdev/rabarber/blob/main/CHANGELOG.md
+  homepage_uri: https://github.com/enjaku4/rabarber
+  source_code_uri: https://github.com/enjaku4/rabarber
+  changelog_uri: https://github.com/enjaku4/rabarber/blob/main/CHANGELOG.md
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
@@ -109,7 +117,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.7.1
 specification_version: 4
 summary: Simple role-based authorization library for Ruby on Rails
 test_files: []

data/lib/rabarber/core/integrity_checker.rb

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-
-module Rabarber
-  module Core
-    module IntegrityChecker
-      extend self
-
-      def run!
-        check_for_missing_class_context
-        prune_missing_instance_context
-      end
-
-      private
-
-      def check_for_missing_class_context
-        Rabarber::Role.where.not(context_type: nil).distinct.pluck(:context_type).each do |context_class|
-          context_class.constantize
-        rescue NameError => e
-          raise Rabarber::Error, "Context not found: class #{e.name} may have been renamed or deleted"
-        end
-      end
-
-      def prune_missing_instance_context
-        ids = Rabarber::Role.where.not(context_id: nil).includes(:context).filter_map do |role|
-          role.context
-          nil
-        rescue ActiveRecord::RecordNotFound
-          role.id
-        end
-
-        return if ids.empty?
-
-        ActiveRecord::Base.transaction do
-          ActiveRecord::Base.connection.execute(
-            ActiveRecord::Base.sanitize_sql(
-              ["DELETE FROM rabarber_roles_roleables WHERE role_id IN (?)", ids]
-            )
-          )
-          Rabarber::Role.where(id: ids).delete_all
-        end
-      end
-    end
-  end
-end

data/lib/rabarber/inputs.rb

@@ -1,62 +0,0 @@
-# frozen_string_literal: true
-
-require "dry-types"
-
-module Rabarber
-  module Inputs
-    extend self
-
-    include Dry.Types()
-
-    PROC_TYPE = self::Instance(Proc)
-    SYMBOL_TYPE = self::Coercible::Symbol.constrained(min_size: 1)
-    ROLE_TYPE = self::SYMBOL_TYPE.constrained(format: /\A[a-z0-9_]+\z/)
-
-    CONTEXT_TYPE = self::Strict::Class | self::Instance(ActiveRecord::Base) | self::Hash.schema(
-      context_type: self::Strict::String | self::Nil,
-      context_id: self::Strict::String | self::Strict::Integer | self::Nil
-    ) | self::Nil
-
-    TYPES = {
-      boolean: self::Strict::Bool,
-      string: self::Strict::String.constrained(min_size: 1).constructor { _1.is_a?(::String) ? _1.strip : _1 },
-      symbol: self::SYMBOL_TYPE,
-      role: self::ROLE_TYPE,
-      roles: self::Array.of(self::ROLE_TYPE).constructor { Kernel::Array(_1) },
-      model: self::Strict::Class.constructor { _1.try(:safe_constantize) }.constrained(lt: ActiveRecord::Base),
-      dynamic_rule: self::SYMBOL_TYPE | self::PROC_TYPE,
-      role_context: self::CONTEXT_TYPE,
-      authorization_context: self::SYMBOL_TYPE | self::PROC_TYPE | self::CONTEXT_TYPE
-    }.freeze
-
-    def process(value, as:, optional: false, error: Rabarber::InvalidArgumentError, message: nil)
-      checker = type_for(as)
-      checker = checker.optional if optional
-
-      result = checker[value]
-
-      [:role_context, :authorization_context].include?(as) ? resolve_context(result) : result
-    rescue Dry::Types::CoercionError => e
-      raise error, message || e.message
-    end
-
-    private
-
-    def type_for(name) = self::TYPES.fetch(name)
-
-    def resolve_context(value)
-      case value
-      when nil
-        { context_type: nil, context_id: nil }
-      when Class
-        { context_type: value.to_s, context_id: nil }
-      when ActiveRecord::Base
-        raise Dry::Types::CoercionError, "instance context not persisted" unless value.persisted?
-
-        { context_type: value.class.to_s, context_id: value.public_send(value.class.primary_key) }
-      else
-        value
-      end
-    end
-  end
-end