rabarber 5.1.2 → 5.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bcf3063fc3e0bb700ae4e372cec9807b3796863f8e94e5b2f8e79d9594d50b10
-  data.tar.gz: 82abf396141f483ca0ec10982bb9ef35ea8a1d79f0a1e111f2c8b483a0e480e5
+  metadata.gz: 86f27dfa62e1520493b6803b3e7fcc55025ff07af38d3b7f5fd60b0d8bcbe548
+  data.tar.gz: 7ef5aacdb3f9fb3a95b799307a74c7e9764167613cfa1506f4bf75205af84ecc
 SHA512:
-  metadata.gz: 023fddca28a49a89534c1d5c0b716e7f518a3a975e2b6a5883f156f75acd73a28564b475080fd5abdf7ffce294b21c1af07be276141ac747d92b9087b8cbac96
-  data.tar.gz: 7ae10c74e73ee844d22011a6678a8b9af579d2657d3020fe28958912c3b4a1fb033ed0a11c7af126c7367e30fcd54a1058f529b39acf0cac31391f5bc0a76146
+  metadata.gz: 15ea45c42082ba4c4832c6dc58b2f70a2b35b5d206bf428faae89ce4646a5a666edd025f434d51b8c531077e4425f2b7e8a2b9208b412495971777bee79d1916
+  data.tar.gz: 9f7883fe80aa5a24ab7ccbe6fe751c28f08138b1e7f291ef831572c3530d6b0bdfe9e99ba281f9ee0dd4fcdfd56119713b87779fa455651d3f3d2a1b55733008

data/CHANGELOG.md

@@ -1,3 +1,26 @@
+## v5.2.1
+
+### Bugs:
+
+- Fixed error raised on Rails console commands when the database was not yet set up
+
+## v5.2.0
+
+### Features:
+
+- Added `Rabarber.prune` method to allow manual pruning of roles with deleted contexts
+
+### Misc:
+
+- `revoke_all_roles` now returns an empty array instead of `nil` for consistency with other role assignment methods
+- Deprecated the following role management methods in favor of new counterparts:
+  - `Rabarber::Role.names` -> `Rabarber.roles`
+  - `Rabarber::Role.all_names` -> `Rabarber.all_roles`
+  - `Rabarber::Role.add` -> `Rabarber.create_role`
+  - `Rabarber::Role.rename` -> `Rabarber.rename_role`
+  - `Rabarber::Role.remove` -> `Rabarber.delete_role`
+  - `Rabarber::Role.assignees` -> `User.with_role`
+
 ## v5.1.2
 
 ### Misc:
@@ -35,7 +58,7 @@
 - Added `with_authorization` method for more granular authorization control
 - `Rabarber::Role.rename` and `Rabarber::Role.remove` now require the role to exist
 
-To upgrade to v5.0.0, please refer to the [migration guide](https://github.com/brownboxdev/rabarber/discussions/77)
+To upgrade to v5.0.0, please refer to the [migration guide](https://github.com/enjaku4/rabarber/discussions/77)
 
 ### Features:
 
@@ -140,7 +163,7 @@ To upgrade to v5.0.0, please refer to the [migration guide](https://github.com/b
 
 - Changed Rabarber roles table structure
 
-To upgrade to v3.0.0, please refer to the [migration guide](https://github.com/brownboxdev/rabarber/discussions/58)
+To upgrade to v3.0.0, please refer to the [migration guide](https://github.com/enjaku4/rabarber/discussions/58)
 
 ### Features:
 
@@ -164,7 +187,7 @@ To upgrade to v3.0.0, please refer to the [migration guide](https://github.com/b
 - Replaced `when_unauthorized` configuration option with an overridable controller method
 - Renamed `Rabarber::Role.assignees_for` method to `Rabarber::Role.assignees`
 
-To upgrade to v2.0.0, please refer to the [migration guide](https://github.com/brownboxdev/rabarber/discussions/52)
+To upgrade to v2.0.0, please refer to the [migration guide](https://github.com/enjaku4/rabarber/discussions/52)
 
 ### Features:
 

data/README.md

@@ -1,7 +1,7 @@
 # Rabarber: Role-Based Authorization for Rails
 
 [![Gem Version](https://badge.fury.io/rb/rabarber.svg)](http://badge.fury.io/rb/rabarber)
-[![Github Actions badge](https://github.com/brownboxdev/rabarber/actions/workflows/ci.yml/badge.svg)](https://github.com/brownboxdev/rabarber/actions/workflows/ci.yml)
+[![Github Actions badge](https://github.com/enjaku4/rabarber/actions/workflows/ci.yml/badge.svg)](https://github.com/enjaku4/rabarber/actions/workflows/ci.yml)
 
 Rabarber is a role-based authorization library for Ruby on Rails that focuses on controller-level access control. Rather than answering domain questions like "can this user create a post?", Rabarber answers "can this user access the create post endpoint?", providing a clean separation between authorization and business logic.
 
@@ -25,7 +25,6 @@ Rabarber is a role-based authorization library for Ruby on Rails that focuses on
   - [Multi-tenancy / Context](#multi-tenancy--context)
   - [View Helpers](#view-helpers)
 
-
 **Community Resources:**
   - [Getting Help and Contributing](#getting-help-and-contributing)
   - [License](#license)
@@ -68,13 +67,13 @@ Configure Rabarber in an initializer if customization is needed:
 
 ```rb
 Rabarber.configure do |config|
-  config.cache_enabled = true                 # Enable role caching (default: true)
+  config.cache_enabled = true                 # Enable/disable role caching (default: true)
   config.current_user_method = :current_user  # Method to access current user (default: :current_user)
   config.user_model_name = "User"             # User model name (default: "User")
 end
 ```
 
-To clear the role cache manually:
+Roles are cached by default for performance. To clear the role cache manually:
 
 ```rb
 Rabarber::Cache.clear
@@ -100,17 +99,22 @@ user.revoke_roles(:accountant, :manager)
 user.revoke_all_roles
 ```
 
+All role assignment methods return the list of roles currently assigned to the user.
+
 ### Role Queries
 
 ```rb
 # Check if user has any of the specified roles
 user.has_role?(:accountant, :manager)
 
-# Get user's roles
+# Get user's roles in the global context
 user.roles
 
-# Get all roles grouped by context
+# Get all user's roles grouped by context
 user.all_roles
+
+# Get users with any of the specified roles
+User.with_role(:admin, :manager)
 ```
 
 ## Role Management
@@ -119,24 +123,25 @@ user.all_roles
 
 ```rb
 # Create a new role
-Rabarber::Role.add(:admin)
+Rabarber.create_role(:admin) # => true if created, false if already exists
 
 # Rename a role
-Rabarber::Role.rename(:admin, :administrator)
-Rabarber::Role.rename(:admin, :administrator, force: true) # Force if role is assigned to users
+Rabarber.rename_role(:admin, :administrator) # => true if renamed, false if new name exists or role is assigned
+Rabarber.rename_role(:admin, :administrator, force: true) # Force rename even if role is assigned
 
 # Remove a role
-Rabarber::Role.remove(:admin)
-Rabarber::Role.remove(:admin, force: true) # Force if role is assigned to users
+Rabarber.delete_role(:admin) # => true if deleted, false if role is assigned
+Rabarber.delete_role(:admin, force: true) # Force deletion even if role is assigned
 
-# List available roles
-Rabarber::Role.names
-Rabarber::Role.all_names # All roles grouped by context
+# List available roles in the global context
+Rabarber.roles
 
-# Get users assigned to a role
-Rabarber::Role.assignees(:admin)
+# List all available roles grouped by context
+Rabarber.all_roles
 ```
 
+> **Note:** Some methods have been deprecated in favor of the new API shown above. The deprecated methods still work but will be removed in a future major version. See the [changelog](https://github.com/enjaku4/rabarber/blob/main/CHANGELOG.md#v520) for the complete list of deprecated methods and their new counterparts.
+
 ## Controller Authorization
 
 ### Basic Setup
@@ -155,7 +160,7 @@ class InvoicesController < ApplicationController
 end
 ```
 
-Authorization requires an authenticated user.
+Authorization requires an authenticated user to be present.
 
 ### Skip Authorization
 
@@ -181,6 +186,10 @@ class TicketsController < ApplicationController
   def index
     # Accessible to admin, manager, and support roles
   end
+
+  def destroy
+    # Accessible to admin role only
+  end
 end
 ```
 
@@ -210,7 +219,7 @@ Omit roles to allow unrestricted access:
 
 ```rb
 class UnrestrictedController < ApplicationController
-  grant_access # Allow all users
+  grant_access # Allow all users to access all actions
 end
 
 class MixedController < ApplicationController
@@ -244,7 +253,7 @@ class ApplicationController < ActionController::Base
 end
 ```
 
-By default, Rabarber will redirect back (HTML format) or return 403 (other formats).
+By default, when unauthorized, Rabarber will redirect back (HTML format) or return 403 (other formats).
 
 ## Dynamic Rules
 
@@ -256,13 +265,13 @@ class OrdersController < ApplicationController
   grant_access roles: :manager, if: :company_manager?, unless: :suspended?
 
   # Proc-based conditions
-  grant_access action: :show, roles: :client, if: -> { current_user.company_id == Order.find(params[:id]).company_id }
+  grant_access action: :show, roles: :client, if: -> { current_user.company == Order.find(params[:id]).company }
   def show
     # Accessible to company managers unless suspended, and to clients if the client's company matches the order's company
   end
 
   # Dynamic-only rules (no roles required, can be used with custom policies)
-  grant_access action: :index, if: -> { OrdersPolicy.new(current_user).can_access?(:index) }
+  grant_access action: :index, if: -> { OrdersPolicy.new(current_user).index? }
   def index
     # Accessible to company managers unless suspended, and to users based on custom policy logic
   end
@@ -290,35 +299,52 @@ All Rabarber methods accept a `context` parameter, allowing you to work with rol
 user.assign_roles(:owner, context: project)
 user.assign_roles(:member, context: project)
 
-# Assign roles within a model class (e.g., project admin)
+# Assign roles within a model class
 user.assign_roles(:admin, context: Project)
 
 # Check contextual roles
 user.has_role?(:owner, context: project)
 user.has_role?(:admin, context: Project)
 
-# Revoke roles within a specific context
+# Revoke roles
 user.revoke_roles(:owner, context: project)
 
-# Get roles within context
-user.roles(context: project)
-Rabarber::Role.names(context: Project)
+# Get user roles
+user.roles(context: Project)
+
+# Get users with a role
+User.with_role(:member, context: project)
+```
+
+### Contextual Role Management
+
+```rb
+# Create a new role within a context
+Rabarber.create_role(:admin, context: Project)
+
+# Rename a role within a context
+Rabarber.rename_role(:admin, :owner, context: project)
+
+# Remove a contextual role
+Rabarber.delete_role(:admin, context: project)
+
+# List available roles within a specific context
+Rabarber.roles(context: project)
 ```
 
 ### Contextual Authorization
 
 ```rb
 class ProjectsController < ApplicationController
-  # Class-based context
   grant_access roles: :admin, context: Project
 
-  # Instance-based context (method)
+  # Method-based context resolution
   grant_access action: :show, roles: :member, context: :current_project
   def show
     # Accessible to Project admin and members of the current project
   end
 
-  # Instance-based context (proc)
+  # Proc-based context resolution
   grant_access action: :update, roles: :owner, context: -> { Project.find(params[:id]) }
   def update
     # Accessible to Project admin and owner of the current project
@@ -332,6 +358,16 @@ class ProjectsController < ApplicationController
 end
 ```
 
+### Orphaned Context
+
+When a context object is deleted from your database, its associated roles become orphaned and ignored by Rabarber.
+
+To clean up orphaned context roles, use:
+
+```rb
+Rabarber.prune
+```
+
 ### Context Migrations
 
 Handle context changes when models are renamed or removed. These are irreversible data migrations.
@@ -369,22 +405,23 @@ Use conditional rendering based on roles:
   </div>
 <% end %>
 
-<!-- With context -->
 <%= visible_to(:owner, context: @project) do %>
-  <button>Delete Project</button>
+  <div class="project-owner-panel">
+    <!-- Content visible to project owners -->
+  </div>
 <% end %>
 ```
 
 ## Getting Help and Contributing
 
 ### Getting Help
-Have a question or need assistance? Open a discussion in our [discussions section](https://github.com/brownboxdev/rabarber/discussions) for:
+Have a question or need assistance? Open a discussion in our [discussions section](https://github.com/enjaku4/rabarber/discussions) for:
 - Usage questions
 - Implementation guidance
 - Feature suggestions
 
 ### Reporting Issues
-Found a bug? Please [create an issue](https://github.com/brownboxdev/rabarber/issues) with:
+Found a bug? Please [create an issue](https://github.com/enjaku4/rabarber/issues) with:
 - A clear description of the problem
 - Steps to reproduce the issue
 - Your environment details (Rails version, Ruby version, etc.)
@@ -393,21 +430,21 @@ Found a bug? Please [create an issue](https://github.com/brownboxdev/rabarber/is
 Ready to contribute? You can:
 - Fix bugs by submitting pull requests
 - Improve documentation
-- Add new features (please discuss first in our [discussions section](https://github.com/brownboxdev/rabarber/discussions))
+- Add new features (please discuss first in our [discussions section](https://github.com/enjaku4/rabarber/discussions))
 
-Before contributing, please read the [contributing guidelines](https://github.com/brownboxdev/rabarber/blob/main/CONTRIBUTING.md)
+Before contributing, please read the [contributing guidelines](https://github.com/enjaku4/rabarber/blob/main/CONTRIBUTING.md)
 
 ## License
 
-The gem is available as open source under the terms of the [MIT License](https://github.com/brownboxdev/rabarber/blob/main/LICENSE.txt).
+The gem is available as open source under the terms of the [MIT License](https://github.com/enjaku4/rabarber/blob/main/LICENSE.txt).
 
 ## Code of Conduct
 
-Everyone interacting in the Rabarber project is expected to follow the [code of conduct](https://github.com/brownboxdev/rabarber/blob/main/CODE_OF_CONDUCT.md).
+Everyone interacting in the Rabarber project is expected to follow the [code of conduct](https://github.com/enjaku4/rabarber/blob/main/CODE_OF_CONDUCT.md).
 
 ## Old Versions
 
 Only the latest major version is supported. Older versions are obsolete and not maintained, but their READMEs are available here for reference:
 
-[v4.x.x](https://github.com/brownboxdev/rabarber/blob/9353e70281971154d5acd70693620197a132c543/README.md) | [v3.x.x](https://github.com/brownboxdev/rabarber/blob/3bb273de7e342004abc7ef07fa4d0a9a3ce3e249/README.md)
- | [v2.x.x](https://github.com/brownboxdev/rabarber/blob/875b357ea949404ddc3645ad66eddea7ed4e2ee4/README.md) | [v1.x.x](https://github.com/brownboxdev/rabarber/blob/b81428429404e197d70317b763e7b2a21e02c296/README.md)
+[v4.x.x](https://github.com/enjaku4/rabarber/blob/9353e70281971154d5acd70693620197a132c543/README.md) | [v3.x.x](https://github.com/enjaku4/rabarber/blob/3bb273de7e342004abc7ef07fa4d0a9a3ce3e249/README.md)
+ | [v2.x.x](https://github.com/enjaku4/rabarber/blob/875b357ea949404ddc3645ad66eddea7ed4e2ee4/README.md) | [v1.x.x](https://github.com/enjaku4/rabarber/blob/b81428429404e197d70317b763e7b2a21e02c296/README.md)

data/lib/rabarber/inputs/boolean.rb

@@ -2,7 +2,7 @@
 
 module Rabarber
   module Inputs
-    class Boolean < Base
+    class Boolean < Rabarber::Inputs::Base
       private
 
       def type = self.class::Strict::Bool

data/lib/rabarber/inputs/context.rb

@@ -2,7 +2,7 @@
 
 module Rabarber
   module Inputs
-    class Context < Base
+    class Context < Rabarber::Inputs::Base
       def resolve
         case context = process
         when nil

data/lib/rabarber/inputs/contexts/authorizational.rb

@@ -3,7 +3,7 @@
 module Rabarber
   module Inputs
     module Contexts
-      class Authorizational < Context
+      class Authorizational < Rabarber::Inputs::Context
         private
 
         def type = self.class::Coercible::Symbol.constrained(min_size: 1) | self.class::Instance(Proc) | super

data/lib/rabarber/inputs/dynamic_rule.rb

@@ -2,7 +2,7 @@
 
 module Rabarber
   module Inputs
-    class DynamicRule < Base
+    class DynamicRule < Rabarber::Inputs::Base
       private
 
       def type = self.class::Coercible::Symbol.constrained(min_size: 1) | self.class::Instance(Proc)

data/lib/rabarber/inputs/model.rb

@@ -2,7 +2,7 @@
 
 module Rabarber
   module Inputs
-    class Model < Base
+    class Model < Rabarber::Inputs::Base
       private
 
       def type = self.class::Strict::Class.constructor { _1.try(:safe_constantize) }.constrained(lt: ActiveRecord::Base)

data/lib/rabarber/inputs/non_empty_string.rb

@@ -2,7 +2,7 @@
 
 module Rabarber
   module Inputs
-    class NonEmptyString < Base
+    class NonEmptyString < Rabarber::Inputs::Base
       private
 
       def type = self.class::Strict::String.constrained(min_size: 1)

data/lib/rabarber/inputs/role.rb

@@ -2,7 +2,7 @@
 
 module Rabarber
   module Inputs
-    class Role < Base
+    class Role < Rabarber::Inputs::Base
       private
 
       def type = self.class::Coercible::Symbol.constrained(min_size: 1, format: /\A[a-z0-9_]+\z/)

data/lib/rabarber/inputs/roles.rb

@@ -2,7 +2,7 @@
 
 module Rabarber
   module Inputs
-    class Roles < Base
+    class Roles < Rabarber::Inputs::Base
       private
 
       def type

data/lib/rabarber/inputs/symbol.rb

@@ -2,7 +2,7 @@
 
 module Rabarber
   module Inputs
-    class Symbol < Base
+    class Symbol < Rabarber::Inputs::Base
       private
 
       def type = self.class::Coercible::Symbol.constrained(min_size: 1)

data/lib/rabarber/models/concerns/{has_roles.rb → roleable.rb}

@@ -1,17 +1,41 @@
 # frozen_string_literal: true
 
 module Rabarber
-  module HasRoles
+  module Roleable
     extend ActiveSupport::Concern
 
     included do
-      raise Rabarber::Error, "Rabarber::HasRoles can only be included once" if defined?(@@included) && @@included != name
+      raise Rabarber::Error, "Rabarber::Roleable can only be included once" if defined?(@@included) && @@included != name
 
       @@included = name
 
       has_and_belongs_to_many :rabarber_roles, class_name: "Rabarber::Role",
                                                foreign_key: "roleable_id",
                                                join_table: "rabarber_roles_roleables"
+
+      scope :with_role, -> (*role_names, context: nil) {
+        joins(:rabarber_roles).where(
+          rabarber_roles: { name: process_role_names(role_names), **process_context(context) }
+        ).distinct
+      }
+
+      class << self
+        def process_role_names(role_names)
+          Rabarber::Inputs::Roles.new(
+            role_names,
+            message: "Expected an array of symbols or strings containing only lowercase letters, numbers, and underscores, got #{role_names.inspect}"
+          ).process
+        end
+
+        def process_context(context)
+          Rabarber::Inputs::Context.new(
+            context,
+            error: Rabarber::InvalidContextError,
+            message: "Expected an instance of ActiveRecord model, a Class, or nil, got #{context.inspect}"
+          ).resolve
+        end
+      end
+      delegate :process_role_names, :process_context, to: :class, private: true
     end
 
     def roles(context: nil)
@@ -64,13 +88,15 @@ module Rabarber
     end
 
     def revoke_all_roles
-      return if rabarber_roles.none?
+      return [] if rabarber_roles.none?
 
       contexts = all_roles.keys.map { process_context(_1) }
 
       rabarber_roles.clear
 
       delete_roleable_cache(contexts:)
+
+      []
     end
 
     private
@@ -80,21 +106,6 @@ module Rabarber
       new_roles.each { |role_name| Rabarber::Role.create!(name: role_name, **context) }
     end
 
-    def process_role_names(role_names)
-      Rabarber::Inputs::Roles.new(
-        role_names,
-        message: "Expected an array of symbols or strings containing only lowercase letters, numbers, and underscores, got #{role_names.inspect}"
-      ).process
-    end
-
-    def process_context(context)
-      Rabarber::Inputs::Context.new(
-        context,
-        error: Rabarber::InvalidContextError,
-        message: "Expected an instance of ActiveRecord model, a Class, or nil, got #{context.inspect}"
-      ).resolve
-    end
-
     def delete_roleable_cache(contexts:)
       Rabarber::Core::Cache.delete(*contexts.map { [roleable_id, _1] }, [roleable_id, :all])
     end

data/lib/rabarber/models/role.rb

@@ -12,10 +12,14 @@ module Rabarber
 
     class << self
       def names(context: nil)
+        deprecation_warning("names", "Rabarber.roles")
+
         where(process_context(context)).pluck(:name).map(&:to_sym)
       end
 
       def all_names
+        deprecation_warning("all_names", "Rabarber.all_roles")
+
         includes(:context).each_with_object({}) do |role, hash|
           (hash[role.context] ||= []) << role.name.to_sym
         rescue ActiveRecord::RecordNotFound
@@ -26,6 +30,8 @@ module Rabarber
       end
 
       def add(name, context: nil)
+        deprecation_warning("add", "Rabarber.create_role")
+
         name = process_role_name(name)
         processed_context = process_context(context)
 
@@ -35,6 +41,8 @@ module Rabarber
       end
 
       def rename(old_name, new_name, context: nil, force: false)
+        deprecation_warning("rename", "Rabarber.rename_role")
+
         processed_context = process_context(context)
         role = find_by(name: process_role_name(old_name), **processed_context)
 
@@ -50,6 +58,8 @@ module Rabarber
       end
 
       def remove(name, context: nil, force: false)
+        deprecation_warning("remove", "Rabarber.delete_role")
+
         processed_context = process_context(context)
         role = find_by(name: process_role_name(name), **processed_context)
 
@@ -63,11 +73,36 @@ module Rabarber
       end
 
       def assignees(name, context: nil)
+        deprecation_warning("assignees", "#{Rabarber::Configuration.user_model_name}.with_role")
+
         find_by(name: process_role_name(name), **process_context(context))&.roleables || Rabarber::Configuration.user_model.none
       end
 
+      def prune
+        orphaned_roles = where.not(context_id: nil).includes(:context).filter_map do |role|
+          !role.context
+        rescue ActiveRecord::RecordNotFound
+          role.id
+        end
+
+        return if orphaned_roles.empty?
+
+        ActiveRecord::Base.transaction do
+          ActiveRecord::Base.connection.execute(
+            ActiveRecord::Base.sanitize_sql(
+              ["DELETE FROM rabarber_roles_roleables WHERE role_id IN (?)", orphaned_roles]
+            )
+          )
+          where(id: orphaned_roles).delete_all
+        end
+      end
+
       private
 
+      def deprecation_warning(method, alternative)
+        ActiveSupport::Deprecation.new("6.0.0", "rabarber").warn("`Rabarber::Role.#{method}` method is deprecated and will be removed in the next major version, use `#{alternative}` instead.") if caller_locations.map(&:label).exclude?(alternative)
+      end
+
       def delete_roleables_cache(role, context:)
         Rabarber::Core::Cache.delete(*role.roleables.pluck(:id).flat_map { [[_1, context], [_1, :all]] })
       end

data/lib/rabarber/railtie.rb

@@ -4,28 +4,26 @@ require "rails/railtie"
 
 module Rabarber
   class Railtie < Rails::Railtie
+    def self.table_exists?
+      ActiveRecord::Base.connection.data_source_exists?("rabarber_roles")
+    rescue ActiveRecord::NoDatabaseError, ActiveRecord::ConnectionNotEstablished
+      false
+    end
+
     initializer "rabarber.to_prepare" do |app|
       app.config.to_prepare do
-        unless app.config.eager_load
-          Rabarber::Core::Permissions.reset!
-          ApplicationController.class_eval do
-            before_action :check_integrity
-
-            private
-
-            def check_integrity
-              Rabarber::Core::IntegrityChecker.run!
-            end
+        if Rabarber::Railtie.table_exists?
+          Rabarber::Role.where.not(context_type: nil).distinct.pluck(:context_type).each do |context_class|
+            context_class.constantize
+          rescue NameError => e
+            raise Rabarber::Error, "Context not found: class `#{e.name}` may have been renamed or deleted"
           end
         end
-        user_model = Rabarber::Configuration.user_model
-        user_model.include Rabarber::HasRoles unless user_model < Rabarber::HasRoles
-      end
-    end
 
-    initializer "rabarber.after_initialize" do |app|
-      app.config.after_initialize do
-        Rabarber::Core::IntegrityChecker.run! if app.config.eager_load
+        Rabarber::Core::Permissions.reset! unless app.config.eager_load
+
+        user_model = Rabarber::Configuration.user_model
+        user_model.include Rabarber::Roleable unless user_model < Rabarber::Roleable
       end
     end
 

data/lib/rabarber/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Rabarber
-  VERSION = "5.1.2"
+  VERSION = "5.2.1"
 end

data/lib/rabarber.rb

@@ -27,6 +27,15 @@ module Rabarber
 
   delegate :configure, to: Rabarber::Configuration
   module_function :configure
+
+  class << self
+    def roles(context: nil) = Rabarber::Role.names(context:)
+    def all_roles = Rabarber::Role.all_names
+    def create_role(name, context: nil) = Rabarber::Role.add(name, context:)
+    def rename_role(old_name, new_name, context: nil, force: false) = Rabarber::Role.rename(old_name, new_name, context:, force:)
+    def delete_role(name, context: nil, force: false) = Rabarber::Role.remove(name, context:, force:)
+    def prune = Rabarber::Role.prune
+  end
 end
 
 require_relative "rabarber/core/cache"
@@ -36,10 +45,9 @@ require_relative "rabarber/core/roleable"
 require_relative "rabarber/controllers/concerns/authorization"
 require_relative "rabarber/helpers/helpers"
 require_relative "rabarber/helpers/migration_helpers"
-require_relative "rabarber/models/concerns/has_roles"
+require_relative "rabarber/models/concerns/roleable"
 require_relative "rabarber/models/role"
 
 require_relative "rabarber/core/permissions"
-require_relative "rabarber/core/integrity_checker"
 
 require_relative "rabarber/railtie"

data/rabarber.gemspec

@@ -6,7 +6,7 @@ Gem::Specification.new do |spec|
   spec.name = "rabarber"
   spec.version = Rabarber::VERSION
   spec.authors = ["enjaku4", "trafium"]
-  spec.homepage = "https://github.com/brownboxdev/rabarber"
+  spec.homepage = "https://github.com/enjaku4/rabarber"
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = spec.homepage
   spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/main/CHANGELOG.md"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rabarber
 version: !ruby/object:Gem::Version
-  version: 5.1.2
+  version: 5.2.1
 platform: ruby
 authors:
 - enjaku4
@@ -72,7 +72,6 @@ files:
 - lib/rabarber/controllers/concerns/authorization.rb
 - lib/rabarber/core/access.rb
 - lib/rabarber/core/cache.rb
-- lib/rabarber/core/integrity_checker.rb
 - lib/rabarber/core/permissions.rb
 - lib/rabarber/core/roleable.rb
 - lib/rabarber/core/rule.rb
@@ -88,18 +87,18 @@ files:
 - lib/rabarber/inputs/role.rb
 - lib/rabarber/inputs/roles.rb
 - lib/rabarber/inputs/symbol.rb
-- lib/rabarber/models/concerns/has_roles.rb
+- lib/rabarber/models/concerns/roleable.rb
 - lib/rabarber/models/role.rb
 - lib/rabarber/railtie.rb
 - lib/rabarber/version.rb
 - rabarber.gemspec
-homepage: https://github.com/brownboxdev/rabarber
+homepage: https://github.com/enjaku4/rabarber
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/brownboxdev/rabarber
-  source_code_uri: https://github.com/brownboxdev/rabarber
-  changelog_uri: https://github.com/brownboxdev/rabarber/blob/main/CHANGELOG.md
+  homepage_uri: https://github.com/enjaku4/rabarber
+  source_code_uri: https://github.com/enjaku4/rabarber
+  changelog_uri: https://github.com/enjaku4/rabarber/blob/main/CHANGELOG.md
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
@@ -118,7 +117,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.7.1
 specification_version: 4
 summary: Simple role-based authorization library for Ruby on Rails
 test_files: []

data/lib/rabarber/core/integrity_checker.rb

@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-
-module Rabarber
-  module Core
-    module IntegrityChecker
-      extend self
-
-      def run!
-        check_for_missing_class_context
-        prune_missing_instance_context
-      end
-
-      private
-
-      def check_for_missing_class_context
-        Rabarber::Role.where.not(context_type: nil).distinct.pluck(:context_type).each do |context_class|
-          context_class.constantize
-        rescue NameError => e
-          raise Rabarber::Error, "Context not found: class #{e.name} may have been renamed or deleted"
-        end
-      end
-
-      def prune_missing_instance_context
-        ids = Rabarber::Role.where.not(context_id: nil).includes(:context).filter_map do |role|
-          role.context
-          nil
-        rescue ActiveRecord::RecordNotFound
-          role.id
-        end
-
-        return if ids.empty?
-
-        ActiveRecord::Base.transaction do
-          ActiveRecord::Base.connection.execute(
-            ActiveRecord::Base.sanitize_sql(
-              ["DELETE FROM rabarber_roles_roleables WHERE role_id IN (?)", ids]
-            )
-          )
-          Rabarber::Role.where(id: ids).delete_all
-        end
-      end
-    end
-  end
-end