rabarber 5.2.4 → 6.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0b6af1a1a593e84b481d92883ca7adf385e2ee1fc9a3fb5615818169fc595444
-  data.tar.gz: 97738fdc3bb6e3463b8e331088982a4dcd40e62e4251977ee63cc8b742fcb96a
+  metadata.gz: b63470cbdf375117e5c901ae46992d0fb85868acedacde3ab17472437d8f4a10
+  data.tar.gz: bba19d48ebad8a6440c70e7555d5befcc9c64f67c0a43f0408cd966f9d24aa15
 SHA512:
-  metadata.gz: 535dc707a59522461ad3b5bd26d0e394008454c738ff52e84fa6cd7ebfdd26bb441405326563b2ba4a2229008d0ddcf3b6b426dc9d21186896e53aadf99b5fa6
-  data.tar.gz: b32d8c3983deb895e7cefe2e3d273cbad0542477c1bad134a7681ac5ae1e390725f7e34b964de4c0f264fcb1b0d21546cb70b7d89ca29cb3c513e831d281c89c
+  metadata.gz: 5b43430eb2fc105add42baa08aa12349137f1aab6021d371400cc48c48c134db4c20bd81e3cbff043e63bf6f22161d6645ab57619090bf1c08b905f6be60fbe1
+  data.tar.gz: cb648ea4388e067d1f06d57f2ba9b45fb7139df3a5a1cbb102ae42441730a2a83749b116d468fb0c6d3b9b0be419c010a62c73c3c0be2d90752086aa5f4e8837

data/CHANGELOG.md

@@ -1,3 +1,28 @@
+## v6.0.0
+
+### Breaking:
+
+- Removed methods deprecated in v5.2.0 from the public API
+- Dropped support for Ruby 3.2
+- Dropped support for Rails 7.1
+
+### Bugs:
+
+- Fixed cache clearing not working with Memcached
+
+### Misc:
+
+- Optimized cache key generation
+- Dropped some unnecessary dependencies
+
+To upgrade to v6.0.0, please refer to the [migration guide](https://github.com/enjaku4/rabarber/discussions/101)
+
+## v5.2.5
+
+### Misc:
+
+- Added support for Ruby 4
+
 ## v5.2.4
 
 ### Misc:
@@ -91,7 +116,7 @@ To upgrade to v5.0.0, please refer to the [migration guide](https://github.com/e
 
 - Optimized various parts of the code and database queries for improved performance
 - Streamlined the authorization process by requiring the user to be authenticated before access is verified
-- Rabarber now skips roles with missing instance context and prunes them automatically; missing class context still raises errors
+- Rabarber now skips roles with missing instance context; missing class context still raises errors
 
 ## v4.1.4
 

data/README.md

@@ -5,35 +5,23 @@
 [![Github Actions badge](https://github.com/enjaku4/rabarber/actions/workflows/ci.yml/badge.svg)](https://github.com/enjaku4/rabarber/actions/workflows/ci.yml)
 [![License](https://img.shields.io/github/license/enjaku4/rabarber.svg)](LICENSE)
 
-Rabarber is a role-based authorization library for Ruby on Rails that focuses on controller-level access control. Rather than answering domain questions like "can this user create a post?", Rabarber answers "can this user access the create post endpoint?", providing a clean separation between authorization and business logic. It supports multi-tenancy through contextual roles, dynamic authorization with conditional logic, and includes view helpers for role-based content rendering.
+Rabarber is a role-based authorization library for Ruby on Rails. It provides a set of tools for managing user roles and defining access rules, with support for multi-tenancy through context.
 
 **Example of Usage:**
 
-Consider a CRM system where users with different roles have distinct access levels. For instance, the role `accountant` can interact with invoices but cannot access marketing information, while the role `analyst` has access to marketing-related data. You can define such authorization rules easily with Rabarber.
-
-And here's how your controller might look:
+Consider a CRM system where users with different roles have distinct access levels. For instance, the role `accountant` can access and manage invoice data, while the role `analyst` can only view it. Here's how you'd define that with Rabarber:
 
 ```rb
 class InvoicesController < ApplicationController
-  grant_access roles: :admin # Admin can access everything
+  grant_access roles: :accountant
 
-  grant_access action: :index, roles: [:accountant, :analyst]
+  grant_access action: :index, roles: :analyst
   def index
-    # Accessible to both analysts and accountants
-  end
-
-  grant_access action: :show, roles: :accountant
-  def show
-    # Accessible to accountants
+    # Accessible to accountant and analyst
   end
 
-  grant_access action: :analytics, roles: :analyst
-  def analytics
-    # Accessible to analysts
-  end
-
-  def destroy
-    # Accessible to admins only
+  def update
+    # Accessible to accountant only
   end
 end
 ```
@@ -44,10 +32,11 @@ end
   - [Installation](#installation)
   - [Configuration](#configuration)
   - [User Role Methods](#user-role-methods)
-  - [Role Management](#role-management)
-  - [Controller Authorization](#controller-authorization)
-  - [Dynamic Rules](#dynamic-rules)
-  - [Multi-tenancy / Context](#multi-tenancy--context)
+  - [Direct Role Management](#direct-role-management)
+  - [Authorization](#authorization)
+  - [Dynamic Authorization Rules](#dynamic-authorization-rules)
+  - [When Unauthorized](#when-unauthorized)
+  - [Context / Multi-tenancy](#context--multi-tenancy)
   - [View Helpers](#view-helpers)
 
 **Community Resources:**
@@ -70,7 +59,7 @@ Install the gem:
 bundle install
 ```
 
-Generate the migration for role storage (replace `users` with your user table name if different):
+Generate the migration to store roles (replace `users` with your table name if different):
 
 ```shell
 # For standard integer IDs
@@ -88,17 +77,20 @@ rails db:migrate
 
 ## Configuration
 
-Configure Rabarber in an initializer if customization is needed:
+Create an initializer to customize Rabarber's behavior (optional):
 
 ```rb
 Rabarber.configure do |config|
-  config.cache_enabled = true                 # Enable/disable role caching (default: true)
-  config.current_user_method = :current_user  # Method to access current user (default: :current_user)
-  config.user_model_name = "User"             # User model name (default: "User")
+  # Enable/disable role caching (default: true)
+  config.cache_enabled = true
+  # Method to access current user (default: :current_user)
+  config.current_user_method = :current_user
+  # User model name (default: "User")
+  config.user_model_name = "User"
 end
 ```
 
-Roles are cached by default for performance. To clear the role cache manually:
+Roles are cached by default for better performance. Clear the cache manually when needed:
 
 ```rb
 Rabarber::Cache.clear
@@ -112,19 +104,19 @@ Your user model is automatically augmented with role management methods:
 
 ```rb
 # Assign roles (creates roles if they don't exist)
-user.assign_roles(:accountant, :manager)
+user.assign_roles(:admin, :manager)
 
-# Assign only existing roles
+# Assign only existing roles (don't create new ones)
 user.assign_roles(:accountant, :manager, create_new: false)
 
 # Revoke specific roles
-user.revoke_roles(:accountant, :manager)
+user.revoke_roles(:admin, :manager)
 
 # Revoke all roles
 user.revoke_all_roles
 ```
 
-All role assignment methods return the list of roles currently assigned to the user.
+All role assignment and revocation methods return the list of roles currently assigned to the user.
 
 ### Role Queries
 
@@ -142,21 +134,28 @@ user.all_roles
 User.with_role(:admin, :manager)
 ```
 
-## Role Management
+## Direct Role Management
 
-### Direct Role Operations
+You can also directly manage roles available in the application:
 
 ```rb
 # Create a new role
-Rabarber.create_role(:admin) # => true if created, false if already exists
+Rabarber.create_role(:admin)
+# => true if created, false if already exists
 
 # Rename a role
-Rabarber.rename_role(:admin, :administrator) # => true if renamed, false if new name exists or role is assigned
-Rabarber.rename_role(:admin, :administrator, force: true) # Force rename even if role is assigned
+Rabarber.rename_role(:admin, :administrator)
+# => true if renamed, false if new name exists or role is assigned
+
+# Force rename even if role is assigned
+Rabarber.rename_role(:admin, :administrator, force: true)
 
 # Remove a role
-Rabarber.delete_role(:admin) # => true if deleted, false if role is assigned
-Rabarber.delete_role(:admin, force: true) # Force deletion even if role is assigned
+Rabarber.delete_role(:admin)
+# => true if deleted, false if role is assigned
+
+# Force deletion even if role is assigned
+Rabarber.delete_role(:admin, force: true)
 
 # List available roles in the global context
 Rabarber.roles
@@ -165,41 +164,42 @@ Rabarber.roles
 Rabarber.all_roles
 ```
 
-> **Note:** Some methods have been deprecated in favor of the new API shown above. The deprecated methods still work but will be removed in a future major version. See the [changelog](https://github.com/enjaku4/rabarber/blob/main/CHANGELOG.md#v520) for the complete list of deprecated methods and their new counterparts.
+## Authorization
 
-## Controller Authorization
+### Setup
 
-### Basic Setup
-
-Include the authorization module and configure protection:
+Include `Rabarber::Authorization` module in your controllers and configure authorization:
 
 ```rb
 class ApplicationController < ActionController::Base
   include Rabarber::Authorization
 
-  with_authorization # Enable authorization for all actions
-end
-
-class InvoicesController < ApplicationController
-  with_authorization only: [:update, :destroy] # Selective authorization
+  # Enable authorization check for all actions in all controllers by default
+  with_authorization
 end
 ```
 
-Authorization requires an authenticated user to be present.
-
-### Skip Authorization
-
-You can also selectively skip authorization:
+You can also enable authorization checks selectively. Both `with_authorization` and `skip_authorization` work exactly the same as Rails' `before_action` and `skip_before_action` methods:
 
 ```rb
 class TicketsController < ApplicationController
-  skip_authorization except: [:create, :update, :destroy]
+  # Skip authorization for specific actions
+  skip_authorization only: [:index, :show]
+end
+
+class InvoicesController < ApplicationController
+  # Enable authorization for all actions except index
+  with_authorization except: [:index]
 end
 ```
 
+Authorization requires an authenticated user. Rabarber will raise an error if no user is found via the configured `current_user_method`. Ensure authentication happens before authorization.
+
 ### Authorization Rules
 
-Define access rules using `grant_access`:
+Rabarber follows a deny-by-default principle: if no `grant_access` rule is defined for an action or controller, access is denied to everyone.
+
+Define authorization rules using `grant_access`:
 
 ```rb
 class TicketsController < ApplicationController
@@ -218,17 +218,17 @@ class TicketsController < ApplicationController
 end
 ```
 
-### Additive Rules
-
-Rules are additive across inheritance chains and for the same actions:
+Authorization rules are additive - they combine across inheritance chains and when defined multiple times for the same action or controller:
 
 ```rb
 class BaseController < ApplicationController
-  grant_access roles: :admin # Admin can access everything
+  # Admin can access everything
+  grant_access roles: :admin
 end
 
 class InvoicesController < BaseController
-  grant_access roles: :accountant # Accountant can also access InvoicesController (along with admin)
+  # Accountant can also access InvoicesController (along with admin)
+  grant_access roles: :accountant
 
   grant_access action: :index, roles: :manager
   grant_access action: :index, roles: :supervisor
@@ -238,86 +238,106 @@ class InvoicesController < BaseController
 end
 ```
 
-### Unrestricted Access
-
-Omit roles to allow unrestricted access:
+It's possible to omit roles to allow unrestricted access:
 
 ```rb
 class UnrestrictedController < ApplicationController
-  grant_access # Allow all users to access all actions
+  # Allow all users to access all actions
+  grant_access
 end
 
 class MixedController < ApplicationController
-  grant_access action: :index # Unrestricted index action
+  # Unrestricted index action
+  grant_access action: :index
   def index
     # Accessible to all users
   end
 
-  grant_access action: :show, roles: :member # Restricted show action
+  # Restricted show action
+  grant_access action: :show, roles: :member
   def show
     # Accessible to members only
   end
 end
 ```
 
-### Custom Unauthorized Handling
+## Dynamic Authorization Rules
 
-Override `when_unauthorized` method to customize unauthorized access behavior:
+For more complex scenarios, Rabarber supports dynamic authorization rules:
 
 ```rb
-class ApplicationController < ActionController::Base
-  include Rabarber::Authorization
+class OrdersController < ApplicationController
+  grant_access roles: :manager, unless: -> { current_user.suspended? }
 
-  with_authorization
+  grant_access action: :show, roles: :client, if: :user_company_matches_order?
+  def show
+    # ...
+  end
 
   private
 
-  def when_unauthorized
-    head :not_found # Custom behavior to hide existence of protected resources
+  def user_company_matches_order?
+    current_user.company == Order.find(params[:id]).company
   end
 end
 ```
 
-By default, when unauthorized, Rabarber will redirect back (HTML format) or return 403 (other formats).
-
-## Dynamic Rules
+You can pass a dynamic rule as an `if` or `unless` argument, which can be a symbol or a proc. Symbols refer to instance methods, and procs are evaluated in the controller at request time.
 
-Add conditional logic to authorization rules:
+Dynamic rules can also be used without roles at all, allowing you to define custom logic or even delegate to custom policy objects:
 
 ```rb
-class OrdersController < ApplicationController
-  # Method-based conditions
-  grant_access roles: :manager, if: :company_manager?, unless: :suspended?
-
-  # Proc-based conditions
-  grant_access action: :show, roles: :client, if: -> { current_user.company == Order.find(params[:id]).company }
-  def show
-    # Accessible to company managers unless suspended, and to clients if the client's company matches the order's company
+class InvoicesController < ApplicationController
+  grant_access action: :update, unless: -> { invoice.period_closed? }
+  def update
+    # ...
   end
 
-  # Dynamic-only rules (no roles required, can be used with custom policies)
-  grant_access action: :index, if: -> { OrdersPolicy.new(current_user).index? }
-  def index
-    # Accessible to company managers unless suspended, and to users based on custom policy logic
+  grant_access action: :destroy, if: :destroy_allowed?
+  def destroy
+    # ...
   end
 
   private
 
-  def company_manager?
-    current_user.manager_of?(Company.find(params[:company_id]))
+  def destroy_allowed?
+    InvoicePolicy.new(current_user).destroy?(invoice)
   end
 
-  def suspended?
-    current_user.suspended?
+  def invoice
+    @invoice ||= Invoice.find(params[:id])
   end
 end
 ```
 
-## Multi-tenancy / Context
+## When Unauthorized
 
-All Rabarber methods accept a `context` parameter, allowing you to work with roles within specific scopes. By default, context is `nil`, meaning roles are global.
+By default, when unauthorized, Rabarber will redirect back (HTML format) or return 403 (other formats). You can override `when_unauthorized` method to customize unauthorized access behavior:
 
-### Contextual Role Assignment
+```rb
+class ApplicationController < ActionController::Base
+  include Rabarber::Authorization
+
+  with_authorization
+
+  private
+
+  def when_unauthorized
+    # Custom behavior to hide existence of protected resources
+    head :not_found
+  end
+end
+```
+
+The `when_unauthorized` method can be overridden in any controller to provide controller-specific unauthorized access handling.
+
+## Context / Multi-tenancy
+
+Rabarber supports multi-tenancy through its context feature. All Rabarber methods accept a `context` parameter, allowing you to work with roles within specific scopes. By default, context is `nil`, meaning roles are global. Context can also be an instance of an `ActiveRecord` model or a class.
+
+For example, in a project management app, you might want users to have different roles in different projects - someone could be an `owner` in one project but just a `member` in another.
+
+### Contextual Role Assignment and Queries
 
 ```rb
 # Assign roles within a specific model instance
@@ -335,7 +355,7 @@ user.has_role?(:admin, context: Project)
 user.revoke_roles(:owner, context: project)
 
 # Get user roles
-user.roles(context: Project)
+user.roles(context: project)
 
 # Get users with a role
 User.with_role(:member, context: project)
@@ -359,6 +379,8 @@ Rabarber.roles(context: project)
 
 ### Contextual Authorization
 
+In authorization rules, in addition to specifying context explicitly, you can also provide a proc or a symbol (similar to dynamic rules):
+
 ```rb
 class ProjectsController < ApplicationController
   grant_access roles: :admin, context: Project
@@ -383,11 +405,11 @@ class ProjectsController < ApplicationController
 end
 ```
 
-### Orphaned Context
+### Orphaned Contextual Roles
 
 When a context object is deleted from your database, its associated roles become orphaned and ignored by Rabarber.
 
-To clean up orphaned context roles, use:
+To clean up orphaned roles, use:
 
 ```rb
 Rabarber.prune
@@ -395,13 +417,13 @@ Rabarber.prune
 
 ### Context Migrations
 
-Handle context changes when models are renamed or removed. These are irreversible data migrations.
+When you rename or remove models used as contexts, you need to update Rabarber's stored context data accordingly. Use these irreversible data migrations:
 
 ```rb
 # Rename a context class (e.g., when you rename your Ticket model to Task)
 migrate_authorization_context!("Ticket", "Task")
 
-# Remove orphaned context data (e.g., when you delete the Ticket model entirely)
+# Remove context data (e.g., when you delete the Ticket model entirely)
 delete_authorization_context!("Ticket")
 ```
 
@@ -440,7 +462,7 @@ Use conditional rendering based on roles:
 ## Getting Help and Contributing
 
 ### Getting Help
-Have a question or need assistance? Open a discussion in our [discussions section](https://github.com/enjaku4/rabarber/discussions) for:
+Have a question or need assistance? Open a discussion in the [discussions section](https://github.com/enjaku4/rabarber/discussions) for:
 - Usage questions
 - Implementation guidance
 - Feature suggestions
@@ -455,7 +477,7 @@ Found a bug? Please [create an issue](https://github.com/enjaku4/rabarber/issues
 Ready to contribute? You can:
 - Fix bugs by submitting pull requests
 - Improve documentation
-- Add new features (please discuss first in our [discussions section](https://github.com/enjaku4/rabarber/discussions))
+- Add new features (please discuss first in the [discussions section](https://github.com/enjaku4/rabarber/discussions))
 
 Before contributing, please read the [contributing guidelines](https://github.com/enjaku4/rabarber/blob/main/CONTRIBUTING.md)
 
@@ -471,5 +493,5 @@ Everyone interacting in the Rabarber project is expected to follow the [code of
 
 Only the latest major version is supported. Older versions are obsolete and not maintained, but their READMEs are available here for reference:
 
-[v4.x.x](https://github.com/enjaku4/rabarber/blob/9353e70281971154d5acd70693620197a132c543/README.md) | [v3.x.x](https://github.com/enjaku4/rabarber/blob/3bb273de7e342004abc7ef07fa4d0a9a3ce3e249/README.md)
+[v5.x.x](https://github.com/enjaku4/rabarber/blob/12a23858e974f5cc0a4ebddfc18bdf84171dd554/README.md) | [v4.x.x](https://github.com/enjaku4/rabarber/blob/9353e70281971154d5acd70693620197a132c543/README.md) | [v3.x.x](https://github.com/enjaku4/rabarber/blob/3bb273de7e342004abc7ef07fa4d0a9a3ce3e249/README.md)
  | [v2.x.x](https://github.com/enjaku4/rabarber/blob/875b357ea949404ddc3645ad66eddea7ed4e2ee4/README.md) | [v1.x.x](https://github.com/enjaku4/rabarber/blob/b81428429404e197d70317b763e7b2a21e02c296/README.md)

data/lib/rabarber/configuration.rb

@@ -1,43 +1,46 @@
 # frozen_string_literal: true
 
-require "dry-configurable"
+require "singleton"
 
 module Rabarber
-  module Configuration
-    extend Dry::Configurable
-
-    module_function
-
-    setting :cache_enabled,
-            default: true,
-            reader: true,
-            constructor: -> (value) do
-              Rabarber::Inputs::Boolean.new(
-                value,
-                error: Rabarber::ConfigurationError,
-                message: "Invalid configuration `cache_enabled`, expected a boolean, got #{value.inspect}"
-              ).process
-            end
-    setting :current_user_method,
-            default: :current_user,
-            reader: true,
-            constructor: -> (value) do
-              Rabarber::Inputs::Symbol.new(
-                value,
-                error: Rabarber::ConfigurationError,
-                message: "Invalid configuration `current_user_method`, expected a symbol or a string, got #{value.inspect}"
-              ).process
-            end
-    setting :user_model_name,
-            default: "User",
-            reader: true,
-            constructor: -> (value) do
-              Rabarber::Inputs::NonEmptyString.new(
-                value,
-                error: Rabarber::ConfigurationError,
-                message: "Invalid configuration `user_model_name`, expected an ActiveRecord model name, got #{value.inspect}"
-              ).process
-            end
+  class Configuration
+    include Singleton
+
+    attr_reader :cache_enabled, :current_user_method, :user_model_name
+
+    def initialize
+      reset_to_defaults!
+    end
+
+    def cache_enabled=(value)
+      @cache_enabled = Rabarber::Inputs::Boolean.new(
+        value,
+        error: Rabarber::ConfigurationError,
+        message: "Invalid configuration `cache_enabled`, expected a boolean, got #{value.inspect}"
+      ).process
+    end
+
+    def current_user_method=(value)
+      @current_user_method = Rabarber::Inputs::NonEmptySymbol.new(
+        value,
+        error: Rabarber::ConfigurationError,
+        message: "Invalid configuration `current_user_method`, expected a symbol or a string, got #{value.inspect}"
+      ).process
+    end
+
+    def user_model_name=(value)
+      @user_model_name = Rabarber::Inputs::NonEmptyString.new(
+        value,
+        error: Rabarber::ConfigurationError,
+        message: "Invalid configuration `user_model_name`, expected an ActiveRecord model name, got #{value.inspect}"
+      ).process
+    end
+
+    def reset_to_defaults!
+      self.cache_enabled = true
+      self.current_user_method = :current_user
+      self.user_model_name = "User"
+    end
 
     def user_model
       Rabarber::Inputs::Model.new(
@@ -46,5 +49,16 @@ module Rabarber
         message: "Invalid configuration `user_model_name`, expected an ActiveRecord model name, got #{user_model_name.inspect}"
       ).process
     end
+
+    def configure
+      yield self
+    end
+
+    class << self
+      delegate :cache_enabled, :current_user_method, :user_model_name,
+               :cache_enabled=, :current_user_method=, :user_model_name=,
+               :user_model, :reset_to_defaults!, :configure,
+               to: :instance
+    end
   end
 end

data/lib/rabarber/controllers/concerns/authorization.rb

@@ -24,7 +24,7 @@ module Rabarber
 
         Rabarber::Core::Permissions.add(
           self,
-          Rabarber::Inputs::Symbol.new(
+          Rabarber::Inputs::NonEmptySymbol.new(
             action,
             optional: true,
             message: "Expected a symbol or a string, got #{action.inspect}"
@@ -61,7 +61,7 @@ module Rabarber
     end
 
     def when_unauthorized
-      request.format.html? ? redirect_back(fallback_location: root_path) : head(:forbidden)
+      request.format.html? ? redirect_back_or_to(root_path) : head(:forbidden)
     end
   end
 end

data/lib/rabarber/core/cache.rb

@@ -1,38 +1,51 @@
 # frozen_string_literal: true
 
-require "digest/sha2"
+require "digest/md5"
+require "securerandom"
 
 module Rabarber
   module Core
     module Cache
-      module_function
+      extend self
 
-      def fetch(uid, &)
+      def fetch(roleable_id, scope, &)
         return yield unless enabled?
 
-        Rails.cache.fetch(prepare_key(uid), expires_in: 1.hour, race_condition_ttl: 5.seconds, &)
+        Rails.cache.fetch(prepare_key(roleable_id, scope), expires_in: 1.hour, race_condition_ttl: 5.seconds, &)
       end
 
-      def delete(*uids)
+      def delete(*pairs)
         return unless enabled?
 
-        Rails.cache.delete_multi(uids.map { prepare_key(_1) }) if uids.any?
+        Rails.cache.delete_multi(pairs.map { |roleable_id, scope| prepare_key(roleable_id, scope) }) if pairs.any?
       end
 
+      def clear
+        Rails.cache.write(VERSION_KEY, SecureRandom.alphanumeric(8))
+      end
+
+      private
+
       def enabled?
         Rabarber::Configuration.cache_enabled
       end
 
-      def clear
-        Rails.cache.delete_matched(/^#{CACHE_PREFIX}/o)
+      def prepare_key(roleable_id, scope)
+        Digest::MD5.base64digest(Marshal.dump([current_version, roleable_id, scope]))
       end
 
-      def prepare_key(uid)
-        "#{CACHE_PREFIX}:#{Digest::SHA2.hexdigest(Marshal.dump(uid))}"
+      def current_version
+        version = Rails.cache.read(VERSION_KEY).presence
+
+        return version if version
+
+        clear
+
+        Rails.cache.read(VERSION_KEY)
       end
 
-      CACHE_PREFIX = "rabarber"
-      private_constant :CACHE_PREFIX
+      VERSION_KEY = "rabarber"
+      private_constant :VERSION_KEY
     end
   end
 

data/lib/rabarber/inputs/base.rb

@@ -1,12 +1,8 @@
 # frozen_string_literal: true
 
-require "dry-types"
-
 module Rabarber
   module Inputs
     class Base
-      include Dry.Types()
-
       def initialize(value, optional: false, error: Rabarber::InvalidArgumentError, message: nil)
         @value = value
         @optional = optional
@@ -15,15 +11,14 @@ module Rabarber
       end
 
       def process
-        type_checker = @optional ? type.optional : type
-        type_checker[@value]
-      rescue Dry::Types::CoercionError
-        raise_error
+        return @value if @value.nil? && @optional
+
+        validate_and_normalize
       end
 
       private
 
-      def type
+      def validate_and_normalize
         raise NotImplementedError
       end
 

data/lib/rabarber/inputs/boolean.rb

@@ -5,7 +5,7 @@ module Rabarber
     class Boolean < Rabarber::Inputs::Base
       private
 
-      def type = self.class::Strict::Bool
+      def validate_and_normalize = @value == true || @value == false ? @value : raise_error
     end
   end
 end

data/lib/rabarber/inputs/context.rb

@@ -19,14 +19,13 @@ module Rabarber
 
       private
 
-      def type
-        self.class::Strict::Class |
-          self.class::Instance(ActiveRecord::Base) |
-          self.class::Hash.schema(
-            context_type: self.class::Strict::String | self.class::Nil,
-            context_id: self.class::Strict::String | self.class::Strict::Integer | self.class::Nil
-          ) |
-          self.class::Nil
+      def validate_and_normalize
+        return @value if @value.nil?
+        return @value if @value.is_a?(Class)
+        return @value if @value.is_a?(ActiveRecord::Base)
+        return @value if @value in { context_type: String | nil, context_id: String | Integer | nil }
+
+        raise_error
       end
     end
   end

data/lib/rabarber/inputs/contexts/authorizational.rb

@@ -4,9 +4,21 @@ module Rabarber
   module Inputs
     module Contexts
       class Authorizational < Rabarber::Inputs::Context
+        def resolve
+          result = process
+          return result if result.is_a?(Symbol) || result.is_a?(Proc)
+
+          super
+        end
+
         private
 
-        def type = self.class::Coercible::Symbol.constrained(min_size: 1) | self.class::Instance(Proc) | super
+        def validate_and_normalize
+          return @value if @value.is_a?(Proc)
+          return @value.to_sym if (@value.is_a?(String) || @value.is_a?(Symbol)) && @value.present?
+
+          super
+        end
       end
     end
   end

data/lib/rabarber/inputs/dynamic_rule.rb

@@ -5,7 +5,11 @@ module Rabarber
     class DynamicRule < Rabarber::Inputs::Base
       private
 
-      def type = self.class::Coercible::Symbol.constrained(min_size: 1) | self.class::Instance(Proc)
+      def validate_and_normalize
+        return @value if @value.is_a?(Proc)
+
+        Rabarber::Inputs::NonEmptySymbol.new(@value, error: @error, message: @message).process
+      end
     end
   end
 end

data/lib/rabarber/inputs/model.rb

@@ -5,7 +5,12 @@ module Rabarber
     class Model < Rabarber::Inputs::Base
       private
 
-      def type = self.class::Strict::Class.constructor { _1.try(:safe_constantize) }.constrained(lt: ActiveRecord::Base)
+      def validate_and_normalize
+        model = @value.try(:safe_constantize)
+        raise_error unless model.is_a?(Class) && model < ActiveRecord::Base
+
+        model
+      end
     end
   end
 end

data/lib/rabarber/inputs/non_empty_string.rb

@@ -5,7 +5,9 @@ module Rabarber
     class NonEmptyString < Rabarber::Inputs::Base
       private
 
-      def type = self.class::Strict::String.constrained(min_size: 1)
+      def validate_and_normalize
+        @value.is_a?(String) && @value.present? ? @value : raise_error
+      end
     end
   end
 end

data/lib/rabarber/inputs/non_empty_symbol.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Inputs
+    class NonEmptySymbol < Rabarber::Inputs::Base
+      private
+
+      def validate_and_normalize
+        raise_error unless (@value.is_a?(String) || @value.is_a?(Symbol)) && @value.present?
+
+        @value.to_sym
+      end
+    end
+  end
+end

data/lib/rabarber/inputs/role.rb

@@ -5,7 +5,11 @@ module Rabarber
     class Role < Rabarber::Inputs::Base
       private
 
-      def type = self.class::Coercible::Symbol.constrained(min_size: 1, format: /\A[a-z0-9_]+\z/)
+      def validate_and_normalize
+        raise_error unless (@value.is_a?(String) || @value.is_a?(Symbol)) && @value.to_s.match?(/\A[a-z0-9_]+\z/)
+
+        @value.to_sym
+      end
     end
   end
 end

data/lib/rabarber/inputs/roles.rb

@@ -5,8 +5,10 @@ module Rabarber
     class Roles < Rabarber::Inputs::Base
       private
 
-      def type
-        self.class::Array.of(self.class::Coercible::Symbol.constrained(min_size: 1, format: /\A[a-z0-9_]+\z/)).constructor { Kernel::Array(_1) }
+      def validate_and_normalize
+        Array(@value).map do |role|
+          Rabarber::Inputs::Role.new(role, error: @error, message: @message).process
+        end
       end
     end
   end

data/lib/rabarber/models/concerns/roleable.rb

@@ -40,11 +40,11 @@ module Rabarber
 
     def roles(context: nil)
       processed_context = process_context(context)
-      Rabarber::Core::Cache.fetch([roleable_id, processed_context]) { rabarber_roles.names(context: processed_context) }
+      Rabarber::Core::Cache.fetch(roleable_id, processed_context) { rabarber_roles.list(context: processed_context) }
     end
 
     def all_roles
-      Rabarber::Core::Cache.fetch([roleable_id, :all]) { rabarber_roles.all_names }
+      Rabarber::Core::Cache.fetch(roleable_id, :all) { rabarber_roles.list_all }
     end
 
     def has_role?(*role_names, context: nil)
@@ -60,7 +60,7 @@ module Rabarber
       create_new_roles(processed_role_names, context: processed_context) if create_new
 
       roles_to_assign = Rabarber::Role.where(
-        name: (processed_role_names - rabarber_roles.names(context: processed_context)), **processed_context
+        name: (processed_role_names - rabarber_roles.list(context: processed_context)), **processed_context
       )
 
       if roles_to_assign.any?
@@ -76,7 +76,7 @@ module Rabarber
       processed_context = process_context(context)
 
       roles_to_revoke = Rabarber::Role.where(
-        name: processed_role_names.intersection(rabarber_roles.names(context: processed_context)), **processed_context
+        name: processed_role_names.intersection(rabarber_roles.list(context: processed_context)), **processed_context
       )
 
       if roles_to_revoke.any?

data/lib/rabarber/models/role.rb

@@ -11,15 +11,11 @@ module Rabarber
                                         join_table: "rabarber_roles_roleables"
 
     class << self
-      def names(context: nil)
-        deprecation_warning("names", "Rabarber.roles")
-
+      def list(context: nil)
         where(process_context(context)).pluck(:name).map(&:to_sym)
       end
 
-      def all_names
-        deprecation_warning("all_names", "Rabarber.all_roles")
-
+      def list_all
         includes(:context).each_with_object({}) do |role, hash|
           (hash[role.context] ||= []) << role.name.to_sym
         rescue ActiveRecord::RecordNotFound
@@ -29,9 +25,7 @@ module Rabarber
         raise Rabarber::NotFoundError, "Context not found: class #{e.name} may have been renamed or deleted"
       end
 
-      def add(name, context: nil)
-        deprecation_warning("add", "Rabarber.create_role")
-
+      def register(name, context: nil)
         name = process_role_name(name)
         processed_context = process_context(context)
 
@@ -40,9 +34,7 @@ module Rabarber
         !!create!(name:, **processed_context)
       end
 
-      def rename(old_name, new_name, context: nil, force: false)
-        deprecation_warning("rename", "Rabarber.rename_role")
-
+      def amend(old_name, new_name, context: nil, force: false)
         processed_context = process_context(context)
         role = find_by(name: process_role_name(old_name), **processed_context)
 
@@ -57,9 +49,7 @@ module Rabarber
         role.update!(name:)
       end
 
-      def remove(name, context: nil, force: false)
-        deprecation_warning("remove", "Rabarber.delete_role")
-
+      def drop(name, context: nil, force: false)
         processed_context = process_context(context)
         role = find_by(name: process_role_name(name), **processed_context)
 
@@ -72,12 +62,6 @@ module Rabarber
         !!role.destroy!
       end
 
-      def assignees(name, context: nil)
-        deprecation_warning("assignees", "#{Rabarber::Configuration.user_model_name}.with_role")
-
-        find_by(name: process_role_name(name), **process_context(context))&.roleables || Rabarber::Configuration.user_model.none
-      end
-
       def prune
         orphaned_roles = where.not(context_id: nil).includes(:context).filter_map do |role|
           !role.context
@@ -99,14 +83,6 @@ module Rabarber
 
       private
 
-      def deprecation_warning(method, alternative)
-        callers = caller_locations.map(&:label)
-
-        return if callers.include?(alternative) || callers.include?("ActiveRecord::Relation#scoping")
-
-        ActiveSupport::Deprecation.new("6.0.0", "rabarber").warn("`Rabarber::Role.#{method}` method is deprecated and will be removed in the next major version, use `#{alternative}` instead.")
-      end
-
       def delete_roleables_cache(role, context:)
         Rabarber::Core::Cache.delete(*role.roleables.pluck(:id).flat_map { [[_1, context], [_1, :all]] })
       end

data/lib/rabarber/models/role_management.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module RoleManagement
+    def roles(context: nil) = Rabarber::Role.list(context:)
+    def all_roles = Rabarber::Role.list_all
+    def create_role(name, context: nil) = Rabarber::Role.register(name, context:)
+    def rename_role(old_name, new_name, context: nil, force: false) = Rabarber::Role.amend(old_name, new_name, context:, force:)
+    def delete_role(name, context: nil, force: false) = Rabarber::Role.drop(name, context:, force:)
+    def prune = Rabarber::Role.prune # rubocop:disable Rails/Delegate
+  end
+end

data/lib/rabarber/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Rabarber
-  VERSION = "5.2.4"
+  VERSION = "6.0.0"
 end

data/lib/rabarber.rb

@@ -14,7 +14,7 @@ require_relative "rabarber/inputs/model"
 require_relative "rabarber/inputs/non_empty_string"
 require_relative "rabarber/inputs/role"
 require_relative "rabarber/inputs/roles"
-require_relative "rabarber/inputs/symbol"
+require_relative "rabarber/inputs/non_empty_symbol"
 
 require_relative "rabarber/configuration"
 
@@ -27,15 +27,6 @@ module Rabarber
 
   delegate :configure, to: Rabarber::Configuration
   module_function :configure
-
-  class << self
-    def roles(context: nil) = Rabarber::Role.names(context:)
-    def all_roles = Rabarber::Role.all_names
-    def create_role(name, context: nil) = Rabarber::Role.add(name, context:)
-    def rename_role(old_name, new_name, context: nil, force: false) = Rabarber::Role.rename(old_name, new_name, context:, force:)
-    def delete_role(name, context: nil, force: false) = Rabarber::Role.remove(name, context:, force:)
-    def prune = Rabarber::Role.prune
-  end
 end
 
 require_relative "rabarber/core/cache"
@@ -47,6 +38,9 @@ require_relative "rabarber/helpers/helpers"
 require_relative "rabarber/helpers/migration_helpers"
 require_relative "rabarber/models/concerns/roleable"
 require_relative "rabarber/models/role"
+require_relative "rabarber/models/role_management"
+
+Rabarber.extend Rabarber::RoleManagement
 
 require_relative "rabarber/core/permissions"
 

data/rabarber.gemspec

@@ -6,18 +6,20 @@ Gem::Specification.new do |spec|
   spec.name = "rabarber"
   spec.version = Rabarber::VERSION
   spec.authors = ["enjaku4", "trafium"]
-  spec.email = ["enjaku4@icloud.com"]
+  spec.email = ["contact@brownbox.dev"]
   spec.homepage = "https://github.com/enjaku4/rabarber"
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = spec.homepage
   spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/main/CHANGELOG.md"
   spec.metadata["bug_tracker_uri"] = "#{spec.homepage}/issues"
   spec.metadata["documentation_uri"] = "#{spec.homepage}/blob/main/README.md"
+  spec.metadata["mailing_list_uri"] = "#{spec.homepage}/discussions"
+  spec.metadata["funding_uri"] = "https://github.com/sponsors/enjaku4"
   spec.metadata["rubygems_mfa_required"] = "true"
   spec.summary = "Simple role-based authorization library for Ruby on Rails"
-  spec.description = "Rabarber provides role-based authorization for Ruby on Rails applications with support for multi-tenancy, dynamic rules, and clean controller-level access control that separates authorization from business logic"
+  spec.description = "Simple role-based authorization for Rails applications with multi-tenancy support"
   spec.license = "MIT"
-  spec.required_ruby_version = ">= 3.2", "< 3.5"
+  spec.required_ruby_version = ">= 3.3", "< 4.1"
 
   spec.files = [
     "rabarber.gemspec", "README.md", "CHANGELOG.md", "LICENSE.txt"
@@ -25,7 +27,5 @@ Gem::Specification.new do |spec|
 
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "dry-configurable", "~> 1.1"
-  spec.add_dependency "dry-types", "~> 1.7"
-  spec.add_dependency "rails", ">= 7.1", "< 8.2"
+  spec.add_dependency "rails", ">= 7.2", "< 8.2"
 end

metadata

@@ -1,50 +1,22 @@
 --- !ruby/object:Gem::Specification
 name: rabarber
 version: !ruby/object:Gem::Version
-  version: 5.2.4
+  version: 6.0.0
 platform: ruby
 authors:
 - enjaku4
 - trafium
 bindir: bin
 cert_chain: []
-date: 1980-01-02 00:00:00.000000000 Z
+date: 2026-04-01 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: dry-configurable
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.1'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.1'
-- !ruby/object:Gem::Dependency
-  name: dry-types
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.7'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '7.1'
+        version: '7.2'
     - - "<"
       - !ruby/object:Gem::Version
         version: '8.2'
@@ -54,15 +26,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '7.1'
+        version: '7.2'
     - - "<"
       - !ruby/object:Gem::Version
         version: '8.2'
-description: Rabarber provides role-based authorization for Ruby on Rails applications
-  with support for multi-tenancy, dynamic rules, and clean controller-level access
-  control that separates authorization from business logic
+description: Simple role-based authorization for Rails applications with multi-tenancy
+  support
 email:
-- enjaku4@icloud.com
+- contact@brownbox.dev
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -89,11 +60,12 @@ files:
 - lib/rabarber/inputs/dynamic_rule.rb
 - lib/rabarber/inputs/model.rb
 - lib/rabarber/inputs/non_empty_string.rb
+- lib/rabarber/inputs/non_empty_symbol.rb
 - lib/rabarber/inputs/role.rb
 - lib/rabarber/inputs/roles.rb
-- lib/rabarber/inputs/symbol.rb
 - lib/rabarber/models/concerns/roleable.rb
 - lib/rabarber/models/role.rb
+- lib/rabarber/models/role_management.rb
 - lib/rabarber/railtie.rb
 - lib/rabarber/version.rb
 - rabarber.gemspec
@@ -106,6 +78,8 @@ metadata:
   changelog_uri: https://github.com/enjaku4/rabarber/blob/main/CHANGELOG.md
   bug_tracker_uri: https://github.com/enjaku4/rabarber/issues
   documentation_uri: https://github.com/enjaku4/rabarber/blob/main/README.md
+  mailing_list_uri: https://github.com/enjaku4/rabarber/discussions
+  funding_uri: https://github.com/sponsors/enjaku4
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
@@ -114,17 +88,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '3.2'
+      version: '3.3'
   - - "<"
     - !ruby/object:Gem::Version
-      version: '3.5'
+      version: '4.1'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.7.2
+rubygems_version: 4.0.8
 specification_version: 4
 summary: Simple role-based authorization library for Ruby on Rails
 test_files: []

data/lib/rabarber/inputs/symbol.rb

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-
-module Rabarber
-  module Inputs
-    class Symbol < Rabarber::Inputs::Base
-      private
-
-      def type = self.class::Coercible::Symbol.constrained(min_size: 1)
-    end
-  end
-end