rabarber 5.2.5 → 6.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 23cc4a1c2e65a3b450653b65df49633601756ada11844173b0c6314c41067ca9
-  data.tar.gz: 95153a3172c58bf636cb4d17981ba70336a292368f6bac26c2b6a107c4fcbaaa
+  metadata.gz: b63470cbdf375117e5c901ae46992d0fb85868acedacde3ab17472437d8f4a10
+  data.tar.gz: bba19d48ebad8a6440c70e7555d5befcc9c64f67c0a43f0408cd966f9d24aa15
 SHA512:
-  metadata.gz: 180407341e8e4e700fff624ab12de40d9aa66ed4e132e8ddc92c0c9cb4c010309194e7b37bc825a9a92a0e9baf64022a165788055ccba6b41e60aab8d040fc20
-  data.tar.gz: 882d08be5cab1db66d0056ef5e0ace724d2d8ce633cdf75af808d28980faeadbdf9e56c4362e3b7197a89b0de80925f77b2dafb12c5f6e44b1f21cb43be0730d
+  metadata.gz: 5b43430eb2fc105add42baa08aa12349137f1aab6021d371400cc48c48c134db4c20bd81e3cbff043e63bf6f22161d6645ab57619090bf1c08b905f6be60fbe1
+  data.tar.gz: cb648ea4388e067d1f06d57f2ba9b45fb7139df3a5a1cbb102ae42441730a2a83749b116d468fb0c6d3b9b0be419c010a62c73c3c0be2d90752086aa5f4e8837

data/CHANGELOG.md

@@ -1,3 +1,22 @@
+## v6.0.0
+
+### Breaking:
+
+- Removed methods deprecated in v5.2.0 from the public API
+- Dropped support for Ruby 3.2
+- Dropped support for Rails 7.1
+
+### Bugs:
+
+- Fixed cache clearing not working with Memcached
+
+### Misc:
+
+- Optimized cache key generation
+- Dropped some unnecessary dependencies
+
+To upgrade to v6.0.0, please refer to the [migration guide](https://github.com/enjaku4/rabarber/discussions/101)
+
 ## v5.2.5
 
 ### Misc:

data/README.md

@@ -9,29 +9,23 @@ Rabarber is a role-based authorization library for Ruby on Rails. It provides a
 
 **Example of Usage:**
 
-Consider a CRM system where users with different roles have distinct access levels. For instance, the role `accountant` can access invoice data but not marketing information, while the role `analyst` can view marketing data but not detailed financial records. You can define such authorization rules easily with Rabarber.
-
-___
-
-And this is how your controller might look with Rabarber:
+Consider a CRM system where users with different roles have distinct access levels. For instance, the role `accountant` can access and manage invoice data, while the role `analyst` can only view it. Here's how you'd define that with Rabarber:
 
 ```rb
-class TicketsController < ApplicationController
-  grant_access roles: :admin
+class InvoicesController < ApplicationController
+  grant_access roles: :accountant
 
-  grant_access action: :index, roles: :manager
+  grant_access action: :index, roles: :analyst
   def index
-    # ...
+    # Accessible to accountant and analyst
   end
 
-  def destroy
-    # ...
+  def update
+    # Accessible to accountant only
   end
 end
 ```
 
-This means that `admin` users can access everything in `TicketsController`, while the `manager` role can access only the `index` action.
-
 ## Table of Contents
 
 **Gem Usage:**
@@ -87,9 +81,12 @@ Create an initializer to customize Rabarber's behavior (optional):
 
 ```rb
 Rabarber.configure do |config|
-  config.cache_enabled = true                 # Enable/disable role caching (default: true)
-  config.current_user_method = :current_user  # Method to access current user (default: :current_user)
-  config.user_model_name = "User"             # User model name (default: "User")
+  # Enable/disable role caching (default: true)
+  config.cache_enabled = true
+  # Method to access current user (default: :current_user)
+  config.current_user_method = :current_user
+  # User model name (default: "User")
+  config.user_model_name = "User"
 end
 ```
 
@@ -119,7 +116,7 @@ user.revoke_roles(:admin, :manager)
 user.revoke_all_roles
 ```
 
-All role assignment methods return the list of roles currently assigned to the user.
+All role assignment and revocation methods return the list of roles currently assigned to the user.
 
 ### Role Queries
 
@@ -139,19 +136,26 @@ User.with_role(:admin, :manager)
 
 ## Direct Role Management
 
-You can also manage roles directly:
+You can also directly manage roles available in the application:
 
 ```rb
 # Create a new role
-Rabarber.create_role(:admin) # => true if created, false if already exists
+Rabarber.create_role(:admin)
+# => true if created, false if already exists
 
 # Rename a role
-Rabarber.rename_role(:admin, :administrator) # => true if renamed, false if new name exists or role is assigned
-Rabarber.rename_role(:admin, :administrator, force: true) # Force rename even if role is assigned
+Rabarber.rename_role(:admin, :administrator)
+# => true if renamed, false if new name exists or role is assigned
+
+# Force rename even if role is assigned
+Rabarber.rename_role(:admin, :administrator, force: true)
 
 # Remove a role
-Rabarber.delete_role(:admin) # => true if deleted, false if role is assigned
-Rabarber.delete_role(:admin, force: true) # Force deletion even if role is assigned
+Rabarber.delete_role(:admin)
+# => true if deleted, false if role is assigned
+
+# Force deletion even if role is assigned
+Rabarber.delete_role(:admin, force: true)
 
 # List available roles in the global context
 Rabarber.roles
@@ -160,19 +164,18 @@ Rabarber.roles
 Rabarber.all_roles
 ```
 
-> **Note:** Some methods have been deprecated in favor of the new API shown above. Deprecated methods still work but will be removed in a future major version. See the [changelog](https://github.com/enjaku4/rabarber/blob/main/CHANGELOG.md#v520) for the complete list of deprecated methods and their replacements.
-
 ## Authorization
 
 ### Setup
 
-Include `Rabarber::Authorization` module in your controllers and configure protection:
+Include `Rabarber::Authorization` module in your controllers and configure authorization:
 
 ```rb
 class ApplicationController < ActionController::Base
   include Rabarber::Authorization
 
-  with_authorization # Enable authorization check for all actions in all controllers by default
+  # Enable authorization check for all actions in all controllers by default
+  with_authorization
 end
 ```
 
@@ -180,11 +183,13 @@ You can also enable authorization checks selectively. Both `with_authorization`
 
 ```rb
 class TicketsController < ApplicationController
-  skip_authorization only: [:index, :show] # Skip authorization for specific actions
+  # Skip authorization for specific actions
+  skip_authorization only: [:index, :show]
 end
 
 class InvoicesController < ApplicationController
-  with_authorization except: [:index] # Enable authorization for all actions except index
+  # Enable authorization for all actions except index
+  with_authorization except: [:index]
 end
 ```
 
@@ -192,6 +197,8 @@ Authorization requires an authenticated user. Rabarber will raise an error if no
 
 ### Authorization Rules
 
+Rabarber follows a deny-by-default principle: if no `grant_access` rule is defined for an action or controller, access is denied to everyone.
+
 Define authorization rules using `grant_access`:
 
 ```rb
@@ -211,15 +218,17 @@ class TicketsController < ApplicationController
 end
 ```
 
-Authorization rules are additive - they combine across inheritance chains and when defined multiple times for the same action:
+Authorization rules are additive - they combine across inheritance chains and when defined multiple times for the same action or controller:
 
 ```rb
 class BaseController < ApplicationController
-  grant_access roles: :admin # Admin can access everything
+  # Admin can access everything
+  grant_access roles: :admin
 end
 
 class InvoicesController < BaseController
-  grant_access roles: :accountant # Accountant can also access InvoicesController (along with admin)
+  # Accountant can also access InvoicesController (along with admin)
+  grant_access roles: :accountant
 
   grant_access action: :index, roles: :manager
   grant_access action: :index, roles: :supervisor
@@ -233,16 +242,19 @@ It's possible to omit roles to allow unrestricted access:
 
 ```rb
 class UnrestrictedController < ApplicationController
-  grant_access # Allow all users to access all actions
+  # Allow all users to access all actions
+  grant_access
 end
 
 class MixedController < ApplicationController
-  grant_access action: :index # Unrestricted index action
+  # Unrestricted index action
+  grant_access action: :index
   def index
     # Accessible to all users
   end
 
-  grant_access action: :show, roles: :member # Restricted show action
+  # Restricted show action
+  grant_access action: :show, roles: :member
   def show
     # Accessible to members only
   end
@@ -276,7 +288,7 @@ Dynamic rules can also be used without roles at all, allowing you to define cust
 
 ```rb
 class InvoicesController < ApplicationController
-  grant_access action: :update, unless: -> { Date.current.on_weekend? }
+  grant_access action: :update, unless: -> { invoice.period_closed? }
   def update
     # ...
   end
@@ -289,7 +301,11 @@ class InvoicesController < ApplicationController
   private
 
   def destroy_allowed?
-    InvoicePolicy.new(current_user).destroy?(Invoice.find(params[:id]))
+    InvoicePolicy.new(current_user).destroy?(invoice)
+  end
+
+  def invoice
+    @invoice ||= Invoice.find(params[:id])
   end
 end
 ```
@@ -307,7 +323,8 @@ class ApplicationController < ActionController::Base
   private
 
   def when_unauthorized
-    head :not_found # Custom behavior to hide existence of protected resources
+    # Custom behavior to hide existence of protected resources
+    head :not_found
   end
 end
 ```
@@ -445,7 +462,7 @@ Use conditional rendering based on roles:
 ## Getting Help and Contributing
 
 ### Getting Help
-Have a question or need assistance? Open a discussion in our [discussions section](https://github.com/enjaku4/rabarber/discussions) for:
+Have a question or need assistance? Open a discussion in the [discussions section](https://github.com/enjaku4/rabarber/discussions) for:
 - Usage questions
 - Implementation guidance
 - Feature suggestions
@@ -460,7 +477,7 @@ Found a bug? Please [create an issue](https://github.com/enjaku4/rabarber/issues
 Ready to contribute? You can:
 - Fix bugs by submitting pull requests
 - Improve documentation
-- Add new features (please discuss first in our [discussions section](https://github.com/enjaku4/rabarber/discussions))
+- Add new features (please discuss first in the [discussions section](https://github.com/enjaku4/rabarber/discussions))
 
 Before contributing, please read the [contributing guidelines](https://github.com/enjaku4/rabarber/blob/main/CONTRIBUTING.md)
 
@@ -476,5 +493,5 @@ Everyone interacting in the Rabarber project is expected to follow the [code of
 
 Only the latest major version is supported. Older versions are obsolete and not maintained, but their READMEs are available here for reference:
 
-[v4.x.x](https://github.com/enjaku4/rabarber/blob/9353e70281971154d5acd70693620197a132c543/README.md) | [v3.x.x](https://github.com/enjaku4/rabarber/blob/3bb273de7e342004abc7ef07fa4d0a9a3ce3e249/README.md)
+[v5.x.x](https://github.com/enjaku4/rabarber/blob/12a23858e974f5cc0a4ebddfc18bdf84171dd554/README.md) | [v4.x.x](https://github.com/enjaku4/rabarber/blob/9353e70281971154d5acd70693620197a132c543/README.md) | [v3.x.x](https://github.com/enjaku4/rabarber/blob/3bb273de7e342004abc7ef07fa4d0a9a3ce3e249/README.md)
  | [v2.x.x](https://github.com/enjaku4/rabarber/blob/875b357ea949404ddc3645ad66eddea7ed4e2ee4/README.md) | [v1.x.x](https://github.com/enjaku4/rabarber/blob/b81428429404e197d70317b763e7b2a21e02c296/README.md)

data/lib/rabarber/configuration.rb

@@ -1,43 +1,46 @@
 # frozen_string_literal: true
 
-require "dry-configurable"
+require "singleton"
 
 module Rabarber
-  module Configuration
-    extend Dry::Configurable
-
-    module_function
-
-    setting :cache_enabled,
-            default: true,
-            reader: true,
-            constructor: -> (value) do
-              Rabarber::Inputs::Boolean.new(
-                value,
-                error: Rabarber::ConfigurationError,
-                message: "Invalid configuration `cache_enabled`, expected a boolean, got #{value.inspect}"
-              ).process
-            end
-    setting :current_user_method,
-            default: :current_user,
-            reader: true,
-            constructor: -> (value) do
-              Rabarber::Inputs::Symbol.new(
-                value,
-                error: Rabarber::ConfigurationError,
-                message: "Invalid configuration `current_user_method`, expected a symbol or a string, got #{value.inspect}"
-              ).process
-            end
-    setting :user_model_name,
-            default: "User",
-            reader: true,
-            constructor: -> (value) do
-              Rabarber::Inputs::NonEmptyString.new(
-                value,
-                error: Rabarber::ConfigurationError,
-                message: "Invalid configuration `user_model_name`, expected an ActiveRecord model name, got #{value.inspect}"
-              ).process
-            end
+  class Configuration
+    include Singleton
+
+    attr_reader :cache_enabled, :current_user_method, :user_model_name
+
+    def initialize
+      reset_to_defaults!
+    end
+
+    def cache_enabled=(value)
+      @cache_enabled = Rabarber::Inputs::Boolean.new(
+        value,
+        error: Rabarber::ConfigurationError,
+        message: "Invalid configuration `cache_enabled`, expected a boolean, got #{value.inspect}"
+      ).process
+    end
+
+    def current_user_method=(value)
+      @current_user_method = Rabarber::Inputs::NonEmptySymbol.new(
+        value,
+        error: Rabarber::ConfigurationError,
+        message: "Invalid configuration `current_user_method`, expected a symbol or a string, got #{value.inspect}"
+      ).process
+    end
+
+    def user_model_name=(value)
+      @user_model_name = Rabarber::Inputs::NonEmptyString.new(
+        value,
+        error: Rabarber::ConfigurationError,
+        message: "Invalid configuration `user_model_name`, expected an ActiveRecord model name, got #{value.inspect}"
+      ).process
+    end
+
+    def reset_to_defaults!
+      self.cache_enabled = true
+      self.current_user_method = :current_user
+      self.user_model_name = "User"
+    end
 
     def user_model
       Rabarber::Inputs::Model.new(
@@ -46,5 +49,16 @@ module Rabarber
         message: "Invalid configuration `user_model_name`, expected an ActiveRecord model name, got #{user_model_name.inspect}"
       ).process
     end
+
+    def configure
+      yield self
+    end
+
+    class << self
+      delegate :cache_enabled, :current_user_method, :user_model_name,
+               :cache_enabled=, :current_user_method=, :user_model_name=,
+               :user_model, :reset_to_defaults!, :configure,
+               to: :instance
+    end
   end
 end

data/lib/rabarber/controllers/concerns/authorization.rb

@@ -24,7 +24,7 @@ module Rabarber
 
         Rabarber::Core::Permissions.add(
           self,
-          Rabarber::Inputs::Symbol.new(
+          Rabarber::Inputs::NonEmptySymbol.new(
             action,
             optional: true,
             message: "Expected a symbol or a string, got #{action.inspect}"

data/lib/rabarber/core/cache.rb

@@ -1,38 +1,51 @@
 # frozen_string_literal: true
 
-require "digest/sha2"
+require "digest/md5"
+require "securerandom"
 
 module Rabarber
   module Core
     module Cache
-      module_function
+      extend self
 
-      def fetch(uid, &)
+      def fetch(roleable_id, scope, &)
         return yield unless enabled?
 
-        Rails.cache.fetch(prepare_key(uid), expires_in: 1.hour, race_condition_ttl: 5.seconds, &)
+        Rails.cache.fetch(prepare_key(roleable_id, scope), expires_in: 1.hour, race_condition_ttl: 5.seconds, &)
       end
 
-      def delete(*uids)
+      def delete(*pairs)
         return unless enabled?
 
-        Rails.cache.delete_multi(uids.map { prepare_key(_1) }) if uids.any?
+        Rails.cache.delete_multi(pairs.map { |roleable_id, scope| prepare_key(roleable_id, scope) }) if pairs.any?
       end
 
+      def clear
+        Rails.cache.write(VERSION_KEY, SecureRandom.alphanumeric(8))
+      end
+
+      private
+
       def enabled?
         Rabarber::Configuration.cache_enabled
       end
 
-      def clear
-        Rails.cache.delete_matched(/^#{CACHE_PREFIX}/o)
+      def prepare_key(roleable_id, scope)
+        Digest::MD5.base64digest(Marshal.dump([current_version, roleable_id, scope]))
       end
 
-      def prepare_key(uid)
-        "#{CACHE_PREFIX}:#{Digest::SHA2.hexdigest(Marshal.dump(uid))}"
+      def current_version
+        version = Rails.cache.read(VERSION_KEY).presence
+
+        return version if version
+
+        clear
+
+        Rails.cache.read(VERSION_KEY)
       end
 
-      CACHE_PREFIX = "rabarber"
-      private_constant :CACHE_PREFIX
+      VERSION_KEY = "rabarber"
+      private_constant :VERSION_KEY
     end
   end
 

data/lib/rabarber/inputs/base.rb

@@ -1,12 +1,8 @@
 # frozen_string_literal: true
 
-require "dry-types"
-
 module Rabarber
   module Inputs
     class Base
-      include Dry.Types()
-
       def initialize(value, optional: false, error: Rabarber::InvalidArgumentError, message: nil)
         @value = value
         @optional = optional
@@ -15,15 +11,14 @@ module Rabarber
       end
 
       def process
-        type_checker = @optional ? type.optional : type
-        type_checker[@value]
-      rescue Dry::Types::CoercionError
-        raise_error
+        return @value if @value.nil? && @optional
+
+        validate_and_normalize
       end
 
       private
 
-      def type
+      def validate_and_normalize
         raise NotImplementedError
       end
 

data/lib/rabarber/inputs/boolean.rb

@@ -5,7 +5,7 @@ module Rabarber
     class Boolean < Rabarber::Inputs::Base
       private
 
-      def type = self.class::Strict::Bool
+      def validate_and_normalize = @value == true || @value == false ? @value : raise_error
     end
   end
 end

data/lib/rabarber/inputs/context.rb

@@ -19,14 +19,13 @@ module Rabarber
 
       private
 
-      def type
-        self.class::Strict::Class |
-          self.class::Instance(ActiveRecord::Base) |
-          self.class::Hash.schema(
-            context_type: self.class::Strict::String | self.class::Nil,
-            context_id: self.class::Strict::String | self.class::Strict::Integer | self.class::Nil
-          ) |
-          self.class::Nil
+      def validate_and_normalize
+        return @value if @value.nil?
+        return @value if @value.is_a?(Class)
+        return @value if @value.is_a?(ActiveRecord::Base)
+        return @value if @value in { context_type: String | nil, context_id: String | Integer | nil }
+
+        raise_error
       end
     end
   end

data/lib/rabarber/inputs/contexts/authorizational.rb

@@ -4,9 +4,21 @@ module Rabarber
   module Inputs
     module Contexts
       class Authorizational < Rabarber::Inputs::Context
+        def resolve
+          result = process
+          return result if result.is_a?(Symbol) || result.is_a?(Proc)
+
+          super
+        end
+
         private
 
-        def type = self.class::Coercible::Symbol.constrained(min_size: 1) | self.class::Instance(Proc) | super
+        def validate_and_normalize
+          return @value if @value.is_a?(Proc)
+          return @value.to_sym if (@value.is_a?(String) || @value.is_a?(Symbol)) && @value.present?
+
+          super
+        end
       end
     end
   end

data/lib/rabarber/inputs/dynamic_rule.rb

@@ -5,7 +5,11 @@ module Rabarber
     class DynamicRule < Rabarber::Inputs::Base
       private
 
-      def type = self.class::Coercible::Symbol.constrained(min_size: 1) | self.class::Instance(Proc)
+      def validate_and_normalize
+        return @value if @value.is_a?(Proc)
+
+        Rabarber::Inputs::NonEmptySymbol.new(@value, error: @error, message: @message).process
+      end
     end
   end
 end

data/lib/rabarber/inputs/model.rb

@@ -5,7 +5,12 @@ module Rabarber
     class Model < Rabarber::Inputs::Base
       private
 
-      def type = self.class::Strict::Class.constructor { _1.try(:safe_constantize) }.constrained(lt: ActiveRecord::Base)
+      def validate_and_normalize
+        model = @value.try(:safe_constantize)
+        raise_error unless model.is_a?(Class) && model < ActiveRecord::Base
+
+        model
+      end
     end
   end
 end

data/lib/rabarber/inputs/non_empty_string.rb

@@ -5,7 +5,9 @@ module Rabarber
     class NonEmptyString < Rabarber::Inputs::Base
       private
 
-      def type = self.class::Strict::String.constrained(min_size: 1)
+      def validate_and_normalize
+        @value.is_a?(String) && @value.present? ? @value : raise_error
+      end
     end
   end
 end

data/lib/rabarber/inputs/non_empty_symbol.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Inputs
+    class NonEmptySymbol < Rabarber::Inputs::Base
+      private
+
+      def validate_and_normalize
+        raise_error unless (@value.is_a?(String) || @value.is_a?(Symbol)) && @value.present?
+
+        @value.to_sym
+      end
+    end
+  end
+end

data/lib/rabarber/inputs/role.rb

@@ -5,7 +5,11 @@ module Rabarber
     class Role < Rabarber::Inputs::Base
       private
 
-      def type = self.class::Coercible::Symbol.constrained(min_size: 1, format: /\A[a-z0-9_]+\z/)
+      def validate_and_normalize
+        raise_error unless (@value.is_a?(String) || @value.is_a?(Symbol)) && @value.to_s.match?(/\A[a-z0-9_]+\z/)
+
+        @value.to_sym
+      end
     end
   end
 end

data/lib/rabarber/inputs/roles.rb

@@ -5,8 +5,10 @@ module Rabarber
     class Roles < Rabarber::Inputs::Base
       private
 
-      def type
-        self.class::Array.of(self.class::Coercible::Symbol.constrained(min_size: 1, format: /\A[a-z0-9_]+\z/)).constructor { Kernel::Array(_1) }
+      def validate_and_normalize
+        Array(@value).map do |role|
+          Rabarber::Inputs::Role.new(role, error: @error, message: @message).process
+        end
       end
     end
   end

data/lib/rabarber/models/concerns/roleable.rb

@@ -40,11 +40,11 @@ module Rabarber
 
     def roles(context: nil)
       processed_context = process_context(context)
-      Rabarber::Core::Cache.fetch([roleable_id, processed_context]) { rabarber_roles.names(context: processed_context) }
+      Rabarber::Core::Cache.fetch(roleable_id, processed_context) { rabarber_roles.list(context: processed_context) }
     end
 
     def all_roles
-      Rabarber::Core::Cache.fetch([roleable_id, :all]) { rabarber_roles.all_names }
+      Rabarber::Core::Cache.fetch(roleable_id, :all) { rabarber_roles.list_all }
     end
 
     def has_role?(*role_names, context: nil)
@@ -60,7 +60,7 @@ module Rabarber
       create_new_roles(processed_role_names, context: processed_context) if create_new
 
       roles_to_assign = Rabarber::Role.where(
-        name: (processed_role_names - rabarber_roles.names(context: processed_context)), **processed_context
+        name: (processed_role_names - rabarber_roles.list(context: processed_context)), **processed_context
       )
 
       if roles_to_assign.any?
@@ -76,7 +76,7 @@ module Rabarber
       processed_context = process_context(context)
 
       roles_to_revoke = Rabarber::Role.where(
-        name: processed_role_names.intersection(rabarber_roles.names(context: processed_context)), **processed_context
+        name: processed_role_names.intersection(rabarber_roles.list(context: processed_context)), **processed_context
       )
 
       if roles_to_revoke.any?

data/lib/rabarber/models/role.rb

@@ -11,15 +11,11 @@ module Rabarber
                                         join_table: "rabarber_roles_roleables"
 
     class << self
-      def names(context: nil)
-        deprecation_warning("names", "Rabarber.roles")
-
+      def list(context: nil)
         where(process_context(context)).pluck(:name).map(&:to_sym)
       end
 
-      def all_names
-        deprecation_warning("all_names", "Rabarber.all_roles")
-
+      def list_all
         includes(:context).each_with_object({}) do |role, hash|
           (hash[role.context] ||= []) << role.name.to_sym
         rescue ActiveRecord::RecordNotFound
@@ -29,9 +25,7 @@ module Rabarber
         raise Rabarber::NotFoundError, "Context not found: class #{e.name} may have been renamed or deleted"
       end
 
-      def add(name, context: nil)
-        deprecation_warning("add", "Rabarber.create_role")
-
+      def register(name, context: nil)
         name = process_role_name(name)
         processed_context = process_context(context)
 
@@ -40,9 +34,7 @@ module Rabarber
         !!create!(name:, **processed_context)
       end
 
-      def rename(old_name, new_name, context: nil, force: false)
-        deprecation_warning("rename", "Rabarber.rename_role")
-
+      def amend(old_name, new_name, context: nil, force: false)
         processed_context = process_context(context)
         role = find_by(name: process_role_name(old_name), **processed_context)
 
@@ -57,9 +49,7 @@ module Rabarber
         role.update!(name:)
       end
 
-      def remove(name, context: nil, force: false)
-        deprecation_warning("remove", "Rabarber.delete_role")
-
+      def drop(name, context: nil, force: false)
         processed_context = process_context(context)
         role = find_by(name: process_role_name(name), **processed_context)
 
@@ -72,12 +62,6 @@ module Rabarber
         !!role.destroy!
       end
 
-      def assignees(name, context: nil)
-        deprecation_warning("assignees", "#{Rabarber::Configuration.user_model_name}.with_role")
-
-        find_by(name: process_role_name(name), **process_context(context))&.roleables || Rabarber::Configuration.user_model.none
-      end
-
       def prune
         orphaned_roles = where.not(context_id: nil).includes(:context).filter_map do |role|
           !role.context
@@ -99,14 +83,6 @@ module Rabarber
 
       private
 
-      def deprecation_warning(method, alternative)
-        callers = caller_locations.map(&:label)
-
-        return if callers.include?(alternative) || callers.include?("ActiveRecord::Relation#scoping")
-
-        ActiveSupport::Deprecation.new("6.0.0", "rabarber").warn("`Rabarber::Role.#{method}` method is deprecated and will be removed in the next major version, use `#{alternative}` instead.")
-      end
-
       def delete_roleables_cache(role, context:)
         Rabarber::Core::Cache.delete(*role.roleables.pluck(:id).flat_map { [[_1, context], [_1, :all]] })
       end

data/lib/rabarber/models/role_management.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module RoleManagement
+    def roles(context: nil) = Rabarber::Role.list(context:)
+    def all_roles = Rabarber::Role.list_all
+    def create_role(name, context: nil) = Rabarber::Role.register(name, context:)
+    def rename_role(old_name, new_name, context: nil, force: false) = Rabarber::Role.amend(old_name, new_name, context:, force:)
+    def delete_role(name, context: nil, force: false) = Rabarber::Role.drop(name, context:, force:)
+    def prune = Rabarber::Role.prune # rubocop:disable Rails/Delegate
+  end
+end

data/lib/rabarber/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Rabarber
-  VERSION = "5.2.5"
+  VERSION = "6.0.0"
 end

data/lib/rabarber.rb

@@ -14,7 +14,7 @@ require_relative "rabarber/inputs/model"
 require_relative "rabarber/inputs/non_empty_string"
 require_relative "rabarber/inputs/role"
 require_relative "rabarber/inputs/roles"
-require_relative "rabarber/inputs/symbol"
+require_relative "rabarber/inputs/non_empty_symbol"
 
 require_relative "rabarber/configuration"
 
@@ -27,15 +27,6 @@ module Rabarber
 
   delegate :configure, to: Rabarber::Configuration
   module_function :configure
-
-  class << self
-    def roles(context: nil) = Rabarber::Role.names(context:)
-    def all_roles = Rabarber::Role.all_names
-    def create_role(name, context: nil) = Rabarber::Role.add(name, context:)
-    def rename_role(old_name, new_name, context: nil, force: false) = Rabarber::Role.rename(old_name, new_name, context:, force:)
-    def delete_role(name, context: nil, force: false) = Rabarber::Role.remove(name, context:, force:)
-    def prune = Rabarber::Role.prune
-  end
 end
 
 require_relative "rabarber/core/cache"
@@ -47,6 +38,9 @@ require_relative "rabarber/helpers/helpers"
 require_relative "rabarber/helpers/migration_helpers"
 require_relative "rabarber/models/concerns/roleable"
 require_relative "rabarber/models/role"
+require_relative "rabarber/models/role_management"
+
+Rabarber.extend Rabarber::RoleManagement
 
 require_relative "rabarber/core/permissions"
 

data/rabarber.gemspec

@@ -19,7 +19,7 @@ Gem::Specification.new do |spec|
   spec.summary = "Simple role-based authorization library for Ruby on Rails"
   spec.description = "Simple role-based authorization for Rails applications with multi-tenancy support"
   spec.license = "MIT"
-  spec.required_ruby_version = ">= 3.2", "< 4.1"
+  spec.required_ruby_version = ">= 3.3", "< 4.1"
 
   spec.files = [
     "rabarber.gemspec", "README.md", "CHANGELOG.md", "LICENSE.txt"
@@ -27,7 +27,5 @@ Gem::Specification.new do |spec|
 
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "dry-configurable", "~> 1.1"
-  spec.add_dependency "dry-types", "~> 1.7"
-  spec.add_dependency "rails", ">= 7.1", "< 8.2"
+  spec.add_dependency "rails", ">= 7.2", "< 8.2"
 end

metadata

@@ -1,50 +1,22 @@
 --- !ruby/object:Gem::Specification
 name: rabarber
 version: !ruby/object:Gem::Version
-  version: 5.2.5
+  version: 6.0.0
 platform: ruby
 authors:
 - enjaku4
 - trafium
 bindir: bin
 cert_chain: []
-date: 1980-01-02 00:00:00.000000000 Z
+date: 2026-04-01 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: dry-configurable
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.1'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.1'
-- !ruby/object:Gem::Dependency
-  name: dry-types
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.7'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '7.1'
+        version: '7.2'
     - - "<"
       - !ruby/object:Gem::Version
         version: '8.2'
@@ -54,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '7.1'
+        version: '7.2'
     - - "<"
       - !ruby/object:Gem::Version
         version: '8.2'
@@ -88,11 +60,12 @@ files:
 - lib/rabarber/inputs/dynamic_rule.rb
 - lib/rabarber/inputs/model.rb
 - lib/rabarber/inputs/non_empty_string.rb
+- lib/rabarber/inputs/non_empty_symbol.rb
 - lib/rabarber/inputs/role.rb
 - lib/rabarber/inputs/roles.rb
-- lib/rabarber/inputs/symbol.rb
 - lib/rabarber/models/concerns/roleable.rb
 - lib/rabarber/models/role.rb
+- lib/rabarber/models/role_management.rb
 - lib/rabarber/railtie.rb
 - lib/rabarber/version.rb
 - rabarber.gemspec
@@ -115,7 +88,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '3.2'
+      version: '3.3'
   - - "<"
     - !ruby/object:Gem::Version
       version: '4.1'
@@ -125,7 +98,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.7.2
+rubygems_version: 4.0.8
 specification_version: 4
 summary: Simple role-based authorization library for Ruby on Rails
 test_files: []

data/lib/rabarber/inputs/symbol.rb

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-
-module Rabarber
-  module Inputs
-    class Symbol < Rabarber::Inputs::Base
-      private
-
-      def type = self.class::Coercible::Symbol.constrained(min_size: 1)
-    end
-  end
-end