rabarber 1.2.0 → 1.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e7eaa4eaef0f5c6d072e3a5b545b0ce152651df15b521be933aac78e1add85ba
-  data.tar.gz: d0557fcd900f2bebd58f6489c2f3f79c2f95c7c14bbeeeb59a294fdfcbcb3f49
+  metadata.gz: 3ae0f6a7f272a6d718ddf591e61b236a20b26da7c7eddc56f838637e6fd16b72
+  data.tar.gz: 07bb483c2ed0fc8e04b12fab9183d333cddae5ef4d3b3690d98119e1d9d97c5b
 SHA512:
-  metadata.gz: cadc08751bf39ab0c6eb8a357854fe00bb478533a7f5a7e0760929d6acedad0fcecb31e17c21c980c764d59302a569df74e847f09c778b2e3f1c257c520c4336
-  data.tar.gz: 7067e81820ce07c0929e3f18ad079c9cfa44b0dc473138b042e4e882b8db1cda17bbc680a431634c42695434a088605fd897ab4a2e25a4d4d2b9bac7c8180fd5
+  metadata.gz: 8c87020ec8feb37dc344f332843eb49498197edbeab72d3c7b57edfb5e727029627aa5b8289fa506bdcb262d2df47fc378ca3d17f138879b3a64e51e998d22ab
+  data.tar.gz: d4e83ff02a8dfc17e8a2706756fa84f4e93035bd09c98455e8f5f2eb92f9c48636135200ed42fe6b6a6bda94671c187de97c1a85d6a21425d93191423c38711f

data/CHANGELOG.md

@@ -1,7 +1,14 @@
+## 1.2.1
+
+- Cache roles to avoid unnecessary database queries
+- Introduce `cache_enabled` configuration option allowing to enable or disable role caching
+- Enhance the migration generator so that it can receive the table name of the model representing users in the application as an argument
+- Various minor improvements
+
 ## 1.2.0
 
-- Enhance handling of missing actions and roles specified in `grant_access` method by raising an error for missing actions and logging a warning for missing roles.
-- Introduce `when_actions_missing` and `when_roles_missing` configuration options, allowing to customize the behavior when actions or roles are not found.
+- Enhance handling of missing actions and roles specified in `grant_access` method by raising an error for missing actions and logging a warning for missing roles
+- Introduce `when_actions_missing` and `when_roles_missing` configuration options, allowing to customize the behavior when actions or roles are not found
 
 ## 1.1.0
 

data/LICENSE.txt

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2023 enjaku4, trafium
+Copyright (c) 2023 enjaku4 (https://github.com/enjaku4), trafium (https://github.com/trafium)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -3,7 +3,9 @@
 [![Gem Version](https://badge.fury.io/rb/rabarber.svg)](http://badge.fury.io/rb/rabarber)
 [![Github Actions badge](https://github.com/enjaku4/rabarber/actions/workflows/ci.yml/badge.svg)](https://github.com/enjaku4/rabarber/actions/workflows/ci.yml)
 
-Rabarber is a role-based authorization library for Ruby on Rails, primarily designed for use in the application layer but not limited to that. It offers a set of useful tools for managing user roles and defining authorization rules.
+Rabarber is a role-based authorization library for Ruby on Rails, designed primarily for use in the web layer (specifically controllers and views) but not limited to that. It provides tools for managing user roles and defining authorization rules, mainly focusing on answering the question of 'Who can access which endpoint?'.
+
+Unlike some other libraries, Rabarber does not handle data scoping. Instead, it focuses on providing a lightweight and flexible solution for role-based access control, allowing developers to implement data scoping according to their specific business rules directly within their application's code.
 
 ---
 
@@ -45,16 +47,14 @@ Install the gem:
 bundle install
 ```
 
-Next, generate a migration to create tables for storing roles in the database:
+Next, generate a migration to create tables for storing roles in the database. Make sure to specify the table name of the model representing users in your application as an argument. For instance, if the table name is `users`, run:
 
 ```
-rails g rabarber:roles
+rails g rabarber:roles users
 ```
 
 This will create a migration file in `db/migrate` directory.
 
-Replace `raise(Rabarber::Error, "Please specify your user model's table name")` in that file with the name of your user model's table.
-
 Finally, run the migration to apply the changes to the database:
 
 ```
@@ -67,6 +67,7 @@ Rabarber can be configured by using `.configure` method in an initializer:
 
 ```rb
 Rabarber.configure do |config|
+  config.cache_enabled = false
   config.current_user_method = :authenticated_user
   config.must_have_roles = true
   config.when_actions_missing = -> (missing_actions, context) { ... }
@@ -74,6 +75,9 @@ Rabarber.configure do |config|
   config.when_unauthorized = -> (controller) { ... }
 end
 ```
+
+- `cache_enabled` must be a boolean determining whether roles are cached. Roles are cached by default to avoid unnecessary database queries. If you want to disable caching, set this option to `false`. If caching is enabled and you need to clear the cache, use the `Rabarber::Cache.clear` method.
+
 - `current_user_method` must be a symbol representing the method that returns the currently authenticated user. The default value is `:current_user`.
 
 - `must_have_roles` must be a boolean determining whether a user with no roles can access endpoints permitted to everyone. The default value is `false` (allowing users without roles to access endpoints permitted to everyone).
@@ -109,13 +113,6 @@ By default, `#assign_roles` method will automatically create any roles that don'
 user.assign_roles(:accountant, :marketer, create_new: false)
 ```
 
-You can also explicitly create new roles simply by using:
-
-```rb
-Rabarber::Role.create(name: "manager")
-```
-The role names must be unique.
-
 **`#revoke_roles`**
 
 To revoke roles, use:
@@ -149,8 +146,6 @@ If you need to list all the role names available in your application, use:
 Rabarber::Role.names
 ```
 
-`Rabarber::Role` is a model that represents roles within your application. It has a single attribute, `name`, which is validated for both uniqueness and presence. You can treat `Rabarber::Role` as a regular Rails model and use Active Record methods on it if necessary.
-
 ## Authorization Rules
 
 Include `Rabarber::Authorization` module into the controller that needs authorization rules to be applied (authorization rules will be applied to the controller and its children). Typically, it is `ApplicationController`, but it can be any controller.
@@ -221,9 +216,9 @@ class InvoicesController < ApplicationController
 end
 ```
 
-This allows everyone to access `OrdersController` and its children and `index` action in `InvoicesController`.
+This allows everyone to access `OrdersController` and its children and `index` action in `InvoicesController`. This also extends to scenarios where there is no user present, i.e. when the method responsible for returning the currently authenticated user in your application returns `nil`.
 
-If you've set `must_have_roles` setting to `true`, then, only the users with at least one role can have access. This setting can be useful if your requirements are such that users without roles are not allowed to see anything.
+If you've set `must_have_roles` setting to `true`, then, only the users with at least one role can have access. This setting can be useful if your requirements are such that users without roles are not allowed to access anything.
 
 For more complex cases, Rabarber provides dynamic rules:
 
@@ -274,7 +269,16 @@ This means that `Crm::InvoicesController` is still accessible to `admin` but is
 
 ## View Helpers
 
-Rabarber also provides a couple of helpers that can be used in views: `visible_to` and `hidden_from`. The usage is straightforward:
+Rabarber also provides a couple of helpers that can be used in views: `visible_to` and `hidden_from`. To use them, simply include `Rabarber::Helpers` in the desired helper (usually `ApplicationHelper`, but it can be any helper):
+
+```rb
+module ApplicationHelper
+  include Rabarber::Helpers
+  ...
+end
+```
+
+The usage is straightforward:
 
 ```erb
 <%= visible_to(:admin, :manager) do %>
@@ -292,9 +296,17 @@ Rabarber also provides a couple of helpers that can be used in views: `visible_t
 
 Encountered a bug or facing a problem?
 
-- **Create an Issue**: If you've identified a problem or have a feature request, please create an issue on the gem's GitHub repository. Be sure to provide detailed information about the problem, including the steps to reproduce it.
-- **Contribute a Solution**: Found a fix for the issue or want to contribute to the project? Feel free to create a pull request with your changes.
+- **Create an Issue**: If you've identified a problem, please create an issue on the gem's GitHub repository. Be sure to provide detailed information about the problem, including the steps to reproduce it.
+- **Contribute a Solution**: Found a fix for the issue? Feel free to create a pull request with your changes.
+
+## Contributing
+
+If you want to contribute, please read the [contributing guidelines](https://github.com/enjaku4/rabarber/blob/main/CONTRIBUTING.md).
 
 ## License
 
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the Rabarber project is expected to follow the [code of conduct](https://github.com/enjaku4/rabarber/blob/main/CODE_OF_CONDUCT.md).

data/lib/generators/rabarber/roles_generator.rb

@@ -8,6 +8,8 @@ module Rabarber
 
     source_root File.expand_path("templates", __dir__)
 
+    argument :table_name, type: :string, required: true
+
     def create_migrations
       migration_template "create_rabarber_roles.rb.erb", "db/migrate/create_rabarber_roles.rb"
     end

data/lib/generators/rabarber/templates/create_rabarber_roles.rb.erb

@@ -9,7 +9,7 @@ class CreateRabarberRoles < ActiveRecord::Migration[<%= ActiveRecord::Migration.
 
     create_table :rabarber_roles_roleables, id: false do |t|
       t.belongs_to :role, null: false, index: true, foreign_key: { to_table: :rabarber_roles }
-      t.belongs_to :roleable, null: false, index: true, foreign_key: { to_table: raise(Rabarber::Error, "Please specify your user model's table name") }
+      t.belongs_to :roleable, null: false, index: true, foreign_key: { to_table: <%= table_name.to_sym.inspect %> }
     end
 
     add_index :rabarber_roles_roleables, [:role_id, :roleable_id], unique: true

data/lib/rabarber/cache.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Rabarber
+  module Cache
+    module_function
+
+    ALL_ROLES_KEY = "rabarber:roles"
+
+    def fetch(key, options, &block)
+      enabled? ? Rails.cache.fetch(key, options, &block) : yield
+    end
+
+    def delete(key)
+      Rails.cache.delete(key) if enabled?
+    end
+
+    def enabled?
+      Rabarber::Configuration.instance.cache_enabled
+    end
+
+    def key_for(record)
+      "rabarber:roles_#{record.public_send(record.class.primary_key)}"
+    end
+
+    def clear
+      Rails.cache.delete_matched(/^rabarber/)
+    end
+  end
+end

data/lib/rabarber/configuration.rb

@@ -6,9 +6,11 @@ module Rabarber
   class Configuration
     include Singleton
 
-    attr_reader :current_user_method, :must_have_roles, :when_actions_missing, :when_roles_missing, :when_unauthorized
+    attr_reader :cache_enabled, :current_user_method, :must_have_roles,
+                :when_actions_missing, :when_roles_missing, :when_unauthorized
 
     def initialize
+      @cache_enabled = default_cache_enabled
       @current_user_method = default_current_user_method
       @must_have_roles = default_must_have_roles
       @when_actions_missing = default_when_actions_missing
@@ -16,6 +18,12 @@ module Rabarber
       @when_unauthorized = default_when_unauthorized
     end
 
+    def cache_enabled=(value)
+      @cache_enabled = Rabarber::Input::Types::Booleans.new(
+        value, Rabarber::ConfigurationError, "Configuration 'cache_enabled' must be a Boolean"
+      ).process
+    end
+
     def current_user_method=(method_name)
       @current_user_method = Rabarber::Input::Types::Symbols.new(
         method_name, Rabarber::ConfigurationError, "Configuration 'current_user_method' must be a Symbol or a String"
@@ -48,6 +56,10 @@ module Rabarber
 
     private
 
+    def default_cache_enabled
+      true
+    end
+
     def default_current_user_method
       :current_user
     end
@@ -72,6 +84,7 @@ module Rabarber
 
     def default_when_unauthorized
       -> (controller) do
+        Rails.logger.tagged("Rabarber") { Rails.logger.warn "Unauthorized attempt" }
         if controller.request.format.html?
           controller.redirect_back fallback_location: controller.main_app.root_path
         else

data/lib/rabarber/controllers/concerns/authorization.rb

@@ -28,11 +28,14 @@ module Rabarber
       Rabarber::Missing::Actions.new(self.class).handle
       Rabarber::Missing::Roles.new(self.class).handle
 
-      return if Rabarber::Permissions.access_granted?(
-        send(Rabarber::Configuration.instance.current_user_method).roles, self.class, action_name.to_sym, self
-      )
+      return if Rabarber::Permissions.access_granted?(rabarber_roles, self.class, action_name.to_sym, self)
 
       Rabarber::Configuration.instance.when_unauthorized.call(self)
     end
+
+    def rabarber_roles
+      user = send(Rabarber::Configuration.instance.current_user_method)
+      user ? user.roles : []
+    end
   end
 end

data/lib/rabarber/missing/base.rb

@@ -16,9 +16,8 @@ module Rabarber
         return if missing_list.empty?
 
         missing_list.each do |item|
-          Rabarber::Configuration.instance.public_send(configuration_name).call(
-            item.missing, controller: item.controller, action: item.action
-          )
+          context = item.action ? { controller: item.controller, action: item.action } : { controller: item.controller }
+          Rabarber::Configuration.instance.public_send(configuration_name).call(item.missing, context)
         end
       end
 

data/lib/rabarber/missing/roles.rb

@@ -28,7 +28,9 @@ module Rabarber
       end
 
       def all_roles
-        @all_roles ||= Rabarber::Role.names
+        @all_roles ||= Rabarber::Cache.fetch(
+          Rabarber::Cache::ALL_ROLES_KEY, expires_in: 1.day, race_condition_ttl: 10.seconds
+        ) { Rabarber::Role.names }
       end
     end
   end

data/lib/rabarber/models/concerns/has_roles.rb

@@ -17,7 +17,9 @@ module Rabarber
     end
 
     def roles
-      rabarber_roles.names
+      Rabarber::Cache.fetch(Rabarber::Cache.key_for(self), expires_in: 1.hour, race_condition_ttl: 5.seconds) do
+        rabarber_roles.names
+      end
     end
 
     def has_role?(*role_names)
@@ -30,10 +32,14 @@ module Rabarber
       create_new_roles(roles_to_assign) if create_new
 
       rabarber_roles << Rabarber::Role.where(name: roles_to_assign) - rabarber_roles
+
+      delete_cache
     end
 
     def revoke_roles(*role_names)
       self.rabarber_roles = rabarber_roles - Rabarber::Role.where(name: process_role_names(role_names))
+
+      delete_cache
     end
 
     private
@@ -46,5 +52,9 @@ module Rabarber
     def process_role_names(role_names)
       Rabarber::Input::Roles.new(role_names).process
     end
+
+    def delete_cache
+      Rabarber::Cache.delete(Rabarber::Cache.key_for(self))
+    end
   end
 end

data/lib/rabarber/models/role.rb

@@ -6,8 +6,16 @@ module Rabarber
 
     validates :name, presence: true, uniqueness: true, format: { with: Rabarber::Input::Roles::REGEX }
 
+    after_commit :delete_cache
+
     def self.names
       pluck(:name).map(&:to_sym)
     end
+
+    private
+
+    def delete_cache
+      Rabarber::Cache.delete(Rabarber::Cache::ALL_ROLES_KEY)
+    end
   end
 end

data/lib/rabarber/railtie.rb

@@ -7,7 +7,7 @@ module Rabarber
     initializer "rabarber.after_initialize" do |app|
       app.config.after_initialize do
         Rabarber::Missing::Actions.new.handle
-        Rabarber::Missing::Roles.new.handle
+        Rabarber::Missing::Roles.new.handle if Rabarber::Role.table_exists?
       end
     end
   end

data/lib/rabarber/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Rabarber
-  VERSION = "1.2.0"
+  VERSION = "1.2.1"
 end

data/lib/rabarber.rb

@@ -18,6 +18,8 @@ require_relative "rabarber/missing/base"
 require_relative "rabarber/missing/actions"
 require_relative "rabarber/missing/roles"
 
+require_relative "rabarber/cache"
+
 require_relative "rabarber/controllers/concerns/authorization"
 require_relative "rabarber/helpers/helpers"
 require_relative "rabarber/models/concerns/has_roles"

data/rabarber.gemspec

@@ -6,7 +6,7 @@ Gem::Specification.new do |spec|
   spec.name = "rabarber"
   spec.version = Rabarber::VERSION
   spec.authors = ["enjaku4", "trafium"]
-  spec.email = ["enjaku4@gmail.com"]
+  spec.email = ["rabarber_gem@icloud.com"]
 
   spec.summary = "Simple authorization library for Ruby on Rails."
   spec.homepage = "https://github.com/enjaku4/rabarber"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rabarber
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.2.1
 platform: ruby
 authors:
 - enjaku4
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-28 00:00:00.000000000 Z
+date: 2024-02-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -27,7 +27,7 @@ dependencies:
         version: '6.1'
 description:
 email:
-- enjaku4@gmail.com
+- rabarber_gem@icloud.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -39,6 +39,7 @@ files:
 - lib/generators/rabarber/templates/create_rabarber_roles.rb.erb
 - lib/rabarber.rb
 - lib/rabarber/access.rb
+- lib/rabarber/cache.rb
 - lib/rabarber/configuration.rb
 - lib/rabarber/controllers/concerns/authorization.rb
 - lib/rabarber/helpers/helpers.rb