rails_app_generator 0.2.28 → 0.2.31

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 99e66536aa70b641a6bd5186f7aaf1416befa8790c29a6112c858471ae733c4b
-  data.tar.gz: b820d4051f8ff1ad8560520d52b4e5d9cf7303278b2bae4e9ed624b3dfb1efc1
+  metadata.gz: 15c23f59cc83f0c3dd3ff9cabeef80af80d2a14bd18d8d890dbb100640bab22a
+  data.tar.gz: 8acba70cf8a79185c8395f96762caa575968fb3521967ca4d1e80f282014d816
 SHA512:
-  metadata.gz: 4461f08a275460d565a8ec5fc22e7e8e806bd42d09dfd9ee5e6291927ce4db23b1056a12146a51c218714340d87a6fcd9ddf968a7cb027539fcbe5766268435b
-  data.tar.gz: e7a7977c103c67bb38b512c8f6bfbd3384bd3b4100cca4c2f14a0c0743f261c0e7a2b6b89f47f93eb59c3475bb1cc72b975b644de3794b44f293b02a793261cb
+  metadata.gz: 137bc8d24086e7914baf7f332c7a1ff6bf7db9845771b007e545e9882895c886a1379da9f97fd5156a07902bf849ca2bac720cc981843cabba032107e8588714
+  data.tar.gz: 8856d3e93f801687e6c9f3ec5a7581387c1109cfa224b3db479587527ec209ca09c2220b54a960ab29108c5fc6372aaad0c7eda71eed6761eaf876e51150f47d

data/CHANGELOG.md

@@ -1,3 +1,24 @@
+## [0.2.30](https://github.com/klueless-io/rails_app_generator/compare/v0.2.29...v0.2.30) (2022-08-19)
+
+
+### Bug Fixes
+
+* add brakeman addon ([1dcc1c2](https://github.com/klueless-io/rails_app_generator/commit/1dcc1c2b904d35f557daa688111baeaa0fa71495))
+
+## [0.2.29](https://github.com/klueless-io/rails_app_generator/compare/v0.2.28...v0.2.29) (2022-08-19)
+
+
+### Bug Fixes
+
+* add rolify profile ([af0579e](https://github.com/klueless-io/rails_app_generator/commit/af0579e3c707c53e423ff9ce2e1b25a2715a75a5))
+
+## [0.2.28](https://github.com/klueless-io/rails_app_generator/compare/v0.2.27...v0.2.28) (2022-08-17)
+
+
+### Bug Fixes
+
+* add rolify addon ([804ecf1](https://github.com/klueless-io/rails_app_generator/commit/804ecf1ba1fe1a56512b6d335a77558b0da3ad97))
+
 ## [0.2.27](https://github.com/klueless-io/rails_app_generator/compare/v0.2.26...v0.2.27) (2022-08-17)
 
 

data/after_templates/addons/brakeman/_.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+# Description goes here
+#
+# exe/rag addons/brakeman
+
+self.local_template_path = File.dirname(__FILE__)
+
+gac 'base rails 7 image created'
+
+prepare_environment
+
+after_bundle do
+  scaffolds
+  setup_customizations
+  setup_db
+end
+
+def scaffolds
+  add_scaffold('post', 'title', 'body:text')
+  # add_scaffold('people', 'first_name', 'last_name', 'age:integer', 'address:text')
+  # add_scaffold('product', 'name', 'price:integer')
+end
+
+def setup_customizations
+  route("root 'home#index'")
+
+  force_copy
+  
+  add_controller('home', 'index', 'examples', 'output')
+  
+  directory "app/controllers"
+  directory "app/models"
+  directory "app/views"
+  template  'app/views/layouts/application.html.erb'        , 'app/views/layouts/application.html.erb'
+end
+
+def setup_db
+  template  'db/seeds.rb'                                   , 'db/seeds.rb'
+
+  db_migrate
+  db_seed
+end
+
+# Other template command examples
+# prepare_environment
+# bundle_install
+# css_install('tailwind')
+# rails_command('db:migrate')
+# rails_command('db:migrate')
+# bundle_add('hotwire-rails')
+# rails_command('hotwire:install')
+# run('bin/importmap pin sortablejs')
+# run('npm install daisyui')
+# rubocop
+#
+# directory         'app/assets/images'
+# create_file       'app/assets/stylesheets/custom-bootstrap-import.scss' , read_template('custom-bootstrap-import.scss')
+# append_to_file    'app/assets/config/manifest.js'                       , read_template('manifest.js')
+# insert_into_file  'app/views/layouts/application.html.erb', read_template('application.html.erb'),
+#     before: %(    <%= javascript_include_tag "application", "data-turbo-track": "reload", defer: true %>)
+# gsub_file         'app/views/layouts/application.html.erb', %(container mx-auto mt-28 px-5 flex), 'container mx-auto px-5'
+# template 'home.css', 'app/assets/stylesheets/home.css'
+#
+# add_controller('page', 'benefits', 'faq', 'terms', 'privacy', '--skip-routes')
+# route(<<-'RUBY')
+# PageController.action_methods.each do |action|
+#   get "/#{action}", to: "page##{action}", as: "page_#{action}"
+# end
+# RUBY

data/after_templates/addons/brakeman/app/controllers/home_controller.rb

@@ -0,0 +1,16 @@
+class HomeController < ApplicationController
+  def index
+    xmen_or_avengers = params[:xmen_or_avengers] || 'xmen'
+    puts send(xmen_or_avengers.to_sym)
+  end
+
+  private
+
+  def xmen
+    'Wolverine'
+  end
+
+  def avengers
+    'Captain America'
+  end
+end

data/after_templates/addons/brakeman/app/controllers/posts_controller.rb

@@ -0,0 +1,65 @@
+class PostsController < ApplicationController
+  before_action :set_post, only: %i[ show edit update destroy ]
+
+  def index
+    @posts = Post.all
+  end
+
+  # Dangerous Evaluation - User input in an eval statement is VERY dangerous
+  def show
+    message = params[:message] || 'hello world'
+
+    eval("echo '#{message}'")
+  end
+
+  def new
+    @post = Post.new
+  end
+
+  def edit
+  end
+
+  def create
+    @post = Post.new(post_params)
+
+    respond_to do |format|
+      if @post.save
+        format.html { redirect_to post_url(@post), notice: "Post was successfully created." }
+        format.json { render :show, status: :created, location: @post }
+      else
+        format.html { render :new, status: :unprocessable_entity }
+        format.json { render json: @post.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  def update
+    respond_to do |format|
+      if @post.update(post_params)
+        format.html { redirect_to post_url(@post), notice: "Post was successfully updated." }
+        format.json { render :show, status: :ok, location: @post }
+      else
+        format.html { render :edit, status: :unprocessable_entity }
+        format.json { render json: @post.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  def destroy
+    @post.destroy
+
+    respond_to do |format|
+      format.html { redirect_to posts_url, notice: "Post was successfully destroyed." }
+      format.json { head :no_content }
+    end
+  end
+
+  private
+    def set_post
+      @post = Post.find(params[:id])
+    end
+
+    def post_params
+      params.require(:post).permit(:title, :body)
+    end
+end

data/after_templates/addons/brakeman/app/views/home/examples.html.erb

@@ -0,0 +1,43 @@
+<h1>Brakeman</h1>
+
+<h2>Examples</h2>
+
+<p>Run the brakeman command from the root of your rails application</p>
+
+<pre><code>brakeman</code></pre>
+
+<h2>Example code that fails analysis</h2>
+
+<h3>Dangerous Evaluation - User input in an eval statement is VERY dangerous</h3>
+
+<code>app/controllers/posts_controller.rb</code>
+
+<pre><code>  def show
+    message = params[:message] || 'hello world'
+
+    eval("echo '#{message}'")
+  end
+</code></pre>
+
+
+<h3>Dangerous Send - Using unfiltered user data to select a Class or Method to be dynamically sent is dangerous.</h3>
+
+<code>app/controllers/home_controller.rb</code>
+
+<pre><code>class HomeController < ApplicationController
+  def index
+    xmen_or_avengers = params[:xmen_or_avengers] || 'xmen'
+    puts send(xmen_or_avengers.to_sym)
+  end
+
+  private
+
+  def xmen
+    'Wolverine'
+  end
+
+  def avengers
+    'Captain America'
+  end
+end
+</code></pre>

data/after_templates/addons/brakeman/app/views/home/index.html.erb

@@ -0,0 +1,93 @@
+<h1>Brakeman</h1>
+
+<h2>Usage</h2>
+
+<p>Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications</p>
+
+<pre>
+<code>
+Usage: brakeman [options] rails/root/path
+    -n, --no-threads                  Run checks and file parsing sequentially
+        --[no-]progress               Show progress reports
+    -p, --path PATH                   Specify path to Rails application
+    -q, --[no-]quiet                  Suppress informational messages
+    -z, --[no-]exit-on-warn           Exit code is non-zero if warnings found (Default)
+        --[no-]exit-on-error          Exit code is non-zero if errors raised (Default)
+        --ensure-latest               Fail when Brakeman is outdated
+        --ensure-ignore-notes         Fail when an ignored warnings does not include a note
+    -3, --rails3                      Force Rails 3 mode
+    -4, --rails4                      Force Rails 4 mode
+    -5, --rails5                      Force Rails 5 mode
+    -6, --rails6                      Force Rails 6 mode
+    -7, --rails7                      Force Rails 7 mode
+
+Scanning options:
+    -A, --run-all-checks              Run all default and optional checks
+    -a, --[no-]assume-routes          Assume all controller methods are actions (Default)
+    -e, --escape-html                 Escape HTML by default
+        --faster                      Faster, but less accurate scan
+        --ignore-model-output         Consider model attributes XSS-safe
+        --ignore-protected            Consider models with attr_protected safe
+        --[no-]index-libs             Add libraries to call index (Default)
+        --interprocedural             Process method calls to known methods
+        --no-branching                Disable flow sensitivity on conditionals
+        --branch-limit LIMIT          Limit depth of values in branches (-1 for no limit)
+        --parser-timeout SECONDS      Set parse timeout (Default: 10)
+    -r, --report-direct               Only report direct use of untrusted data
+    -s meth1,meth2,etc,               Set methods as safe for unescaped output in views
+        --safe-methods
+        --sql-safe-methods meth1,meth2,etc
+                                      Do not warn of SQL if the input is wrapped in a safe method
+        --url-safe-methods method1,method2,etc
+                                      Do not warn of XSS if the link_to href parameter is wrapped in a safe method
+        --skip-files file1,path2,etc  Skip processing of these files/directories. Directories are application relative and must end in "/"
+        --only-files file1,path2,etc  Process only these files/directories. Directories are application relative and must end in "/"
+        --[no-]skip-vendor            Skip processing vendor directory (Default)
+        --skip-libs                   Skip processing lib directory
+        --add-libs-path path1,path2,etc
+                                      An application relative lib directory (ex. app/mailers) to process
+        --add-engines-path path1,path2,etc
+                                      Include these engines in the scan
+    -E, --enable Check1,Check2,etc    Enable the specified checks
+    -t, --test Check1,Check2,etc      Only run the specified checks
+    -x, --except Check1,Check2,etc    Skip the specified checks
+        --add-checks-path path1,path2,etc
+                                      A directory containing additional out-of-tree checks to run
+
+Output options:
+    -d, --debug                       Lots of output
+    -f, --format TYPE                 Specify output formats. Default is text
+        --css-file CSSFile            Specify CSS to use for HTML output
+    -i, --ignore-config IGNOREFILE    Use configuration to ignore warnings
+    -I, --interactive-ignore          Interactively ignore warnings
+    -l, --[no-]combine-locations      Combine warning locations (Default)
+        --[no-]highlights             Highlight user input in report
+        --[no-]color                  Use ANSI colors in report (Default)
+    -m, --routes                      Report controller information
+        --message-limit LENGTH        Limit message length in HTML report
+        --[no-]pager                  Use pager for output to terminal (Default)
+        --table-width WIDTH           Limit table width in text report
+    -o, --output FILE                 Specify files for output. Defaults to stdout. Multiple '-o's allowed
+        --[no-]separate-models        Warn on each model without attr_accessible (Default)
+        --[no-]summary                Only output summary of warnings
+        --absolute-paths              Output absolute file paths in reports
+        --github-repo USER/REPO[/PATH][@REF]
+                                      Output links to GitHub in markdown and HTML reports using specified repo
+        --text-fields field1,field2,etc.
+                                      Specify fields for text report format
+    -w, --confidence-level LEVEL      Set minimal confidence level (1 - 3)
+        --compare FILE                Compare the results of a previous Brakeman scan (only JSON is supported)
+
+Configuration files:
+    -c, --config-file FILE            Use specified configuration file
+    -C, --create-config [FILE]        Output configuration file based on options
+        --allow-check-paths-in-config
+                                      Allow loading checks from configuration file (Unsafe)
+
+    -k, --checks                      List all available vulnerability checks
+        --optional-checks             List optional checks
+    -v, --version                     Show Brakeman version
+        --force-scan                  Scan application even if rails is not detected
+    -h, --help                        Display this message
+</code>
+</pre>

data/after_templates/addons/brakeman/app/views/home/output.html.erb

@@ -0,0 +1,145 @@
+<h1>Brakeman</h1>
+
+<h2>Output</h2>
+
+<p>Run <code>brakeman</code> against this sample Rails 7 application</p>
+
+<pre>
+<code>brakeman
+Loading scanner...
+Processing application in /Users/davidcruwys/dev/kgems/rails_app_generator/a/addons/r7_brakeman
+Processing gems...
+[Notice] Detected Rails 7 application
+Processing configuration...
+[Notice] Escaping HTML by default
+Parsing files...
+Detecting file types...
+Processing initializers...
+Processing libs...
+Processing routes...
+Processing templates...
+Processing data flow in templates...
+Processing models...
+Processing controllers...
+Processing data flow in controllers...
+Indexing call sites...
+Running checks in parallel...
+ - CheckBasicAuth
+ - CheckBasicAuthTimingAttack
+ - CheckCrossSiteScripting
+ - CheckContentTag
+ - CheckCookieSerialization
+ - CheckCreateWith
+ - CheckCSRFTokenForgeryCVE
+ - CheckDefaultRoutes
+ - CheckDeserialize
+ - CheckDetailedExceptions
+ - CheckDigestDoS
+ - CheckDynamicFinders
+ - CheckEOLRails
+ - CheckEOLRuby
+ - CheckEscapeFunction
+ - CheckEvaluation
+ - CheckExecute
+ - CheckFileAccess
+ - CheckFileDisclosure
+ - CheckFilterSkipping
+ - CheckForgerySetting
+ - CheckHeaderDoS
+ - CheckI18nXSS
+ - CheckJRubyXML
+ - CheckJSONEncoding
+ - CheckJSONEntityEscape
+ - CheckJSONParsing
+ - CheckLinkTo
+ - CheckLinkToHref
+ - CheckMailTo
+ - CheckMassAssignment
+ - CheckMimeTypeDoS
+ - CheckModelAttrAccessible
+ - CheckModelAttributes
+ - CheckModelSerialize
+ - CheckNestedAttributes
+ - CheckNestedAttributesBypass
+ - CheckNumberToCurrency
+ - CheckPageCachingCVE
+ - CheckPermitAttributes
+ - CheckQuoteTableName
+ - CheckRedirect
+ - CheckRegexDoS
+ - CheckRender
+ - CheckRenderDoS
+ - CheckRenderInline
+ - CheckResponseSplitting
+ - CheckRouteDoS
+ - CheckSafeBufferManipulation
+ - CheckSanitizeConfigCve
+ - CheckSanitizeMethods
+ - CheckSelectTag
+ - CheckSelectVulnerability
+ - CheckSend
+ - CheckSendFile
+ - CheckSessionManipulation
+ - CheckSessionSettings
+ - CheckSimpleFormat
+ - CheckSingleQuotes
+ - CheckSkipBeforeFilter
+ - CheckSprocketsPathTraversal
+ - CheckSQL
+ - CheckSQLCVEs
+ - CheckSSLVerify
+ - CheckStripTags
+ - CheckSymbolDoSCVE
+ - CheckTemplateInjection
+ - CheckTranslateBug
+ - CheckUnsafeReflection
+ - CheckUnsafeReflectionMethods
+ - CheckValidationRegex
+ - CheckVerbConfusion
+ - CheckWithoutProtection
+ - CheckXMLDoS
+ - CheckYAMLParsing
+Checks finished, collecting results...
+Generating report...
+
+== Brakeman Report ==
+
+Application Path: /Users/davidcruwys/dev/kgems/rails_app_generator/a/addons/r7_brakeman
+Rails Version: 7.0.3.1
+Brakeman Version: 5.3.1
+Scan Date: 2022-08-19 14:19:28 +1000
+Duration: 0.228864 seconds
+Checks Run: BasicAuth, BasicAuthTimingAttack, CSRFTokenForgeryCVE, ContentTag, CookieSerialization, CreateWith, CrossSiteScripting, DefaultRoutes, Deserialize, DetailedExceptions, DigestDoS, DynamicFinders, EOLRails, EOLRuby, EscapeFunction, Evaluation, Execute, FileAccess, FileDisclosure, FilterSkipping, ForgerySetting, HeaderDoS, I18nXSS, JRubyXML, JSONEncoding, JSONEntityEscape, JSONParsing, LinkTo, LinkToHref, MailTo, MassAssignment, MimeTypeDoS, ModelAttrAccessible, ModelAttributes, ModelSerialize, NestedAttributes, NestedAttributesBypass, NumberToCurrency, PageCachingCVE, PermitAttributes, QuoteTableName, Redirect, RegexDoS, Render, RenderDoS, RenderInline, ResponseSplitting, RouteDoS, SQL, SQLCVEs, SSLVerify, SafeBufferManipulation, SanitizeConfigCve, SanitizeMethods, SelectTag, SelectVulnerability, Send, SendFile, SessionManipulation, SessionSettings, SimpleFormat, SingleQuotes, SkipBeforeFilter, SprocketsPathTraversal, StripTags, SymbolDoSCVE, TemplateInjection, TranslateBug, UnsafeReflection, UnsafeReflectionMethods, ValidationRegex, VerbConfusion, WithoutProtection, XMLDoS, YAMLParsing
+
+== Overview ==
+
+Controllers: 3
+Models: 2
+Templates: 13
+Errors: 0
+Security Warnings: 2
+
+== Warning Types ==
+
+Dangerous Eval: 1
+Dangerous Send: 1
+
+== Warnings ==
+
+Confidence: High
+Category: Dangerous Eval
+Check: Evaluation
+Message: User input in eval
+Code: eval("echo '#{(params[:message] or "hello world")}'")
+File: app/controllers/posts_controller.rb
+Line: 12
+
+Confidence: High
+Category: Dangerous Send
+Check: Send
+Message: User controlled method execution
+Code: send((params[:xmen_or_avengers] or "xmen").to_sym)
+File: app/controllers/home_controller.rb
+Line: 4
+</code>
+</pre>

data/after_templates/addons/brakeman/app/views/layouts/_footer.html.erb

@@ -0,0 +1 @@
+<hr />

data/after_templates/addons/brakeman/app/views/layouts/_navbar.html.erb

@@ -0,0 +1,4 @@
+<%= link_to 'Home', root_path %>
+| <%= link_to 'Examples', home_examples_path %>
+| <%= link_to 'Output', home_output_path %>
+<hr />

data/after_templates/addons/brakeman/app/views/layouts/application.html.erb

@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title><%= camelized %></title>
+    <meta name="viewport" content="width=device-width,initial-scale=1">
+    <%%= csrf_meta_tags %>
+    <%%= csp_meta_tag %>
+
+    <%- if options[:skip_hotwire] || options[:skip_javascript] -%>
+    <%%= stylesheet_link_tag "application" %>
+    <%- else -%>
+    <%%= stylesheet_link_tag "application", "data-turbo-track": "reload" %>
+    <%- end -%>
+  </head>
+
+  <body>
+    <header>
+      <%%= render 'layouts/navbar' %>
+      <hr />
+    </header>
+    <main>
+      <%%= yield %>
+    </main>
+    <footer>
+      <%%= render 'layouts/footer' %>
+    </footer>
+  </body>
+</html>
+

data/after_templates/addons/brakeman/db/seeds.rb

@@ -0,0 +1,7 @@
+# david = User.create(email: 'david@site.com', name: 'david', password: 'password')
+# james = User.create(email: 'james@site.com', name: 'james', password: 'password')
+# sally = User.create(email: 'sally@site.com', name: 'sally', password: 'password')
+
+# 10.times do |i|
+#   Post.create(title: "Post #{i}", body: "This is the body of post #{i}", user: User.all.sample)
+# end

data/after_templates/addons/rolify/_.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+# Role management library with resource scoping
+#
+# exe/rag addons/rolify
+#
+# source: https://youtu.be/URDKxGn0pxo
+# need to complete this profile by supporting resource level roles, go to 29 minutes on video
+# source: https://youtu.be/URDKxGn0pxo?t=1101
+
+self.local_template_path = File.dirname(__FILE__)
+
+gac 'base rails 7 image created'
+
+prepare_environment
+
+after_bundle do
+  scaffolds
+  setup_customizations
+  setup_db
+end
+
+def scaffolds
+  add_scaffold('post', 'title', 'body:text')
+end
+
+def setup_customizations
+  route("root 'home#index'")
+  route("get 'home/quick_sign_in/:user_id', to: 'home#quick_sign_in', as: 'quick_sign_in'")
+  route("get 'rolify/:id', to: 'rolify#show', as: 'rolify'")
+  route("get 'rolify/:id/edit', to: 'rolify#edit', as: 'edit_rolify'")
+  route("patch 'rolify/:id', to: 'rolify#update'")
+
+  force_copy
+  
+  add_controller('home', 'index', 'quick_sign_in', 'bossy_boots', 'use_in_moderation', 'use_me', 'super_hero')
+
+  directory "app/controllers"
+  directory "app/models"
+  directory "app/views"
+  template  'app/views/layouts/application.html.erb'        , 'app/views/layouts/application.html.erb'
+end
+
+def setup_db
+  template  'db/seeds.rb'                                   , 'db/seeds.rb'
+
+  db_migrate
+  db_seed
+end

data/after_templates/addons/rolify/app/controllers/home_controller.rb

@@ -0,0 +1,35 @@
+class HomeController < ApplicationController
+  before_action :require_permission, except: %i[index quick_sign_in]
+
+  def index
+  end
+
+  def quick_sign_in
+    user = User.find(params[:user_id])
+    sign_in(user)
+    redirect_to root_path
+  end
+
+  def bossy_boots
+  end
+
+  def use_in_moderation
+  end
+
+  def use_me
+  end
+
+  def super_hero
+  end
+
+  def require_permission
+    return if current_user&.is_super_user?
+    return if current_user&.is_admin?           && action_name == "bossy_boots"
+    return if current_user&.is_moderator?       && action_name == "use_in_moderation"
+    return if current_user&.is_user?            && action_name == "use_me"
+
+    flash.alert = "You do not have permission to access #{action_name.titleize}"
+
+    redirect_to root_path
+  end
+end

data/after_templates/addons/rolify/app/controllers/rolify_controller.rb

@@ -0,0 +1,26 @@
+class RolifyController < ApplicationController
+  before_action :set_user, only: %i[ show edit update ]
+
+  def show
+  end
+
+  def edit
+  end
+
+  def update
+    if @user.update(user_params)
+      redirect_to root_path, notice: "User was successfully updated."
+    else
+      render :edit, status: :unprocessable_entity
+    end
+  end
+
+  private
+    def set_user
+      @user = User.find(params[:id])
+    end
+
+    def user_params
+      params.require(:user).permit(role_ids: [])
+    end
+end

data/after_templates/addons/rolify/app/models/post.rb

@@ -0,0 +1,3 @@
+class Post < ApplicationRecord
+  resourcify 
+end

data/after_templates/addons/rolify/app/models/user.rb

@@ -0,0 +1,25 @@
+class User < ApplicationRecord
+  # Rolify needs to be called before assigning default role due to a bug in Rolify
+  # see: https://github.com/RolifyCommunity/rolify/issues/518#issuecomment-1218705389
+  rolify
+
+  after_create :assign_default_role
+
+  devise :database_authenticatable, :registerable, :recoverable, :rememberable, :validatable
+
+  validate :must_have_role, on: :update
+
+  def assign_default_role
+    self.add_role(:user) if self.roles.blank?
+  end
+
+  def role_names
+    roles.distinct.pluck(:name)
+  end
+
+  def must_have_role
+    if self.roles.blank?
+      errors.add(:roles, "User must have at least one role")
+    end
+  end
+end

data/after_templates/addons/rolify/app/views/home/_roles.html.erb

@@ -0,0 +1,5 @@
+<ul>
+  <% current_user&.roles&.each do |role| %>
+    <li><code><%= role.name %></code></li>
+  <% end %>
+</ul>

data/after_templates/addons/rolify/app/views/home/bossy_boots.html.erb

@@ -0,0 +1,5 @@
+<h1>Bossy Boots</h1>
+
+<p>Accessible by people with the role <code>:super_user</code> or <code>:admin</code></p>
+
+<%= render 'roles' %>