rbac-ruby 1.0.1 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b9600e5634e01bd76377e231fc3854ed30695b284fbf5cc7dc408b502179797d
-  data.tar.gz: df125b25b7deb799119bd9a5fcca3492939fd0504411381936975a2342933629
+  metadata.gz: 96fdbb068740693f2bcead695a1402934da0489f3fc6360ed04a3fb28e2f9064
+  data.tar.gz: 3bdbd122a1edae5e313724495287f14de1e97cd362e924efa37564387f5747ed
 SHA512:
-  metadata.gz: 7bd4b6562cc69b1a7031f8bb358cdaf05f2678c43fc0daada334f89601c6daa313243f2b8ad5056b6c87abf11a9ec6b81129e006e4b08f9554681153fdeabf7d
-  data.tar.gz: 1756b4083d7b9d8cef60a886fd946d790554b35805900dcabdfba61fb47ac902f37a626b8347784b64a815844ae4e63b5776091d306c4e6905fe95b3a5814cb9
+  metadata.gz: 5d46e7f00932801d65b862ef448bad585cd3b309f7504fcdf49610863c63b713928e3a7ce042a7cfc4244290a532e2f9dd71c2c98c4f4663d30278e4d5ed94cb
+  data.tar.gz: 68f9573c5659f50e9c9cabdb43d57cbd79d0ea3da6bb8b135c67f38c8fc9106a9427db6159bf52184e8d083c4ea6a5a1e06ac505e00055e6a0f3625c54de3988

data/.rubocop.yml

@@ -1,5 +1,13 @@
+require:
+  - rubocop-rake
+  - rubocop-rspec
+plugins:
+  - rubocop-capybara
+  - rubocop-performance
+
 AllCops:
-  TargetRubyVersion: 2.6
+  TargetRubyVersion: 3.2
+  NewCops: enable
 
 Style/StringLiterals:
   Enabled: true
@@ -11,3 +19,7 @@ Style/StringLiteralsInInterpolation:
 
 Layout/LineLength:
   Max: 120
+
+Metrics/BlockLength:
+  AllowedMethods:
+    - included

data/Gemfile

@@ -9,8 +9,15 @@ gem "rake", "~> 13.0"
 
 gem "rspec", "~> 3.0"
 
-gem "rubocop", "~> 1.21"
+gem "rubocop", "~> 1.76"
 
 gem "yaml", "~> 0.2.0"
 
-gem "activesupport", "~> 7.0"
+gem "activerecord", "~> 6.1.1"
+gem "activesupport", "~> 6.1.1"
+
+gem "rubocop-performance", "~> 1.19"
+gem "rubocop-rake", "~> 0.6.0"
+gem "rubocop-rspec", "~> 2.12"
+
+gem "concurrent-ruby", "1.3.4"

data/Gemfile.lock

@@ -1,71 +1,115 @@
 PATH
   remote: .
   specs:
-    rbac (1.0.0)
+    rbac-ruby (2.0.0)
+      activerecord (>= 6.1, < 9.0)
+      activesupport (>= 6.1, < 9.0)
+      concurrent-ruby (= 1.3.4)
+      yaml (~> 0.2.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (7.0.3)
+    activemodel (6.1.7.10)
+      activesupport (= 6.1.7.10)
+    activerecord (6.1.7.10)
+      activemodel (= 6.1.7.10)
+      activesupport (= 6.1.7.10)
+    activesupport (6.1.7.10)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-    ast (2.4.2)
-    concurrent-ruby (1.1.10)
-    diff-lcs (1.5.0)
-    i18n (1.10.0)
+      zeitwerk (~> 2.3)
+    ast (2.4.3)
+    concurrent-ruby (1.3.4)
+    diff-lcs (1.6.2)
+    i18n (1.14.7)
       concurrent-ruby (~> 1.0)
-    json (2.6.2)
-    minitest (5.16.2)
-    parallel (1.22.1)
-    parser (3.1.2.0)
+    json (2.12.2)
+    language_server-protocol (3.17.0.5)
+    lint_roller (1.1.0)
+    minitest (5.25.5)
+    parallel (1.27.0)
+    parser (3.3.8.0)
       ast (~> 2.4.1)
+      racc
+    prism (1.4.0)
+    racc (1.8.1)
     rainbow (3.1.1)
-    rake (13.0.6)
-    regexp_parser (2.5.0)
-    rexml (3.2.5)
-    rspec (3.11.0)
-      rspec-core (~> 3.11.0)
-      rspec-expectations (~> 3.11.0)
-      rspec-mocks (~> 3.11.0)
-    rspec-core (3.11.0)
-      rspec-support (~> 3.11.0)
-    rspec-expectations (3.11.0)
+    rake (13.3.0)
+    regexp_parser (2.10.0)
+    rspec (3.13.1)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.4)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-mocks (3.11.1)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-support (3.11.0)
-    rubocop (1.31.2)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.4)
+    rubocop (1.76.1)
       json (~> 2.3)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
       parallel (~> 1.10)
-      parser (>= 3.1.0.0)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
-      rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.18.0, < 2.0)
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.45.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.18.0)
-      parser (>= 3.1.1.0)
-    ruby-progressbar (1.11.0)
-    tzinfo (2.0.4)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.45.1)
+      parser (>= 3.3.7.2)
+      prism (~> 1.4)
+    rubocop-capybara (2.22.1)
+      lint_roller (~> 1.1)
+      rubocop (~> 1.72, >= 1.72.1)
+    rubocop-factory_bot (2.27.1)
+      lint_roller (~> 1.1)
+      rubocop (~> 1.72, >= 1.72.1)
+    rubocop-performance (1.25.0)
+      lint_roller (~> 1.1)
+      rubocop (>= 1.75.0, < 2.0)
+      rubocop-ast (>= 1.38.0, < 2.0)
+    rubocop-rake (0.6.0)
+      rubocop (~> 1.0)
+    rubocop-rspec (2.31.0)
+      rubocop (~> 1.40)
+      rubocop-capybara (~> 2.17)
+      rubocop-factory_bot (~> 2.22)
+      rubocop-rspec_rails (~> 2.28)
+    rubocop-rspec_rails (2.29.1)
+      rubocop (~> 1.61)
+    ruby-progressbar (1.13.0)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (2.2.0)
-    yaml (0.2.0)
+    unicode-display_width (3.1.4)
+      unicode-emoji (~> 4.0, >= 4.0.4)
+    unicode-emoji (4.0.4)
+    yaml (0.2.1)
+    zeitwerk (2.7.3)
 
 PLATFORMS
+  arm64-darwin-24
   x86_64-linux
 
 DEPENDENCIES
-  activesupport (~> 7.0)
+  activerecord (~> 6.1.1)
+  activesupport (~> 6.1.1)
+  concurrent-ruby (= 1.3.4)
   rake (~> 13.0)
-  rbac!
+  rbac-ruby!
   rspec (~> 3.0)
-  rubocop (~> 1.21)
+  rubocop (~> 1.76)
+  rubocop-performance (~> 1.19)
+  rubocop-rake (~> 0.6.0)
+  rubocop-rspec (~> 2.12)
   yaml (~> 0.2.0)
 
 BUNDLED WITH
-   2.2.33
+   2.4.19

data/README.md

@@ -7,7 +7,7 @@ A simple way to manage access and visibillity scopes to objects in your Rails ap
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'rbac'
+gem 'rbac-ruby'
 ```
 
 And then execute:

data/lib/rbac/authorizer.rb

@@ -3,27 +3,33 @@
 require "yaml"
 
 module Rbac
-  # Authorizer class is responsible for checking
+  # Authorizer module is responsible for checking
   # if user has access to perform some action.
-  class Authorizer
-    attr_reader :config
+  module Authorizer
+    require "active_support/concern"
+    extend ActiveSupport::Concern
 
-    # Load configuration from a YAML file.
-    def initialize(config_file)
-      @config = YAML.load_file(config_file)
+    def authorize_user(attrs)
+      Rbac::User.current = Rbac::User.new(**attrs)
     end
 
-    def role_allows?(request)
-      controller, action = fetch_params_from_request(request)
-      config["features"][controller][action].include?(User.current_user.role)
+    def user_role_authorized?
+      controller = params[:controller]
+      action = params[:action]
+      routes_config.dig("features", controller, action)&.include?(Rbac::User.current.role)
     end
 
     private
 
-    def fetch_params_from_request(request)
-      controller = request.params[:controller]
-      action = request.params[:action]
-      [controller, action]
+    # Load configuration from a YAML file.
+    def routes_config
+      @routes_config ||= YAML.safe_load_file(ENV.fetch("RBAC_ROUTES_FILE", "config/rbac_routes.yaml"))
     end
   end
 end
+
+module ActionController
+  class API
+    include Rbac::Authorizer
+  end
+end

data/lib/rbac/filterer.rb

@@ -1,34 +1,50 @@
-module Rbac::Filterer
-  require "active_support/concern"
-  extend ActiveSupport::Concern
+# frozen_string_literal: true
 
-  included do
-    def self.filtered
-      require 'yaml'
+require "yaml"
+require "active_support/concern"
+require "active_support/core_ext/string"
+require "active_record"
 
-      scopes_map = YAML.load File.open ENV['SCOPES_MAP_FILE']
+module Rbac
+  # Filterer module defines some ActiveRecord methods
+  # for filtering objects to which user does not have access.
+  module Filterer
+    extend ActiveSupport::Concern
 
-      filters_config = scopes_map[self.name][User.current_user.role]
+    included do
+      scope :rbac_filtered, lambda {
+        scopes_map = YAML.safe_load_file(ENV.fetch("RBAC_SCOPES_FILE", "config/rbac_scopes.yml"))
 
-      filters = filters_config['filters']
-      scope = filters_config['scope']
-      parent = filters_config['parent']
+        current_user = Rbac::User.current
+        filters_config = scopes_map.dig(name, current_user.role)
+
+        filters = filters_config["filters"]
+        scope = filters_config["scope"]
+        parent = filters_config["parent"]
+
+        return send(scope) if scope
+
+        return none unless filters || parent
+
+        relation = all
 
-      # TODO: refactor it and remove complexity of this code 
-      if parent
         if filters
-          additional_filters = filters.map { |field_name, attribute|  { field_name => User.current_user.send(attribute) } }.reduce Hash.new, :merge
-          where(additional_filters.merge(parent.downcase.to_sym => parent.constantize.filtered))
-        else
-          where(parent.downcase.to_sym => parent.constantize.filtered)
+          additional_filters = filters.transform_values do |attribute|
+            current_user.attributes[attribute]
+          end
+          relation = relation.where(additional_filters)
         end
-      elsif filters
-        where(filters.map { |field_name, attribute|  { field_name => User.current_user.send(attribute) } }.reduce Hash.new, :merge)
-      elsif scope
-        self.send(scope)
-      else
-        []
-      end
+
+        return relation unless parent
+
+        relation.where(parent.underscore => parent.constantize.rbac_filtered)
+      }
     end
   end
-end
+end
+
+module ActiveRecord
+  class Base
+    include Rbac::Filterer
+  end
+end

data/lib/rbac/user.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require "active_support/core_ext/module"
+
+module Rbac
+  # Class Rbac::User describes authorized user
+  # and stores its attributes required for RBAC filtration
+  class User
+    attr_reader :role, :attributes
+
+    thread_mattr_accessor :current
+
+    def initialize(role:, **attrs)
+      @role = role
+      @attributes = attrs.stringify_keys
+    end
+  end
+end

data/lib/rbac/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Rbac
-  VERSION = "1.0.1"
+  VERSION = "2.0.0"
 end

data/lib/rbac.rb

@@ -3,6 +3,7 @@
 require_relative "rbac/version"
 require_relative "rbac/authorizer"
 require_relative "rbac/filterer"
+require_relative "rbac/user"
 
 module Rbac
   class Error < StandardError; end

data/rbac.gemspec

@@ -8,13 +8,15 @@ Gem::Specification.new do |spec|
   spec.authors = ["Aliaksei Hrechushkin"]
   spec.email = ["ahrechushkin@ibagroup.eu"]
 
-  spec.summary = "Role-based access control gem."
-  spec.description = "Use dynamicly configurable RBAC system to control access to your application."
-  spec.required_ruby_version = ">= 2.6.0"
-  spec.homepage      = "https://icdc.io"
-  spec.licenses = ["Apache-2.0"]
-  spec.metadata["source_code_uri"] = "https://github.com/icdc-io/rbac-ruby"
-  spec.metadata["changelog_uri"] = "https://github.com/icdc-io/rbac-ruby/blob/master/CHANGELOG.md"
+  spec.summary               = "Role-based access control gem."
+  spec.description           = "Use dynamicly configurable RBAC system to control access to your application."
+  spec.required_ruby_version = ">= 3.2.0"
+  spec.homepage              = "https://icdc.io"
+  spec.licenses              = ["Apache-2.0"]
+
+  spec.metadata["source_code_uri"]       = "https://github.com/icdc-io/rbac-ruby"
+  spec.metadata["changelog_uri"]         = "https://github.com/icdc-io/rbac-ruby/blob/master/CHANGELOG.md"
+  spec.metadata["rubygems_mfa_required"] = "true"
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
@@ -27,6 +29,11 @@ Gem::Specification.new do |spec|
   spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
+  spec.add_dependency "activerecord", ">= 6.1", "< 9.0"
+  spec.add_dependency "activesupport", ">= 6.1", "< 9.0"
+  spec.add_dependency "concurrent-ruby", "1.3.4"
+  spec.add_dependency "yaml", "~> 0.2.0"
+
   # Uncomment to register a new dependency of your gem
   # spec.add_dependency "example-gem", "~> 1.0"
 

metadata

@@ -1,15 +1,82 @@
 --- !ruby/object:Gem::Specification
 name: rbac-ruby
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 2.0.0
 platform: ruby
 authors:
 - Aliaksei Hrechushkin
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-08-04 00:00:00.000000000 Z
-dependencies: []
+date: 2025-06-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9.0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '9.0'
+- !ruby/object:Gem::Dependency
+  name: concurrent-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.3.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.3.4
+- !ruby/object:Gem::Dependency
+  name: yaml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.0
 description: Use dynamicly configurable RBAC system to control access to your application.
 email:
 - ahrechushkin@ibagroup.eu
@@ -30,6 +97,7 @@ files:
 - lib/rbac.rb
 - lib/rbac/authorizer.rb
 - lib/rbac/filterer.rb
+- lib/rbac/user.rb
 - lib/rbac/version.rb
 - rbac.gemspec
 - rbac_routes.example.yml
@@ -41,7 +109,7 @@ licenses:
 metadata:
   source_code_uri: https://github.com/icdc-io/rbac-ruby
   changelog_uri: https://github.com/icdc-io/rbac-ruby/blob/master/CHANGELOG.md
-post_install_message:
+  rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
 - lib
@@ -49,15 +117,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.6.0
+      version: 3.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
-signing_key:
+rubygems_version: 3.6.3
 specification_version: 4
 summary: Role-based access control gem.
 test_files: []