RubyGems - rbacan - Versions diffs - 0.1.1 → 0.2.0 - Mend

rbacan 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +50 -0
data/Gemfile.lock +287 -115
data/README.md +287 -36
data/app/models/rbacan/user_role.rb +1 -0
data/lib/generators/install/templates/copy_to_seeds.rb +13 -17
data/lib/generators/install/templates/create_permissions.rb +9 -7
data/lib/generators/install/templates/create_role_permissions.rb +10 -7
data/lib/generators/install/templates/create_roles.rb +9 -7
data/lib/generators/install/templates/create_user_roles.rb +11 -8
data/lib/generators/install/templates/rbacan.rb +27 -0
data/lib/rbacan/authorization.rb +46 -0
data/lib/rbacan/engine.rb +9 -3
data/lib/rbacan/not_authorized.rb +23 -0
data/lib/rbacan/permittable.rb +74 -28
data/lib/rbacan/roles_and_permissions.rb +28 -20
data/lib/rbacan/route_constraint.rb +50 -0
data/lib/rbacan/version.rb +1 -1
data/lib/rbacan/view_helpers.rb +14 -0
data/lib/rbacan.rb +22 -18
data/rbacan.gemspec +17 -20
metadata +46 -23

data/lib/rbacan/permittable.rb CHANGED Viewed

@@ -1,33 +1,79 @@
 require 'active_support'
 module Rbacan
-    module Permittable
-        extend ActiveSupport::Concern
-        included do
-            has_many :user_roles, class_name: Rbacan.user_role_class, dependent: :destroy
-            has_many :roles, class_name: Rbacan.role_class, through: :user_roles
-            def assign_role(role_name)
-                assigned_role = Rbacan::Role.find_by_name(role_name)
-                Rbacan::UserRole.create(user_id: self.id, role_id: assigned_role.id)
-            end
-            def remove_role(role_name)
-                removed_role = Rbacan::Role.find_by_name(role_name)
-                Rbacan::UserRole.where(user_id: self.id, role_id: removed_role.id).destroy_all
-            end
-            def can?(permission)
-                @user_roles = self.roles
-                user_permission = Rbacan::Permission.find_by_name(permission)
-                if user_permission && @user_roles.joins(:role_permissions).where(role_permissions: {permission_id: user_permission.id}).count > 0
-                    return true
-                else
-                    return false
-                end
-            end
-        end
+  module Permittable
+    extend ActiveSupport::Concern
+    included do
+      has_many :user_roles,
+               class_name: Rbacan.user_role_class,
+               dependent:  :destroy
+      accepts_nested_attributes_for :user_roles
+      has_many :roles,
+               class_name: Rbacan.role_class,
+               through:    :user_roles
+      # Returns users that have the given role (by name).
+      scope :with_role, ->(role_name) {
+        joins(:roles).where(Rbacan.role_table => { name: role_name.to_s })
+      }
+      # Returns users that have the given permission via any of their roles.
+      scope :with_permission, ->(permission_name) {
+        joins(roles: { role_permissions: :permission })
+          .where(Rbacan.permission_table => { name: permission_name.to_s })
+      }
+      # Assigns a role to the user. Idempotent — safe to call multiple times.
+      # Fix: was find_or_initialize_by (never persisted); now find_or_create_by.
+      def assign_role(role_name)
+        assigned_role = Rbacan.role_class.constantize.find_by_name(role_name.to_s)
+        raise ArgumentError, "Role '#{role_name}' not found" unless assigned_role
+        self.user_roles.find_or_create_by(role_id: assigned_role.id)
+      end
+      # Removes a role from the user.
+      # Fix: was Rbacan::UserRole.where(user_id: ...) — now uses the scoped
+      # association so it respects the configured class and any FK setup.
+      def remove_role(role_name)
+        removed_role = Rbacan.role_class.constantize.find_by_name(role_name.to_s)
+        return unless removed_role
+        self.user_roles.where(role_id: removed_role.id).destroy_all
+      end
+      # Returns true if the user has the named permission via any of their roles.
+      # Fix: was two queries; now a single EXISTS query via association joins.
+      def can?(permission_name)
+        self.roles
+            .joins(role_permissions: :permission)
+            .where(Rbacan.permission_table => { name: permission_name.to_s })
+            .exists?
+      end
+      # Returns true if the user has the named role.
+      def has_role?(role_name)
+        self.roles.where(name: role_name.to_s).exists?
+      end
+      # Returns true if the user has ANY of the listed roles.
+      def has_any_role?(*role_names)
+        self.roles.where(name: role_names.map(&:to_s)).exists?
+      end
+      # Returns true if the user has ALL of the listed permissions.
+      # Uses a single query: counts distinct matching permissions and compares
+      # to the requested set size.
+      def can_all?(*permission_names)
+        names = permission_names.map(&:to_s)
+        self.roles
+            .joins(role_permissions: :permission)
+            .where(Rbacan.permission_table => { name: names })
+            .select("#{Rbacan.permission_table}.name")
+            .distinct
+            .count == names.uniq.size
+      end
     end
+  end
 end

data/lib/rbacan/roles_and_permissions.rb CHANGED Viewed

@@ -1,26 +1,34 @@
 module Rbacan
-    module RolesAndPermissions
+  module RolesAndPermissions
-        attr_reader :test_method
-        def self.create_roles(roles)
-            roles.each do |role|
-                Rbacan::Role.create(name: role)
-            end
-        end
+    # Creates roles by name. Idempotent — skips existing ones.
+    def self.create_roles(roles)
+      roles.each do |role|
+        Rbacan.role_class.constantize.find_or_create_by(name: role.to_s)
+      end
+    end
+    # Creates permissions by name. Idempotent — skips existing ones.
+    def self.create_permissions(permissions)
+      permissions.each do |permission|
+        Rbacan.permission_class.constantize.find_or_create_by(name: permission.to_s)
+      end
+    end
+    # Assigns a list of permissions to a role. Idempotent — skips duplicates.
+    def self.assign_permissions_to_role(role_name, permissions)
+      chosen_role = Rbacan.role_class.constantize.find_by_name(role_name.to_s)
+      return unless chosen_role
-        def self.create_permissions(permissions)
-            permissions.each do |permission|
-                Rbacan::Permission.create(name: permission)
-            end
-        end
+      permissions.each do |permission|
+        given_permission = Rbacan.permission_class.constantize.find_by_name(permission.to_s)
+        next unless given_permission
-        def self.assign_permissions_to_role(role_name, permissions)
-            chosen_role = Rbacan::Role.find_by_name(role_name)
-            permissions.each do |permission|
-                given_permission = Rbacan::Permission.find_by_name(permission)
-                Rbacan::RolePermission.create(role_id: chosen_role.id, permission_id: given_permission.id)
-            end
-        end
+        Rbacan.role_permission_class.constantize.find_or_create_by(
+          role_id:       chosen_role.id,
+          permission_id: given_permission.id
+        )
+      end
     end
+  end
 end

data/lib/rbacan/route_constraint.rb ADDED Viewed

@@ -0,0 +1,50 @@
+module Rbacan
+  class RouteConstraint
+    # Constrains routes to users that have a given role or permission.
+    #
+    # Usage in config/routes.rb:
+    #   constraints Rbacan::RouteConstraint.new(role: :admin) do
+    #     namespace :admin do
+    #       resources :users
+    #     end
+    #   end
+    #
+    #   constraints Rbacan::RouteConstraint.new(permission: :access_admin_panel) do
+    #     ...
+    #   end
+    def initialize(role: nil, permission: nil)
+      if role.nil? && permission.nil?
+        raise ArgumentError, "Provide exactly one of role: or permission:"
+      end
+      if role && permission
+        raise ArgumentError, "Provide exactly one of role: or permission:, not both"
+      end
+      @role       = role&.to_s
+      @permission = permission&.to_s
+    end
+    def matches?(request)
+      user = current_user_from(request)
+      return false unless user
+      @role ? user.has_role?(@role) : user.can?(@permission)
+    end
+    private
+    def current_user_from(request)
+      # Warden (Devise) path — most common, no extra query needed.
+      warden = request.env['warden']
+      return warden.user if warden&.authenticated?
+      # Fallback: manual session lookup for apps not using Warden.
+      user_id = request.session[:user_id] || request.session['user_id']
+      return nil unless user_id
+      Rbacan.permittable_class.constantize.find_by(id: user_id)
+    rescue StandardError
+      nil
+    end
+  end
+end

data/lib/rbacan/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Rbacan
-  VERSION = "0.1.1"
+  VERSION = "0.2.0"
 end

data/lib/rbacan/view_helpers.rb ADDED Viewed

@@ -0,0 +1,14 @@
+module Rbacan
+  module ViewHelpers
+    # Renders the block only if the current user has the given permission.
+    #
+    # Usage in views:
+    #   <% authorized?(:publish_post) do %>
+    #     <%= link_to "Publish", publish_post_path(@post) %>
+    #   <% end %>
+    def authorized?(permission, &block)
+      return unless current_user&.can?(permission.to_s)
+      capture(&block) if block_given?
+    end
+  end
+end

data/lib/rbacan.rb CHANGED Viewed

@@ -1,7 +1,11 @@
 require "rbacan/version"
+require "rbacan/not_authorized"
 require "rbacan/permittable"
-require 'rbacan/engine'
+require "rbacan/engine"
 require "rbacan/roles_and_permissions"
+require "rbacan/authorization"
+require "rbacan/view_helpers"
+require "rbacan/route_constraint"
 module Rbacan
   mattr_accessor :permittable_class
@@ -27,28 +31,29 @@ module Rbacan
   @@role_permission_class = 'Rbacan::RolePermission'
   @@role_permission_table = 'role_permissions'
-  def create_role(role_name)
-    @@role_class.create(name: role_name)
-  end
+  # :raise (default), :redirect, or any callable (lambda/proc).
+  mattr_accessor :unauthorized_handler
+  @@unauthorized_handler = :raise
-  def create_permission(permission_name)
-    @@permission_class.create(name: permission_name)
-  end
+  # Redirect path used when unauthorized_handler is :redirect.
+  mattr_accessor :unauthorized_redirect_path
+  @@unauthorized_redirect_path = '/'
-  def assign_permission_to_role(role_name, permission_name)
-    chosen_role = @@role_class.find_by_name(role_name)
-    given_permission = @@permission_class.find_by_name(permission_name)
-    @@role_permission_class.create(role_id: chosen_role.id, perm_id: given_permission.id)
+  def self.create_role(role_name)
+    @@role_class.constantize.create(name: role_name)
   end
-  def assign_role(role_name)
-      assigned_role = Role.find_by_name(role_name)
-      @@user_role_class.create(user_id: self.id, role_id: assigned_role.id)
+  def self.create_permission(permission_name)
+    @@permission_class.constantize.create(name: permission_name)
   end
-  def remove_user_role(role_name)
-      removed_role = Role.find_by_name(role_name)
-      @@user_role_class.where(user_id: self.id, role_id: removed_role.id).destroy_all
+  def self.assign_permission_to_role(role_name, permission_name)
+    chosen_role      = @@role_class.constantize.find_by_name(role_name)
+    given_permission = @@permission_class.constantize.find_by_name(permission_name)
+    @@role_permission_class.constantize.create(
+      role_id:       chosen_role.id,
+      permission_id: given_permission.id
+    )
   end
   def self.configure(&block)
@@ -56,5 +61,4 @@ module Rbacan
   end
   class Error < StandardError; end
-  # Your code goes here...
 end

data/rbacan.gemspec CHANGED Viewed

@@ -9,26 +9,20 @@ Gem::Specification.new do |spec|
   spec.authors       = ["hamdi"]
   spec.email         = ["hamdi_amiche@outlook.fr"]
-  spec.summary       = %q{a gem to give permission access to users looknig back to their roles}
-  spec.description   = %q{RBACan is a Role-based access control tool to control user access to the functionnalities of your application}
+  spec.summary       = %q{A gem to give permission access to users based on their roles}
+  spec.description   = %q{RBACan is a Role-Based Access Control tool to control user access to the functionalities of your application}
   spec.homepage      = "https://github.com/hamdi777/RBACan"
-  spec.license       = "MIT"
+  spec.licenses      = ["MIT"]
-  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
-  # to allow pushing to a single host or delete this section to allow pushing to any host.
   if spec.respond_to?(:metadata)
-    spec.metadata["allowed_push_host"] = "https://rubygems.org/profiles/hamdi777"
-    spec.metadata["homepage_uri"] = spec.homepage
-    spec.metadata["source_code_uri"] = "https://rubygems.org/profiles/hamdi777"
-    spec.metadata["changelog_uri"] = "https://rubygems.org/profiles/hamdi777/CHANGELOG.md"
+    spec.metadata["allowed_push_host"] = "https://rubygems.org"
+    spec.metadata["homepage_uri"]      = spec.homepage
+    spec.metadata["source_code_uri"]   = "https://github.com/hamdi777/RBACan"
+    spec.metadata["changelog_uri"]     = "https://github.com/hamdi777/RBACan/blob/master/CHANGELOG.md"
   else
-    raise "RubyGems 2.0 or newer is required to protect against " \
-      "public gem pushes."
+    raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
   end
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
   spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
@@ -36,10 +30,13 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
-  spec.add_dependency 'rails', '>= 4.2'
-  spec.add_development_dependency "bundler", "~> 2.0"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec", "~> 3.0"
-  spec.add_development_dependency 'generator_spec', '~> 0.9.4'
-  spec.add_development_dependency 'railties', '~> 5.2', '>= 5.2.3'
+  spec.add_dependency 'rails', '>= 5.2'
+  spec.add_development_dependency "bundler",      ">= 2.0"
+  spec.add_development_dependency "rake",         "~> 13.0"
+  spec.add_development_dependency "rspec",        "~> 3.0"
+  spec.add_development_dependency "generator_spec", "~> 0.9.4"
+  spec.add_development_dependency "railties",     ">= 5.2"
+  spec.add_development_dependency "activerecord", ">= 5.2"
+  spec.add_development_dependency "sqlite3",      ">= 1.4"
 end

metadata CHANGED Viewed

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: rbacan
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - hamdi
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-08-26 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -16,26 +15,26 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: '5.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: '5.2'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
@@ -44,14 +43,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -84,24 +83,46 @@ dependencies:
   name: railties
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
         version: '5.2'
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.2.3
+        version: '5.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '5.2'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.2.3
-description: RBACan is a Role-based access control tool to control user access to
-  the functionnalities of your application
+        version: '1.4'
+description: RBACan is a Role-Based Access Control tool to control user access to
+  the functionalities of your application
 email:
 - hamdi_amiche@outlook.fr
 executables: []
@@ -111,6 +132,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
+- CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
 - Gemfile.lock
@@ -132,20 +154,23 @@ files:
 - lib/generators/install/templates/rbacan.rb
 - lib/generators/rbacan/install_generator.rb
 - lib/rbacan.rb
+- lib/rbacan/authorization.rb
 - lib/rbacan/engine.rb
+- lib/rbacan/not_authorized.rb
 - lib/rbacan/permittable.rb
 - lib/rbacan/roles_and_permissions.rb
+- lib/rbacan/route_constraint.rb
 - lib/rbacan/version.rb
+- lib/rbacan/view_helpers.rb
 - rbacan.gemspec
 homepage: https://github.com/hamdi777/RBACan
 licenses:
 - MIT
 metadata:
-  allowed_push_host: https://rubygems.org/profiles/hamdi777
+  allowed_push_host: https://rubygems.org
   homepage_uri: https://github.com/hamdi777/RBACan
-  source_code_uri: https://rubygems.org/profiles/hamdi777
-  changelog_uri: https://rubygems.org/profiles/hamdi777/CHANGELOG.md
-post_install_message:
+  source_code_uri: https://github.com/hamdi777/RBACan
+  changelog_uri: https://github.com/hamdi777/RBACan/blob/master/CHANGELOG.md
 rdoc_options: []
 require_paths:
 - lib
@@ -160,9 +185,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.13
-signing_key:
+rubygems_version: 3.6.8
 specification_version: 4
-summary: a gem to give permission access to users looknig back to their roles
+summary: A gem to give permission access to users based on their roles
 test_files: []