rhino-rails 0.9.0

data/lib/rhino/commands/install_command.rb

@@ -0,0 +1,408 @@
+# frozen_string_literal: true
+
+require "rhino/commands/base_command"
+
+module Rhino
+  module Commands
+    # Interactive setup wizard — mirrors Laravel `php artisan rhino:install` exactly.
+    #
+    # Usage: rails rhino:install
+    class InstallCommand < BaseCommand
+      def perform
+        say ""
+        say "+ Rhino :: Install :: Let's build something great +", :cyan
+        say ""
+
+        features = multi_select("Which features would you like to configure?") do |menu|
+          menu.default 1
+          menu.choice "Publish config & routes", "publish"
+          menu.choice "Multi-tenant support (Organizations, Roles)", "multi_tenant"
+          menu.choice "Audit trail (change logging)", "audit_trail"
+        end
+
+        test_framework = select("Which test framework do you use?") do |menu|
+          menu.default 1
+          menu.choice "RSpec", "rspec"
+          menu.choice "Minitest", "minitest"
+        end
+
+        identifier_column = "id"
+        roles = ["admin"]
+
+        if features.include?("multi_tenant")
+          identifier_column = ask("What column should be used to identify organizations?", default: "id")
+
+          roles_input = ask("What roles should your app have?", default: "admin, editor, viewer")
+          roles = (["admin"] + roles_input.split(",").map(&:strip)).uniq
+        end
+
+        say ""
+
+        if features.include?("publish")
+          task("Publishing config") { publish_config(test_framework) }
+          task("Publishing routes") { publish_routes }
+          task("Creating blueprint directory") { create_blueprint_directory }
+        end
+
+        if features.include?("multi_tenant")
+          task("Creating migrations") { create_multi_tenant_migrations }
+          task("Creating models") { create_multi_tenant_models(roles) }
+          task("Creating factories") { create_factories }
+          task("Creating policies") { create_policies }
+          task("Updating config") { update_config(identifier_column) }
+          task("Creating seeders") { create_seeders(roles) }
+        end
+
+        if features.include?("audit_trail")
+          task("Creating audit trail migration") { create_audit_trail_migration }
+        end
+
+        say ""
+        run_post_install_steps(features)
+
+        install_ai_skill
+
+        say ""
+        say "Rhino installed successfully!", :green
+        say ""
+
+        print_next_steps(features)
+      end
+
+      private
+
+      # ----------------------------------------------------------------
+      # Publish
+      # ----------------------------------------------------------------
+
+      def publish_config(test_framework)
+        template_path = File.expand_path("../../templates/rhino.rb", __FILE__)
+        dest_path = Rails.root.join("config/initializers/rhino.rb")
+
+        FileUtils.mkdir_p(File.dirname(dest_path))
+
+        content = File.read(template_path)
+        content = content.gsub('test_framework: "rspec"', "test_framework: \"#{test_framework}\"")
+        File.write(dest_path, content)
+      end
+
+      def publish_routes
+        template_path = File.expand_path("../../templates/routes.rb", __FILE__)
+        dest_path = Rails.root.join("config/routes/rhino.rb")
+
+        FileUtils.mkdir_p(File.dirname(dest_path))
+        FileUtils.cp(template_path, dest_path)
+      end
+
+      # ----------------------------------------------------------------
+      # Multi-tenant
+      # ----------------------------------------------------------------
+
+      def create_multi_tenant_migrations
+        timestamp = Time.current.strftime("%Y%m%d%H%M%S")
+        migrations_path = Rails.root.join("db/migrate")
+        FileUtils.mkdir_p(migrations_path)
+
+        templates_dir = File.expand_path("../../templates/multi_tenant/migrations", __FILE__)
+
+        {
+          "create_users" => "#{timestamp}00",
+          "create_organizations" => "#{timestamp}01",
+          "create_roles" => "#{timestamp}02",
+          "create_user_roles" => "#{timestamp}03"
+        }.each do |name, ts|
+          template = File.join(templates_dir, "#{name}.rb.erb")
+          next unless File.exist?(template)
+
+          content = ERB.new(File.read(template), trim_mode: "-").result(binding)
+          File.write(migrations_path.join("#{ts}_#{name}.rb"), content)
+        end
+      end
+
+      def create_multi_tenant_models(roles)
+        models_path = Rails.root.join("app/models")
+        FileUtils.mkdir_p(models_path)
+
+        templates_dir = File.expand_path("../../templates/multi_tenant/models", __FILE__)
+
+        %w[user organization role user_role].each do |model|
+          template = File.join(templates_dir, "#{model}.rb.erb")
+          next unless File.exist?(template)
+
+          content = ERB.new(File.read(template), trim_mode: "-").result_with_hash(roles: roles)
+          File.write(models_path.join("#{model}.rb"), content)
+        end
+      end
+
+      def create_factories
+        factories_path = Rails.root.join("spec/factories")
+        FileUtils.mkdir_p(factories_path)
+
+        templates_dir = File.expand_path("../../templates/multi_tenant/factories", __FILE__)
+
+        %w[users organizations roles user_roles].each do |factory|
+          template = File.join(templates_dir, "#{factory}.rb.erb")
+          next unless File.exist?(template)
+
+          content = ERB.new(File.read(template), trim_mode: "-").result(binding)
+          File.write(factories_path.join("#{factory}.rb"), content)
+        end
+      end
+
+      def create_policies
+        policies_path = Rails.root.join("app/policies")
+        FileUtils.mkdir_p(policies_path)
+
+        templates_dir = File.expand_path("../../templates/multi_tenant/policies", __FILE__)
+
+        %w[organization_policy role_policy].each do |policy|
+          template = File.join(templates_dir, "#{policy}.rb.erb")
+          next unless File.exist?(template)
+
+          content = ERB.new(File.read(template), trim_mode: "-").result(binding)
+          File.write(policies_path.join("#{policy}.rb"), content)
+        end
+      end
+
+      def update_config(identifier_column)
+        config_path = Rails.root.join("config/initializers/rhino.rb")
+        return unless File.exist?(config_path)
+
+        content = File.read(config_path)
+
+        # Update organization_identifier_column
+        content = content.gsub(
+          'organization_identifier_column: "id"',
+          "organization_identifier_column: \"#{identifier_column}\""
+        )
+
+        # Add organization and role models
+        unless content.include?("config.model :organizations")
+          content = content.gsub(
+            "# config.model :posts, 'Post'",
+            "config.model :organizations, 'Organization'\n  config.model :roles, 'Role'\n  # config.model :posts, 'Post'"
+          )
+        end
+
+        # Add tenant route group
+        unless content.include?("config.route_group :tenant")
+          content = content.gsub(
+            "# config.route_group :default",
+            "config.route_group :tenant, prefix: \":organization\", middleware: [Rhino::Middleware::ResolveOrganizationFromRoute], models: :all\n  # config.route_group :default"
+          )
+        end
+
+        File.write(config_path, content)
+      end
+
+      def create_seeders(roles)
+        seeders_path = Rails.root.join("db/seeds")
+        FileUtils.mkdir_p(seeders_path)
+
+        templates_dir = File.expand_path("../../templates/multi_tenant/seeders", __FILE__)
+
+        template = File.join(templates_dir, "role_seeder.rb.erb")
+        if File.exist?(template)
+          content = ERB.new(File.read(template), trim_mode: "-").result_with_hash(roles: roles)
+          File.write(seeders_path.join("role_seeder.rb"), content)
+        end
+
+        template = File.join(templates_dir, "organization_seeder.rb.erb")
+        if File.exist?(template)
+          content = ERB.new(File.read(template), trim_mode: "-").result(binding)
+          File.write(seeders_path.join("organization_seeder.rb"), content)
+        end
+      end
+
+      # ----------------------------------------------------------------
+      # Audit trail
+      # ----------------------------------------------------------------
+
+      def create_audit_trail_migration
+        timestamp = Time.current.strftime("%Y%m%d%H%M%S")
+        migrations_path = Rails.root.join("db/migrate")
+        FileUtils.mkdir_p(migrations_path)
+
+        # Check for existing
+        existing = Dir.glob(migrations_path.join("*_create_audit_logs.rb"))
+        return unless existing.empty?
+
+        template = File.expand_path("../../templates/audit_trail/create_audit_logs.rb.erb", __FILE__)
+        if File.exist?(template)
+          content = ERB.new(File.read(template), trim_mode: "-").result(binding)
+          File.write(migrations_path.join("#{timestamp}_create_audit_logs.rb"), content)
+        end
+      end
+
+      # ----------------------------------------------------------------
+      # Post-install
+      # ----------------------------------------------------------------
+
+      def run_post_install_steps(features)
+        has_migrations = features.include?("multi_tenant") || features.include?("audit_trail")
+
+        if has_migrations
+          if yes?("Would you like to run migrations now?")
+            task("Running migrations") { system("rails db:migrate") }
+          end
+        end
+
+        if features.include?("multi_tenant")
+          if yes?("Would you like to seed the database?")
+            task("Seeding database") { system("rails db:seed") }
+          end
+        end
+      end
+
+      def print_next_steps(features)
+        say "Remaining steps:", :yellow
+        say ""
+
+        step = 1
+
+        if features.include?("audit_trail")
+          say "  #{step}. Add Rhino::HasAuditTrail concern to your models:"
+          say "     include Rhino::HasAuditTrail"
+          step += 1
+        end
+
+        if features.include?("multi_tenant")
+          say "  #{step}. Add Rhino::HasPermissions concern to your User model:"
+          say "     include Rhino::HasPermissions"
+          step += 1
+        end
+
+        say ""
+      end
+
+      # ----------------------------------------------------------------
+      # Blueprint directory
+      # ----------------------------------------------------------------
+
+      def create_blueprint_directory
+        bp_dir = Rails.root.join(".rhino", "blueprints")
+        FileUtils.mkdir_p(bp_dir)
+
+        guide_path = bp_dir.join("..", "BLUEPRINT.md")
+        unless File.exist?(guide_path)
+          File.write(guide_path, blueprint_guide_content)
+        end
+      end
+
+      def blueprint_guide_content
+        <<~MD
+          # Rhino Blueprint — AI Guide
+
+          Use this file to teach AI assistants how to generate valid YAML blueprint files.
+
+          ## Quick Start
+
+          1. Create `_roles.yaml` in `.rhino/blueprints/` with your role definitions
+          2. Create `{model_slug}.yaml` for each model
+          3. Run `rails rhino:blueprint` to generate all files
+
+          ## Roles Format
+
+          ```yaml
+          roles:
+            owner:
+              name: Owner
+              description: "Full access"
+            viewer:
+              name: Viewer
+              description: "Read-only"
+          ```
+
+          ## Model Format
+
+          ```yaml
+          model: Contract
+          slug: contracts
+
+          options:
+            belongs_to_organization: true
+            soft_deletes: true
+
+          columns:
+            title:
+              type: string
+              filterable: true
+
+          permissions:
+            owner:
+              actions: [index, show, store, update, destroy]
+              show_fields: "*"
+              create_fields: "*"
+              update_fields: "*"
+          ```
+
+          ## Valid Column Types
+          string, text, integer, bigInteger, boolean, date, datetime, timestamp, decimal, float, json, uuid, foreignId
+
+          ## Valid Actions
+          index, show, store, update, destroy, trashed, restore, forceDelete
+        MD
+      end
+
+      # ----------------------------------------------------------------
+      # AI Skill
+      # ----------------------------------------------------------------
+
+      def install_ai_skill
+        say ""
+
+        ai_tools = multi_select("Install Rhino AI Skill for which tools? (select none to skip)") do |menu|
+          menu.default 1
+          menu.choice "Claude Code (.claude/skills/rhino/)", "claude"
+          menu.choice "Cursor (.cursor/rules/rhino/)", "cursor"
+          menu.choice "AI Directory (.ai/skills/rhino/)", "ai"
+        end
+
+        return if ai_tools.empty?
+
+        url = "https://rhino-project.github.io/rhino-docs/skills/rails/SKILL.md"
+
+        destinations = {
+          "claude" => ".claude/skills/rhino/SKILL.md",
+          "cursor" => ".cursor/rules/rhino/SKILL.md",
+          "ai" => ".ai/skills/rhino/SKILL.md"
+        }
+
+        # Download once
+        require "net/http"
+        require "uri"
+
+        uri = URI.parse(url)
+        response = Net::HTTP.get_response(uri)
+
+        # Follow redirect if needed
+        if response.is_a?(Net::HTTPRedirection)
+          uri = URI.parse(response["location"])
+          response = Net::HTTP.get_response(uri)
+        end
+
+        unless response.is_a?(Net::HTTPSuccess)
+          say "  Could not download skill file. You can manually download it from:", :yellow
+          say "  #{url}"
+          return
+        end
+
+        content = response.body
+
+        ai_tools.each do |tool|
+          dest_file = Rails.root.join(destinations[tool])
+
+          task("Installing skill for #{tool}") do
+            FileUtils.mkdir_p(File.dirname(dest_file))
+            File.write(dest_file, content)
+          end
+        end
+
+        say "  AI Skill installed successfully.", :green
+      rescue StandardError => e
+        say "  Could not download skill file (#{e.message}). You can manually download it from:", :yellow
+        say "  #{url}"
+      end
+    end
+  end
+end

data/lib/rhino/commands/invitation_link_command.rb

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+require "rhino/commands/base_command"
+
+module Rhino
+  module Commands
+    # Generate an invitation link for testing — mirrors Laravel `php artisan invitation:link` exactly.
+    #
+    # Usage: rails invitation:link EMAIL ORG [--role=ROLE] [--create]
+    class InvitationLinkCommand < BaseCommand
+      attr_accessor :email, :organization_identifier, :options
+
+      def initialize
+        super
+        @options = { role: nil, create: false }
+      end
+
+      def perform(email = @email, organization_identifier = @organization_identifier)
+        role_identifier = options[:role]
+        should_create = options[:create]
+
+        # Find organization
+        identifier_column = Rhino.config.multi_tenant[:organization_identifier_column] || "slug"
+
+        org_class = "Organization".safe_constantize
+        unless org_class
+          say "Organization model not found.", :red
+          return
+        end
+
+        organization = org_class.find_by(identifier_column => organization_identifier)
+
+        unless organization
+          say "Organization '#{organization_identifier}' not found.", :red
+          return
+        end
+
+        # Find or create invitation
+        invitation = OrganizationInvitation
+                       .where(email: email, organization_id: organization.id, status: "pending")
+                       .first
+
+        if !invitation && !should_create
+          say "No pending invitation found for '#{email}' in organization '#{organization.name}'.", :red
+          say "Use --create flag to create a new invitation."
+          return
+        end
+
+        if !invitation && should_create
+          unless role_identifier
+            say "Role is required when creating a new invitation. Use --role option.", :red
+            return
+          end
+
+          role_class = "Role".safe_constantize
+          unless role_class
+            say "Role model not found.", :red
+            return
+          end
+
+          role = if role_identifier.match?(/\A\d+\z/)
+                   role_class.find_by(id: role_identifier)
+                 else
+                   role_class.find_by(slug: role_identifier)
+                 end
+
+          unless role
+            say "Role '#{role_identifier}' not found.", :red
+            return
+          end
+
+          user_class = "User".safe_constantize
+          invited_by = user_class&.first
+
+          unless invited_by
+            say "No user found to assign as 'invited_by'. Please create a user first.", :red
+            return
+          end
+
+          invitation = OrganizationInvitation.create!(
+            organization_id: organization.id,
+            email: email,
+            role_id: role.id,
+            invited_by: invited_by.id
+          )
+
+          say "Created new invitation for #{email}.", :green
+        end
+
+        # Build the invitation URL
+        frontend_url = ENV.fetch("FRONTEND_URL", "http://localhost:5173")
+        url = "#{frontend_url}/accept-invitation?token=#{invitation.token}"
+
+        say ""
+        say "Invitation link for #{email}:", :green
+        say url
+        say ""
+        say "Token: #{invitation.token}"
+        say "Organization: #{organization.name} (#{organization.try(:slug) || organization.id})"
+        say "Role: #{invitation.role&.name}" if invitation.respond_to?(:role) && invitation.role
+        say "Status: #{invitation.status}"
+        say "Expires: #{invitation.expires_at&.strftime('%Y-%m-%d %H:%M:%S')}" if invitation.expires_at
+        say ""
+      end
+    end
+  end
+end

data/lib/rhino/concerns/belongs_to_organization.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Rhino
+  # Multi-tenant scoping concern.
+  # Mirrors the Laravel BelongsToOrganization trait.
+  #
+  # Usage:
+  #   class Post < ApplicationRecord
+  #     include Rhino::BelongsToOrganization
+  #   end
+  #
+  # For nested ownership (model doesn't have organization_id directly),
+  # the path is auto-detected from belongs_to associations.
+  module BelongsToOrganization
+    extend ActiveSupport::Concern
+
+    included do
+      belongs_to :organization
+
+      # Auto-set organization_id on creation from request context
+      before_create :set_organization_from_context
+
+      # Default scope to filter by current organization
+      default_scope lambda {
+        if defined?(RequestStore) && RequestStore.store[:rhino_organization]
+          where(organization_id: RequestStore.store[:rhino_organization].id)
+        else
+          all
+        end
+      }
+    end
+
+    class_methods do
+      def for_organization(organization)
+        where(organization_id: organization.id)
+      end
+    end
+
+    private
+
+    def set_organization_from_context
+      return if organization_id.present?
+      return unless defined?(RequestStore)
+
+      org = RequestStore.store[:rhino_organization]
+      self.organization_id = org.id if org
+    end
+  end
+end

data/lib/rhino/concerns/has_audit_trail.rb

@@ -0,0 +1,125 @@
+# frozen_string_literal: true
+
+module Rhino
+  # Automatic change logging concern.
+  # Mirrors the Laravel HasAuditTrail trait.
+  #
+  # Tracks: created, updated, deleted, force_deleted, restored
+  # Records: old/new values, user_id, organization_id, ip_address, user_agent
+  #
+  # Usage:
+  #   class Post < ApplicationRecord
+  #     include Rhino::HasAuditTrail
+  #
+  #     # Optional: exclude sensitive fields from audit logging
+  #     rhino_audit_exclude :password, :remember_token
+  #   end
+  module HasAuditTrail
+    extend ActiveSupport::Concern
+
+    included do
+      class_attribute :audit_exclude_fields, default: %w[password remember_token]
+
+      has_many :audit_logs, -> { order(created_at: :desc) },
+               as: :auditable,
+               class_name: "Rhino::AuditLog",
+               dependent: :destroy
+
+      after_create :log_audit_created
+      after_update :log_audit_updated
+      after_destroy :log_audit_deleted
+
+      # For soft deletes restoration
+      if respond_to?(:after_undiscard)
+        after_undiscard :log_audit_restored
+      end
+    end
+
+    class_methods do
+      def rhino_audit_exclude(*fields)
+        self.audit_exclude_fields = fields.map(&:to_s)
+      end
+    end
+
+    private
+
+    def log_audit_created
+      log_audit("created", nil, auditable_attributes)
+    end
+
+    def log_audit_updated
+      changes = saved_changes.except("updated_at")
+      return if changes.blank?
+
+      old_values = {}
+      new_values = {}
+
+      changes.each do |field, (old_val, new_val)|
+        next if audit_exclude_fields.include?(field)
+        old_values[field] = old_val
+        new_values[field] = new_val
+      end
+
+      return if new_values.blank?
+
+      log_audit("updated", old_values, new_values)
+    end
+
+    def log_audit_deleted
+      action = respond_to?(:discarded?) && discarded? ? "deleted" : "force_deleted"
+      log_audit(action, auditable_attributes, nil)
+    end
+
+    def log_audit_restored
+      log_audit("restored", nil, auditable_attributes)
+    end
+
+    def log_audit(action, old_values, new_values)
+      return unless audit_log_table_exists?
+
+      attributes = {
+        auditable: self,
+        action: action,
+        old_values: old_values,
+        new_values: new_values,
+        user_id: current_audit_user_id,
+        ip_address: current_audit_ip_address,
+        user_agent: current_audit_user_agent
+      }
+
+      # Add organization_id if available
+      org = current_audit_organization
+      attributes[:organization_id] = org.id if org
+
+      Rhino::AuditLog.create!(attributes)
+    rescue StandardError => e
+      Rails.logger.warn("Rhino::HasAuditTrail: Failed to log audit: #{e.message}")
+    end
+
+    def auditable_attributes
+      attributes.except(*audit_exclude_fields)
+    end
+
+    def current_audit_user_id
+      RequestStore.store[:rhino_current_user]&.id if defined?(RequestStore)
+    end
+
+    def current_audit_ip_address
+      RequestStore.store[:rhino_ip_address] if defined?(RequestStore)
+    end
+
+    def current_audit_user_agent
+      RequestStore.store[:rhino_user_agent] if defined?(RequestStore)
+    end
+
+    def current_audit_organization
+      RequestStore.store[:rhino_organization] if defined?(RequestStore)
+    end
+
+    def audit_log_table_exists?
+      @_audit_log_table_exists ||= ActiveRecord::Base.connection.table_exists?("audit_logs")
+    rescue StandardError
+      false
+    end
+  end
+end