slow_your_roles 2.0.2

data/lib/generators/slow_your_roles/slow_your_roles_generator.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module SlowYourRoles
+  module Generators
+    # Generator class to add SlowYourRoles to an ActiveRecord model.
+    class SlowYourRolesGenerator < Rails::Generators::Base
+      namespace 'slow_your_roles'
+
+      argument :role_col, type: :string, required: false, default: 'roles', banner: 'role column'
+
+      class_option :use_bitmask_method, type: :boolean, required: false, default: false,
+                                        desc: 'Setup migration for Bitmask method'
+
+      desc 'Create ActiveRecord migration for slow_your_roles on NAME model using \
+[ROLE] column -- defaults to \'roles\''
+
+      source_root File.expand_path('../templates', __dir__)
+
+      hook_for :orm
+
+      def show_readme
+        readme 'README' if behavior == :invoke
+      end
+    end
+  end
+end

data/lib/generators/templates/README

@@ -0,0 +1,9 @@
+
+
+===============================================
+
+           Now run rake db:migrate 
+
+===============================================
+
+

data/lib/methods/bitmask.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+module SlowYourRoles
+  # Bitmask support
+  class Bitmask
+    def initialize(base, column_name, _options)
+      base.send :define_method, :_roles= do |roles|
+        states = base.const_get(column_name.upcase.to_sym)
+        self[column_name.to_sym] = (roles & states).map { |r| 2**states.index(r) }.sum
+      end
+
+      base.send :define_method, :_roles do
+        states = base.const_get(column_name.upcase.to_sym)
+        masked_integer = self[column_name.to_sym] || 0
+        states.reject.with_index { |_r, i| masked_integer[i].zero? }
+      end
+
+      base.send :define_method, :has_role? do |role|
+        _roles.include?(role)
+      end
+
+      base.send :define_method, :add_role do |*roles|
+        roles.each do |role|
+          self._roles = _roles.push(role).uniq
+        end
+      end
+
+      base.send :define_method, :add_role! do |*roles|
+        roles.each do |role|
+          add_role(role)
+        end
+        save!
+      end
+
+      base.send :define_method, :remove_role do |role|
+        new_roles = _roles
+        new_roles.delete(role)
+        self._roles = new_roles
+      end
+
+      base.send :define_method, :remove_role! do |role|
+        remove_role(role)
+        save!
+      end
+
+      base.send :define_method, :clear_roles do
+        self[column_name.to_sym] = 0
+      end
+
+      base.send :define_method, :clear_roles! do
+        clear_roles
+        save!
+      end
+
+      base.class_eval do
+        alias_method :add_roles, :add_role
+        alias_method :add_roles!, :add_role
+
+        scope :with_role, (proc { |role|
+          states = base.const_get(column_name.upcase.to_sym)
+          raise ArgumentError unless states.include? role
+
+          role_bit_index = states.index(role)
+          valid_mask_integers = (0..2**states.count - 1).select { |i| i[role_bit_index] == 1 }
+          where(column_name => valid_mask_integers)
+        })
+        scope :without_role, (proc { |role|
+          states = base.const_get(column_name.upcase.to_sym)
+          raise ArgumentError unless states.include? role
+
+          role_bit_index = states.index(role)
+          valid_mask_integers = (0..2**states.count - 1).reject { |i| i[role_bit_index] == 1 }
+          where(column_name => valid_mask_integers)
+        })
+      end
+    end
+  end
+end

data/lib/methods/serialize.rb

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+
+module SlowYourRoles
+  # Serialize support
+  class Serialize
+    def initialize(base, column_name, _options)
+      base.serialize column_name.to_sym, Array
+      base.before_validation(:make_default_roles, on: :create)
+      base.send :define_method, :has_role? do |role|
+        self[column_name.to_sym].include?(role)
+      end
+
+      base.send :define_method, :add_role do |*roles|
+        clear_roles if self[column_name.to_sym].blank?
+
+        roles.each do |role|
+          return false if !roles_marker.empty? && role.include?(roles_marker)
+        end
+
+        roles.each do |role|
+          next if has_role?(role)
+
+          self[column_name.to_sym] << role
+        end
+
+        self[column_name.to_sym]
+      end
+
+      base.send :define_method, :add_role! do |role|
+        return false unless add_role(role)
+
+        save!
+      end
+
+      base.send :define_method, :remove_role do |role|
+        self[column_name.to_sym].delete(role)
+      end
+
+      base.send :define_method, :remove_role! do |role|
+        remove_role(role)
+        save!
+      end
+
+      base.send :define_method, :clear_roles do
+        self[column_name.to_sym] = []
+      end
+
+      base.send :define_method, :make_default_roles do
+        clear_roles if self[column_name.to_sym].blank?
+      end
+
+      base.send :private, :make_default_roles
+
+      # Scopes:
+      # ---------
+      # For security, wrapping markers must be included in the LIKE search,
+      # otherwise a user with role 'administrator' would erroneously be included
+      # in `User.with_scope('admin')`.
+      #
+      # Rails uses YAML for serialization, so the markers are newlines.
+      # Unfortunately, sqlite can't match newlines reliably, and it doesn't
+      # natively support REGEXP. Therefore, hooks are currently being used to
+      # wrap roles in '!' markers when talking to the database. This is hacky,
+      # but unavoidable. The implication is that, for security, it must be
+      # actively enforced that role names cannot include the '!' character.
+      #
+      # An alternative would be to use JSON instead of YAML to serialize the
+      # data, but I've wrestled countless SerializationTypeMismatch errors
+      # trying to accomplish this, in vain. The real problem, of course, is even
+      # trying to query serialized data. I'm unsure how well this would work in
+      # different ruby versions or implementations, which may handle object
+      # dumping differently. Bitmasking seems to be a more reliable strategy.
+
+      base.class_eval do
+        alias_method :add_roles, :add_role
+        alias_method :add_roles!, :add_role
+
+        cattr_accessor :roles_marker
+        cattr_accessor :column
+
+        self.roles_marker = '!'
+        self.column = "#{table_name}.#{column_name}"
+
+        scope :with_role, (proc { |r|
+          where("#{column} LIKE '%#{roles_marker}#{r}#{roles_marker}%'")
+        })
+
+        scope :without_role, (proc { |r|
+          where("#{column} NOT LIKE '%#{roles_marker}#{r}#{roles_marker}%' OR #{column} IS NULL")
+        })
+
+        define_method :add_role_markers do
+          self[column_name.to_sym].map! { |r| [roles_marker, r, roles_marker].join }
+        end
+
+        define_method :strip_role_markers do
+          self[column_name.to_sym].map! { |r| r.gsub(roles_marker, '') }
+        end
+
+        private :add_role_markers, :strip_role_markers
+        before_save :add_role_markers
+        after_save :strip_role_markers
+        after_rollback :strip_role_markers
+        after_find :strip_role_markers
+      end
+    end
+  end
+end

data/lib/slow_your_roles.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require 'active_support'
+
+# Include this module in your ActiveRecord model for role support.
+module SlowYourRoles
+  extend ActiveSupport::Concern
+
+  included do |base|
+    base.send :alias_method, :method_missing_without_roles, :method_missing
+    base.send :alias_method, :method_missing, :method_missing_with_roles
+
+    base.send :alias_method, :respond_to_without_roles?, :respond_to?
+    base.send :alias_method, :respond_to?, :respond_to_with_roles?
+  end
+
+  ALLOWED_METHODS = %i[serialize bitmask].freeze
+
+  ALLOWED_METHODS.each do |method|
+    autoload method.to_s.capitalize.to_sym, "methods/#{method}"
+  end
+
+  # Adding slow_your_roles to the model class.
+  module ClassMethods
+    def slow_your_roles(name, options = { method: :serialize })
+      begin
+        raise NameError unless ALLOWED_METHODS.include? options[:method]
+      rescue NameError
+        puts '[Slow Your Roles] Storage method does not exist reverting to Serialize'
+        options[:method] = :serialize
+      end
+      "SlowYourRoles::#{options[:method].to_s.camelize}".constantize.new(self, name, options)
+    end
+  end
+
+  def method_missing_with_roles(method_id, *args, &block)
+    match = method_id.to_s.match(/^is_(\w+)[?]$/)
+    if match && respond_to?('has_role?')
+      self.class.send(:define_method, "is_#{match[1]}?") do
+        send :has_role?, (match[1]).to_s
+      end
+      send "is_#{match[1]}?"
+    else
+      method_missing_without_roles(method_id, *args, &block)
+    end
+  end
+
+  def respond_to_with_roles?(method_id, _include_private = false)
+    match = method_id.to_s.match(/^is_(\w+)[?]$/)
+    if match && respond_to?('has_role?')
+      true
+    else
+      respond_to_without_roles?(method_id, false)
+    end
+  end
+end
+
+module ActiveRecord
+  # Include SlowYourRoles in ActiveRecord::Base
+  class Base
+    include SlowYourRoles
+  end
+end

data/slow_your_roles.gemspec

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+Gem::Specification.new do |s|
+  s.name = 'slow_your_roles'
+  s.version = '2.0.2'
+  s.authors = ['Aaron A']
+  s.date = '2020-04-21'
+  s.summary = 'Easy role authorization in Rails'
+  s.description = 'Easy role authorization in Rails ported from an unmaintained library'
+  s.email = '_aaron@tutanota.com'
+  s.extra_rdoc_files = ['CHANGELOG.md', 'README.md'] + Dir['lib/**/*']
+  s.files = [
+    'CHANGELOG.md',
+    'Gemfile',
+    'Gemfile.lock',
+    'README.md',
+    'Rakefile',
+    'slow_your_roles.gemspec',
+    'init.rb'] + Dir['lib/**/*']
+  s.test_files = Dir['spec/**/*']
+  s.homepage = 'http://github.com/aarona/slow_your_roles'
+  s.rdoc_options = [
+    '--line-numbers',
+    '--inline-source',
+    '--title',
+    'Slow_your_roles',
+    '--main',
+    'README.md'
+  ]
+  s.require_paths = ['lib']
+
+  s.add_runtime_dependency('activesupport', ['>= 6.0.3.1'])
+  s.add_development_dependency('activerecord', ['>= 6.0.3.1'])
+  s.add_development_dependency('rspec', ['>= 0'])
+  s.add_development_dependency('rubocop', ['>= 0'])
+  s.add_development_dependency('sqlite3', ['>= 0'])
+end

data/spec/methods/bitmask_spec.rb

@@ -0,0 +1,261 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe SlowYourRoles do
+  describe 'bitmask method' do
+    it 'should allow me to set a users role' do
+      user = BitmaskUser.new
+      user.add_role 'admin'
+      expect(user._roles). to include 'admin'
+    end
+
+    it 'should allow me to set multiple roles at one time' do
+      user = BitmaskUser.new
+      user.add_roles 'admin', 'manager'
+      expect(user._roles).to include 'admin'
+      expect(user._roles).to include 'manager'
+      expect(user._roles.length).to eq 2
+      user.add_roles 'admin', 'manager','user'
+      expect(user._roles).to include 'user'
+      expect(user._roles.length).to eq 3
+    end
+
+    it 'should return true for is_admin? if the admin role is added to the user' do
+      user = BitmaskUser.new
+      user.add_role 'admin'
+      expect(user.is_admin?).to eq(true)
+    end
+
+    it "should return true for has_role? 'admin' if the admin role is added to the user" do
+      user = BitmaskUser.new
+      user.add_role 'admin'
+      expect(user.has_role?('admin')).to eq(true)
+    end
+
+    it "should turn false for has_role? 'manager' if manager role is not added to the user" do
+      user = BitmaskUser.new
+      expect(user.has_role?('manager')).to eq(false)
+    end
+
+    it 'should turn false for is_manager? if manager role is not added to the user' do
+      user = BitmaskUser.new
+      expect(user.is_manager?).to eq(false)
+    end
+
+    it 'should not allow you to add a role not in the array list of roles' do
+      user = BitmaskUser.new
+      user.add_role 'lolcat'
+      expect(user.is_lolcat?).to eq(false)
+    end
+
+    it 'should only add valid roles when adding multiple roles' do
+      user = BitmaskUser.new
+      user.add_roles 'admin', 'manager', 'lolcat'
+      expect(user._roles.length).to eq 2
+      expect(user._roles).to include 'admin'
+      expect(user._roles).to include 'manager'
+    end
+
+    describe 'normal methods' do
+      it 'should not save to the database if not implicitly saved' do
+        user = BitmaskUser.create(name: 'Ryan')
+        user.add_role 'admin'
+        expect(user.is_admin?).to eq(true)
+        user.reload
+
+        expect(user.is_admin?).to eq(false)
+      end
+
+      it 'should save to the database if implicity saved' do
+        user = BitmaskUser.create(name: 'Ryan')
+        user.add_role 'admin'
+        expect(user.is_admin?).to eq(true)
+        user.save
+        user.reload
+
+        expect(user.is_admin?).to eq(true)
+      end
+
+      it 'should clear all roles and not save if not implicitly saved' do
+        user = BitmaskUser.create(name: 'Ryan')
+        user.add_role 'admin'
+        expect(user.is_admin?).to eq(true)
+        user.save
+        user.reload
+        expect(user.is_admin?).to eq(true)
+
+        user.clear_roles
+        expect(user.is_admin?).to eq(false)
+        user.reload
+
+        expect(user.is_admin?).to eq(true)
+      end
+
+      it 'should clear all roles and save if implicitly saved' do
+        user = BitmaskUser.create(name: 'Ryan')
+        user.add_role 'admin'
+        expect(user.is_admin?).to eq(true)
+        user.save
+        user.reload
+        expect(user.is_admin?).to eq(true)
+
+        user.clear_roles
+        expect(user.is_admin?).to eq(false)
+        user.save
+        user.reload
+
+        expect(user.is_admin?).to eq(false)
+      end
+
+      it 'should remove a role and not save unless implicitly saved' do
+        user = BitmaskUser.create(name: 'Ryan')
+        user.add_role 'admin'
+        expect(user.is_admin?).to eq(true)
+        user.save
+        user.reload
+
+        expect(user.is_admin?).to eq(true)
+        user.remove_role 'admin'
+        expect(user.is_admin?).to eq(false)
+        user.reload
+
+        expect(user.is_admin?).to eq(true)
+      end
+
+      it 'should remove a role and save if implicitly saved' do
+        user = BitmaskUser.create(name: 'Ryan')
+        user.add_role 'admin'
+        expect(user.is_admin?).to eq(true)
+        user.save
+        user.reload
+
+        expect(user.is_admin?).to eq(true)
+        user.remove_role 'admin'
+        expect(user.is_admin?).to eq(false)
+        user.save
+        user.reload
+
+        expect(user.is_admin?).to eq(false)
+      end
+    end
+
+    describe 'bang method' do
+      it 'should save to the database if the bang method is used' do
+        user = BitmaskUser.create(name: 'Ryan')
+        user.add_role! 'admin'
+        expect(user.is_admin?).to eq(true)
+        user.reload
+
+        expect(user.is_admin?).to eq(true)
+      end
+
+      it 'should allow me to set multiple roles at one time' do
+        user = BitmaskUser.new
+        user.add_roles! 'admin', 'manager'
+        expect(user._roles).to include 'admin'
+        expect(user._roles).to include 'manager'
+        expect(user._roles.length).to eq 2
+        user.add_roles! 'admin', 'manager','user'
+        expect(user._roles).to include 'user'
+        expect(user._roles.length).to eq 3
+      end
+
+      it 'should remove a role and save' do
+        user = BitmaskUser.create(name: 'Ryan')
+        user.add_role 'admin'
+        expect(user.is_admin?).to eq(true)
+        user.save
+        user.reload
+
+        expect(user.is_admin?).to eq(true)
+        user.remove_role! 'admin'
+        expect(user.is_admin?).to eq(false)
+        user.reload
+
+        expect(user.is_admin?).to eq(false)
+      end
+
+      it 'should clear all roles and save' do
+        user = BitmaskUser.create(name: 'Ryan')
+        user.add_role 'admin'
+        expect(user.is_admin?).to eq(true)
+        user.save
+        user.reload
+        expect(user.is_admin?).to eq(true)
+
+        user.clear_roles!
+        expect(user.is_admin?).to eq(false)
+        user.reload
+
+        expect(user.is_admin?).to eq(false)
+      end
+    end
+
+    describe 'scopes' do
+      describe 'with_role' do
+        it 'should implement the `with_role` scope' do
+          expect(BitmaskUser).to respond_to :with_role
+        end
+
+        it 'should return an ActiveRecord::Relation' do
+          expect(BitmaskUser.with_role('admin').class).to eq(
+            "BitmaskUser::ActiveRecord_Relation".constantize
+          )
+        end
+
+        it 'should raise an ArgumentError for undefined roles' do
+          expect { BitmaskUser.with_role('your_mom') }.to raise_error(ArgumentError)
+        end
+
+        it 'should match records with a given role' do
+          user = BitmaskUser.create(name: 'Daniel')
+          expect(BitmaskUser.with_role('admin')).not_to include user
+          user.add_role! 'admin'
+          expect(BitmaskUser.with_role('admin')).to include user
+        end
+
+        it 'should be chainable' do
+          (daniel = BitmaskUser.create(name: 'Daniel')).add_role! 'user'
+          (ryan = BitmaskUser.create(name: 'Ryan')).add_role! 'user'
+          ryan.add_role! 'admin'
+          admin_users = BitmaskUser.with_role('user').with_role('admin')
+          expect(admin_users).to include ryan
+          expect(admin_users).not_to include daniel
+        end
+      end
+
+      describe 'without_role' do
+        it 'should implement the `without_role` scope' do
+          expect(BitmaskUser).to respond_to :without_role
+        end
+
+        it 'should return an ActiveRecord::Relation' do
+          expect(BitmaskUser.without_role('admin').class).to eq(
+            "BitmaskUser::ActiveRecord_Relation".constantize
+          )
+        end
+
+        it 'should raise an ArgumentError for undefined roles' do
+          expect { BitmaskUser.without_role('your_mom') }.to raise_error(ArgumentError)
+        end
+
+        it 'should match records with a given role' do
+          user = BitmaskUser.create(name: 'Daniel')
+          expect(BitmaskUser.without_role('admin')).to include user
+          user.add_role! 'admin'
+          expect(BitmaskUser.without_role('admin')).not_to include user
+        end
+
+        it 'should be chainable' do
+          (daniel = BitmaskUser.create(name: 'Daniel')).add_role! 'user'
+          (ryan = BitmaskUser.create(name: 'Ryan')).add_role! 'user'
+          ryan.add_role! 'admin'
+          non_admin_users = BitmaskUser.with_role('user').without_role('admin')
+          expect(non_admin_users).not_to include ryan
+          expect(non_admin_users).to include daniel
+        end
+      end
+    end
+  end
+end