thecore_auth_commons 3.0.4 → 3.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ec36a718aa7ee95db6647d093b6dae8f5614318234b9072108d286e5254a8758
-  data.tar.gz: 536085973f16cec797a29bae031524fbf0c550cef5c286f3f541f6199dc20cae
+  metadata.gz: 7e9c1cc8505cddf86bb6abc922c538a0d55fa571933b6158e078df3c89a477a5
+  data.tar.gz: 751434de07685430512faf2ff6c970c5a6a1dde6ced7e536f1d65ad7ad0acf27
 SHA512:
-  metadata.gz: 79f643c8b4042a3d266501dee7d8d12e346b274aa4fc38949bc0b9bdc9de4d44180d4864224052201a21fc640fbffe9ef7561e6cc7bb12886f83e40ef9656679
-  data.tar.gz: ad9c7046f4ac59fd5b8cf2ace03b70bf243b331b5de249cb07c9f3b10cae7efb4c02edf252d327212dbafe03bec22d7d2e6c16cf45aaf373aa0e0d66e5b69185
+  metadata.gz: 8411d2a2141e28d778b47907d2594370c1f8c585d835e852a2f8c1ba46fba11ff9dab3abd7f3b5df269aa4149a7af4ca8055798d14ddf01cb484173695d78b1d
+  data.tar.gz: 8fefa012326df5192ede21c356e081b696603fef3a1979143f18c3807bf567b4660f8f98ca2fee964f005a6c9d9dbdf5068b1a1e64b8b63f421a9e4555b96084

data/README.md

@@ -1,4 +1,4 @@
-# ThecoreAuth
+# ThecoreAuthCommons
 Short description and motivation.
 
 ## Usage
@@ -8,7 +8,7 @@ How to use my plugin.
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'thecore_auth_commons'
+gem "thecore_auth_commons"
 ```
 
 And then execute:

data/Rakefile

@@ -1,32 +1,3 @@
-begin
-  require 'bundler/setup'
-rescue LoadError
-  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
-end
+require "bundler/setup"
 
-require 'rdoc/task'
-
-RDoc::Task.new(:rdoc) do |rdoc|
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title    = 'ThecoreAuthCommons'
-  rdoc.options << '--line-numbers'
-  rdoc.rdoc_files.include('README.md')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
-
-APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
-load 'rails/tasks/engine.rake'
-
-load 'rails/tasks/statistics.rake'
-
-require 'bundler/gem_tasks'
-
-require 'rake/testtask'
-
-Rake::TestTask.new(:test) do |t|
-  t.libs << 'test'
-  t.pattern = 'test/**/*_test.rb'
-  t.verbose = false
-end
-
-task default: :test
+require "bundler/gem_tasks"

data/app/models/user.rb

@@ -1,57 +1,6 @@
 class User < ApplicationRecord
   # Include default devise modules. Others available are:
   # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
-  devise :database_authenticatable
-  devise :trackable
-  devise :validatable
-  # TODO: If it works, these must be added to another gem one which deal 
-  # more with sessions
-  # devise :database_authenticatable
-  # devise :rememberable
-  # devise :trackable
-  # devise :validatable
-  # devise :timeoutable, timeout_in: 30.minutes
-          
-  before_validation on: :create do
-    # If the generated uuid is not already present, then create the user with the proposed uuid
-    # Otherwise, try to generate another one
-    begin
-        self.access_token = SecureRandom.uuid #urlsafe_base64(32)
-    end while ::User.exists?(access_token: self.access_token)
-  end
-  # REFERENCES
-  has_many :role_users, dependent: :destroy, inverse_of: :user
-  has_many :roles, through: :role_users, inverse_of: :users
-  # VALIDATIONS
-  validates :email, uniqueness: { case_sensitive: false }, presence: true, format: { with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i }
-  validates :password, presence: true, on: :create
-  validates :password_confirmation, presence: true, on: :create
-  validate :check_password_and_confirmation_equal
-  validates :access_token, uniqueness: true
-  validates_each :admin do |record, attr, value|
-    # Don't want admin == false if the current user is the only admin
-    record.errors.add(attr, I18n.t("validation.errors.cannot_unadmin_last_admin")) if record.admin_changed? && record.admin_was == true && User.where(admin: true).count == 1
-  end
-  validates_each :locked do |record, attr, value|
-    # Don't want locked == true if the current user is the only admin
-    record.errors.add(attr, I18n.t("validation.errors.cannot_lock_last_admin")) if record.locked_changed? && record.locked_was == false && User.where(locked: false).count == 1
-  end
-  
-  def display_name
-    email
-  end
-  
-  def has_role? role
-    roles.include? role.to_s
-  end
-  
-  def authenticate password
-    self&.valid_password?(password) ? self : nil
-  end
-  
-  protected
-  
-  def check_password_and_confirmation_equal
-    errors.add(:password, I18n.t("validation.errors.password_and_confirm_must_be_the_same")) unless password == password_confirmation
-  end
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :validatable
 end

data/{lib/abilities/thecore_auth_commons.rb → config/initializers/abilities.rb}

@@ -9,8 +9,8 @@ module Abilities
                 if user.admin?
                     # Admins' abiities
                     can :manage, :all # only allow admin users to access Rails Admin
-                    cannot :destroy, User do |u|
-                        # prevents killing himself
+                    # prevents killing himself
+                    cannot :destroy, ::User do |u| 
                         u.id == user.id
                     end
                 end

data/config/initializers/add_to_db_migrations.rb

@@ -0,0 +1,5 @@
+# This method defines the migrations paths for the engine and adds them to the migrations paths of 
+# the parent Rails app by using ActiveRecord::Migrator.migrations_paths.concat.
+# migrations_paths = [File.expand_path("../../db/migrate", __dir__)]
+# ActiveRecord::Migrator.migrations_paths.concat(migrations_paths)
+Rails.application.config.paths['db/migrate'] << File.expand_path("../../db/migrate", __dir__)

data/config/initializers/after_initialize.rb

@@ -0,0 +1,12 @@
+Rails.application.configure do
+    config.after_initialize do
+        # In development be sure to load all the namespaces
+        # in order to have working reflection and meta-programming.
+        Zeitwerk::Loader.eager_load_all if Rails.env.development?
+        
+        Ability.send(:include, ThecoreAuthCommonsCanCanCanConcern)
+        User.send(:include, ThecoreAuthCommonsUserConcern)
+        User.devise_modules.delete(:recoverable) if ThecoreSettings::Setting.where(ns: :devise, key: :recoverable).first.present? && ThecoreSettings::Setting.where(ns: :devise, key: :recoverable).first.raw == "disable"
+        User.devise_modules.delete(:registerable) if ThecoreSettings::Setting.where(ns: :devise, key: :registerable).first.present? && ThecoreSettings::Setting.where(ns: :devise, key: :registerable).first.raw == "disable"
+    end
+end

data/config/initializers/concern_cancancan.rb

@@ -0,0 +1,22 @@
+module ThecoreAuthCommonsCanCanCanConcern
+  extend ActiveSupport::Concern
+
+  included do
+    def initialize(user)
+      # This will always be the first Ability, since the abilities are "last wins"
+      self.merge Abilities::ThecoreAuthCommons.new user
+      # Other Abilities
+      Abilities.constants(false).each do |ability|
+        unless ability.to_s == "ThecoreAuthCommons"
+          const = Abilities.const_get(ability) 
+          self.merge const.new(user) if const.is_a? Class
+        end
+      end
+      # Overrides from the database defined permissions
+      ::Permission.joins(roles: :users).where(users: {id: user.id}).order(:id).each do |permission|
+        # E.g. can :manage, :all
+        self.send(permission.predicate.name.to_sym, permission.action.name.to_sym, (permission.target.name.classify.constantize rescue permission.target.name.to_sym))
+      end unless user.blank?
+    end
+  end
+end

data/config/initializers/concern_user.rb

@@ -0,0 +1,46 @@
+module ThecoreAuthCommonsUserConcern
+  extend ActiveSupport::Concern
+
+  included do            
+    before_validation on: :create do
+      # If the generated uuid is not already present, then create the user with the proposed uuid
+      # Otherwise, try to generate another one
+      begin
+          self.access_token = SecureRandom.uuid #urlsafe_base64(32)
+      end while ::User.exists?(access_token: self.access_token)
+    end
+    # REFERENCES
+    has_many :role_users, dependent: :destroy, inverse_of: :user
+    has_many :roles, through: :role_users, inverse_of: :users
+    # VALIDATIONS
+    validates :email, uniqueness: { case_sensitive: false }, presence: true, format: { with: /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i }
+    validates :password, presence: true, on: :create
+    validates :password_confirmation, presence: true, on: :create
+    validate :check_password_and_confirmation_equal
+    validates :access_token, uniqueness: true
+    validates_each :admin do |record, attr, value|
+      # Don't want admin == false if the current user is the only admin
+      record.errors.add(attr, I18n.t("validation.errors.cannot_unadmin_last_admin")) if record.admin_changed? && record.admin_was == true && User.where(admin: true).count == 1
+    end
+    validates_each :locked do |record, attr, value|
+      # Don't want locked == true if the current user is the only admin
+      record.errors.add(attr, I18n.t("validation.errors.cannot_lock_last_admin")) if record.locked_changed? && record.locked_was == false && User.where(locked: false).count == 1
+    end
+    
+    def display_name
+      email
+    end
+    
+    def has_role? role
+      roles.include? role.to_s
+    end
+    
+    def authenticate password
+      self&.valid_password?(password) ? self : nil
+    end
+    
+    def check_password_and_confirmation_equal
+      errors.add(:password, I18n.t("validation.errors.password_and_confirm_must_be_the_same")) unless password == password_confirmation
+    end
+  end
+end

data/config/locales/{en.activerecord.yml → en.thecore_auth_commons.yml}

@@ -8,4 +8,3 @@ en:
       user: Section to manage users.
       role: Section to manage Roles
       permission: Section to manage Permissions
-    

data/config/locales/{it.activerecord.yml → it.thecore_auth_commons.yml}

@@ -36,3 +36,12 @@ it:
       user: In questa sezione dell'applicazione potete cercare nella lista degli utenti in diversi modi usando i filtri o ordinare la lista secondo diversi campi.
       role: In questa sezione si possono creare dei ruoli da usare nell'RBAC gestito dai file abilities, per definire le autorizzazioni CRUD e non solo.
       permission: Il predicato definisce se è un permesso di poter fare o non fare, l'azione è il tipo definisce cosa si possa fare o non fare, mentre il modello definisce su chi.
+  permissions:
+    predicates:
+      can: Può
+      cannot: Non può
+    actions:
+      manage: Gestire
+      read: Leggere
+      update: Modificare
+      destroy: Eliminare

data/db/migrate/{20200306143408_create_users.rb → 20160208110805_devise_create_users.rb}

@@ -1,25 +1,25 @@
 # frozen_string_literal: true
 
-class CreateUsers < ActiveRecord::Migration[6.0]
-  def self.up
+class DeviseCreateUsers < ActiveRecord::Migration[7.0]
+  def change
     create_table :users do |t|
       ## Database authenticatable
       t.string :email,              null: false, default: ""
       t.string :encrypted_password, null: false, default: ""
 
       ## Recoverable
-      # t.string   :reset_password_token
-      # t.datetime :reset_password_sent_at
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
 
       ## Rememberable
-      # t.datetime :remember_created_at
+      t.datetime :remember_created_at
 
-      # Trackable
-      t.integer  :sign_in_count, default: 0, null: false
-      t.datetime :current_sign_in_at
-      t.datetime :last_sign_in_at
-      t.string   :current_sign_in_ip
-      t.string   :last_sign_in_ip
+      ## Trackable
+      # t.integer  :sign_in_count, default: 0, null: false
+      # t.datetime :current_sign_in_at
+      # t.datetime :last_sign_in_at
+      # t.string   :current_sign_in_ip
+      # t.string   :last_sign_in_ip
 
       ## Confirmable
       # t.string   :confirmation_token
@@ -33,19 +33,12 @@ class CreateUsers < ActiveRecord::Migration[6.0]
       # t.datetime :locked_at
 
 
-      # Uncomment below if timestamps were not included in your original model.
       t.timestamps null: false
     end
 
     add_index :users, :email,                unique: true
-    # add_index :users, :reset_password_token, unique: true
+    add_index :users, :reset_password_token, unique: true
     # add_index :users, :confirmation_token,   unique: true
     # add_index :users, :unlock_token,         unique: true
   end
-
-  def self.down
-    # By default, we don't want to make any assumption about how to roll back a migration when your
-    # model already existed. Please edit below which fields you would like to remove in this migration.
-    raise ActiveRecord::IrreversibleMigration
-  end
 end

data/db/migrate/20160209152753_add_trackable_to_user.rb

@@ -0,0 +1,9 @@
+class AddTrackableToUser < ActiveRecord::Migration[7.0]
+  def change
+    add_column :users, :sign_in_count, :bigint, default: 0, null: false
+    add_column :users, :current_sign_in_at, :datetime
+    add_column :users, :last_sign_in_at, :datetime
+    add_column :users, :current_sign_in_ip, :string
+    add_column :users, :last_sign_in_ip, :string
+  end
+end

data/db/migrate/{20200306151046_add_admin_field_to_user.rb → 20160209153229_add_admin_to_user.rb}

@@ -1,4 +1,4 @@
-class AddAdminFieldToUser < ActiveRecord::Migration[6.0]
+class AddAdminToUser < ActiveRecord::Migration[7.0]
   def change
     add_column :users, :admin, :boolean, null: false, default: false
   end

data/db/migrate/{20200306153125_add_lock_version_to_user.rb → 20160209153326_add_lock_version_to_user.rb}

@@ -1,4 +1,4 @@
-class AddLockVersionToUser < ActiveRecord::Migration[6.0]
+class AddLockVersionToUser < ActiveRecord::Migration[7.0]
   def change
     add_column :users, :lock_version, :bigint
   end

data/db/migrate/{20200516215346_add_locked_to_user.rb → 20160209153406_add_locked_to_user.rb}

@@ -1,4 +1,4 @@
-class AddLockedToUser < ActiveRecord::Migration[6.0]
+class AddLockedToUser < ActiveRecord::Migration[7.0]
   def change
     add_column :users, :locked, :boolean, null: false, default: false
   end

data/db/migrate/20160209153533_add_access_token_to_user.rb

@@ -0,0 +1,5 @@
+class AddAccessTokenToUser < ActiveRecord::Migration[7.0]
+  def change
+    add_column :users, :encrypted_access_token, :string
+  end
+end

data/db/migrate/20160209153811_create_roles.rb

@@ -0,0 +1,11 @@
+class CreateRoles < ActiveRecord::Migration[7.0]
+  def change
+    create_table :roles do |t|
+      t.string :name
+      t.bigint :lock_version
+
+      t.timestamps
+    end
+    add_index :roles, :name, unique: true
+  end
+end

data/db/migrate/{20200306152816_create_role_users.rb → 20160209153813_create_role_users.rb}

@@ -1,4 +1,4 @@
-class CreateRoleUsers < ActiveRecord::Migration[6.0]
+class CreateRoleUsers < ActiveRecord::Migration[7.0]
   def change
     create_table :role_users do |t|
       t.references :role, null: false, foreign_key: true

data/db/migrate/{20200518082821_create_permissions.rb → 20160209153816_create_permissions_chain.rb}

@@ -1,4 +1,4 @@
-class CreatePermissions < ActiveRecord::Migration[6.0]
+class CreatePermissionsChain < ActiveRecord::Migration[6.0]
   def change
     # Predicates
     create_table :predicates do |t|

data/db/seeds.rb

@@ -6,20 +6,11 @@ unless User.where(admin: true).exists?
     u = User.find_or_initialize_by(email: email)
     u.username = "Administrator" if u.respond_to? :username=
     u.password = u.password_confirmation = psswd
+    u.encrypted_access_token = User.new(:password => SecureRandom.uuid).encrypted_password
     u.admin = true
     u.save(validate: false)
 end
 
-# If there are previous users without the access_token, create it:
-User.all.each do |u|
-    if u.access_token.blank?
-        begin
-            u.access_token = SecureRandom.uuid #urlsafe_base64(32)
-        end while ::User.exists?(access_token: u.access_token)
-        u.save(validate: false)
-    end
-end
-
 @values = {
     predicates: %i[can cannot],
     actions: %i[manage create read update destroy],
@@ -34,4 +25,7 @@ end
 
 fill :predicates
 fill :actions
-fill :targets
+fill :targets
+
+ThecoreSettings::Setting.create(ns: :devise, key: :registerable, raw: "disable")
+ThecoreSettings::Setting.create(ns: :devise, key: :recoverable, raw: "disable")

data/lib/tasks/thecore_auth_commons_tasks.rake

@@ -1,12 +1,8 @@
-# desc "Explaining what the task does"
-# task :thecore_auth_commons do
-#   # Task goes here
-# end
 namespace :thecore do
     namespace :db do
         desc "Load seeds from thecore engines seed files, it also runs rails db:seed as last action."
         task seed: :environment do
-            Thecore::Base.thecore_engines.each { |engine| engine.send :load_seed }
+            Rails::Engine.subclasses.each { |engine| engine.send :load_seed }
             Rake::Task["db:seed"].reenable
             Rake::Task["db:seed"].invoke
         end
@@ -24,5 +20,12 @@ namespace :thecore do
             Rake::Task["thecore:db:init"].reenable
             Rake::Task["thecore:db:init"].invoke
         end
+        desc "Deletes DB if not exists, then init it with all Thecore compatible seeds."
+        task reset: :environment do
+            Rake::Task["db:drop"].reenable
+            Rake::Task["db:drop"].invoke
+            Rake::Task["thecore:db:init"].reenable
+            Rake::Task["thecore:db:init"].invoke
+        end
     end
 end

data/lib/thecore/seed.rb

@@ -0,0 +1,18 @@
+# Extensions to help during seeding of ThecoreSettings
+module Thecore
+  class Seed
+    def self.save_setting ns, setting, value
+      puts "Saving setting if nil #{ns}: #{setting} = #{value}"
+      if ::Settings.ns(ns)[setting].blank?
+        ::Settings.ns(ns)[setting] if value.blank?
+        ::Settings.ns(ns)[setting] = value unless value.blank?
+      end
+    end
+
+    def self.delete_setting ns, setting
+      puts "Removing setting #{ns}: #{setting}"
+      ThecoreSettings::Setting.where(ns: ns, key: setting).destroy_all
+    end
+  end
+end
+  

data/lib/thecore_auth_commons/engine.rb

@@ -1,17 +1,4 @@
 module ThecoreAuthCommons
   class Engine < ::Rails::Engine
-    # https://stackoverflow.com/questions/12161376/rails-3-2-adding-seed-tasks-from-a-mountable-engine
-
-    initializer 'thecore_auth_commons.add_to_migrations' do |app|
-      # Adds the list of Thecore Engines, so to manage seeds loading, i.e.:
-      # Thecore::Base.thecore_engines.each { |engine| engine.load_seed }
-      Thecore::Base.thecore_engines << self.class
-      unless app.root.to_s.match root.to_s
-        # APPEND TO MAIN APP MIGRATIONS FROM THIS GEM
-        config.paths['db/migrate'].expanded.each do |expanded_path|
-          app.config.paths['db/migrate'] << expanded_path
-        end
-      end
-    end
   end
 end

data/lib/thecore_auth_commons.rb

@@ -2,20 +2,12 @@ require 'devise'
 require 'cancancan'
 require 'kaminari'
 require 'activerecord-nulldb-adapter'
-# require 'active_record/hierarchical_query'
-require 'abilities/thecore_auth_commons'
+require "thecore_settings"
 
 require "thecore_auth_commons/engine"
 
+require "thecore/seed"
+
 module ThecoreAuthCommons
   # Your code goes here...
 end
-
-module Thecore
-  class Base
-    @@thecore_engines = []
-    def self.thecore_engines
-      @@thecore_engines
-    end
-  end
-end

metadata

@@ -1,29 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: thecore_auth_commons
 version: !ruby/object:Gem::Version
-  version: 3.0.4
+  version: 3.0.5
 platform: ruby
 authors:
 - Gabriele Tassoni
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-02-07 00:00:00.000000000 Z
+date: 2023-02-11 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '7.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
@@ -80,6 +66,90 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.7'
+- !ruby/object:Gem::Dependency
+  name: thecore_settings
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+- !ruby/object:Gem::Dependency
+  name: database_cleaner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: factory_bot
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6.2'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.45'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.45'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.18'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.18'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -97,15 +167,13 @@ dependencies:
 description: Provides common User and Role models to attach Authentication and Authorization
   via your preferred gem.
 email:
-- gabriele.tassoni@gmail.com
+- g.tassoni@bancolini.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- MIT-LICENSE
 - README.md
 - Rakefile
-- app/models/ability.rb
 - app/models/action.rb
 - app/models/permission.rb
 - app/models/permission_role.rb
@@ -114,33 +182,35 @@ files:
 - app/models/role_user.rb
 - app/models/target.rb
 - app/models/user.rb
-- config/initializers/thecore_auth_commons_after_initialize.rb
-- config/initializers/thecore_auth_commons_devise.rb
-- config/locales/en.activerecord.yml
-- config/locales/it.activerecord.yml
-- config/locales/it.permissions.yml
-- config/routes.rb
-- db/migrate/20200306143408_create_users.rb
-- db/migrate/20200306151046_add_admin_field_to_user.rb
-- db/migrate/20200306152740_create_roles.rb
-- db/migrate/20200306152816_create_role_users.rb
-- db/migrate/20200306153125_add_lock_version_to_user.rb
-- db/migrate/20200306153136_add_lock_version_to_role.rb
-- db/migrate/20200516215346_add_locked_to_user.rb
-- db/migrate/20200518082821_create_permissions.rb
-- db/migrate/20210415154152_add_access_token_to_user.rb
+- config/initializers/abilities.rb
+- config/initializers/add_to_db_migrations.rb
+- config/initializers/after_initialize.rb
+- config/initializers/concern_cancancan.rb
+- config/initializers/concern_user.rb
+- config/locales/en.thecore_auth_commons.yml
+- config/locales/it.thecore_auth_commons.yml
+- db/migrate/20160208110805_devise_create_users.rb
+- db/migrate/20160209152753_add_trackable_to_user.rb
+- db/migrate/20160209153229_add_admin_to_user.rb
+- db/migrate/20160209153326_add_lock_version_to_user.rb
+- db/migrate/20160209153406_add_locked_to_user.rb
+- db/migrate/20160209153533_add_access_token_to_user.rb
+- db/migrate/20160209153811_create_roles.rb
+- db/migrate/20160209153813_create_role_users.rb
+- db/migrate/20160209153816_create_permissions_chain.rb
 - db/seeds.rb
-- lib/abilities/thecore_auth_commons.rb
 - lib/tasks/thecore_auth_commons_tasks.rake
+- lib/thecore/seed.rb
 - lib/thecore_auth_commons.rb
 - lib/thecore_auth_commons/engine.rb
 - lib/thecore_auth_commons/version.rb
-- lib/thecore_auth_commons_actioncontroller_concerns.rb
 homepage: https://github.com/gabrieletassoni/thecore_auth_commons
-licenses:
-- MIT
+licenses: []
 metadata:
   allowed_push_host: https://rubygems.org
+  homepage_uri: https://github.com/gabrieletassoni/thecore_auth_commons
+  source_code_uri: https://github.com/gabrieletassoni/thecore_auth_commons
+  changelog_uri: https://github.com/gabrieletassoni/thecore_auth_commons/blob/master/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -156,7 +226,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.1
+rubygems_version: 3.4.6
 signing_key: 
 specification_version: 4
 summary: Common Auth methods and models to be used in thecore components.

data/MIT-LICENSE

@@ -1,20 +0,0 @@
-Copyright 2020 
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/app/models/ability.rb

@@ -1,49 +0,0 @@
-# frozen_string_literal: true
-
-class Ability
-  include CanCan::Ability
-
-  def initialize(user)
-    # Define abilities for the passed in user here. For example:
-    #
-    #   user ||= User.new # guest user (not logged in)
-    #   if user.admin?
-    #     can :manage, :all
-    #   else
-    #     can :read, :all
-    #   end
-    #
-    # The first argument to `can` is the action you are giving the user
-    # permission to do.
-    # If you pass :manage it will apply to every action. Other common actions
-    # here are :read, :create, :update and :destroy.
-    #
-    # The second argument is the resource the user can perform the action on.
-    # If you pass :all it will apply to every resource. Otherwise pass a Ruby
-    # class of the resource.
-    #
-    # The third argument is an optional hash of conditions to further filter the
-    # objects.
-    # For example, here the user can only update published articles.
-    #
-    #   can :update, Article, :published => true
-    #
-    # See the wiki for details:
-    # https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities
-
-    # This will always be the first Ability, since the abilities are "last wins"
-    self.merge Abilities::ThecoreAuthCommons.new user
-    # Other Abilities
-    Abilities.constants(false).each do |ability|
-      unless ability.to_s == "ThecoreAuthCommons"
-        const = Abilities.const_get(ability) 
-        self.merge const.new(user) if const.is_a? Class
-      end
-    end
-    # Overrides from the database defined permissions
-    ::Permission.joins(roles: :users).where(users: {id: user.id}).order(:id).each do |permission|
-      # E.g. can :manage, :all
-      self.send(permission.predicate.name.to_sym, permission.action.name.to_sym, (permission.target.name.classify.constantize rescue permission.target.name.to_sym))
-    end unless user.blank?
-  end
-end

data/config/initializers/thecore_auth_commons_after_initialize.rb

@@ -1,10 +0,0 @@
-require 'thecore_auth_commons_actioncontroller_concerns'
-
-# App Config
-Rails.application.configure do
-    config.after_initialize do
-        # In development be sure to load all the namespaces
-        # in order to have working reflection and meta-programming.
-        Zeitwerk::Loader.eager_load_all if Rails.env.development?
-    end
-end

data/config/initializers/thecore_auth_commons_devise.rb

@@ -1,299 +0,0 @@
-# frozen_string_literal: true
-
-# Use this hook to configure devise mailer, warden hooks and so forth.
-# Many of these configuration options can be set straight in your model.
-Devise.setup do |config|
-  # The secret key used by Devise. Devise uses this key to generate
-  # random tokens. Changing this key will render invalid all existing
-  # confirmation, reset password and unlock tokens in the database.
-  # Devise will use the `secret_key_base` as its `secret_key`
-  # by default. You can change it below and use your own secret key.
-  # config.secret_key = '3b97afd4baabfd5eb8c118ee25efe06017a8319dd5da4f39b287d20948ff844facb0b9c8daff13b7b437b92868aae71797686dcae3704e45e92d3b37094c9d3d'
-
-  # ==> Controller configuration
-  # Configure the parent class to the devise controllers.
-  # config.parent_controller = 'DeviseController'
-
-  # ==> Mailer Configuration
-  # Configure the e-mail address which will be shown in Devise::Mailer,
-  # note that it will be overwritten if you use your own mailer class
-  # with default "from" parameter.
-  config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'
-
-  # Configure the class responsible to send e-mails.
-  # config.mailer = 'Devise::Mailer'
-
-  # Configure the parent class responsible to send e-mails.
-  # config.parent_mailer = 'ActionMailer::Base'
-
-  # ==> ORM configuration
-  # Load and configure the ORM. Supports :active_record (default) and
-  # :mongoid (bson_ext recommended) by default. Other ORMs may be
-  # available as additional gems.
-  require 'devise/orm/active_record'
-
-  # ==> Configuration for any authentication mechanism
-  # Configure which keys are used when authenticating a user. The default is
-  # just :email. You can configure it to use [:username, :subdomain], so for
-  # authenticating a user, both parameters are required. Remember that those
-  # parameters are used only when authenticating and not when retrieving from
-  # session. If you need permissions, you should implement that in a before filter.
-  # You can also supply a hash where the value is a boolean determining whether
-  # or not authentication should be aborted when the value is not present.
-  # config.authentication_keys = [:email]
-
-  # Configure parameters from the request object used for authentication. Each entry
-  # given should be a request method and it will automatically be passed to the
-  # find_for_authentication method and considered in your model lookup. For instance,
-  # if you set :request_keys to [:subdomain], :subdomain will be used on authentication.
-  # The same considerations mentioned for authentication_keys also apply to request_keys.
-  # config.request_keys = []
-
-  # Configure which authentication keys should be case-insensitive.
-  # These keys will be downcased upon creating or modifying a user and when used
-  # to authenticate or find a user. Default is :email.
-  config.case_insensitive_keys = [:email]
-
-  # Configure which authentication keys should have whitespace stripped.
-  # These keys will have whitespace before and after removed upon creating or
-  # modifying a user and when used to authenticate or find a user. Default is :email.
-  config.strip_whitespace_keys = [:email]
-
-  # Tell if authentication through request.params is enabled. True by default.
-  # It can be set to an array that will enable params authentication only for the
-  # given strategies, for example, `config.params_authenticatable = [:database]` will
-  # enable it only for database (email + password) authentication.
-  # config.params_authenticatable = true
-
-  # Tell if authentication through HTTP Auth is enabled. False by default.
-  # It can be set to an array that will enable http authentication only for the
-  # given strategies, for example, `config.http_authenticatable = [:database]` will
-  # enable it only for database authentication. The supported strategies are:
-  # :database      = Support basic authentication with authentication key + password
-  # config.http_authenticatable = false
-
-  # If 401 status code should be returned for AJAX requests. True by default.
-  # config.http_authenticatable_on_xhr = true
-
-  # The realm used in Http Basic Authentication. 'Application' by default.
-  # config.http_authentication_realm = 'Application'
-
-  # It will change confirmation, password recovery and other workflows
-  # to behave the same regardless if the e-mail provided was right or wrong.
-  # Does not affect registerable.
-  # config.paranoid = true
-
-  # By default Devise will store the user in session. You can skip storage for
-  # particular strategies by setting this option.
-  # Notice that if you are skipping storage for all authentication paths, you
-  # may want to disable generating routes to Devise's sessions controller by
-  # passing skip: :sessions to `devise_for` in your config/routes.rb
-  config.skip_session_storage = [:http_auth]
-
-  # By default, Devise cleans up the CSRF token on authentication to
-  # avoid CSRF token fixation attacks. This means that, when using AJAX
-  # requests for sign in and sign up, you need to get a new CSRF token
-  # from the server. You can disable this option at your own risk.
-  # config.clean_up_csrf_token_on_authentication = true
-
-  # When false, Devise will not attempt to reload routes on eager load.
-  # This can reduce the time taken to boot the app but if your application
-  # requires the Devise mappings to be loaded during boot time the application
-  # won't boot properly.
-  # config.reload_routes = true
-
-  # ==> Configuration for :database_authenticatable
-  # For bcrypt, this is the cost for hashing the password and defaults to 11. If
-  # using other algorithms, it sets how many times you want the password to be hashed.
-  #
-  # Limiting the stretches to just one in testing will increase the performance of
-  # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
-  # a value less than 10 in other environments. Note that, for bcrypt (the default
-  # algorithm), the cost increases exponentially with the number of stretches (e.g.
-  # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
-  config.stretches = Rails.env.test? ? 1 : 11
-
-  # Set up a pepper to generate the hashed password.
-  # config.pepper = 'ec0d64f5b4e32673fdc396433677d4f6b61aaf2ef6081b99b2cc8612f3c24556361eeea86ab2799772618f30e417c965491737a553b03d3e558db85256569971'
-
-  # Send a notification to the original email when the user's email is changed.
-  # config.send_email_changed_notification = false
-
-  # Send a notification email when the user's password is changed.
-  # config.send_password_change_notification = false
-
-  # ==> Configuration for :confirmable
-  # A period that the user is allowed to access the website even without
-  # confirming their account. For instance, if set to 2.days, the user will be
-  # able to access the website for two days without confirming their account,
-  # access will be blocked just in the third day.
-  # You can also set it to nil, which will allow the user to access the website
-  # without confirming their account.
-  # Default is 0.days, meaning the user cannot access the website without
-  # confirming their account.
-  # config.allow_unconfirmed_access_for = 2.days
-
-  # A period that the user is allowed to confirm their account before their
-  # token becomes invalid. For example, if set to 3.days, the user can confirm
-  # their account within 3 days after the mail was sent, but on the fourth day
-  # their account can't be confirmed with the token any more.
-  # Default is nil, meaning there is no restriction on how long a user can take
-  # before confirming their account.
-  # config.confirm_within = 3.days
-
-  # If true, requires any email changes to be confirmed (exactly the same way as
-  # initial account confirmation) to be applied. Requires additional unconfirmed_email
-  # db field (see migrations). Until confirmed, new email is stored in
-  # unconfirmed_email column, and copied to email column on successful confirmation.
-  config.reconfirmable = true
-
-  # Defines which key will be used when confirming an account
-  # config.confirmation_keys = [:email]
-
-  # ==> Configuration for :rememberable
-  # The time the user will be remembered without asking for credentials again.
-  # config.remember_for = 2.weeks
-
-  # Invalidates all the remember me tokens when the user signs out.
-  config.expire_all_remember_me_on_sign_out = true
-
-  # If true, extends the user's remember period when remembered via cookie.
-  # config.extend_remember_period = false
-
-  # Options to be passed to the created cookie. For instance, you can set
-  # secure: true in order to force SSL only cookies.
-  # config.rememberable_options = {}
-
-  # ==> Configuration for :validatable
-  # Range for password length.
-  config.password_length = 6..128
-
-  # Email regex used to validate email formats. It simply asserts that
-  # one (and only one) @ exists in the given string. This is mainly
-  # to give user feedback and not to assert the e-mail validity.
-  config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
-
-  # ==> Configuration for :timeoutable
-  # The time you want to timeout the user session without activity. After this
-  # time the user will be asked for credentials again. Default is 30 minutes.
-  # config.timeout_in = 30.minutes
-
-  # ==> Configuration for :lockable
-  # Defines which strategy will be used to lock an account.
-  # :failed_attempts = Locks an account after a number of failed attempts to sign in.
-  # :none            = No lock strategy. You should handle locking by yourself.
-  # config.lock_strategy = :failed_attempts
-
-  # Defines which key will be used when locking and unlocking an account
-  # config.unlock_keys = [:email]
-
-  # Defines which strategy will be used to unlock an account.
-  # :email = Sends an unlock link to the user email
-  # :time  = Re-enables login after a certain amount of time (see :unlock_in below)
-  # :both  = Enables both strategies
-  # :none  = No unlock strategy. You should handle unlocking by yourself.
-  # config.unlock_strategy = :both
-
-  # Number of authentication tries before locking an account if lock_strategy
-  # is failed attempts.
-  # config.maximum_attempts = 20
-
-  # Time interval to unlock the account if :time is enabled as unlock_strategy.
-  # config.unlock_in = 1.hour
-
-  # Warn on the last attempt before the account is locked.
-  # config.last_attempt_warning = true
-
-  # ==> Configuration for :recoverable
-  #
-  # Defines which key will be used when recovering the password for an account
-  # config.reset_password_keys = [:email]
-
-  # Time interval you can reset your password with a reset password key.
-  # Don't put a too small interval or your users won't have the time to
-  # change their passwords.
-  config.reset_password_within = 6.hours
-
-  # When set to false, does not sign a user in automatically after their password is
-  # reset. Defaults to true, so a user is signed in automatically after a reset.
-  # config.sign_in_after_reset_password = true
-
-  # ==> Configuration for :encryptable
-  # Allow you to use another hashing or encryption algorithm besides bcrypt (default).
-  # You can use :sha1, :sha512 or algorithms from others authentication tools as
-  # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20
-  # for default behavior) and :restful_authentication_sha1 (then you should set
-  # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper).
-  #
-  # Require the `devise-encryptable` gem when using anything other than bcrypt
-  # config.encryptor = :sha512
-
-  # ==> Scopes configuration
-  # Turn scoped views on. Before rendering "sessions/new", it will first check for
-  # "users/sessions/new". It's turned off by default because it's slower if you
-  # are using only default views.
-  # config.scoped_views = false
-
-  # Configure the default scope given to Warden. By default it's the first
-  # devise role declared in your routes (usually :user).
-  # config.default_scope = :user
-
-  # Set this configuration to false if you want /users/sign_out to sign out
-  # only the current scope. By default, Devise signs out all scopes.
-  # config.sign_out_all_scopes = true
-
-  # ==> Navigation configuration
-  # Lists the formats that should be treated as navigational. Formats like
-  # :html, should redirect to the sign in page when the user does not have
-  # access, but formats like :xml or :json, should return 401.
-  #
-  # If you have any extra navigational formats, like :iphone or :mobile, you
-  # should add them to the navigational formats lists.
-  #
-  # The "*/*" below is required to match Internet Explorer requests.
-  # config.navigational_formats = ['*/*', :html]
-
-  # The default HTTP method used to sign out a resource. Default is :delete.
-  config.sign_out_via = :delete
-
-  # ==> OmniAuth
-  # Add a new OmniAuth provider. Check the wiki for more information on setting
-  # up on your models and hooks.
-  # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
-
-  # ==> Warden configuration
-  # If you want to use other strategies, that are not supported by Devise, or
-  # change the failure app, you can configure them inside the config.warden block.
-  #
-  # config.warden do |manager|
-  #   manager.intercept_401 = false
-  #   manager.default_strategies(scope: :user).unshift :some_external_strategy
-  # end
-
-  # ==> Mountable engine configurations
-  # When using Devise inside an engine, let's call it `MyEngine`, and this engine
-  # is mountable, there are some extra configurations to be taken into account.
-  # The following options are available, assuming the engine is mounted as:
-  #
-  #     mount MyEngine, at: '/my_engine'
-  #
-  # The router that invoked `devise_for`, in the example above, would be:
-  # config.router_name = :my_engine
-  #
-  # When using OmniAuth, Devise cannot automatically set OmniAuth path,
-  # so you need to do it manually. For the users scope, it would be:
-  # config.omniauth_path_prefix = '/my_engine/users/auth'
-
-  # ==> Turbolinks configuration
-  # If your app is using Turbolinks, Turbolinks::Controller needs to be included to make redirection work correctly:
-  #
-  # ActiveSupport.on_load(:devise_failure_app) do
-  #   include Turbolinks::Controller
-  # end
-
-  # ==> Configuration for :registerable
-
-  # When set to false, does not sign a user in automatically after their password is
-  # changed. Defaults to true, so a user is signed in automatically after changing a password.
-  # config.sign_in_after_change_password = true
-end

data/config/locales/it.permissions.yml

@@ -1,10 +0,0 @@
-it:
-    permissions:
-        predicates:
-            can: Può
-            cannot: Non può
-        actions:
-            manage: Gestire
-            read: Leggere
-            update: Modificare
-            destroy: Eliminare

data/config/routes.rb

@@ -1,5 +0,0 @@
-Rails.application.routes.draw do
-  devise_for :users
-  # Look at https://altalogy.com/blog/rails-6-user-accounts-with-3-types-of-roles/
-  # For controller
-end

data/db/migrate/20200306152740_create_roles.rb

@@ -1,10 +0,0 @@
-class CreateRoles < ActiveRecord::Migration[6.0]
-  def change
-    create_table :roles do |t|
-      t.string :name
-
-      t.timestamps
-    end
-    add_index :roles, :name
-  end
-end

data/db/migrate/20200306153136_add_lock_version_to_role.rb

@@ -1,5 +0,0 @@
-class AddLockVersionToRole < ActiveRecord::Migration[6.0]
-  def change
-    add_column :roles, :lock_version, :bigint
-  end
-end

data/db/migrate/20210415154152_add_access_token_to_user.rb

@@ -1,5 +0,0 @@
-class AddAccessTokenToUser < ActiveRecord::Migration[6.0]
-  def change
-    add_column :users, :access_token, :uuid
-  end
-end

data/lib/thecore_auth_commons_actioncontroller_concerns.rb

@@ -1,7 +0,0 @@
-module ThecoreAuthCommonsActioncontrollerConcerns
-    extend ActiveSupport::Concern
-    
-    included do
-        include HttpAcceptLanguage::AutoLocale
-    end
-end