martinrehfeld / role_model Goto Github PK

RoleModel is the framework agnostic, efficient and declarative way to do user roles.

Home Page: http://rdoc.info/github/martinrehfeld/role_model/master/frames

License: MIT License

Ruby 100.00%

role_model's Introduction

RoleModel¶ ↑

RoleModel is the framework agnostic, efficient and declarative way to do (user) roles. Assigned roles will be efficiently stored as a bitmask directly into your model within a configurable attribute.

It works like this:

# given a User class with a roles_mask attribute
require 'rubygems'
require 'role_model'

class User
  attr_accessor :roles_mask   # just for demo purposes
  # in real life this would usually be a persistent attribute,
  # e.g. if your User model is persisted in a SQL-DB add an integer
  # column named roles_mask to your users table -- just remove/replace
  # above attr_accessor line with whatever is needed for your
  # persistence solution

  include RoleModel

  # if you want to use a different integer attribute to store the
  # roles in, set it with roles_attribute :my_roles_attribute,
  # :roles_mask is the default name
  roles_attribute :roles_mask

  # declare the valid roles -- do not change the order if you add more
  # roles later, always append them at the end!
  #
  # Set dynamic: false to skip creating the dynamic methods for the roles.
  roles :admin, :manager, :author, prefix: "is_"
end

#
# Test drive (check the RDoc or source for additional finesse)
#

>> u = User.new
=> #<User ...>

# role assignment
>> u.roles = [:admin]  # ['admin'] works as well
=> [:admin]

# adding roles
>> u.roles << :manager
>> u.roles.add(:manager)
>> u.manager = true # if dynamic is enabled (by default) or...
>> u.is_manager = true # If :prefix => "is_"
=> [:admin, :manager]

# deleting roles
>> u.roles.delete(:manager)
>> u.manager = false # if dynamic is enabled (by default) or...
>> u.is_manager = false # If :prefix => "is_"
=> [:admin]

# querying roles...

# get all valid roles that have been declared
>> User.valid_roles
=> [:admin, :manager, :author]

# ... retrieve all assigned roles
>> u.roles # also: u.role_symbols for DeclarativeAuthorization compatibility
=> [:admin, :manager]

# ... check for individual roles
>> u.has_role? :author  # has_role? is also aliased to is?
=> false

# ... check for individual roles with dynamic methods (set dynamic: false to disable)
>> u.author? # Or...
>> u.is_author? # If :prefix => "is_"
=> false

# ... check for multiple roles
>> u.has_any_role? :author, :manager  # has_any_role? is also aliased to is_any_of?
=> true

>> u.has_all_roles? :author, :manager  # has_all_roles? is also aliased to is?
=> false

# see the internal bitmask representation (3 = 0b0011)
>> u.roles_mask
=> 3

# see the role mask for certain role(s)
>> User.mask_for :admin, :author
=> 5

Once you have included RoleModel, your model is perfectly fit to be used together with a role-based authorization solution, such as github.com/ryanb/cancan or github.com/stffn/declarative_authorization .

Installation¶ ↑

gem install role_model

Reasoning¶ ↑

Whenever I introduce a role-based authorization scheme into a project, the code gets coupled somehow to the available roles. So it usually does not make any sense to have a separate Role model stored within the database. This Role model will contain a predefined set of roles anyhow – changing that set will need to be reflected within the authorization code. Putting the available roles right into the model that actually uses them, makes things much easier and efficient.

Note on Patches/Pull Requests¶ ↑

Fork the project.
Make your feature addition or bug fix.
Add tests for it. This is important so I don’t break it in a future version unintentionally.
Commit, do not mess with Rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
Send me a pull request. Bonus points for topic branches.

Credits¶ ↑

RoleModel is an implementation of the Role Based Authorization scheme proposed by Ryan Bates (wiki.github.com/ryanb/cancan/role-based-authorization).

Copyright¶ ↑

role_model's People

Contributors

Stargazers

Watchers

Forkers

kristianmandrup sauron crowdint amdest james2m thedeeno tylerrick muthhus teeparham dcvezzani dwbutler igor04 guillermo togaurav andrewhubbs malachaifrazier willcosgrove grillermo harikrishnaprasad jesterovskiy elsanchez bazuka ihid awesome garygao osulyanov ananova seoyoochan gregory sahidursuman chalofa pthrasher veraangerer mohamed-taha wildcodeschool vicramon nearlyfreeapps aryk mohammad-harris nikhilbang44 philippgoecke iq-scm

role_model's Issues

Shouldn't class method roles be protected?

I would have thought it was a little too easy for the roles in a class to be set from outside the class just by calling Class.roles. Surely it would be safer to make it a protected method?

Is it possible to use it with multiple models?

Hi, i'm succesfully using role model on a User model, but when i wanted to add it to another Model, to hold some other different unrelated roles, it complains
undefined method `roles_mask=' for #MyModel:0x007fa6ff2b54a0
Is this gem supposed to work with multiple models or i must have a bug somewhere?
This is how the second model looks

    class Participant < ActiveRecord::Base
      include RoleModel
      roles :planner, :mother, :guest
      attr_accessible :roles, :roles_mask
    end

optional helper methods

@martinrehfeld would you be open to an option when defining the roles to create a helper function.

roles :admin, :manager, :author, helper_methods: true

Then:

user.is_admin?
user.is_manager?
user.is_author?

Thoughts?

It would be easier to stub in tests. Also, when passing methods for other gems, they often don't allow for methods with arguments (like if you were to use is?(:admin) ).

Not playing well with devise

Hi,

I'm using rails 3.1.3 and devise... I'm getting this error undefined method 'params_authenticatable?' for #<Class:0x007f969bec0930>

activerecord (3.1.3) lib/active_record/base.rb:1088:in `method_missing'
devise (1.5.2) lib/devise/strategies/authenticatable.rb:72:in `params_authenticatable?'
devise (1.5.2) lib/devise/strategies/authenticatable.rb:61:in `valid_for_params_auth?'
devise (1.5.2) lib/devise/strategies/authenticatable.rb:12:in `valid?'
warden (1.1.0) lib/warden/proxy.rb:308:in `block in _run_strategies_for'
warden (1.1.0) lib/warden/proxy.rb:306:in `each'
warden (1.1.0) lib/warden/proxy.rb:306:in `_run_strategies_for'
warden (1.1.0) lib/warden/proxy.rb:279:in `_perform_authentication'
warden (1.1.0) lib/warden/proxy.rb:90:in `authenticate'
devise (1.5.2) lib/devise/controllers/helpers.rb:56:in `current_user'
/Users/cj/.rvm/gems/ruby-1.9.3-p0@global/bundler/gems/cancan-c94de4ab1805/lib/cancan/controller_additions.rb:349:in `current_ability'
/Users/cj/.rvm/gems/ruby-1.9.3-p0@global/bundler/gems/cancan-c94de4ab1805/lib/cancan/controller_additions.rb:334:in `authorize!'
/Users/cj/.rvm/gems/ruby-1.9.3-p0@global/bundler/gems/cancan-c94de4ab1805/lib/cancan/controller_additions.rb:258:in `block in enable_authorization'
activesupport (3.1.3) lib/active_support/callbacks.rb:421:in `_run__906826022126240236__process_action__952485241011309534__callbacks'
activesupport (3.1.3) lib/active_support/callbacks.rb:386:in `_run_process_action_callbacks'
activesupport (3.1.3) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (3.1.3) lib/abstract_controller/callbacks.rb:17:in `process_action'
actionpack (3.1.3) lib/action_controller/metal/rescue.rb:17:in `process_action'
actionpack (3.1.3) lib/action_controller/metal/instrumentation.rb:30:in `block in process_action'
activesupport (3.1.3) lib/active_support/notifications.rb:53:in `block in instrument'
activesupport (3.1.3) lib/active_support/notifications/instrumenter.rb:21:in `instrument'
activesupport (3.1.3) lib/active_support/notifications.rb:53:in `instrument'
actionpack (3.1.3) lib/action_controller/metal/instrumentation.rb:29:in `process_action'
actionpack (3.1.3) lib/action_controller/metal/params_wrapper.rb:201:in `process_action'
activerecord (3.1.3) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (3.1.3) lib/abstract_controller/base.rb:121:in `process'
actionpack (3.1.3) lib/abstract_controller/rendering.rb:45:in `process'
actionpack (3.1.3) lib/action_controller/metal.rb:193:in `dispatch'
actionpack (3.1.3) lib/action_controller/metal/rack_delegation.rb:14:in `dispatch'
actionpack (3.1.3) lib/action_controller/metal.rb:236:in `block in action'
actionpack (3.1.3) lib/action_dispatch/routing/route_set.rb:65:in `call'
actionpack (3.1.3) lib/action_dispatch/routing/route_set.rb:65:in `dispatch'
actionpack (3.1.3) lib/action_dispatch/routing/route_set.rb:29:in `call'
rack-mount (0.8.3) lib/rack/mount/route_set.rb:152:in `block in call'
rack-mount (0.8.3) lib/rack/mount/code_generation.rb:96:in `block in recognize'
rack-mount (0.8.3) lib/rack/mount/code_generation.rb:103:in `optimized_each'
rack-mount (0.8.3) lib/rack/mount/code_generation.rb:95:in `recognize'
rack-mount (0.8.3) lib/rack/mount/route_set.rb:141:in `call'
actionpack (3.1.3) lib/action_dispatch/routing/route_set.rb:532:in `call'
sass (3.1.11) lib/sass/plugin/rack.rb:54:in `call'
warden (1.1.0) lib/warden/manager.rb:35:in `block in call'
warden (1.1.0) lib/warden/manager.rb:34:in `catch'
warden (1.1.0) lib/warden/manager.rb:34:in `call'
actionpack (3.1.3) lib/action_dispatch/middleware/best_standards_support.rb:17:in `call'
rack (1.3.5) lib/rack/etag.rb:23:in `call'
rack (1.3.5) lib/rack/conditionalget.rb:25:in `call'
actionpack (3.1.3) lib/action_dispatch/middleware/head.rb:14:in `call'
actionpack (3.1.3) lib/action_dispatch/middleware/params_parser.rb:21:in `call'
actionpack (3.1.3) lib/action_dispatch/middleware/flash.rb:247:in `call'
rack (1.3.5) lib/rack/session/abstract/id.rb:195:in `context'
rack (1.3.5) lib/rack/session/abstract/id.rb:190:in `call'
actionpack (3.1.3) lib/action_dispatch/middleware/cookies.rb:331:in `call'
activerecord (3.1.3) lib/active_record/query_cache.rb:64:in `call'
activerecord (3.1.3) lib/active_record/connection_adapters/abstract/connection_pool.rb:477:in `call'
actionpack (3.1.3) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
activesupport (3.1.3) lib/active_support/callbacks.rb:392:in `_run_call_callbacks'
activesupport (3.1.3) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (3.1.3) lib/action_dispatch/middleware/callbacks.rb:28:in `call'
actionpack (3.1.3) lib/action_dispatch/middleware/reloader.rb:68:in `call'
rack (1.3.5) lib/rack/sendfile.rb:101:in `call'
actionpack (3.1.3) lib/action_dispatch/middleware/remote_ip.rb:48:in `call'
actionpack (3.1.3) lib/action_dispatch/middleware/show_exceptions.rb:47:in `call'
railties (3.1.3) lib/rails/rack/logger.rb:13:in `call'
rack (1.3.5) lib/rack/methodoverride.rb:24:in `call'
rack (1.3.5) lib/rack/runtime.rb:17:in `call'
activesupport (3.1.3) lib/active_support/cache/strategy/local_cache.rb:72:in `call'
rack (1.3.5) lib/rack/lock.rb:15:in `call'
actionpack (3.1.3) lib/action_dispatch/middleware/static.rb:53:in `call'
railties (3.1.3) lib/rails/engine.rb:456:in `call'
railties (3.1.3) lib/rails/railtie/configurable.rb:30:in `method_missing'
/Users/cj/Library/Application Support/Pow/Versions/0.3.2/node_modules/nack/lib/nack/server.rb:146:in `handle'
/Users/cj/Library/Application Support/Pow/Versions/0.3.2/node_modules/nack/lib/nack/server.rb:99:in `rescue in block (2 levels) in start'
/Users/cj/Library/Application Support/Pow/Versions/0.3.2/node_modules/nack/lib/nack/server.rb:96:in `block (2 levels) in start'
/Users/cj/Library/Application Support/Pow/Versions/0.3.2/node_modules/nack/lib/nack/server.rb:86:in `each'
/Users/cj/Library/Application Support/Pow/Versions/0.3.2/node_modules/nack/lib/nack/server.rb:86:in `block in start'
/Users/cj/Library/Application Support/Pow/Versions/0.3.2/node_modules/nack/lib/nack/server.rb:66:in `loop'
/Users/cj/Library/Application Support/Pow/Versions/0.3.2/node_modules/nack/lib/nack/server.rb:66:in `start'
/Users/cj/Library/Application Support/Pow/Versions/0.3.2/node_modules/nack/lib/nack/server.rb:13:in `run'
/Users/cj/Library/Application Support/Pow/Versions/0.3.2/node_modules/nack/bin/nack_worker:4:in `<main>'

Many thanks

Get all the users with a role

Hi, is there a way to retrieve all the users with a specified role?
ex: somethins like
User.where(roles: :admin)
thank you

Defining `def inherited()` causes incompatibilities with Rails 3.2.

… and other gems which define def inherited.

The code, ./lib/role_model/class_methods.rb seems to be the problem. It causes for example, Carrierwave and Kaminari to work unreliably.

Kaminari have pushed a fix for this at amatsuda/kaminari@5894d68.

I've forked role_model and plan on experimenting, but owing to the way role_model is built, the patch doesn't apply 1:1 from Kaminari, unfortunately.

I can't even say for certain that this is the problem, but I am investigating.

Error when querying a role

Hi Martin,

When I'm trying to query the role of a user object, I get an undefined method error. For example:

>> u.roles = [:admin, :depthead]
=> [:admin, :depthead]
>> u.save
=> true
>> u
=> #<User @id=1 @name="depthead1" @password="pass" @roles_mask="3" 
>> u.roles
NoMethodError: undefined method `&' for "3":String
from /var/lib/gems/1.8/gems/role_model-0.6.0/lib/role_model/implementation.rb:11:in `roles'
from /var/lib/gems/1.8/gems/role_model-0.6.0/lib/role_model/implementation.rb:11:in `reject'
from /var/lib/gems/1.8/gems/role_model-0.6.0/lib/role_model/implementation.rb:11:in `roles'
from (irb):11
>> u.has_role? :admin
NoMethodError: undefined method `&' for "3":String
from /var/lib/gems/1.8/gems/role_model-0.6.0/lib/role_model/implementation.rb:11:in `roles'
from /var/lib/gems/1.8/gems/role_model-0.6.0/lib/role_model/implementation.rb:11:in `reject'
from /var/lib/gems/1.8/gems/role_model-0.6.0/lib/role_model/implementation.rb:11:in `roles'
from /var/lib/gems/1.8/gems/role_model-0.6.0/lib/role_model/implementation.rb:42:in `has_role?'
from (irb):12:in `any?'
from /var/lib/gems/1.8/gems/role_model-0.6.0/lib/role_model/implementation.rb:42:in `each'
from /var/lib/gems/1.8/gems/role_model-0.6.0/lib/role_model/implementation.rb:42:in `any?'
from /var/lib/gems/1.8/gems/role_model-0.6.0/lib/role_model/implementation.rb:42:in `has_role?'
from (irb):12

No matter what I do, I keep getting the same error. Can you help me out?

Thanks, Abhas.

Gem bump?

Would it be possible to get a gem version bump as I'd love to see #19 in the latest version

Role detection not consistent

So I have a model (Lodge) which has admins assigned to it through an editorship table. The super_admin can manage all (cancancan). Users are Devise-based.

This code renders intermittently:

 <% if current_user.roles.include?(:super_admin) %>
        <%= link_to "Permissions",
                    edit_admin_lodge_permissions_path(lodge),
                    class: 'button button-small' %>
 <% end %>

So randomly, this button does not show up:

There's nothing different on that particular lodge (or the ones that it affects). Any idea what might be happening? This will also, on different objects and at random, fail for this statement as well:

<% if can? :manage, lodge %>

Examples of form use in common frameworks?

Thanks for the great project!

Do you have any examples for using role_model in form views? For Rails 3.2, I'm using the following, but it doesn't work 100% correctly:

<%= f.label :roles %><br/>
<%= f.fields_for :roles do |builder| %>
  <% User.valid_roles.each do |role| %>
    <%= builder.check_box role, {:checked => @user.has_role?(role)}, true, false %>
    <%= builder.label role %><br/>
  <% end %>
<% end %>

Updates are fine unless I remove all checkboxes on submit and the roles aren't updated. I feel like this should be an easy task - any suggestions?

Can't get role_model to load in Rails 4

Using:

rails (4.1.3) with ruby 2.1.2
role_model (0.8.1)
and for authorization, pundit (0.2.3)

Trying to add a role attribute, and it's not loading, throwing:

NameError: uninitialized constant HouseRole::RoleModel
from /my/path/to/app/models/house_role.rb:2:in `<class:HouseRole>'

For reference, the file I'm attempting to load it in:

class HouseRole < ActiveRecord::Base
  include RoleModel
  roles :owner, :resident

  belongs_to :user
  belongs_to :house
end

With a schema.rb definition of:

create_table "house_roles", force: true do |t|
  t.integer  "house_id",               null: false
  t.integer  "user_id",                null: false
  t.integer  "roles_mask", default: 1, null: false
  t.datetime "created_at"
  t.datetime "updated_at"
end

I've tried manually requiring role_model, to no benefit, simply getting the alternative error:

LoadError: cannot load such file -- role_model
from /my/path/to/.rvm/gems/ruby-2.1.2@redsteel/gems/activesupport-4.1.4/lib/active_support/dependencies.rb:247:in `require'

Any suggestions?

Adding the needed migration info to the docs

Maybe in the installation would be a good idea to add info for the migrations.
I can fork and submit a proposal.

Can't delete a role

Dude,
Here's the thing I'm using role_model (0.5.0)

If I have a Model User

class User < ActiveRecord::Base
...
include RoleModel
roles_attribute :roles_mask
roles :blogger, :moderator
...
end

then in my code I do this

u = User.first
u.roles = [:blogger, :moderator]
u.save

everything perfect, but if I want to remove one of the roles doing some intuitive code
u.roles -= [:blogger]

that rise an exception
undefined method `to_sym'

but if I use the delete statement nothing happens
resource.roles.delete(:blogger)
or
resource.roles = resource.roles.delete(:blogger)

the only way to do it is
resource.roles = resource.roles.delete(:blogger).to_a

because roles doesn't accept a Set, just Array

I hope it helps to make it more intuitive.

Thanks.
Pablo

"Overriding" self.valid_roles

If I have something like the following structure:

class User < ApplicationRecord
      include RoleModel
      
      roles ...
      
      DELETED_ROLES = [...]

I have to keep the original list of roles, even if I remove one. Can I somehow "ovveride" the self.valid_roles, so that it is something like roles self.valid_roles - DELETED_ROLES array inside the User class?

Danger with masking aproach

The mask method uses the index of roles to mask it. If you change a role position in the array or simply add a new role in other position unless last, the given roles will change.

how does roles_attributes works ?

Hello,
I'm developing my first Rails app and have some difficulties to understand how to integrate 'RoleModel' gem in my Rails application with Devise.
Devise is now working properly by me, but now I'm trying to figure out how to integrate RoleModel with Devise (and later with Declarative_authorization). (I already read the book from Michael Hartl and watch several railcasts from Ryan Bates.)

If I understand correctly : the users roles are stored into the attr_accessor 'roles_mask' attribute (which should be linked to a column of the 'user' table in the database)

I understand that the instruction "roles :admin :what_ever :etc" set the differents available possibles roles for the (application) 'user'. So if we have another model needing a role_mask, such as 'members' the same line should also appears into the 'member' model.

How about the 'roles_attributes :roles_mask' instruction ?
I don't understand this sentence : "optionally set integer attribute to store the roles in."

What is it for ?
Is this a kind of Initializer ?
I'm sorry if asking obvious question.

Could you please advise ?

role_symbols method not compatible with declarative_authorization

role_symbols method provides a strange output (is it a hash ?):

1.9.3-p194 :035 > user.role_symbols
 => #<RoleModel::Roles: {:developer, :admin}>

declarative_authorization gem needs (as per offical doc) : User#role_symbols to provide an array.

So it return the following error message :
User.role_symbols doesn't return an Array of Symbols (#<RoleModel::Roles: {:developer, :admin, :coordinator, :manager, :assistant, :distributor, :exporter, :historian}>)

The following workaround is working

1.9.3-p194 :036 > user.role_symbols.to_a
 => [:developer, :admin]

So I had to put this method my User model in order to overcharge the role_symbols alias of role_model gem.

  def role_symbols
    self.roles.to_a
  end

Assigning roles directly

Currently to assign roles directly you need to do user.roles = ['admin'].

If dynamic is not set to false, it will create "is_admin?" and "admin?".

What about "is_admin = true|false" and "admin = "true|false"

I think if you opt-in for dynamic methods, there should be something to specifically set the roles directly.

Reason this comes up is because right now in order to assign 'admin', we also need to make sure we keep the other roles on the user, so user.roles = user.roles + ['admin']

In any case, I envision user.is_admin = true would add it in to the other roles only if it doesn't exist, and false would obviously just remove it.

Permission to PR?

Querying DB for particular roles?!

Maybe there is something I'm not getting....
Using Rails, I've defined some users with the role 'buyer'. My issue now is how do I get all the users with role 'buyer' from the DB via ActiveRecord? Do I need to do some dirty bitmasking or the gem proposes something like scopes?

Bundler notice

role_model at .rvm/gems/ruby-1.9.3-p0/bundler/gems/role_model-16240202f977 did not have a valid gemspec.
This prevents bundler from installing bins or native extensions, but that may not affect its functionality.
The validation message from Rubygems was:
  ["Gemfile.lock"] are not files`

This notice was received while installing gem with Bundler.
Rails 3.2.3, Bundler 1.1.3

NoMethodError (undefined method `&' for "4":String)

Hello, Martin.

After version upgrade from 0.7.1. to 0.8.1 i was unable to login to my app at Heroku (Rails 3.2.8 + Sorcery + Role_Model). This started today, after one of my commits.

The interesting part is that my local app works fine.

I realized that this got something to do with the role_model because of one of my roles has a 4 as it's bit mask, and logs pointed to various lines, but there always was a role querying happened.

Throughout my app i mostly query the roles as @user.is? :manager

When i downgraded version to 0.7.1 my app started to work again at Heroku.
I've checked three times, so I'm pretty sure it has something in common with this gem's upgrade.

roles not persisting

I'm using this without CanCan or DeclarativeAuthorization

I just plugged this into my user model:

  include RoleModel
  attr_accessor :roles_mask
  roles_attribute :roles_mask
  roles :domain_admin, :domain_user, :default

I can get User.valid_roles, but I can't set roles properly...they disappear after saving.

I tried adding a role on user creation

after_create :set_role
private
       def set_role
         self.roles = ['default']
       end

but the role does not get set

tl;dr seems to be there but I can't actually set and persist roles...reverting to

 > u.roles
   User Load (0.6ms)  SELECT "users".* FROM "users" ORDER BY "users"."id" DESC LIMIT 1
   => #<RoleModel::Roles: {}>

Just following the basic readme on the front of this gem

Find, search by role?

Hi!
Can I find all users with admin role?

NoMethodError (undefined method `encode_json' for :host:Symbol)

For some reason my roleModel roles cannot be json encoded. I've added this to as_json:

...
:methods => [:roles]
...

But get the error: