I´m using ruby 1.9.3 with Rails 3.2.0

user.has_role "admin"
ArgumentError: wrong number of arguments (1 for 3)
    from /Users/dirksiemers/.rvm/gems/ruby-1.9.3-p0@sovido/gems/activerecord-3.2.0/lib/active_record/dynamic_matchers.rb:29:in `find_or_create_by_name_and_resource_type_and_resource_id'
    from /Users/dirksiemers/.rvm/gems/ruby-1.9.3-p0@sovido/gems/rolify-2.2.0/lib/rolify/role.rb:38:in `has_role'

Tried everything I can see in this tutorial, readme, etc

ruby-1.9.2-p180 :010 > User.first.roles User Load (0.1ms) SELECT "users".* FROM "users" LIMIT 1 Role Load (0.1ms) SELECT "roles".* FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = 1 => [#<Role id: 1, name: "admin", resource_id: nil, resource_type: nil, created_at: "2012-01-11 07:00:48", updated_at: "2012-01-11 07:00:48">]

I only have one user, which works out well for my purpose of this bug....

ruby-1.9.2-p180 :009 > User.first.has_role? "admin" User Load (0.1ms) SELECT "users".* FROM "users" LIMIT 1 (0.1ms) SELECT COUNT(*) FROM "roles" INNER JOIN "users_roles" ON "roles"."id" = "users_roles"."role_id" WHERE "users_roles"."user_id" = 1 AND (((name = 'admin') AND (resource_typ e IS NULL) AND (resource_id IS NULL))) => true

So...has_role? works...

User Load (0.1ms) SELECT "users".* FROM "users" LIMIT 1 NoMethodError: undefined method 'is_admin?' for #<User:0x00000102de3cc8> from /Users/polysaturate04/.rvm/gems/ruby-1.9.2-p180/gems/activemodel-3.1.2/lib/active_model/attribute_methods.rb:385:in 'method_missing' from /Users/polysaturate04/.rvm/gems/ruby-1.9.2-p180/gems/activerecord-3.1.2/lib/active_record/attribute_methods.rb:60:in 'method_missing' from /Users/polysaturate04/.rvm/gems/ruby-1.9.2-p180/gems/rolify-2.1.0/lib/rolify/role.rb:83:in 'method_missing' from (irb):11 from /Users/polysaturate04/.rvm/gems/ruby-1.9.2-p180/gems/railties-3.1.2/lib/rails/commands/console.rb:45:in 'start' from /Users/polysaturate04/.rvm/gems/ruby-1.9.2-p180/gems/railties-3.1.2/lib/rails/commands/console.rb:8:in 'start' from /Users/polysaturate04/.rvm/gems/ruby-1.9.2-p180/gems/railties-3.1.2/lib/rails/commands.rb:40:in '<top (required)>' from script/rails:6:in 'require' from script/rails:6:in '<main>'

and there we go, is_admin(re: dynamic shortcuts) fails to work. To me, it seems to be tripping up on something specific to the role's method missing.

To add, there are no gems outside of rolify and cancan. I am rolling my own, very simple authentication at this time, using the User class/model/table.

rolify currently only supports ActiveRecord ORM. It would be really a big step forward to support other ORMs like Mongoid.
It doesn't look trivial but I think conditional require should do the trick. I don't think the query code is really tied to Activerecord and Mongoid syntax is not that far.

Hey!

Would you consider aliasing the name of has_role() and has_no_role() methods?

i.e.

user.grant(:moderator, Topic.first)

reads a little better than

user.has_role(:moderator, Topic.first)

similarly:

user.revoke(:moderator, Topic.first)

reads a little better than

user.has_no_role(:moderator, Topic.first)

As I am managing differently AdminUser (background services) and User (foreground services) so no inheritance at all... they area 2 completely different classes

I wonder how to configure rolify ?

1- one unique Role class for AdminUser and User
2- one Role class for User and one AdminRole class for AdminUser

in both cases , I don't see how to write the rolify config/initializer

1-
c.role_cname = "Role"
c.user_cname = "User"
c.user_cname = "AdminUser"

2-
c.role_cname = "Role"
c.role_cname = "AdminRole"
c.user_cname = "User"
c.user_cname = "AdminUser"

or maybe :
c.role_cname = "Role"
c.adminrole_cname = "AdminRole"
c.user_cname = "User"
c.adminuser_cname = "AdminUser"

thanks for your feedback... and thanks a lot for this excellent gem to complement Devise and CanCan !

I'm running into an issue with rolify loading the classes in the initializer before some other initializes run and set proper values in the models that are being loaded. I can fix this by loading the rolify initializer last but do the models really need to be loaded in an initializer? Can't this take place from the model itself?

Hi there,

It's just a naming convention but I think you should rename set_role instead of has_role because the method name its way too close to has_role? and there's a great possibility of error due to unnatention.

I have defined a few roles for a resource instance Forum.first and want to assign users to this roles from instance perspective.

How can i manage users (and roles) from resource instance perspective?

All the dynamic shortcuts (is_admin? like methods) are loaded at startup and created when has_role is called.
In a setup where several processes of the application are spawned. I wonder that if loading is done by all the processes, all app instances should be synced, but has_role will occur in only one app instance and won't be propagate, so other app instances will be desynced.

A quick workaround would be to use method_missing instead of define_method but I would like to avoid that, as method_missing is slow and queries to ask for roles will most probably be the majority than queries to create role, in real world use case. So ask for role should be and remain fast.

I am thinking about a way to store in the app instance a timestamp of the last created role, which would be checked before requesting for a role, and make a sync if needed. But that would add an overhead too, so I will have to benchmark both scenarios.

I think this would be easy to implement...simply allow symbols as well as strings for the definitions and queries. Then just role_name = role_name.to_s.

Perhaps at a later point the reverse could be applied to get roles as symbols. Think attr_accessible :foo, :bar, :as => :admin.

What do you think?

My project uses Mongoid. Requiring ActiveRecord makes gems like database_cleaner behave incorrectly. See the chapter Common error in their README.

I don't do a pull request, because I don't have an Rails+ActiveRecord project ready to ensure that removing the require 'active_record' line is enough.

Currently, in rolify 3.0, when you specify a custom Role class name as an argument of the generator, it just put rolify method in the User class. It would be neat to use the argument of the generator to fill up the User class.

I suggest adding another layer to roles such that each role can have and belong to many other roles (essentially, a role should behave much like a user. This will allow for aggregation of roles and allow for more flexible designs. Of course, the client should not be forced to have any sort of hierarchy, merely have an API that allows for role composition.

If would like to get rid of Rolify.user_cname and Rolify.role_cname class variables in Rolify Module. I figured out that I only them for spec purpose, definitely overkill.
Moreover, that would allow to use different Role or User classes inside the same app as the use case described in #27.

Documentation needs to show a real world use case.
I will describe how to install and configure Devise, CanCan and rolify together, to provide a solid and flexible authorization solution.

Generated initializer template contains a typo:

   Rolify.Rolify.dynamic_shortcuts = <%= dynamic_shortcuts.to_s %>

Some tests are missing for particular use cases for has_all_roles? and has_any_role? methods, some additional specs would not harm.
I set the target on 2.0 because these methods are being refactored, that will make sure I don't break anything.

Hello,

Nice plugin btw, I've been using it rather successfully for a little while. I've hit a snag with upgrading for Rails 3.2, and have duplicated it with a fresh Rails 3.2 app. I load in Devise and Rolify, and I receive this exception when I try User.first.has_role(:prime)

ArgumentError: wrong number of arguments (1 for 3)
from /usr/local/rvm/gems/ruby-1.9.2-p290/gems/activerecord-3.2.0/lib/active_record/dynamic_matchers.rb:29:in `find_or_create_by_name_and_resource_type_and_resource_id'
from /usr/local/rvm/gems/ruby-1.9.2-p290/gems/rolify-2.2.0/lib/rolify/role.rb:38:in `has_role'
from (irb):2
from /usr/local/rvm/gems/ruby-1.9.2-p290/gems/railties-3.2.0/lib/rails/commands/console.rb:47:in `start'
from /usr/local/rvm/gems/ruby-1.9.2-p290/gems/railties-3.2.0/lib/rails/commands/console.rb:8:in `start'
from /usr/local/rvm/gems/ruby-1.9.2-p290/gems/railties-3.2.0/lib/rails/commands.rb:41:in `<top (required)>'
from script/rails:6:in `require'
from script/rails:6:in `<main>'

Thanks,

Adam

In the initializers/rolify.rb file, it checks to enable the dynamic_shortcuts. The check fails though because defined?(Rails::Console) returns the string "constant" and not the boolean true. Same for defined?(Rails::Server)
Could change the if to simply check for not nil.
(ruby 1.9.2 + Rails 3.1.3)

Currently, rolify successfully runs using ruby 1.9.2, 1.9.3 and ruby-head. Because I use some specific 1.9 syntax it doesn't run on 1.8.x, and I have no plan to necessarily support it.
On the other hand, I think it's mandatory to make it run on JRuby and rubinius. I tested with the 1.9 mode of both JRuby and rbx on Travis-CI but it still fails, I don't really know why. I will test on my own system to make sure it's not a Travis-CI issue.
If the issue is confirmed, I will try to find a workaround.

For REE, as it's based on ruby 1.8.x, I don't plan to support it either.

The remove method in the RoleAdapter when using Mongoid ORM remove the role on a user not only on the user roles list but also the role in the database, so someone else having the same role loses it.

I would be neat to be able to query multiple roles on a single query.

it should be difficult but I would like to implement:

• and query :

  user.has_all_roles? "admin", "moderator", "visitor"
  => true # if user has all 3 roles

• or query:

  user.has_any_role? "admin", "moderator", "visitor"
  => true # if user has one of the 3 roles

• should work using scoped role without overwhelming syntax (looks tricky)

Some other gems may use method_missing as well and conflict with rolify.
In that case, having a parameter to disable dynamic shortcuts and then not using method_missing can be useful.

When trying to remove a class scoped role on a user that has an instance scoped role on the same resource, it doesn't work.

along issue #32, ORM adapter code needs some cleanup. find and where methods have basically the same purpose but do it differently.
methods for role queries and resource queries could be split up too: less included methods will make the including class lighter.
common methods in both role and resource could be factored in a module, but I don't have any so far.

Currently, the generator only creates an ActiveRecord class. Along the mongoid support, the generator should be generic enough to take the adapter (active_record or mongoid) as argument.

When using AdminRole as Role class name, the generated model file is adminrole.rb instead of admin_role.rb. The content of the file looks good though.

Generator is not tested yet, using Ammeter can help to cover that:
http://www.alexrothenberg.com/2011/10/10/ammeter-the-way-to-write-specs-for-your-rails-generators.html

Feature Request:

It would be nice if, optionally, each role could have an assosiated integer (e.g level) which allow them to be ranked, from lowest to highest privilidges.

Admin: 100
Editor : 80
GoldCustomer: 20
BronzeCustomer :10

This would allow you to ask for the Editor role (80) and it would also allow an Admin (100) to preform some action.

Actually, I don't use any fancy new stuff from Rails 3.1, so I will probably consider to remove this dependency for the 1.0 release.
At the time I started rolify, I thought Rails 3.1 would have been released very soon, but release candidates keep coming the one after the other, so I was probably wrong to put such a dependency.
If Rails 3.1 is not out when I release rolify 1.0, I will remove this dependency and put it to 3.0 only.

There is some room for speed improvement of the roles lookup. In the has_all_roles? method, it does a DB query for all roles in arguments.
For the other lookups, as it's already one DB query, I don't think it can be improved, maybe reducing the complexity of the query at most.

Several performance enhancements are possible :

• has_all_role is currently doing n db requests if n roles are requested
• add some indexes in database to speed up SQL queries

• Update the documentation with all the features included in rolify 3.0
• Give more examples and real world use cases in the tutorial, especially the integration with CanCan
• Add upgrade instructions to be able to upgrade from a rolify 2.x installation smoothly

Probably needs to add some additional specs to achieve test coverage

Rails (3.1.3)
Rolify (2.2.1)

Following the wiki with the generator rails g rolify:role Role User --dynamic_shortcuts
when I run rake db:migrate

$ rake db:migrate --trace
** Invoke db:migrate (first_time)
** Invoke environment (first_time)
** Execute environment
rake aborted!
Mysql2::Error: Table 'database_dev.roles' doesn't exist: SHOW FIELDS FROM `roles`
...

commenting the last line of config/initializer/rolify.rb all work!

Rolify.configure do |c|
   # User class to put the roles association. Default is: "User"
   # c.user_cname = "User"
   # Role class provided by Rolify. Default is: "Role"
   # c.role_cname = "Role"
   # Dynamic shortcuts for Role class (user.is_admin? like methods). Default is: false
#   c.dynamic_shortcuts = true if !defined?(Rails::Server) || !defined?(Rails::Console)
end

I was getting AssociationTypeMismatch errors from this code: https://github.com/EppO/rolify/blob/master/lib/rolify/role.rb#L30-38

I'm not quite sure why (the use of the @@role_cname?) it would be reloading the class if I wasn't touching it, but it did nonetheless. My solution was to change

self.roles << role

to

self.role_ids |= [role.id]

It would update fast enough so the class would be the same.

I tried v3 with gem 'rolify', :git => 'git://github.com/EppO/rolify.git', :ref => 'a0e4bd621f and created Role model and migration with rails g rolify:role Role User.
On rake db:migrate i got the error message "undefined local variable or method `user_cname' for main:Object".

rails -v Rails 3.2.0

I would like to introduce a plugin architecture in rolify to make it extendable. With such design, feature requests like #17 and #31 would be possible without changing the core concept of rolify, which is not to enforce any authorization by default.

One open point is to set the plugins list in Rolify module (global setting for the app) or do it per Role (if the plugins only relate to the Role class, I'm not quite sure yet).

If the plugin relies on a specific DB schema, migration (for ActiveRecord adapter) should be available through a specific generator.

Adding a role to a user is good, but removing one is useful too.

Introduction of new features got really messy in the legacy code (1.x). I started to try to clean it up splitting the ORM adapters code into several files but I think I can do more in the big role.rb file. I should split it up into several modules, 1 module per file.
Targeting this for 3.0 release

Maybe it's just me, but I've always favored the declarative approach rather then the procedural one when drawing up a specification. What are your thoughts in regards to moving the injected text out of the model and into its own method? That gives you two things, first, a cleaner User model :). Second, and I think more importantly, it allows you to have finer control over the monkey patching that takes place. Currently, since all the code is dumped into the user's lap, you have to be very careful by not adding anything to the scheme. Hiding it behind a method will give you more flexibility on how the User model will get augmented.

turn this:

inject_into_class(model_path, user_cname.camelize) do
   " include Rolify::Roles\n" +
   " #{'# ' if !options[:dynamic_shortcuts]}extend Rolify::Dynamic\n" +
   " has_and_belongs_to_many :roles#{", :class_name => \"" + role_cname.camelize + "\"" if role_cname != "Role"}, :join_table => :#{user_cname.tableize + "_" + role_cname.tableize}\n"
end

into this:

inject_into_class(model_path, user_cname.camelize) do
   "rolify"
end

def self.rolify option = { :role_cname => 'Role', :dynamic => false }

   include Rolify::Roles
   extend Rolify::Dynamic if options[:dynamic]
   has_and_belongs_to_many :roles, :class_name => options[:role_cname].constantize, :join_table => :"#{self.class.to_s.tabletize}_#{options[:role_cname].tableize}"

end

Thoughts?

@nfo found a bug in the initializer. c block variable should be renamed to config.
specs should prevent this error.

It would be nice to implement some handy shortcuts like is_admin? and is_admin_of(resource) that would be aliases of has_role "admin" and has_role "admin", resource

Find a way to determine in the initializer whether or not it's loaded by console or server.
Currently the ugly code is :

Rolify.dynamic_shortcuts = <%= options[:dynamic_shortcuts].to_s %> if ARGV[0] != "db:migrate"

I am pretty sure we can clean this up.

Currently, when the user.has_role "moderator", Forum.first, this query returns false:

user.has_role? "moderator"
# => false

That's because we ask for a global role and the user has only a scoped role.
It would be nice to be able to ask if a user has a role no matter the scope is. For example to query if the user is at least a moderator of one Forum without necessarily be a global moderator.

For example, this would returns true

user.has_role? "moderator", :any

When i run
rails g rolify:role Role User i get this
undefined method `configure' for Rolify:Module (NoMethodError)

Along with #35, specs need a huge refactoring because they are really messy now. I intend to use RSpec best practices like in these 2 blog posts:
http://eggsonbread.com/2010/03/28/my-rspec-best-practices-and-tips/
http://blog.carbonfive.com/2010/10/21/rspec-best-practices/

I tried to make the lib configurable as much as possible but right now, it takes strong assumptions on class names. So for now, you have to use Role and User classes when you use the generator (or don't give any argument as these values are the default ones)

I will change that before 1.0

Right now, several queries are done to do just a 1 role check on mongoid adapter. I need to modify the query build method to be able to do one single query per role check.
I need it to be done before 3.0 release.

Like the User having roles on resources, resources have many roles from Users. I believe all this amounts to creating the has_many association on each resource model.

has_many :roles, :as => :resource

It would add the benefit of allowing an authorisation system to scope a resource to a set of roles:

Post.with_role('update', current_user).find params [:id]

Thoughts?