rails-engine / role_core Goto Github PK

It seems that the "type" column in roles table is set to 'Role' automatically. And when querying for roles, there is "roles.type in ('Role')" in the where clause. I wonder why you do it that way and how you do it. I am not able to find any clue in the repo.

报告一个问题:

7f8f88025d6e5a6dc34e5fa8c1ff7ef24e2ef4b7

此版本引入的psych 4.0.3 会引起visit_Psych_Nodes_Alias': Unknown alias: redis (Psych::BadAlias) 错误。
此错误无法正常解析yaml中的alias

只要yaml文件中有如下语法，就会报这个错误:

redis: &redis
  redis_host: 127.0.0.1
  redis_port: 6379

development:
  <<: *redis

staging:
  <<: *redis

ruby: 2.7.5
rails: 6.1.4

目前的解决办法是在gemfile中这样引入:

gem "role_core", github: "rails-engine/role_core", ref: "8578d64"
gem "psych", "~> 3.3.2"

Could you provide a step by step installation or video about it? After all, you did a great job. Congratulations.

Rails 5.2.1
ruby 2.3.6p384

重现步骤:
rails new TestApp
rails g scaffold posts title:string

rake db:migrate是成功的.
Gemfile加入 role_core
rake db:migrate

rake aborted!
NoMethodError: undefined method `force_equality?' for #<ActiveModel::Type::String:0x00005595c4650018>
/home/leo/.rbenv/versions/2.3.6/lib/ruby/gems/2.3.0/gems/activerecord-5.2.1/lib/active_record/relation/predicate_builder.rb:55:in `build'
/home/leo/.rbenv/versions/2.3.6/lib/ruby/gems/2.3.0/gems/activerecord-5.2.1/lib/active_record/relation/predicate_builder.rb:111:in `block in expand_from_hash'

I have a Users , Role Assignments and Roles table. I had created roles 'Admin', 'Integrator' with certain initial permission Create, Edit , Destroy (defined inside config/initializers/role_core.rb).

1. Now, I want to add a new permissions for a model 'Task'.
   How can I achieve this without affecting (resetting) my existing permissions already saved into database? (on the fly)
   How can I re-group a permission or add a group on the fly?
2. I don't have necessarily a "model" Task
   (for eg. group :task_management, model_name: 'Task').
   Can I configure grouping without having a model?

Please help. Thanks in advance !

在一个controller中，有部分是为页面的autocomplete插件准备的，比如下面这个搜索返回供应商名称：

  #cancancan定义
  load_and_authorize_resource
  skip_authorization_check :only => :check_purchase_supplier

 def check_purchase_supplier
    @purchase_supplier = PurchaseSupplier.search_name(params[:term]).map(&:name)
    render json: @purchase_supplier
  end

在使用了role_core后，后台页面接收到JSON，但被截断了，302跳转：

Started GET "/expense/get_expense_type?term=+" for ::1 at 2020-11-04 21:48:40 +0800
Processing by ExpenseController#get_expense_type as JSON
  Parameters: {"term"=>"浙江"}
  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2  [["id", 1], ["LIMIT", 1]]
  ↳ app/helpers/session_helper.rb:8:in `current_user'
  Role Load (0.5ms)  SELECT "roles".* FROM "roles" INNER JOIN "role_assignments" ON "roles"."id" = "role_assignments"."role_id" WHERE "roles"."type" = $1 AND "role_assignments"."user_id" = $2  [["type", "Role"], ["user_id", 1]]
  ↳ app/models/user.rb:24:in `map'
Redirected to http://localhost:3000/
Completed 302 Found in 26ms (ActiveRecord: 0.7ms | Allocations: 14019)

目前发现把这个check_purchase_supplier加入config/initializers/role_core.rb再赋予role能通过验证，但类似的controller有很多，这种通用的内容不应该重复多处设定。
不知道是否已经有别的解决方法但我没有发现？

I am facing an issue with updating permissions through raw sql query, as the data in database gets updated but not reflected through active record

*Steps to produce

1. Create role

INSERT INTO roles
(name, type, created_at, updated_at)
VALUES ('Test1', 'Role', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP);

• Permisions are getting created, as mentioned in role_core initializer

2. Update permissions

UPDATE roles
  SET permissions='{"users": {"manage": false}', updated_at = CURRENT_TIMESTAMP
WHERE id = 1;

3. This gets update in database but not accessible through active record

4 role = Role.last in rails console
#<Role id: 4, name: "Test1", permissions: #<Global:OptionsModel {:users=>{:manage=>true} >, type: "Role", created_at: "2018-06-22 20:24:56", updated_at: "2018-06-22 20:25:22">

需要bundle update mimemagic

DEPRECATION WARNING: Passing the coder as positional argument is deprecated and will be removed in Rails 7.2.
Please pass the coder as a keyword argument:
serialize :permissions, coder: #Class:0x00007f9662d92ec0

修改保存了角色的权限后，在进入修改页面报错，结果如下：
用户和角色是has_many to has_many
用了cancancan

ActionView::Template::Error (unknown keyword: permitted_classes):
    23:         </div>
    24:       </div>
    25:       <div class="col-md-12">
    26:         <%= render partial: "permissions", locals: {f: f, name: :permissions_attributes, permissions: role.permissions} %>
    27:       </div>
    28:     </div>
    29:   </div>

如果使用这种形式的block，然后获取自己发布的项目时，会出现

The accessible_by call cannot be used with a block 'can' definition.The SQL cannot be determined for :index Project

@projects = Project.accessible_by(current_ability)

 permission :read_own, action: :read  do |user, project|
      user.id = project.user_id
  end

看cancan的wiki好像要用这种方式才行

 permission :read_own, action: :read, user_id: user.id

但在role_core.rb中，好像无法传递user

It's a tiny issue.

Environment

• Ruby version: ruby 3.0.3p157 (RVM to manage)
• Rails version: 7.0.2.3
• Bundler version: 2.2.32

Error description

Using user has single role

• I created role:

#<Role:0x00000001067e6ab0
 id: 1,
 name: "Admin",
 permissions: #<Global:OptionsModel {:admin=>{:list_user=>true}}>,
 type: "Role",
 created_at: Fri, 18 Mar 2022 04:14:04.399774000 UTC +00:00,
 updated_at: Fri, 18 Mar 2022 04:14:04.401617000 UTC +00:00>

• Define in role_core.rb:

require "role_core/contrib/can_can_can_permission"
RoleCore.permission_class = RoleCore::CanCanCanPermission

RoleCore.permission_set_class.draw do
  group :admin, subject: :manage_users do
    permission :list_user, action: :index
  end
end.finalize!

• Define in users_controller.rb:

def index
    authorize! :index, :manage_users

    @users = User.all

    render json: @users
end

Error: When i run authorize! :index, :manage_users, raise exception "exception": "#<NoMethodError: undefined method _namespace' for : manage_users:Symbol>",`

Note: I see the difference lately is @options, for previous versions @options={} instead of @options={:_namespace=>[:admin], :_priority=>0, :_callable=> true}

• Non RESTful Controllers · CanCanCommunity/cancancan Wiki

比如 对 StatisticController 有 orders action

role_core.rb中这样定义

  group :statistic do
    permission :orders
  end

目测这行报错 https://github.com/rails-engine/role_core/blob/master/lib/role_core/contrib/can_can_can_permission.rb#L20

应该是没有配置model_name选项

现在问题是 对没有model的controle如何配置权限？

It seems that the type column in roles table is set to 'Role' automatically. And when querying for roles, there is "roles.type in ('Role')" in the where clause. I wonder why you set the column