Improved row-level RBAC for records

rsmithlal · rsmithlal · commit 89077f44b36e · 2025-02-18T17:45:04.000-03:30
diff --git a/app/concerns/better_together/joinable.rb b/app/concerns/better_together/joinable.rb
@@ -6,10 +6,11 @@ module Joinable
     extend ActiveSupport::Concern
 
     included do
-      class_attribute :member_role_associations
+      class_attribute :member_role_associations, :joinable_type
       self.member_role_associations = []
 
       def self.joinable(joinable_type:, member_type:, **membership_options) # rubocop:todo Metrics/MethodLength
+        self.joinable_type = joinable_type
         membership_class = "BetterTogether::#{member_type.camelize}#{joinable_type.camelize}Membership"
         membership_name = :"#{member_type}_#{joinable_type}_memberships"
 
diff --git a/app/concerns/better_together/member.rb b/app/concerns/better_together/member.rb
@@ -6,8 +6,9 @@ module Member
     extend ActiveSupport::Concern
 
     included do # rubocop:todo Metrics/BlockLength
-      class_attribute :joinable_role_associations
+      class_attribute :joinable_role_associations, :joinable_membership_classes
       self.joinable_role_associations = []
+      self.joinable_membership_classes = []
 
       def self.member(joinable_type:, member_type:, **membership_options) # rubocop:todo Metrics/MethodLength
         membership_class = "BetterTogether::#{member_type.camelize}#{joinable_type.camelize}Membership"
@@ -31,6 +32,7 @@ def self.member(joinable_type:, member_type:, **membership_options) # rubocop:to
 
         # Register the association name for role retrieval
         joinable_role_associations << joinable_roles_association
+        joinable_membership_classes << membership_class
       end
 
       # Cache roles for the current instance
@@ -103,8 +105,7 @@ def record_permission_granted?(resource_permission, record)
         # Check if the member has a membership tied explicitly to the record
         memberships = membership_class.where(
           member: self,
-          joinable_id: record.id,
-          joinable_type: record.class.name
+          joinable_id: record.id
         ).includes(:role)
 
         memberships.any? do |membership|
@@ -114,9 +115,9 @@ def record_permission_granted?(resource_permission, record)
 
       # Determine the membership class for the record's joinable type
       def membership_class_for(record)
-        joinable_type = record.class.name
-        membership_class_name = self.class.joinable_role_associations.find do |assoc|
-          assoc.to_s.include?(joinable_type.underscore)
+        joinable_type = record.class.joinable_type
+        membership_class_name = self.class.joinable_membership_classes.find do |assoc|
+          assoc.to_s.include?(joinable_type.capitalize)
         end
 
         membership_class_name&.to_s&.classify&.constantize # rubocop:todo Style/SafeNavigationChainLength
