protector + rolify not playing nice.

[Altonymous]

I'm using a gem called protector; it and rolify don't play very nice at the moment. From what I can tell it appears that rolify doesn't cache the user roles when instantiating the user so each call to has_role? or is_admin? queries the database. Couple that with a permission check on each model that looks at the role before trying to determine which permission checks to execute and grabbing a list of objects can take a very long time.

I'm not sure what to do in this case short of creating a wrapper method around has_role? that caches the result.

Example...

# app/controllers/widgets_controller.rb
class WidgetsController < ApplicationController
  def index
    respond_with Widget.restrict!(current_user)
  end
end

# app/models/widget.rb
class Widget < ActiveRecord::Base
  include Concerns::Permissions::Widget
end

# app/models/concerns/permissions/widget.rb
module Concerns::Permissions::Widget
  extend ActiveSupport::Concern

  included do
    protect do |user, widget|
      # Admins can retrieve anything
      if user.has_role? :administrator
        scope { all }

        # ... and view, create, update, or destroy anything
        can :view
        can :create
        can :update
        can :destroy
      elsif user.present?
        scope { all }

        can :view
        cannot :create
      end
    end
  end
end

[Altonymous]

For those that encounter this same thing.. I added this method to my user model... Not sure if it's the best way to handle it, but it seems to work for me.

def has_role?(role)
  roles = Rails.cache.fetch(roles_for: { object_id: self.object_id }) { self.roles.map(&:name) }
  roles.include?(role)
end

I know it doesn't support checking if a user has a role tied to a specific resource, but I don't need that at the moment.

[EppO]

Indeed, rolify doesn't cache anything explicitly. During a request, it uses under the hood (thanks to Rails) ActiveRecord query cache but it's used only if you ask for the same SQL query, i.e. same role for a rolify use case, which in your case is not handy because you ask for many different roles.
I like the idea to cache the roles array of a user but I have a few concerns about that:

• a user could have lot of roles, ruby's .include? would be way more slower than the equivalent where SQL query in that case.
• what about cache expiration ? when you add/remove a role on a user, you should clear his roles array in the cache after making sure it has been properly deleted in the DB in order not to have your cache and DB unsynced.

These tradeoffs have to be evaluated. I'll run benchmarks to make a proper comparison. Anyway, that's a neat feature to consider for rolify 4.0, thanks for your feedback.