Module: Hippo::Concerns::ApiAttributeAccess

Extended by:
ActiveSupport::Concern
Included in:
Model
Defined in:
lib/hippo/concerns/set_attribute_data.rb

Defined Under Namespace

Modules: AccessChecks, ClassMethods

Constant Summary collapse

DEFAULT_BLACKLISTED =
{}

Instance Method Summary collapse

Instance Method Details

#_set_attribute_data_from_collection(association, name, record_data, user) ⇒ Object


104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# File 'lib/hippo/concerns/set_attribute_data.rb', line 104

def _set_attribute_data_from_collection(association, name, record_data, user)
    records = public_send(name)
    record_data.map do | association_data |

        record = if association_data['id'].blank?
                     association.build
                 else
                     records.detect{ |r| r.id.to_s == association_data['id'].to_s }
                 end
        next unless record

        if association_data['_delete'] == true
            record.mark_for_destruction
        else
            record.set_attribute_data(association_data, user)
        end
    end
end

#set_attribute_data(data, user) ⇒ Object

Takes in a hash containing attribute name/value pairs, as well as sub hashes/arrays. Sets all the attributes that are allowed and recursively sets sub-associations as well

Parameters:

  • data (Hash)
  • user (User)

    who is performing request


79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# File 'lib/hippo/concerns/set_attribute_data.rb', line 79

def set_attribute_data(data, user)
    return {} unless self.can_write_attributes?(data, user)
    data.each_with_object(Hash.new) do | (key, value), result |
        # First we set all the attributes that are allowed

        if self.setting_attribute_is_allowed?(key.to_sym, user)
            result[key] = value
            public_send("#{key}=", value)
        elsif value.present?
            # allow nested params to be specified using Rails _attributes
            name = key.to_s.gsub(/_attributes$/,'').to_sym

            next unless self.class.has_exported_nested_attribute?(name, user)

            association = self.association(name)
            if value.is_a?(Hash) && [:belongs_to,:has_one].include?(association.reflection.macro)
                target = send(name) || association.build
                result[name] = target.set_attribute_data(value, user)
            elsif value.is_a?(Array) && :has_many == association.reflection.macro
                result[name] = _set_attribute_data_from_collection(association, name, value, user)
            end
        end
    end
end

#setting_attribute_is_allowed?(name, user) ⇒ Boolean

An attribute is allowed if it's white listed or it's a valid attribute and not black listed

Parameters:

  • name (Symbol)
  • user (User)

    who is performing request

Returns:

  • (Boolean)

64
65
66
67
68
69
70
71
72
# File 'lib/hippo/concerns/set_attribute_data.rb', line 64

def setting_attribute_is_allowed?(name, user)
    return false unless user.can_write?(self, name)
    (self.whitelisted_attributes && self.whitelisted_attributes.has_key?( name.to_sym)) ||
    (
      self.attribute_names.include?( name.to_s ) &&
      ( self.blacklisted_attributes.nil? ||
        ! self.blacklisted_attributes.has_key?( name.to_sym )  )
    )
end