Module: Hippo::Concerns::ApiAttributeAccess

Extended by:

ActiveSupport::Concern

Included in:

Model

Defined in:

lib/hippo/concerns/set_attribute_data.rb

Defined Under Namespace

Modules: AccessChecks, ClassMethods

Constant Summary

DEFAULT_BLACKLISTED =

{}

Instance Method Summary

• #_set_attribute_data_from_collection(association, name, record_data, user) ⇒ Object
• #set_attribute_data(data, user) ⇒ Object

  Takes in a hash containing attribute name/value pairs, as well as sub hashes/arrays.

• #setting_attribute_is_allowed?(name, user) ⇒ Boolean

  An attribute is allowed if it’s white listed or it’s a valid attribute and not black listed.

Instance Method Details

#_set_attribute_data_from_collection(association, name, record_data, user) ⇒ Object

# File 'lib/hippo/concerns/set_attribute_data.rb', line 104

def _set_attribute_data_from_collection(association, name, record_data, user)
    records = public_send(name)
    record_data.map do | association_data |

        record = if association_data['id'].blank?
                     association.build
                 else
                     records.detect{ |r| r.id.to_s == association_data['id'].to_s }
                 end
        next unless record

        if association_data['_delete'] == true
            record.mark_for_destruction
        else
            record.set_attribute_data(association_data, user)
        end
    end
end

#set_attribute_data(data, user) ⇒ Object

Takes in a hash containing attribute name/value pairs, as well as sub hashes/arrays. Sets all the attributes that are allowed and recursively sets sub-associations as well

Parameters:

• data (Hash)
• user (User) —

  who is performing request

# File 'lib/hippo/concerns/set_attribute_data.rb', line 79

def set_attribute_data(data, user)
    return {} unless self.can_write_attributes?(data, user)
    data.each_with_object(Hash.new) do | (key, value), result |
        # First we set all the attributes that are allowed

        if self.setting_attribute_is_allowed?(key.to_sym, user)
            result[key] = value
            public_send("#{key}=", value)
        elsif value.present?
            # allow nested params to be specified using Rails _attributes
            name = key.to_s.gsub(/_attributes$/,'').to_sym

            next unless self.class.has_exported_nested_attribute?(name, user)

            association = self.association(name)
            if value.is_a?(Hash) && [:belongs_to,:has_one].include?(association.reflection.macro)
                target = send(name) || association.build
                result[name] = target.set_attribute_data(value, user)
            elsif value.is_a?(Array) && :has_many == association.reflection.macro
                result[name] = _set_attribute_data_from_collection(association, name, value, user)
            end
        end
    end
end

#setting_attribute_is_allowed?(name, user) ⇒ Boolean

An attribute is allowed if it’s white listed or it’s a valid attribute and not black listed

Parameters:

• name (Symbol)
• user (User) —

  who is performing request

Returns:

• (Boolean)

# File 'lib/hippo/concerns/set_attribute_data.rb', line 64

def setting_attribute_is_allowed?(name, user)
    return false unless user.can_write?(self, name)
    (self.whitelisted_attributes && self.whitelisted_attributes.has_key?( name.to_sym)) ||
    (
      self.attribute_names.include?( name.to_s ) &&
      ( self.blacklisted_attributes.nil? ||
        ! self.blacklisted_attributes.has_key?( name.to_sym )  )
    )
end