Class: JSONAPI::Authorization::AuthorizingOperationsProcessor

Inherits:
ActiveRecordOperationsProcessor
  • Object
show all
Defined in:
lib/jsonapi/authorization/authorizing_operations_processor.rb

Instance Method Summary collapse

Instance Method Details

#authorize_create_resourceObject 



113
114
115
116
117
 
# File 'lib/jsonapi/authorization/authorizing_operations_processor.rb', line 113

def authorize_create_resource
  source_class = @operation.resource_klass._model_class

  authorizer.create_resource(source_class, related_models)
end

#authorize_create_to_many_relationshipObject 



151
152
153
154
155
156
157
158
159
160
161
 
# File 'lib/jsonapi/authorization/authorizing_operations_processor.rb', line 151

def authorize_create_to_many_relationship
  source_record = @operation.resource_klass.find_by_key(
    @operation.resource_id,
    context: operation_context
  )._model

  related_models =
    model_class_for_relationship(@operation.relationship_type).find(@operation.data)

  authorizer.create_to_many_relationship(source_record, related_models)
end

#authorize_findObject 



46
47
48
 
# File 'lib/jsonapi/authorization/authorizing_operations_processor.rb', line 46

def authorize_find
  authorizer.find(@operation.resource_klass._model_class)
end

#authorize_include_directiveObject 



31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/jsonapi/authorization/authorizing_operations_processor.rb', line 31

def authorize_include_directive
  return if @result.is_a?(::JSONAPI::ErrorsOperationResult)
  resources = Array.wrap(
    if @result.respond_to?(:resources)
      @result.resources
    elsif @result.respond_to?(:resource)
      @result.resource
    end
  )

  resources.each do |resource|
    authorize_model_includes(resource._model)
  end
end

#authorize_remove_resourceObject 



119
120
121
122
123
124
125
126
 
# File 'lib/jsonapi/authorization/authorizing_operations_processor.rb', line 119

def authorize_remove_resource
  record = @operation.resource_klass.find_by_key(
    operation_resource_id,
    context: operation_context
  )._model

  authorizer.remove_resource(record)
end

#authorize_remove_to_many_relationshipObject 



178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
 
# File 'lib/jsonapi/authorization/authorizing_operations_processor.rb', line 178

def authorize_remove_to_many_relationship
  source_resource = @operation.resource_klass.find_by_key(
    @operation.resource_id,
    context: operation_context
  )
  source_record = source_resource._model

  related_resource = @operation.resource_klass._relationship(@operation.relationship_type).resource_klass.find_by_key(
    @operation.associated_key,
    context: operation_context
  )
  related_record = related_resource._model unless related_resource.nil?

  authorizer.remove_to_many_relationship(
    source_record,
    related_record
  )
end

#authorize_remove_to_one_relationshipObject 



197
198
199
200
201
202
203
204
205
206
207
208
 
# File 'lib/jsonapi/authorization/authorizing_operations_processor.rb', line 197

def authorize_remove_to_one_relationship
  source_resource = @operation.resource_klass.find_by_key(
    @operation.resource_id,
    context: operation_context
  )

  related_resource = source_resource.public_send(@operation.relationship_type)

  source_record = source_resource._model
  related_record = related_resource._model unless related_resource.nil?
  authorizer.remove_to_one_relationship(source_record, related_record)
end

#authorize_replace_fieldsObject 



104
105
106
107
108
109
110
111
 
# File 'lib/jsonapi/authorization/authorizing_operations_processor.rb', line 104

def authorize_replace_fields
  source_record = @operation.resource_klass.find_by_key(
    @operation.resource_id,
    context: operation_context
  )._model

  authorizer.replace_fields(source_record, related_models)
end

#authorize_replace_to_many_relationshipObject 



163
164
165
166
167
168
169
170
171
172
173
174
175
176
 
# File 'lib/jsonapi/authorization/authorizing_operations_processor.rb', line 163

def authorize_replace_to_many_relationship
  source_resource = @operation.resource_klass.find_by_key(
    @operation.resource_id,
    context: operation_context
  )
  source_record = source_resource._model

  related_records = source_resource.records_for(@operation.relationship_type)

  authorizer.replace_to_many_relationship(
    source_record,
    related_records
  )
end

#authorize_replace_to_one_relationshipObject 



128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
 
# File 'lib/jsonapi/authorization/authorizing_operations_processor.rb', line 128

def authorize_replace_to_one_relationship
  source_resource = @operation.resource_klass.find_by_key(
    @operation.resource_id,
    context: operation_context
  )
  source_record = source_resource._model

  old_related_record = source_resource.records_for(@operation.relationship_type)
  unless @operation.key_value.nil?
    new_related_resource = @operation.resource_klass._relationship(@operation.relationship_type).resource_klass.find_by_key(
      @operation.key_value,
      context: operation_context
    )
    new_related_record = new_related_resource._model unless new_related_resource.nil?
  end

  authorizer.replace_to_one_relationship(
    source_record,
    old_related_record,
    new_related_record
  )
end

#authorize_showObject 



50
51
52
53
54
55
56
57
 
# File 'lib/jsonapi/authorization/authorizing_operations_processor.rb', line 50

def authorize_show
  record = @operation.resource_klass.find_by_key(
    operation_resource_id,
    context: operation_context
  )._model

  authorizer.show(record)
end

#authorize_show_related_resourceObject 



82
83
84
85
86
87
88
89
90
91
92
93
 
# File 'lib/jsonapi/authorization/authorizing_operations_processor.rb', line 82

def authorize_show_related_resource
  source_resource = @operation.source_klass.find_by_key(
    @operation.source_id,
    context: operation_context
  )

  related_resource = source_resource.public_send(@operation.relationship_type)

  source_record = source_resource._model
  related_record = related_resource._model unless related_resource.nil?
  authorizer.show_related_resource(source_record, related_record)
end

#authorize_show_related_resourcesObject 



95
96
97
98
99
100
101
102
 
# File 'lib/jsonapi/authorization/authorizing_operations_processor.rb', line 95

def authorize_show_related_resources
  source_record = @operation.source_klass.find_by_key(
    @operation.source_id,
    context: operation_context
  )._model

  authorizer.show_related_resources(source_record)
end

#authorize_show_relationshipObject 



59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/jsonapi/authorization/authorizing_operations_processor.rb', line 59

def authorize_show_relationship
  parent_resource = @operation.resource_klass.find_by_key(
    @operation.parent_key,
    context: operation_context
  )

  relationship = @operation.resource_klass._relationship(@operation.relationship_type)

  related_resource =
    case relationship
    when JSONAPI::Relationship::ToOne
      parent_resource.public_send(@operation.relationship_type)
    when JSONAPI::Relationship::ToMany
      # Do nothing — already covered by policy scopes
    else
      raise "Unexpected relationship type: #{relationship.inspect}"
    end

  parent_record = parent_resource._model
  related_record = related_resource._model unless related_resource.nil?
  authorizer.show_relationship(parent_record, related_record)
end