Class: JSONAPI::Authorization::AuthorizingProcessor

Inherits:
Processor
  • Object
show all
Defined in:
lib/jsonapi/authorization/authorizing_processor.rb

Instance Method Summary collapse

Instance Method Details

#authorize_create_resourceObject 



114
115
116
117
118
 
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 114

def authorize_create_resource
  source_class = @resource_klass._model_class

  authorizer.create_resource(source_class, related_models)
end

#authorize_create_to_many_relationshipObject 



152
153
154
155
156
157
158
159
160
161
162
 
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 152

def authorize_create_to_many_relationship
  source_record = @resource_klass.find_by_key(
    params[:resource_id],
    context: context
  )._model

  related_models =
    model_class_for_relationship(params[:relationship_type].to_sym).find(params[:data])

  authorizer.create_to_many_relationship(source_record, related_models)
end

#authorize_findObject 



46
47
48
 
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 46

def authorize_find
  authorizer.find(@resource_klass._model_class)
end

#authorize_include_directiveObject 



31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 31

def authorize_include_directive
  return if result.is_a?(::JSONAPI::ErrorsOperationResult)
  resources = Array.wrap(
    if result.respond_to?(:resources)
      result.resources
    elsif result.respond_to?(:resource)
      result.resource
    end
  )

  resources.each do |resource|
    authorize_model_includes(resource._model)
  end
end

#authorize_remove_resourceObject 



120
121
122
123
124
125
126
127
 
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 120

def authorize_remove_resource
  record = @resource_klass.find_by_key(
    operation_resource_id,
    context: context
  )._model

  authorizer.remove_resource(record)
end

#authorize_remove_to_many_relationshipObject 



179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
 
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 179

def authorize_remove_to_many_relationship
  source_resource = @resource_klass.find_by_key(
    params[:resource_id],
    context: context
  )
  source_record = source_resource._model

  related_resource = @resource_klass._relationship(params[:relationship_type].to_sym).resource_klass.find_by_key(
    params[:associated_key],
    context: context
  )
  related_record = related_resource._model unless related_resource.nil?

  authorizer.remove_to_many_relationship(
    source_record,
    related_record
  )
end

#authorize_remove_to_one_relationshipObject 



198
199
200
201
202
203
204
205
206
207
208
209
 
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 198

def authorize_remove_to_one_relationship
  source_resource = @resource_klass.find_by_key(
    params[:resource_id],
    context: context
  )

  related_resource = source_resource.public_send(params[:relationship_type].to_sym)

  source_record = source_resource._model
  related_record = related_resource._model unless related_resource.nil?
  authorizer.remove_to_one_relationship(source_record, related_record)
end

#authorize_replace_fieldsObject 



105
106
107
108
109
110
111
112
 
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 105

def authorize_replace_fields
  source_record = @resource_klass.find_by_key(
    params[:resource_id],
    context: context
  )._model

  authorizer.replace_fields(source_record, related_models)
end

#authorize_replace_to_many_relationshipObject 



164
165
166
167
168
169
170
171
172
173
174
175
176
177
 
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 164

def authorize_replace_to_many_relationship
  source_resource = @resource_klass.find_by_key(
    params[:resource_id],
    context: context
  )
  source_record = source_resource._model

  related_records = source_resource.records_for(params[:relationship_type].to_sym)

  authorizer.replace_to_many_relationship(
    source_record,
    related_records
  )
end

#authorize_replace_to_one_relationshipObject 



129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
 
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 129

def authorize_replace_to_one_relationship
  source_resource = @resource_klass.find_by_key(
    params[:resource_id],
    context: context
  )
  source_record = source_resource._model

  old_related_record = source_resource.records_for(params[:relationship_type].to_sym)
  unless params[:key_value].nil?
    new_related_resource = @resource_klass._relationship(params[:relationship_type].to_sym).resource_klass.find_by_key(
      params[:key_value],
      context: context
    )
    new_related_record = new_related_resource._model unless new_related_resource.nil?
  end

  authorizer.replace_to_one_relationship(
    source_record,
    old_related_record,
    new_related_record
  )
end

#authorize_showObject 



50
51
52
53
54
55
56
57
 
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 50

def authorize_show
  record = @resource_klass.find_by_key(
    operation_resource_id,
    context: context
  )._model

  authorizer.show(record)
end

#authorize_show_related_resourceObject 



82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 82

def authorize_show_related_resource
  source_klass = params[:source_klass]
  source_id = params[:source_id]
  relationship_type = params[:relationship_type].to_sym

  source_resource = source_klass.find_by_key(source_id, context: context)

  related_resource = source_resource.public_send(relationship_type)

  source_record = source_resource._model
  related_record = related_resource._model unless related_resource.nil?
  authorizer.show_related_resource(source_record, related_record)
end

#authorize_show_related_resourcesObject 



96
97
98
99
100
101
102
103
 
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 96

def authorize_show_related_resources
  source_record = params[:source_klass].find_by_key(
    params[:source_id],
    context: context
  )._model

  authorizer.show_related_resources(source_record)
end

#authorize_show_relationshipObject 



59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 59

def authorize_show_relationship
  parent_resource = @resource_klass.find_by_key(
    params[:parent_key],
    context: context
  )

  relationship = @resource_klass._relationship(params[:relationship_type].to_sym)

  related_resource =
    case relationship
    when JSONAPI::Relationship::ToOne
      parent_resource.public_send(params[:relationship_type].to_sym)
    when JSONAPI::Relationship::ToMany
      # Do nothing — already covered by policy scopes
    else
      raise "Unexpected relationship type: #{relationship.inspect}"
    end

  parent_record = parent_resource._model
  related_record = related_resource._model unless related_resource.nil?
  authorizer.show_relationship(parent_record, related_record)
end