Class: JSONAPI::Authorization::AuthorizingProcessor
- Inherits:
-
Processor
- Object
- Processor
- JSONAPI::Authorization::AuthorizingProcessor
- Defined in:
- lib/jsonapi/authorization/authorizing_processor.rb
Instance Method Summary collapse
- #authorize_create_resource ⇒ Object
- #authorize_create_to_many_relationships ⇒ Object
- #authorize_find ⇒ Object
- #authorize_include_directive ⇒ Object
- #authorize_remove_resource ⇒ Object
- #authorize_remove_to_many_relationships ⇒ Object
- #authorize_remove_to_one_relationship ⇒ Object
- #authorize_replace_fields ⇒ Object
- #authorize_replace_polymorphic_to_one_relationship ⇒ Object
- #authorize_replace_to_many_relationships ⇒ Object
- #authorize_replace_to_one_relationship ⇒ Object
- #authorize_show ⇒ Object
- #authorize_show_related_resource ⇒ Object
- #authorize_show_related_resources ⇒ Object
- #authorize_show_relationship ⇒ Object
Instance Method Details
#authorize_create_resource ⇒ Object
127 128 129 130 131 132 133 |
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 127 def source_class = resource_klass._model_class .create_resource( source_class: source_class, related_records_with_context: ) end |
#authorize_create_to_many_relationships ⇒ Object
170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 |
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 170 def source_record = @resource_klass.find_by_key( params[:resource_id], context: context )._model relationship_type = params[:relationship_type].to_sym = model_class_for_relationship(relationship_type).find(params[:data]) .create_to_many_relationship( source_record: source_record, new_related_records: , relationship_type: relationship_type ) end |
#authorize_find ⇒ Object
51 52 53 |
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 51 def .find(source_class: @resource_klass._model_class) end |
#authorize_include_directive ⇒ Object
36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 36 def return if result.is_a?(::JSONAPI::ErrorsOperationResult) resources = Array.wrap( if result.respond_to?(:resources) result.resources elsif result.respond_to?(:resource) result.resource end ) resources.each do |resource| (resource._model) end end |
#authorize_remove_resource ⇒ Object
135 136 137 138 139 140 141 142 |
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 135 def record = @resource_klass.find_by_key( operation_resource_id, context: context )._model .remove_resource(source_record: record) end |
#authorize_remove_to_many_relationships ⇒ Object
203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 |
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 203 def source_resource = @resource_klass.find_by_key( params[:resource_id], context: context ) source_record = source_resource._model relationship_type = params[:relationship_type].to_sym = @resource_klass ._relationship(relationship_type) .resource_klass .find_by_keys( params[:associated_keys], context: context ) = .map(&:_model) if .size != params[:associated_keys].uniq.size fail JSONAPI::Exceptions::RecordNotFound, params[:associated_keys] end .remove_to_many_relationship( source_record: source_record, related_records: , relationship_type: relationship_type ) end |
#authorize_remove_to_one_relationship ⇒ Object
233 234 235 236 237 238 239 240 241 242 243 244 |
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 233 def source_record = @resource_klass.find_by_key( params[:resource_id], context: context )._model relationship_type = params[:relationship_type].to_sym .remove_to_one_relationship( source_record: source_record, relationship_type: relationship_type ) end |
#authorize_replace_fields ⇒ Object
116 117 118 119 120 121 122 123 124 125 |
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 116 def source_record = @resource_klass.find_by_key( params[:resource_id], context: context )._model .replace_fields( source_record: source_record, related_records_with_context: ) end |
#authorize_replace_polymorphic_to_one_relationship ⇒ Object
246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 |
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 246 def return if params[:key_value].nil? source_resource = @resource_klass.find_by_key( params[:resource_id], context: context ) source_record = source_resource._model # Fetch the name of the new class based on the incoming polymorphic # "type" value. This will fail if there is no associated resource for the # incoming "type" value so this shouldn't leak constants = source_resource .send(:_model_class_name, params[:key_type]) # Fetch the underlying Resource class for the new record to-be-associated = @resource_klass.resource_for() = .find_by_key( params[:key_value], context: context ) = ._model unless .nil? relationship_type = params[:relationship_type].to_sym .replace_to_one_relationship( source_record: source_record, new_related_record: , relationship_type: relationship_type ) end |
#authorize_replace_to_many_relationships ⇒ Object
186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 |
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 186 def source_resource = @resource_klass.find_by_key( params[:resource_id], context: context ) source_record = source_resource._model relationship_type = params[:relationship_type].to_sym = model_class_for_relationship(relationship_type).find(params[:data]) .replace_to_many_relationship( source_record: source_record, new_related_records: , relationship_type: relationship_type ) end |
#authorize_replace_to_one_relationship ⇒ Object
144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 |
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 144 def return if params[:key_value].nil? source_resource = @resource_klass.find_by_key( params[:resource_id], context: context ) source_record = source_resource._model relationship_type = params[:relationship_type].to_sym = @resource_klass ._relationship(relationship_type) .resource_klass .find_by_key( params[:key_value], context: context ) = ._model unless .nil? .replace_to_one_relationship( source_record: source_record, new_related_record: , relationship_type: relationship_type ) end |
#authorize_show ⇒ Object
55 56 57 58 59 60 61 62 |
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 55 def record = @resource_klass.find_by_key( operation_resource_id, context: context )._model .show(source_record: record) end |
#authorize_show_related_resource ⇒ Object
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 |
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 87 def source_klass = params[:source_klass] source_id = params[:source_id] relationship_type = params[:relationship_type].to_sym source_resource = source_klass.find_by_key(source_id, context: context) = source_resource.public_send(relationship_type) source_record = source_resource._model = ._model unless .nil? .( source_record: source_record, related_record: ) end |
#authorize_show_related_resources ⇒ Object
103 104 105 106 107 108 109 110 111 112 113 114 |
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 103 def source_resource = params[:source_klass].find_by_key( params[:source_id], context: context ) source_record = source_resource._model .( source_record: source_record, related_record_class: @resource_klass._model_class ) end |
#authorize_show_relationship ⇒ Object
64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
# File 'lib/jsonapi/authorization/authorizing_processor.rb', line 64 def parent_resource = @resource_klass.find_by_key( params[:parent_key], context: context ) relationship = @resource_klass._relationship(params[:relationship_type].to_sym) = case relationship when JSONAPI::Relationship::ToOne parent_resource.public_send(params[:relationship_type].to_sym) when JSONAPI::Relationship::ToMany # Do nothing — already covered by policy scopes else raise "Unexpected relationship type: #{relationship.inspect}" end parent_record = parent_resource._model = ._model unless .nil? .show_relationship(source_record: parent_record, related_record: ) end |