Module: Lanes::Concerns::ApiAttributeAccess

Extended by:: ActiveSupport::Concern

Included in:: Model

Defined in:: lib/lanes/concerns/set_attribute_data.rb

Defined Under Namespace

Modules: AccessChecks, ClassMethods

Instance Method Summary collapse

#_set_attribute_data_from_collection(association, value) ⇒ Object
#set_attribute_data(data, user) ⇒ Object

Takes in a hash containing attribute name/value pairs, as well as sub hashes/arrays.
#setting_attribute_is_allowed?(name, user) ⇒ Boolean

An attribute is allowed if it’s white listed or it’s a valid attribute and not black listed.

Instance Method Details

#_set_attribute_data_from_collection(association, value) ⇒ `Object`

# File 'lib/lanes/concerns/set_attribute_data.rb', line 115

def _set_attribute_data_from_collection(association, value)

    records = if association.loaded?
                           association.target
                       else
                           attribute_ids = value.map {|a| a['id'] || a[:id] }.compact
                           attribute_ids.empty? ? [] : association.scope.where(
                             association.klass.primary_key => attribute_ids
                           )
                       end

    value.map do | association_data |
        record = if association_data['id'].blank?
                     association.build
                 else
                     records.detect{ |r| r.id.to_s == value['id'].to_s }
                 end
        record.set_attribute_data(association_data) if record
    end
end

#set_attribute_data(data, user) ⇒ `Object`

Takes in a hash containing attribute name/value pairs, as well as sub hashes/arrays. Sets all the attributes that are allowed and recursively sets sub-associations as well

Parameters:

data (Hash)
user (User) —

who is performing request

# File 'lib/lanes/concerns/set_attribute_data.rb', line 87

def set_attribute_data(data, user)

    return {} unless self.can_write_attributes?(data, user)

    data.each_with_object(Hash.new) do | kv, result |
        ( key, value ) = kv

        # First we set all the attributes that are allowed
        if self.setting_attribute_is_allowed?(key.to_sym, user)
            public_send("#{key}=",result[key] = value)
        else
            # allow nested params to be specified using Rails _attributes
            name = key.to_s.gsub(/_attributes$/,'').to_sym

            next unless self.class.has_exported_nested_attribute?(name, user)

            association = self.association(name)

            result[name] = if value.is_a?(Hash) && [:belongs_to,:has_one].include?(association.reflection.macro)
                               target = association.target || association.build
                               target.set_attribute_data(value)
                           elsif value.is_a?(Array) && :has_many == association.reflection.macro
                               _set_attribute_data_from_collection(association, value)
                           end
        end
    end
end

#setting_attribute_is_allowed?(name, user) ⇒ `Boolean`

An attribute is allowed if it’s white listed or it’s a valid attribute and not black listed

Parameters:

name (Symbol)
user (User) —

who is performing request

Returns:

(Boolean)

# File 'lib/lanes/concerns/set_attribute_data.rb', line 72

def setting_attribute_is_allowed?(name, user)
    return false unless user.can_write?(self, name)
    (self.whitelisted_attributes && self.whitelisted_attributes.has_key?( name.to_sym)) ||
    (
      self.attribute_names.include?( name.to_s ) &&
      ( self.blacklisted_attributes.nil? ||
        ! self.blacklisted_attributes.has_key?( name.to_sym )  )
    )
end