Module: Lanes::Concerns::ApiAttributeAccess

Extended by:: ActiveSupport::Concern

Included in:: Model

Defined in:: lib/lanes/concerns/set_attribute_data.rb

Defined Under Namespace

Modules: AccessChecks, ClassMethods

Instance Method Summary collapse

#_set_attribute_data_from_collection(association, value, user) ⇒ Object
#set_attribute_data(data, user) ⇒ Object

Takes in a hash containing attribute name/value pairs, as well as sub hashes/arrays.
#setting_attribute_is_allowed?(name, user) ⇒ Boolean

An attribute is allowed if it’s white listed or it’s a valid attribute and not black listed.

Instance Method Details

#_set_attribute_data_from_collection(association, value, user) ⇒ `Object`

# File 'lib/lanes/concerns/set_attribute_data.rb', line 112

def _set_attribute_data_from_collection(association, value, user)

    records = if association.loaded?
                           association.target
                       else
                           attribute_ids = value.map {|a| a['id'] || a[:id] }.compact
                           attribute_ids.empty? ? [] : association.scope.where(
                             association.klass.primary_key => attribute_ids
                           )
                       end

    value.map do | association_data |
        record = if association_data['id'].blank?
                     association.build
                 else
                     records.detect{ |r| r.id.to_s == value['id'].to_s }
                 end
        record.set_attribute_data(association_data, user) if record
    end
end

#set_attribute_data(data, user) ⇒ `Object`

Takes in a hash containing attribute name/value pairs, as well as sub hashes/arrays. Sets all the attributes that are allowed and recursively sets sub-associations as well

Parameters:

data (Hash)
user (User) —

who is performing request

# File 'lib/lanes/concerns/set_attribute_data.rb', line 86

def set_attribute_data(data, user)

    return {} unless self.can_write_attributes?(data, user)

    data.each_with_object(Hash.new) do | (key, value), result |
        # First we set all the attributes that are allowed
        if self.setting_attribute_is_allowed?(key.to_sym, user)
            result[key] = value
            public_send("#{key}=", value)
        elsif value.present?
            # allow nested params to be specified using Rails _attributes
            name = key.to_s.gsub(/_attributes$/,'').to_sym

            next unless self.class.has_exported_nested_attribute?(name, user)

            association = self.association(name)
            if value.is_a?(Hash) && [:belongs_to,:has_one].include?(association.reflection.macro)
                target = association.target || association.build
                result[name] = target.set_attribute_data(value, user)
            elsif value.is_a?(Array) && :has_many == association.reflection.macro
                result[name] = _set_attribute_data_from_collection(association, value, user)
            end
        end
    end
end

#setting_attribute_is_allowed?(name, user) ⇒ `Boolean`

An attribute is allowed if it’s white listed or it’s a valid attribute and not black listed

Parameters:

name (Symbol)
user (User) —

who is performing request

Returns:

(Boolean)

# File 'lib/lanes/concerns/set_attribute_data.rb', line 71

def setting_attribute_is_allowed?(name, user)
    return false unless user.can_write?(self, name)
    (self.whitelisted_attributes && self.whitelisted_attributes.has_key?( name.to_sym)) ||
    (
      self.attribute_names.include?( name.to_s ) &&
      ( self.blacklisted_attributes.nil? ||
        ! self.blacklisted_attributes.has_key?( name.to_sym )  )
    )
end