apiphobic-authorization 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '06941e32e3b1ca8b7fe4c0796ab5470f2b22148ccfcde6c3c11c17839764148b'
-  data.tar.gz: 9fa62e553609cb05c396ebee78419cce551d72767b097f309546f6d0593e5c92
+  metadata.gz: ae49ad16d7ccee68ad832094f557149dffe1b98c82975f31aba512b9f2cec00c
+  data.tar.gz: 6ee28b1abc416e418e27db5d722f8f5d24fc255245f639cc0fc4925c539ff01b
 SHA512:
-  metadata.gz: 5aca4483586dc0c98994ce92f91cda8d50666d1396f8ed867a621a17d818a179bb6c14ef42fa411dbad083c868ba5b33166998f0ccc2920949df8efd788d85df
-  data.tar.gz: acc4a4d9dc689600e459a2817e24a7246ca976d70edb169291cc4b22570be807feffd8e5ecdeee0d91091196e4d24f0a9d0275092624e79b58fc7d2f22e5655d
+  metadata.gz: 387c64f4a04f2028fd6ed326b5e855902388054589d7d56db872dad926d8d3506b2eba771704ba6563d3749978a9fd625420b3753aaa36ab5a9e020f00bfd2c5
+  data.tar.gz: 2a60f92f107dbfcdc7d2bdb7008b2df9d0bf1fc63acea278116f923979e041a4ebea5ee41ecce6f6da5372f3322a5d559f6e15890471c56da75b541d6479d611

data/lib/apiphobic/authorization/authorizer.rb

@@ -4,18 +4,18 @@ module  Apiphobic
 module  Authorization
 class   Authorizer
   attr_accessor :action,
+                :parameters,
+                :resource,
                 :token,
-                :user,
-                :params,
-                :resource
+                :user
 
   # rubocop:disable Metrics/ParameterLists
-  def initialize(action:, token:, user:, issuer:, params:, resource:, **other)
-    self.action   = action
-    self.token    = token
-    self.user     = user
-    self.params   = params
-    self.resource = resource
+  def initialize(action:, token:, user:, issuer:, parameters:, resource:, **other)
+    self.action     = action
+    self.token      = token
+    self.user       = user
+    self.parameters = parameters
+    self.resource   = resource
 
     other.each do |name, value|
       public_send("#{name}=", value)

data/lib/apiphobic/authorization/authorizers/parameters.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'apple_core/refinements/deep_dup'
 require 'apiphobic/errors/unpermitted_inclusions'
 require 'apiphobic/errors/unpermitted_sorts'
 
@@ -8,12 +9,12 @@ module  Apiphobic
 module  Authorization
 module  Authorizers
 class   Parameters
-  JSON_API_PARAMETERS = %i{include sort page data filter}.freeze
+  using ::AppleCore::Refinements::DeepDup
 
   attr_accessor :action,
+                :parameters,
                 :token,
-                :user,
-                :raw_parameters
+                :user
 
   attr_writer   :authorized_attributes,
                 :authorized_filters,
@@ -24,10 +25,10 @@ class   Parameters
 
   # rubocop:disable Metrics/ParameterLists
   def initialize(action:, token:, user:, issuer:, parameters:, **other)
-    self.action         = action
-    self.token          = token
-    self.user           = user
-    self.raw_parameters = parameters.slice(*JSON_API_PARAMETERS)
+    self.action     = action
+    self.parameters = parameters.deep_dup
+    self.token      = token
+    self.user       = user
 
     other.each do |name, value|
       public_send("#{name}=", value)
@@ -35,6 +36,38 @@ class   Parameters
   end
   # rubocop:enable Metrics/ParameterLists
 
+  def authorized_parameters
+    @authorized_parameters || [
+                                :include,
+                                :sort,
+                                {
+                                  name:                :data,
+                                  authorization_value: [
+                                                         :type,
+                                                         :id,
+                                                         {
+                                                           attributes:    nil,
+                                                           relationships: nil,
+                                                         },
+                                                       ],
+                                },
+                                {
+                                  name:                :filter,
+                                  authorization_value: [{}],
+                                },
+                                {
+                                  name:                :page,
+                                  authorization_value: %i{
+                                                         number
+                                                         size
+                                                         offset
+                                                         limit
+                                                         cursor
+                                                       },
+                                },
+                              ]
+  end
+
   def authorized_attributes
     @authorized_attributes || []
   end
@@ -59,7 +92,21 @@ class   Parameters
     @ignored_attributes || []
   end
 
+  # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity
   def call
+    sliced_parameters = authorized_parameters.map { |v| v.is_a?(::Hash) ? v[:name] : v }
+
+    parameters.slice!(*sliced_parameters)
+
+    authorized_parameters.each do |parameter|
+      parameter = { name: parameter } unless parameter.is_a?(::Hash)
+
+      authorize_parameter(value:                    parameters[parameter],
+                          authorization_parameters: authorization,
+                          raw_parameters:           parameters,
+                          **parameter)
+    end
+
     authorized_attributes.each do |attribute|
       attribute = { name: attribute } unless attribute.is_a?(::Hash)
 
@@ -87,46 +134,32 @@ class   Parameters
     authorize_inclusions(names: authorized_inclusions)
     authorize_sorts(names: authorized_sorts)
 
-    raw_parameters.permit(*authorized_parameters)
+    parameters.permit(*authorization)
   end
+  # rubocop:enable Metrics/AbcSize, Metrics/CyclomaticComplexity
 
   private
 
-  def authorized_parameters
-    @authorized_parameters ||= [
-                                 {
-                                   data:   [
-                                             :type,
-                                             :id,
-                                             {
-                                               attributes:    nil,
-                                               relationships: nil,
-                                             },
-                                           ],
-                                   filter: nil,
-                                   page:   %i{
-                                             number
-                                             size
-                                             offset
-                                             limit
-                                             cursor
-                                           },
-                                 },
-                               ]
+  def authorization
+    @authorization ||= [{}]
   end
 
   def authorize_attribute(**args)
-    authorize_parameter(value:                 raw_parameter_attribute_value(args[:name]),
-                        authorized_parameters: authorized_parameter_attributes,
-                        raw_parameters:        raw_parameter_attributes,
-                        **args)
+    authorize_parameter(
+      value:                    raw_parameter_attribute_value(args[:name]),
+      authorization_parameters: authorized_parameter_attributes,
+      raw_parameters:           raw_parameter_attributes,
+      **args,
+    )
   end
 
   def authorize_filter(**args)
-    authorize_parameter(value:                 raw_parameter_filter_value(args[:name]),
-                        authorized_parameters: authorized_parameter_filters,
-                        raw_parameters:        raw_parameter_filters,
-                        **args)
+    authorize_parameter(
+      value:                    raw_parameter_filter_value(args[:name]),
+      authorization_parameters: authorized_parameter_filters,
+      raw_parameters:           raw_parameter_filters,
+      **args,
+    )
   end
 
   def authorize_inclusions(names:)
@@ -141,8 +174,6 @@ class   Parameters
 
     fail Errors::UnpermittedInclusions.new(inclusions: raw_parameter_inclusions) \
       unless all_requested_inclusions_authorized
-
-    authorized_parameters << :include
   end
 
   def authorize_sorts(names:)
@@ -158,27 +189,30 @@ class   Parameters
 
     fail Errors::UnpermittedSorts.new(sorts: raw_parameter_sorts) \
       unless all_requested_sorts_authorized
-
-    authorized_parameters << :sort
   end
 
+  # rubocop:disable Metrics/ParameterLists
   def authorize_parameter(name:,
                           value:,
-                          authorized_parameters:,
+                          authorization_parameters:,
+                          authorization_value: nil,
                           raw_parameters:,
-                          override: { with: nil, if_admin: false, if_blank: false })
+                          override: {})
 
     value = override_parameter(name:     name,
                                value:    value,
                                hash:     raw_parameters,
                                override: override)
 
-    if value.class == ::Array
-      authorized_parameters[0][name] = []
+    if authorization_value
+      authorization_parameters[0][name] = authorization_value
+    elsif value.class == ::Array
+      authorization_parameters[0][name] = []
     else
-      authorized_parameters << name
+      authorization_parameters << name
     end
   end
+  # rubocop:enable Metrics/ParameterLists
 
   def authorize_relationship(name:, embedded_attributes: [])
     relationship_data = raw_parameter_relationship_data(name)
@@ -212,18 +246,24 @@ class   Parameters
     raw_parameter_attributes.delete(name)
   end
 
+  # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
   def override_parameter(name:, value:, hash:, override:)
+    override = { with: nil, if_admin: false, if_absent: true, if_blank: true }
+                 .merge(override)
+
     return value unless override[:with] &&
                         (!token.admin? || override[:if_admin]) &&
-                        (!value.nil?   || override[:if_blank])
+                        (hash.has_key?(name) || override[:if_absent]) &&
+                        (!hash.has_key?(name) || !value.nil? || override[:if_blank])
 
     hash[name] = override[:with]
 
     override[:with]
   end
+  # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
 
   def authorized_data_parameter
-    authorized_parameters[0][:data][2]
+    authorization[0][:data][2]
   end
 
   def authorized_parameter_attributes
@@ -235,44 +275,36 @@ class   Parameters
   end
 
   def authorized_parameter_filters
-    authorized_parameters[0][:filter] ||= [{}]
-  end
-
-  def authorized_parameter_inclusions
-    authorized_parameters[0][:include] ||= ''
-  end
-
-  def authorized_parameter_sorts
-    authorized_parameters[0][:sort] ||= ''
+    authorization[0][:filter] ||= [{}]
   end
 
   # rubocop:disable Layout/ExtraSpacing
   def raw_parameter_attributes
     @raw_parameter_attributes ||= begin
-      raw_parameters[:data]              ||= {}
-      raw_parameters[:data][:attributes] ||= {}
+      parameters[:data]              ||= {}
+      parameters[:data][:attributes] ||= {}
 
-      raw_parameters[:data][:attributes]
+      parameters[:data][:attributes]
     end
   end
   # rubocop:enable Layout/ExtraSpacing
 
   def raw_parameter_filters
-    @raw_parameter_filters ||= raw_parameters[:filter] ||= {}
+    @raw_parameter_filters ||= parameters[:filter] ||= {}
   end
 
   def raw_parameter_inclusions
-    @raw_parameter_inclusions ||= raw_parameters[:include] ||= ''
+    @raw_parameter_inclusions ||= parameters[:include]
   end
 
   def raw_parameter_relationships
-    @raw_parameter_relationships ||= raw_parameters
+    @raw_parameter_relationships ||= parameters
                                        .fetch(:data,          {})
                                        .fetch(:relationships, {})
   end
 
   def raw_parameter_sorts
-    @raw_parameter_sorts ||= raw_parameters[:sort] ||= ''
+    @raw_parameter_sorts ||= parameters[:sort]
   end
 
   def raw_parameter_attribute_value(name)

data/lib/apiphobic/authorization/{authorizable_resource.rb → resource.rb}

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 require 'apple_core/action_controller/resource_naming'
+require 'apiphobic/authorization/transformers/json_api_to_rails_attributes'
+require 'apiphobic/resource/collection'
 require 'apiphobic/resource/model'
 
 module  Apiphobic
@@ -54,15 +56,17 @@ module  Resource
     return if authorizer.public_send(authorization_query)
 
     Erratum.fail(
-      'ForbiddenError',
-      resource_name: self.class.singular_resource_name,
+      'Forbidden',
+      resource_name: self.class.singular_underscored_base_resource_name,
       resource_id:   [params[:id]],
       action:        action_name,
     )
   end
 
   def authorized_parameters
-    @authorized_parameters ||= authorizer_parameters_class
+    @authorized_parameters ||= self
+                                 .class
+                                 .authorizer_parameters_class
                                  .new(action:     action_name,
                                       token:      token,
                                       user:       authorized_user,
@@ -71,6 +75,10 @@ module  Resource
                                  .call
   end
 
+  def authorized_inclusions
+    @authorized_inclusions ||= authorized_parameters[:include]
+  end
+
   def authorized_scope
     @authorized_scope ||= self
                             .class
@@ -80,7 +88,7 @@ module  Resource
                                  user:       authorized_user,
                                  issuer:     authorized_issuer,
                                  parameters: authorized_parameters,
-                                 scope_root: authorized_scope_root_class)
+                                 scope_root: self.class.authorized_scope_root_class)
                             .call
   end
 
@@ -99,15 +107,15 @@ module  Resource
                            user:       authorized_user,
                            issuer:     authorized_issuer,
                            parameters: authorized_parameters,
-                           resource:   authorized_resource)
+                           resource:   authorized_resource&.processed)
   end
 
   def authorized_resource
     return if RESOURCE_COLLECTION_ACTIONS.include?(action_name)
 
     @authorized_resource ||= \
-      Resource::Model
-        .new(resource:   public_send(self.class.plural_resource_name),
+      ::Apiphobic::Resource::Model
+        .new(resource:   public_send(self.class.singular_underscored_base_resource_name),
              parameters: authorized_parameters)
   end
 
@@ -115,8 +123,8 @@ module  Resource
     return unless RESOURCE_COLLECTION_ACTIONS.include?(action_name)
 
     @authorized_collection ||= \
-      Resource::Collection
-        .new(resource:   public_send(self.class.plural_resource_name),
+      ::Apiphobic::Resource::Collection
+        .new(resource:   public_send(self.class.plural_underscored_base_resource_name),
              parameters: authorized_parameters)
   end
 

data/lib/apiphobic/authorization/version.rb

@@ -2,6 +2,6 @@
 
 module Apiphobic
 module Authorization
-  VERSION = '1.1.0'
+  VERSION = '1.2.0'
 end
 end

data/lib/apiphobic/rails/api_controller_compatibility.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module  Apiphobic
+module  Rails
+module  ApiControllerCompatibility
+  def cache_store; end
+  def cache_store=(*); end
+  def assets_dir=(*); end
+  def javascripts_dir=(*); end
+  def stylesheets_dir=(*); end
+  def page_cache_directory=(*); end
+  def asset_path=(*); end
+  def asset_host=(*); end
+  def relative_url_root=(*); end
+  def perform_caching=(*); end
+  def helpers_path=(*); end
+  def allow_forgery_protection=(*); end
+  def helper_method(*); end
+  def helper(*); end
+end
+end
+end

data/lib/apiphobic/rails/controller.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'apiphobic/authorization/resource'
+require 'apiphobic/rails/api_controller_compatibility'
+require 'erratum/rescuable_resource'
+require 'erratum/verifiable_resource'
+
+module  Apiphobic
+module  Rails
+module  Controller
+  def self.included(base)
+    base.include Erratum::RescuableResource
+    base.include Erratum::VerifiableResource
+    base.include Apiphobic::Authorization::Resource
+    base.include Apiphobic::Rails::ApiControllerCompatibility
+  end
+end
+end
+end

data/lib/apiphobic-authorization.rb

@@ -1,3 +1,7 @@
 # frozen_string_literal: true
 
+require 'apiphobic/authorization/authorizer'
+require 'apiphobic/authorization/authorizers/parameters'
+require 'apiphobic/authorization/authorizers/scope'
 require 'apiphobic/authorization/version'
+require 'apiphobic/rails/controller'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: apiphobic-authorization
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - thegranddesign
@@ -31,26 +31,43 @@ cert_chain:
   Y2GAoHKstmfIVhc4XHOPpmTd2o/C29O9oaRgjrkfQEhF/KvJ/PhoV5hvokzsCyI5
   iUeXPfvrGD/itYIBCgk+fnzyQQ4QtE5hTQaWQ3o2
   -----END CERTIFICATE-----
-date: 2018-05-01 00:00:00.000000000 Z
+date: 2018-05-03 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: apiphobic-resource
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: apple_core
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.3'
 - !ruby/object:Gem::Dependency
   name: erratum
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.1
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.1'
@@ -58,6 +75,9 @@ dependencies:
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.1
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.1'
@@ -127,15 +147,17 @@ files:
 - LICENSE.txt
 - README.md
 - lib/apiphobic-authorization.rb
-- lib/apiphobic/authorization/authorizable_resource.rb
 - lib/apiphobic/authorization/authorizer.rb
 - lib/apiphobic/authorization/authorizers/parameters.rb
 - lib/apiphobic/authorization/authorizers/scope.rb
+- lib/apiphobic/authorization/resource.rb
 - lib/apiphobic/authorization/transformers/json_api_to_rails_attributes.rb
 - lib/apiphobic/authorization/version.rb
 - lib/apiphobic/errors/unpermitted_inclusions.rb
 - lib/apiphobic/errors/unpermitted_sorts.rb
 - lib/apiphobic/json_api/relationship.rb
+- lib/apiphobic/rails/api_controller_compatibility.rb
+- lib/apiphobic/rails/controller.rb
 homepage: ''
 licenses:
 - MIT