apiphobic-authorization 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b495a30be17fcd8a76aac415fcbf6d98e56f074c782fb8b97da5485ef5c87117
-  data.tar.gz: 4540fba22161f2ca8169e8daad77c4c868911e33a1792d58fb1bf66df66d1e35
+  metadata.gz: '06941e32e3b1ca8b7fe4c0796ab5470f2b22148ccfcde6c3c11c17839764148b'
+  data.tar.gz: 9fa62e553609cb05c396ebee78419cce551d72767b097f309546f6d0593e5c92
 SHA512:
-  metadata.gz: 3fdbe8d14d7a0cc433d73c71a2292470ff50a13182681a0f56d18959944393a8884027367ef19518027c843daa66cf9344ec22e5648d64d8f2526a9b71d1090d
-  data.tar.gz: 2c9a91ca38d27f3b78ee561481c12c4aeed6f920e77e19ac96b8e348f37575f93e362a4cbb1285e4adb0dc7a50bc634fc6a1b74b31d17b6120b06ff41afab952
+  metadata.gz: 5aca4483586dc0c98994ce92f91cda8d50666d1396f8ed867a621a17d818a179bb6c14ef42fa411dbad083c868ba5b33166998f0ccc2920949df8efd788d85df
+  data.tar.gz: acc4a4d9dc689600e459a2817e24a7246ca976d70edb169291cc4b22570be807feffd8e5ecdeee0d91091196e4d24f0a9d0275092624e79b58fc7d2f22e5655d

data/lib/apiphobic/authorization/authorizable_resource.rb

@@ -105,14 +105,17 @@ module  Resource
   def authorized_resource
     return if RESOURCE_COLLECTION_ACTIONS.include?(action_name)
 
-    @authorized_resource ||= public_send(self.class.singular_resource_name)
+    @authorized_resource ||= \
+      Resource::Model
+        .new(resource:   public_send(self.class.plural_resource_name),
+             parameters: authorized_parameters)
   end
 
   def authorized_collection
     return unless RESOURCE_COLLECTION_ACTIONS.include?(action_name)
 
     @authorized_collection ||= \
-      Resource::Model
+      Resource::Collection
         .new(resource:   public_send(self.class.plural_resource_name),
              parameters: authorized_parameters)
   end

data/lib/apiphobic/authorization/authorizers/parameters.rb

@@ -19,7 +19,8 @@ class   Parameters
                 :authorized_filters,
                 :authorized_inclusions,
                 :authorized_relationships,
-                :authorized_sorts
+                :authorized_sorts,
+                :ignored_attributes
 
   # rubocop:disable Metrics/ParameterLists
   def initialize(action:, token:, user:, issuer:, parameters:, **other)
@@ -54,6 +55,10 @@ class   Parameters
     @authorized_sorts || []
   end
 
+  def ignored_attributes
+    @ignored_attributes || []
+  end
+
   def call
     authorized_attributes.each do |attribute|
       attribute = { name: attribute } unless attribute.is_a?(::Hash)
@@ -61,6 +66,12 @@ class   Parameters
       authorize_attribute(**attribute)
     end
 
+    ignored_attributes.each do |attribute|
+      attribute = { name: attribute } unless attribute.is_a?(::Hash)
+
+      ignore_attribute(**attribute)
+    end
+
     authorized_filters.each do |filter|
       filter = { name: filter } unless filter.is_a?(::Hash)
 
@@ -197,6 +208,10 @@ class   Parameters
                                                end
   end
 
+  def ignore_attribute(name:)
+    raw_parameter_attributes.delete(name)
+  end
+
   def override_parameter(name:, value:, hash:, override:)
     return value unless override[:with] &&
                         (!token.admin? || override[:if_admin]) &&

data/lib/apiphobic/authorization/version.rb

@@ -2,6 +2,6 @@
 
 module Apiphobic
 module Authorization
-  VERSION = '1.0.0'
+  VERSION = '1.1.0'
 end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: apiphobic-authorization
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - thegranddesign