deep_unrest 0.1.70 → 0.1.74
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/deep_unrest/authorization/pundit_strategy.rb +11 -4
- data/lib/deep_unrest/read.rb +6 -8
- data/lib/deep_unrest/version.rb +1 -1
- data/lib/deep_unrest/write.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f9f759a8a661f9e17e38792d8a1b1525f2366c554c37b21708671fd4cfc63124
|
4
|
+
data.tar.gz: 57866a9548c6efd013e57872fe34423b710e76783aa23ad7798f5c2ff6aad279
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b50e0b5ab780e76598391fdca43ec421b6274594bc4654a5757bf761e1fcfb165a0452f6a24fa1dfd5894db3b53ab2a3d0d61b9fb287a2afef220b43fab9cb7c
|
7
|
+
data.tar.gz: 994156063a734d4e729789fb677a1f7a091f884d357d7eee0eaa3cb58c95ef7a49651eeaf641204548eb53b1188dca2fea14df32fd75b6cb66cf376fae3be3f9
|
@@ -17,12 +17,19 @@ module DeepUnrest
|
|
17
17
|
end
|
18
18
|
|
19
19
|
def self.auth_error_message(user, scope)
|
20
|
-
|
21
|
-
|
20
|
+
if user
|
21
|
+
actor = "#{user.class.name} with id '#{user.id}' is"
|
22
|
+
else
|
23
|
+
actor = "Anonymous users are"
|
24
|
+
end
|
25
|
+
|
26
|
+
target = (scope[:type] || scope[:key]).to_s.classify
|
22
27
|
unless %i[create update_all].include? scope[:scope_type]
|
23
|
-
|
28
|
+
target_id = (scope[:id] || scope.dig(:query, :id)).to_s.gsub('.', '')
|
29
|
+
target += " with id '#{target_id.to_s.gsub('.', '')}'"
|
24
30
|
end
|
25
|
-
|
31
|
+
|
32
|
+
msg = "#{actor} not authorized to #{scope[:scope_type].to_s.downcase} #{target}"
|
26
33
|
|
27
34
|
[{ title: msg,
|
28
35
|
source: { pointer: scope[:path] } }].to_json
|
data/lib/deep_unrest/read.rb
CHANGED
@@ -117,16 +117,11 @@ module DeepUnrest
|
|
117
117
|
resource = item[:resource]
|
118
118
|
|
119
119
|
# monkey patch the resource to only show authorized records
|
120
|
-
|
121
|
-
|
122
|
-
# TODO: find a way to do this that doesn't blow out the original :records method
|
123
|
-
r_metaclass.define_singleton_method(:records) { |ctx|
|
124
|
-
item[:scope].merge(records_original(ctx))
|
125
|
-
}
|
120
|
+
old_records = resource.method(:records)
|
121
|
+
resource.define_singleton_method(:records) { |ctx| item[:scope].merge(old_records.call(ctx)) }
|
126
122
|
|
127
123
|
# transform sort value casing for rails
|
128
124
|
sort_criteria = query[:sort]&.map { |s| s.clone.merge(field: s[:field].underscore) }
|
129
|
-
|
130
125
|
serializer = JSONAPI::ResourceSerializer.new(resource)
|
131
126
|
|
132
127
|
processor = JSONAPI::Processor.new(resource,
|
@@ -142,7 +137,7 @@ module DeepUnrest
|
|
142
137
|
resource_results = format_processor_results(resource, jsonapi_result)
|
143
138
|
|
144
139
|
# un-monkey patch the resource :records method
|
145
|
-
|
140
|
+
resource.define_singleton_method(:records, old_records)
|
146
141
|
|
147
142
|
meta << {
|
148
143
|
addr: [*addr, item[:key], 'meta'],
|
@@ -174,6 +169,9 @@ module DeepUnrest
|
|
174
169
|
included << result
|
175
170
|
recurse_included_queries(ctx, result, mappings, parent_context, included, meta, [*next_addr, :include])
|
176
171
|
end
|
172
|
+
rescue StandardError => e
|
173
|
+
# un-monkey patch the resource :records method
|
174
|
+
resource.define_singleton_method(:records, old_records)
|
177
175
|
end
|
178
176
|
|
179
177
|
def self.get_query_type(item)
|
data/lib/deep_unrest/version.rb
CHANGED
data/lib/deep_unrest/write.rb
CHANGED
@@ -82,7 +82,7 @@ module DeepUnrest
|
|
82
82
|
|
83
83
|
p.parse_params(resource, { attributes: attributes }, opts)[:attributes]
|
84
84
|
rescue JSONAPI::Exceptions::ParameterNotAllowed
|
85
|
-
unpermitted_keys = attributes.keys.map(&:to_sym) - opts
|
85
|
+
unpermitted_keys = attributes.keys.map(&:underscore).map(&:to_sym) - opts
|
86
86
|
item[:errors] = unpermitted_keys.each_with_object({}) do |attr_key, memo|
|
87
87
|
memo[attr_key] = 'Unpermitted parameter'
|
88
88
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: deep_unrest
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.74
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Lynn Hurley
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-08-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|