deep_unrest 0.1.70 → 0.1.74

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/deep_unrest/authorization/pundit_strategy.rb +11 -4
  3. data/lib/deep_unrest/read.rb +6 -8
  4. data/lib/deep_unrest/version.rb +1 -1
  5. data/lib/deep_unrest/write.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8ef68924e90a33009700f08b985e9855d1d66710be4d11f059c075bb921cbe5c
4
- data.tar.gz: 657a8ec04cdc0b0809a2210333df22915ab4611cdbb01bd9479c82766950db0f
3
+ metadata.gz: f9f759a8a661f9e17e38792d8a1b1525f2366c554c37b21708671fd4cfc63124
4
+ data.tar.gz: 57866a9548c6efd013e57872fe34423b710e76783aa23ad7798f5c2ff6aad279
5
5
  SHA512:
6
- metadata.gz: 6d3ff2ef8aba1c1b7d7fbf9f804bc39a67f75b0c4db85afdc2dec1c5fc05121d9e3724b57b0deffabe1ca0f94626b6bb591d17a51bdbfcc3d063cc49739d28c3
7
- data.tar.gz: c5ae82beb75ac2772f162710bf978f0ca9960a83ef428c2d67dea685d34427e7ddaa95f9c265fc1e579784e86f0a59dc2083c6e8ea0248e780e9a94f50607b76
6
+ metadata.gz: b50e0b5ab780e76598391fdca43ec421b6274594bc4654a5757bf761e1fcfb165a0452f6a24fa1dfd5894db3b53ab2a3d0d61b9fb287a2afef220b43fab9cb7c
7
+ data.tar.gz: 994156063a734d4e729789fb677a1f7a091f884d357d7eee0eaa3cb58c95ef7a49651eeaf641204548eb53b1188dca2fea14df32fd75b6cb66cf376fae3be3f9
data/lib/deep_unrest/authorization/pundit_strategy.rb CHANGED
@@ -17,12 +17,19 @@ module DeepUnrest
17
17
  end
18
18
 
19
19
  def self.auth_error_message(user, scope)
20
- actor = "#{user.class.name} with id '#{user.id}'"
21
- target = scope[:type].classify
20
+ if user
21
+ actor = "#{user.class.name} with id '#{user.id}' is"
22
+ else
23
+ actor = "Anonymous users are"
24
+ end
25
+
26
+ target = (scope[:type] || scope[:key]).to_s.classify
22
27
  unless %i[create update_all].include? scope[:scope_type]
23
- target += " with id '#{scope[:scope][:arguments].first}'"
28
+ target_id = (scope[:id] || scope.dig(:query, :id)).to_s.gsub('.', '')
29
+ target += " with id '#{target_id.to_s.gsub('.', '')}'"
24
30
  end
25
- msg = "#{actor} is not authorized to #{scope[:scope_type]} #{target}"
31
+
32
+ msg = "#{actor} not authorized to #{scope[:scope_type].to_s.downcase} #{target}"
26
33
 
27
34
  [{ title: msg,
28
35
  source: { pointer: scope[:path] } }].to_json
data/lib/deep_unrest/read.rb CHANGED
@@ -117,16 +117,11 @@ module DeepUnrest
117
117
  resource = item[:resource]
118
118
 
119
119
  # monkey patch the resource to only show authorized records
120
- r_metaclass = class << resource; self; end
121
- r_metaclass.send(:alias_method, :records_original, :records)
122
- # TODO: find a way to do this that doesn't blow out the original :records method
123
- r_metaclass.define_singleton_method(:records) { |ctx|
124
- item[:scope].merge(records_original(ctx))
125
- }
120
+ old_records = resource.method(:records)
121
+ resource.define_singleton_method(:records) { |ctx| item[:scope].merge(old_records.call(ctx)) }
126
122
 
127
123
  # transform sort value casing for rails
128
124
  sort_criteria = query[:sort]&.map { |s| s.clone.merge(field: s[:field].underscore) }
129
-
130
125
  serializer = JSONAPI::ResourceSerializer.new(resource)
131
126
 
132
127
  processor = JSONAPI::Processor.new(resource,
@@ -142,7 +137,7 @@ module DeepUnrest
142
137
  resource_results = format_processor_results(resource, jsonapi_result)
143
138
 
144
139
  # un-monkey patch the resource :records method
145
- r_metaclass.send(:alias_method, :records, :records_original)
140
+ resource.define_singleton_method(:records, old_records)
146
141
 
147
142
  meta << {
148
143
  addr: [*addr, item[:key], 'meta'],
@@ -174,6 +169,9 @@ module DeepUnrest
174
169
  included << result
175
170
  recurse_included_queries(ctx, result, mappings, parent_context, included, meta, [*next_addr, :include])
176
171
  end
172
+ rescue StandardError => e
173
+ # un-monkey patch the resource :records method
174
+ resource.define_singleton_method(:records, old_records)
177
175
  end
178
176
 
179
177
  def self.get_query_type(item)
data/lib/deep_unrest/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module DeepUnrest
4
- VERSION = '0.1.70'
4
+ VERSION = '0.1.74'
5
5
  end
data/lib/deep_unrest/write.rb CHANGED
@@ -82,7 +82,7 @@ module DeepUnrest
82
82
 
83
83
  p.parse_params(resource, { attributes: attributes }, opts)[:attributes]
84
84
  rescue JSONAPI::Exceptions::ParameterNotAllowed
85
- unpermitted_keys = attributes.keys.map(&:to_sym) - opts
85
+ unpermitted_keys = attributes.keys.map(&:underscore).map(&:to_sym) - opts
86
86
  item[:errors] = unpermitted_keys.each_with_object({}) do |attr_key, memo|
87
87
  memo[attr_key] = 'Unpermitted parameter'
88
88
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: deep_unrest
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.70
4
+ version: 0.1.74
5
5
  platform: ruby
6
6
  authors:
7
7
  - Lynn Hurley
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-06-14 00:00:00.000000000 Z
11
+ date: 2021-08-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails