deep_unrest 0.1.71 → 0.1.75

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b194593cf43cb152738a7a45f748af7ebebcdc8e1eef0e65cb4e66cb5afead0b
-  data.tar.gz: c64a30a21918ad72e44269e652962ac73c11129b7a43b8ae8fe430e1ff081dd9
+  metadata.gz: fd904080ca3e663bf6e313f0b7c865cab32121f2f22ed02b89ebe28886092232
+  data.tar.gz: 2de79ffc0cefad4e403b60981f306fb4ca05d1485c88ba4a0396373f2f46c920
 SHA512:
-  metadata.gz: 0cbc2b6412e32c94173f074d205d5d04b8b24f50acaa036e5ec6aa9faa70edda2cd5811ee9b07dfc72e5e1dae59b7b8386a97a83f53cf6bca989d005cffff1d4
-  data.tar.gz: 206e06dbbb0fa9991acb0ac8dac8ce14f2348b7aa57d7cb79688312d3c0f073ede6570605e1db49f216b1ae52e9225ce1879d6b3a4cba9c77e0be87ad2136277
+  metadata.gz: 92304e27f64f7c15dd870e65f814a0ad690230a324d801680f69e9b3103025afdfdd873c69a9511dc8fda133d1527625986b38a652bcd61867d15d866375277e
+  data.tar.gz: a879168e0ac312802e28dfbdc71f8e4851f0a462e32c00ea0c3898865dbd37c72bddabd6940e7c8c225e8cb93204c0ff68e7a3e6844239cc2abf67d9025b5f51

data/lib/deep_unrest/authorization/pundit_strategy.rb

@@ -17,12 +17,19 @@ module DeepUnrest
       end
 
       def self.auth_error_message(user, scope)
-        actor = "#{user.class.name} with id '#{user.id}'"
-        target = scope[:type].classify
+        if user
+          actor = "#{user.class.name} with id '#{user.id}' is"
+        else
+          actor = "Anonymous users are"
+        end
+
+        target = (scope[:type] || scope[:key]).to_s.classify
         unless %i[create update_all].include? scope[:scope_type]
-          target += " with id '#{scope[:scope][:arguments].first}'"
+          target_id = (scope[:id] || scope.dig(:query, :id)).to_s.gsub('.', '')
+          target += " with id '#{target_id.to_s.gsub('.', '')}'"
         end
-        msg = "#{actor} is not authorized to #{scope[:scope_type]} #{target}"
+
+        msg = "#{actor} not authorized to #{scope[:scope_type].to_s.downcase} #{target}"
 
         [{ title: msg,
            source: { pointer: scope[:path] } }].to_json

data/lib/deep_unrest/read.rb

@@ -116,27 +116,14 @@ module DeepUnrest
       paginator = get_paginator(query, parent)
       resource = item[:resource]
 
-      r_metaclass = class << resource; self; end
-      if r_metaclass.method_defined? :records
-        r_metaclass.class_eval do
-          alias_method :records_original, :records
-        end
-      end
-
-      # TODO: find a way to do this that doesn't blow out the original :records method
-      resource.define_singleton_method(:records) { |ctx|
-        full_scope = if self.respond_to? :records_original
-          records_original(ctx)
-        else
-          super(ctx)
-        end
-
-        item[:scope].merge(full_scope)
-      }
+      # monkey patch the resource to only show authorized records
+      old_records = resource.method(:records)
+      resource.define_singleton_method(:records) { |ctx| item[:scope].merge(old_records.call(ctx)) }
 
       # transform sort value casing for rails
       sort_criteria = query[:sort]&.map { |s| s.clone.merge(field: s[:field].underscore) }
       serializer = JSONAPI::ResourceSerializer.new(resource)
+
       processor = JSONAPI::Processor.new(resource,
                                          :find,
                                          filters: query[:filter] || {},
@@ -146,8 +133,12 @@ module DeepUnrest
                                          paginator: paginator)
 
       jsonapi_result = processor.process
+
       resource_results = format_processor_results(resource, jsonapi_result)
 
+      # un-monkey patch the resource :records method
+      resource.define_singleton_method(:records, old_records)
+
       meta << {
         addr: [*addr, item[:key], 'meta'],
         serialized_result: {
@@ -178,15 +169,9 @@ module DeepUnrest
         included << result
         recurse_included_queries(ctx, result, mappings, parent_context, included, meta, [*next_addr, :include])
       end
-    ensure
+    rescue StandardError => e
       # un-monkey patch the resource :records method
-      if r_metaclass.method_defined? :records_original
-        r_metaclass.class_eval do
-          alias_method :records, :records_original
-        end
-      else
-        r_metaclass.undef_method :records
-      end
+      resource.define_singleton_method(:records, old_records)
     end
 
     def self.get_query_type(item)

data/lib/deep_unrest/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module DeepUnrest
-  VERSION = '0.1.71'
+  VERSION = '0.1.75'
 end

data/lib/deep_unrest/write.rb

@@ -110,7 +110,7 @@ module DeepUnrest
         update_body[:_destroy] = true if item.dig(:query, :destroy)
         DeepUnrest.set_attr(memo, item[:ar_addr].clone, update_body)
         if item[:ar_addr].size == 1
-          item[:mutate] = memo.fetch(*item[:ar_addr])
+          item[:mutate] = update_body
           item[:scope_type] = :update if item[:scope_type] == :show
         end
       end
@@ -142,9 +142,10 @@ module DeepUnrest
                    when :destroy
                      id = item.dig(:query, :id)
                      model = item[:klass].find(id)
+                     model.deep_unrest_query_uuid = item.dig(:query, :uuid)
                      resource = item[:resource].new(model, context)
                      resource.run_callbacks :remove do
-                       item[:klass].destroy(id)
+                       model.destroy!
                      end
                    end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: deep_unrest
 version: !ruby/object:Gem::Version
-  version: 0.1.71
+  version: 0.1.75
 platform: ruby
 authors:
 - Lynn Hurley
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-08-30 00:00:00.000000000 Z
+date: 2021-10-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails