jsonapi-authorization 0.8.0 → 0.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 751afd97ddd82dc898f56d56a984fc87bd592ad1
|
|
4
|
+
data.tar.gz: aa5b7a07c85f5df1cf3682b5c193bc4cb3895269
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3362227f0b26e62998d04d2956228b31605b56948f8a582579c23cd7409ab1d26870cb117faddc0c7da1916208e49007fe285b97b8ea38d0836b2a40d1a796a4
|
|
7
|
+
data.tar.gz: 4d2e7bd7071be875afa1303f2e249bc87654646f2f97684292b808a1207456b630cf506826d2b8a6de42abcbc1ef5ae80a57bfc0f36d5fa9426976d580649d1f
|
data/README.md
CHANGED
|
@@ -99,6 +99,16 @@ JSONAPI::Authorization.configure do |config|
|
|
|
99
99
|
end
|
|
100
100
|
```
|
|
101
101
|
|
|
102
|
+
By default JSONAPI::Authorization uses the `:user` key from the JSONAPI context hash as the Pundit user. If you would like to use `:current_user` or some other key, it can be configured as well.
|
|
103
|
+
|
|
104
|
+
```ruby
|
|
105
|
+
JSONAPI::Authorization.configure do |config|
|
|
106
|
+
config.pundit_user = :current_user
|
|
107
|
+
# or a block can be provided
|
|
108
|
+
config.pundit_user = ->(context){ context[:current_user] }
|
|
109
|
+
end
|
|
110
|
+
```
|
|
111
|
+
|
|
102
112
|
## Troubleshooting
|
|
103
113
|
|
|
104
114
|
### "Unable to find policy" exception for a request
|
|
@@ -4,9 +4,19 @@ module JSONAPI
|
|
|
4
4
|
module Authorization
|
|
5
5
|
class Configuration
|
|
6
6
|
attr_accessor :authorizer
|
|
7
|
+
attr_accessor :pundit_user
|
|
7
8
|
|
|
8
9
|
def initialize
|
|
9
|
-
self.authorizer
|
|
10
|
+
self.authorizer = ::JSONAPI::Authorization::DefaultPunditAuthorizer
|
|
11
|
+
self.pundit_user = :user
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def user_context(context)
|
|
15
|
+
if pundit_user.is_a?(Symbol)
|
|
16
|
+
context[pundit_user]
|
|
17
|
+
else
|
|
18
|
+
pundit_user.call(context)
|
|
19
|
+
end
|
|
10
20
|
end
|
|
11
21
|
end
|
|
12
22
|
|
|
@@ -7,7 +7,8 @@ module JSONAPI
|
|
|
7
7
|
|
|
8
8
|
module ClassMethods
|
|
9
9
|
def records(options = {})
|
|
10
|
-
::
|
|
10
|
+
user_context = JSONAPI::Authorization.configuration.user_context(options[:context])
|
|
11
|
+
::Pundit.policy_scope!(user_context, _model_class)
|
|
11
12
|
end
|
|
12
13
|
end
|
|
13
14
|
|
|
@@ -19,7 +20,8 @@ module JSONAPI
|
|
|
19
20
|
when JSONAPI::Relationship::ToOne
|
|
20
21
|
record_or_records
|
|
21
22
|
when JSONAPI::Relationship::ToMany
|
|
22
|
-
::
|
|
23
|
+
user_context = JSONAPI::Authorization.configuration.user_context(context)
|
|
24
|
+
::Pundit.policy_scope!(user_context, record_or_records)
|
|
23
25
|
else
|
|
24
26
|
raise "Unknown relationship type #{relationship.inspect}"
|
|
25
27
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jsonapi-authorization
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.8.
|
|
4
|
+
version: 0.8.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Vesa Laakso
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2016-
|
|
12
|
+
date: 2016-09-04 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: jsonapi-resources
|