jsonapi-authorization 0.8.0 → 0.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 746cc565a11f9da30e6d9bf9d0f3125e8dea9230
-  data.tar.gz: b7648d6d517b0b7d20f4afe57bf199cc5e62f23d
+  metadata.gz: 751afd97ddd82dc898f56d56a984fc87bd592ad1
+  data.tar.gz: aa5b7a07c85f5df1cf3682b5c193bc4cb3895269
 SHA512:
-  metadata.gz: d2eba2b987e0ff085c67428f9c73d5b5cf95674789cd51dc0ba66d6a102334e850f8fd3d28085118f46645f804f65b1480c6b712720e66241b4aff5643dbc2f8
-  data.tar.gz: 743a1b1b9639490aea94fa9bc4d1648afc21a9e6926869dcdb61ba48e40e8890d32aa8432cb28d64b508fd8f3bd17933412b7568c1d06f44b18645420524a673
+  metadata.gz: 3362227f0b26e62998d04d2956228b31605b56948f8a582579c23cd7409ab1d26870cb117faddc0c7da1916208e49007fe285b97b8ea38d0836b2a40d1a796a4
+  data.tar.gz: 4d2e7bd7071be875afa1303f2e249bc87654646f2f97684292b808a1207456b630cf506826d2b8a6de42abcbc1ef5ae80a57bfc0f36d5fa9426976d580649d1f

data/README.md

@@ -99,6 +99,16 @@ JSONAPI::Authorization.configure do |config|
 end
 ```
 
+By default JSONAPI::Authorization uses the `:user` key from the JSONAPI context hash as the Pundit user. If you would like to use `:current_user` or some other key, it can be configured as well.
+
+```ruby
+JSONAPI::Authorization.configure do |config|
+  config.pundit_user = :current_user
+  # or a block can be provided
+  config.pundit_user = ->(context){ context[:current_user] }
+end
+```
+
 ## Troubleshooting
 
 ### "Unable to find policy" exception for a request

data/lib/jsonapi/authorization/configuration.rb

@@ -4,9 +4,19 @@ module JSONAPI
   module Authorization
     class Configuration
       attr_accessor :authorizer
+      attr_accessor :pundit_user
 
       def initialize
-        self.authorizer = ::JSONAPI::Authorization::DefaultPunditAuthorizer
+        self.authorizer  = ::JSONAPI::Authorization::DefaultPunditAuthorizer
+        self.pundit_user = :user
+      end
+
+      def user_context(context)
+        if pundit_user.is_a?(Symbol)
+          context[pundit_user]
+        else
+          pundit_user.call(context)
+        end
       end
     end
 

data/lib/jsonapi/authorization/default_pundit_authorizer.rb

@@ -19,7 +19,7 @@ module JSONAPI
       #
       # * +context+ - The context passed down from the controller layer
       def initialize(context)
-        @user = context[:user]
+        @user = JSONAPI::Authorization.configuration.user_context(context)
       end
 
       # <tt>GET /resources</tt>

data/lib/jsonapi/authorization/pundit_scoped_resource.rb

@@ -7,7 +7,8 @@ module JSONAPI
 
       module ClassMethods
         def records(options = {})
-          ::Pundit.policy_scope!(options[:context][:user], _model_class)
+          user_context = JSONAPI::Authorization.configuration.user_context(options[:context])
+          ::Pundit.policy_scope!(user_context, _model_class)
         end
       end
 
@@ -19,7 +20,8 @@ module JSONAPI
         when JSONAPI::Relationship::ToOne
           record_or_records
         when JSONAPI::Relationship::ToMany
-          ::Pundit.policy_scope!(context[:user], record_or_records)
+          user_context = JSONAPI::Authorization.configuration.user_context(context)
+          ::Pundit.policy_scope!(user_context, record_or_records)
         else
           raise "Unknown relationship type #{relationship.inspect}"
         end

data/lib/jsonapi/authorization/version.rb

@@ -1,5 +1,5 @@
 module JSONAPI
   module Authorization
-    VERSION = "0.8.0".freeze
+    VERSION = "0.8.1".freeze
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jsonapi-authorization
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.8.1
 platform: ruby
 authors:
 - Vesa Laakso
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-08-04 00:00:00.000000000 Z
+date: 2016-09-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jsonapi-resources