jsonapi-authorization 0.8.1 → 0.8.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 751afd97ddd82dc898f56d56a984fc87bd592ad1
-  data.tar.gz: aa5b7a07c85f5df1cf3682b5c193bc4cb3895269
+  metadata.gz: 829e3b94fc7a796418ffcb274fd822886bc8d7f3
+  data.tar.gz: e0280fef8a27a4c12b8d8550deab9dae76fbceb2
 SHA512:
-  metadata.gz: 3362227f0b26e62998d04d2956228b31605b56948f8a582579c23cd7409ab1d26870cb117faddc0c7da1916208e49007fe285b97b8ea38d0836b2a40d1a796a4
-  data.tar.gz: 4d2e7bd7071be875afa1303f2e249bc87654646f2f97684292b808a1207456b630cf506826d2b8a6de42abcbc1ef5ae80a57bfc0f36d5fa9426976d580649d1f
+  metadata.gz: 5ffaeb2569e05bb6e3eabb0aae2b28d26ccc12129c1015224cb4e0834fb8ff7ca9012106e0e38377e22a62ef38cbc7695dbc3cbe6543f206c9b58347d724e26e
+  data.tar.gz: d515f2990a4529a755133d8c21d713bc0fa5e8542fb4de5ac1e9d1d251c9a593f34bbd8426b1bc4d675a94135da62d196c48d6c5dbb9673337f95131e490590d

data/.gitignore

@@ -7,4 +7,5 @@
 /pkg/
 /spec/reports/
 /tmp/
+/spec/dummy/tmp/
 *.orig

data/.rubocop.yml

@@ -1,10 +1,27 @@
+AllCops:
+  Exclude:
+    - 'bin/*'
+    - 'spec/dummy/db/schema.rb'
+    - 'vendor/bundle/**/*'
+    - 'tmp/**/*'
+
+Style/FileName:
+  Exclude:
+    - lib/jsonapi-authorization.rb
+
 Metrics/LineLength:
   Enabled: true
   Max: 100
+  Exclude:
+    - spec/requests/**/*.rb
+    - jsonapi-authorization.gemspec
 
 Style/MultilineOperationIndentation:
   EnforcedStyle: indented
 
+Style/MultilineMethodCallIndentation:
+  EnforcedStyle: indented
+
 Metrics/ClassLength:
   Enabled: false
 
@@ -37,7 +54,10 @@ Style/SpaceInsideHashLiteralBraces:
   EnforcedStyle: space
 
 Style/IndentHash:
-  Enabled: false
+  EnforcedStyle: consistent
+
+Style/IndentArray:
+  EnforcedStyle: consistent
 
 Style/ClassAndModuleChildren:
   Enabled: false
@@ -86,3 +106,6 @@ Style/SingleLineBlockParams:
     - inject:
         - acc
         - obj
+
+Style/Alias:
+  EnforcedStyle: prefer_alias_method

data/.travis.yml

@@ -15,3 +15,5 @@ matrix:
   allow_failures:
     - env: JSONAPI_RESOURCES_VERSION=master RAILS_VERSION=4.2.0
     - env: JSONAPI_RESOURCES_VERSION=master RAILS_VERSION=4.1.0
+script:
+  - ./bin/phare

data/README.md

@@ -18,6 +18,8 @@ branch. This may contain information that is not relevant to the release you are
 
 Make sure to test for authorization in your application, too. We should have coverage of all operations, though. If that isn't the case, please [open an issue][issues].
 
+If you're using custom processors, make sure that they extend `JSONAPI::Authorization::AuthorizingProcessor`, or authorization will not be performed for that resource.
+
 This gem should work out-of-the box for simple cases. The default authorizer might be overly restrictive for [more complex cases][complex-case].
 
 The API is subject to change between minor version bumps until we reach v1.0.0.

data/bin/phare

@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+#
+# This file was generated by Bundler.
+#
+# The application 'phare' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("phare", "phare")

data/bin/rubocop

@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+#
+# This file was generated by Bundler.
+#
+# The application 'rubocop' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("rubocop", "rubocop")

data/jsonapi-authorization.gemspec

@@ -28,4 +28,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "pry-byebug", "~> 1.3"
   spec.add_development_dependency "pry-doc", "~> 0.6"
   spec.add_development_dependency "pry-rails", "~> 0.3.4"
+  spec.add_development_dependency "rubocop", "~> 0.36.0"
+  spec.add_development_dependency "phare", "~> 0.7.1"
 end

data/lib/jsonapi/authorization/authorizing_processor.rb

@@ -135,10 +135,13 @@ module JSONAPI
 
         old_related_record = source_resource.records_for(params[:relationship_type].to_sym)
         unless params[:key_value].nil?
-          new_related_resource = @resource_klass._relationship(params[:relationship_type].to_sym).resource_klass.find_by_key(
-            params[:key_value],
-            context: context
-          )
+          new_related_resource = @resource_klass
+            ._relationship(params[:relationship_type].to_sym)
+            .resource_klass
+            .find_by_key(
+              params[:key_value],
+              context: context
+            )
           new_related_record = new_related_resource._model unless new_related_resource.nil?
         end
 
@@ -183,10 +186,13 @@ module JSONAPI
         )
         source_record = source_resource._model
 
-        related_resource = @resource_klass._relationship(params[:relationship_type].to_sym).resource_klass.find_by_key(
-          params[:associated_key],
-          context: context
-        )
+        related_resource = @resource_klass
+          ._relationship(params[:relationship_type].to_sym)
+          .resource_klass
+          .find_by_key(
+            params[:associated_key],
+            context: context
+          )
         related_record = related_resource._model unless related_resource.nil?
 
         authorizer.remove_to_many_relationship(

data/lib/jsonapi/authorization/default_pundit_authorizer.rb

@@ -134,7 +134,7 @@ module JSONAPI
       # * +old_related_record+ - The current associated record
       # * +new_related_record+ - The new record replacing the +old_record+
       #   association, or +nil+ if the association is to be cleared
-      def replace_to_one_relationship(source_record, old_related_record, new_related_record)
+      def replace_to_one_relationship(_source_record, _old_related_record, _new_related_record)
         raise NotImplementedError
       end
 
@@ -146,7 +146,7 @@ module JSONAPI
       #
       # * +source_record+ - The record whose relationship is modified
       # * +new_related_records+ - The new records to be added to the association
-      def create_to_many_relationship(source_record, new_related_records)
+      def create_to_many_relationship(_source_record, _new_related_records)
         raise NotImplementedError
       end
 
@@ -161,7 +161,7 @@ module JSONAPI
       #   association
       #--
       # TODO: Should probably take old records as well
-      def replace_to_many_relationship(source_record, new_related_records)
+      def replace_to_many_relationship(_source_record, _new_related_records)
         raise NotImplementedError
       end
 
@@ -175,7 +175,7 @@ module JSONAPI
       #
       # * +source_record+ - The record whose relationship is modified
       # * +related_record+ - The record which will be deassociatied from +source_record+
-      def remove_to_many_relationship(source_record, related_record)
+      def remove_to_many_relationship(_source_record, _related_record)
         raise NotImplementedError
       end
 
@@ -187,7 +187,7 @@ module JSONAPI
       #
       # * +source_record+ - The record whose relationship is modified
       # * +related_record+ - The record which will be deassociatied from +source_record+
-      def remove_to_one_relationship(source_record, related_record)
+      def remove_to_one_relationship(_source_record, _related_record)
         raise NotImplementedError
       end
 
@@ -206,7 +206,7 @@ module JSONAPI
       #                     article.comments check
       # * +record_class+ - The underlying record class for the relationships
       #                    resource.
-      def include_has_many_resource(source_record, record_class)
+      def include_has_many_resource(_source_record, record_class)
         ::Pundit.authorize(user, record_class, 'index?')
       end
 
@@ -221,7 +221,7 @@ module JSONAPI
       # * +source_record+ — The source relationship record, e.g. an Article in
       #                     article.author check
       # * +related_record+ - The associated record to return
-      def include_has_one_resource(source_record, related_record)
+      def include_has_one_resource(_source_record, related_record)
         ::Pundit.authorize(user, related_record, 'show?')
       end
     end

data/lib/jsonapi/authorization/pundit_scoped_resource.rb

@@ -14,7 +14,7 @@ module JSONAPI
 
       def records_for(association_name)
         record_or_records = @model.public_send(association_name)
-        relationship = self.class._relationships[association_name]
+        relationship = fetch_relationship(association_name)
 
         case relationship
         when JSONAPI::Relationship::ToOne
@@ -26,6 +26,19 @@ module JSONAPI
           raise "Unknown relationship type #{relationship.inspect}"
         end
       end
+
+      private
+
+      def fetch_relationship(association_name)
+        relationships = self.class._relationships.select do |_k, v|
+          v.relation_name({}) == association_name
+        end
+        if relationships.empty?
+          nil
+        else
+          relationships.values.first
+        end
+      end
     end
   end
 end

data/lib/jsonapi/authorization/version.rb

@@ -1,5 +1,5 @@
 module JSONAPI
   module Authorization
-    VERSION = "0.8.1".freeze
+    VERSION = "0.8.2".freeze
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jsonapi-authorization
 version: !ruby/object:Gem::Version
-  version: 0.8.1
+  version: 0.8.2
 platform: ruby
 authors:
 - Vesa Laakso
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-09-04 00:00:00.000000000 Z
+date: 2017-02-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jsonapi-resources
@@ -151,6 +151,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.3.4
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.36.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.36.0
+- !ruby/object:Gem::Dependency
+  name: phare
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.7.1
 description: Adds generic authorization to the jsonapi-resources gem using Pundit.
 email:
 - laakso.vesa@gmail.com
@@ -170,6 +198,8 @@ files:
 - README.md
 - Rakefile
 - bin/console
+- bin/phare
+- bin/rubocop
 - bin/setup
 - jsonapi-authorization.gemspec
 - lib/jsonapi-authorization.rb
@@ -204,4 +234,3 @@ signing_key:
 specification_version: 4
 summary: Generic authorization for jsonapi-resources gem
 test_files: []
-has_rdoc: