jsonapi-authorization 1.0.0.alpha2 → 1.0.0.alpha3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c83ed79758b58af1eb5f2682278d59811be7eb20
4
- data.tar.gz: 8dad69ca7b2bad76f4508c735a1be23f9dd60ad7
3
+ metadata.gz: d9773e11d98a5ff7baeb184627737a96e541de98
4
+ data.tar.gz: a1a9417f8aa7ff48e9f093ee62f6501552d5418d
5
5
  SHA512:
6
- metadata.gz: a9f9793f5d9a6972e1a5bba3ea7d22d92368c8a8e7e37378dd0a09be44c3b5190df899393b1a76dedef1a6ff0d2515a6ebda8e95bff4d6e2568a72c6561629e1
7
- data.tar.gz: 2b20f5bd2a639304a0e25b31bb861dbfc9426e4a221afc1be7b70c7f83ba07ccdddc89ac9aef2dd3c5d7c6ca98a3a47db09d27e41a86f374442fac148e9d940d
6
+ metadata.gz: 5e51a01324b0475819785e26823ba0c958982a6a86a97386d4f93862fcdf98e9d0448cc3041e675eb4c29bae107ebaaee775d629eeb734d2ce3448cd4e033fdb
7
+ data.tar.gz: e2f191527644e59f161574e4bb232696dad12ecb7d03645fa9b35157b7063ad8d9bb8f04daf5bbe8c7470c3a09b5a156e18729e8a1c1dd2d130a6f72e8cd69ba
@@ -112,7 +112,7 @@ module JSONAPI
112
112
 
113
113
  def authorize_create_resource
114
114
  source_class = resource_klass._model_class
115
- authorizer.create_resource(source_class, related_models)
115
+ authorizer.create_resource(source_class, related_models_with_context)
116
116
  end
117
117
 
118
118
  def authorize_remove_resource
@@ -98,14 +98,27 @@ module JSONAPI
98
98
  # ==== Parameters
99
99
  #
100
100
  # * +source_class+ - The class of the record to be created
101
- # * +related_records+ - An array of records to be associated to the new
102
- # record. This will contain the records specified in the
103
- # "relationships" key in the request
104
- def create_resource(source_class, related_records)
101
+ # * +related_records_with_context+ - A has with the association type,
102
+ # the relationship name, and an Array of new related records.
103
+ def create_resource(source_class, related_records_with_context)
105
104
  ::Pundit.authorize(user, source_class, 'create?')
106
-
107
- related_records.each do |record|
108
- ::Pundit.authorize(user, record, 'update?')
105
+ related_records_with_context.each do |data|
106
+ relation_name = data[:relation_name]
107
+ records = data[:records]
108
+ relationship_method = "create_with_#{relation_name}?"
109
+ policy = ::Pundit.policy(user, source_class)
110
+ if policy.respond_to?(relationship_method)
111
+ unless policy.public_send(relationship_method, records)
112
+ raise ::Pundit::NotAuthorizedError,
113
+ query: relationship_method,
114
+ record: source_class,
115
+ policy: policy
116
+ end
117
+ else
118
+ Array(records).each do |record|
119
+ ::Pundit.authorize(user, record, 'update?')
120
+ end
121
+ end
109
122
  end
110
123
  end
111
124
 
@@ -1,5 +1,5 @@
1
1
  module JSONAPI
2
2
  module Authorization
3
- VERSION = "1.0.0.alpha2".freeze
3
+ VERSION = "1.0.0.alpha3".freeze
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: jsonapi-authorization
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0.alpha2
4
+ version: 1.0.0.alpha3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Vesa Laakso
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2017-04-12 00:00:00.000000000 Z
12
+ date: 2017-05-22 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: jsonapi-resources