RubyGems - jsonapi-authorization - Versions diffs - 1.0.0.alpha5 → 1.0.0.alpha6 - Mend

jsonapi-authorization 1.0.0.alpha5 → 1.0.0.alpha6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/lib/jsonapi/authorization/authorizing_processor.rb +40 -2
data/lib/jsonapi/authorization/pundit_scoped_resource.rb +1 -1
data/lib/jsonapi/authorization/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 38df18640b26a88119c4c253745a5b78bf549f16
-  data.tar.gz: 1e3676e726ba546d80ed364d1a16673a2c78ebd2
+  metadata.gz: 1740e99c89b7ed5a7872ac09f90e25de714f2b3c
+  data.tar.gz: 4c7d58578b5814ba853ff871917df33904c61eb8
 SHA512:
-  metadata.gz: 41b360cfcee0708244121f9b1debea24e1414776c89346b7ede2e57c0b2e1178a0587f39a838ca8b2641e555c529cbbdc0f9505467aa30dfd022bc62f1a07422
-  data.tar.gz: c0ba742a117a18b2273ed7662187d70a65e404f3c09b1bb48e37801ebbe7396ba39dd1348508e6ecee7b0a14dfd7ddbd1639f7e73afcbab7b84ca2d1f5bb974a
+  metadata.gz: 5b0202b9e8f5a0fa11f594ff35f62173ae7e4c326dff6011783c4300ac0165b0be779beb1d5e8268000fa597417ebf9bd2c48fc59975eef95ecbb769a53236d1
+  data.tar.gz: 6846fa8b449885c8addfbfa11e36ab5fd4e6f4f62249bbabe70772a5ecad4d65ad5c5005b739f90812cb1e2ecd0d7e8ac39bf6b1cb4d539199083d24186ab4b6

data/lib/jsonapi/authorization/authorizing_processor.rb CHANGED Viewed

@@ -16,6 +16,11 @@ module JSONAPI
       set_callback :create_to_many_relationships, :before, :authorize_create_to_many_relationships
       set_callback :replace_to_many_relationships, :before, :authorize_replace_to_many_relationships
       set_callback :remove_to_many_relationships, :before, :authorize_remove_to_many_relationships
+      set_callback(
+        :replace_polymorphic_to_one_relationship,
+        :before,
+        :authorize_replace_polymorphic_to_one_relationship
+      )
       [
         :find,
@@ -216,6 +221,39 @@ module JSONAPI
         authorizer.remove_to_one_relationship(source_record, relationship_type)
       end
+      def authorize_replace_polymorphic_to_one_relationship
+        return authorize_remove_to_one_relationship if params[:key_value].nil?
+        source_resource = @resource_klass.find_by_key(
+          params[:resource_id],
+          context: context
+        )
+        source_record = source_resource._model
+        # Fetch the name of the new class based on the incoming polymorphic
+        # "type" value. This will fail if there is no associated resource for the
+        # incoming "type" value so this shouldn't leak constants
+        related_record_class_name = source_resource
+          .send(:_model_class_name, params[:key_type])
+        # Fetch the underlying Resource class for the new record to-be-associated
+        related_resource_klass = @resource_klass.resource_for(related_record_class_name)
+        new_related_resource = related_resource_klass
+          .find_by_key(
+            params[:key_value],
+            context: context
+          )
+        new_related_record = new_related_resource._model unless new_related_resource.nil?
+        relationship_type = params[:relationship_type].to_sym
+        authorizer.replace_to_one_relationship(
+          source_record,
+          new_related_record,
+          relationship_type
+        )
+      end
       private
       def authorizer
@@ -309,7 +347,7 @@ module JSONAPI
             next_resource_klass = relationship.resource_klass
             Array.wrap(
               source_record.public_send(
-                relationship.relation_name(context)
+                relationship.relation_name(context: context)
               )
             ).each do |next_source_record|
               deep.each do |next_include_item|
@@ -326,7 +364,7 @@ module JSONAPI
           case relationship
           when JSONAPI::Relationship::ToOne
             related_record = source_record.public_send(
-              relationship.relation_name(context)
+              relationship.relation_name(context: context)
             )
             return if related_record.nil?
             authorizer.include_has_one_resource(source_record, related_record)

data/lib/jsonapi/authorization/pundit_scoped_resource.rb CHANGED Viewed

@@ -31,7 +31,7 @@ module JSONAPI
       def fetch_relationship(association_name)
         relationships = self.class._relationships.select do |_k, v|
-          v.relation_name({}) == association_name
+          v.relation_name(context: context) == association_name
         end
         if relationships.empty?
           nil

data/lib/jsonapi/authorization/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module JSONAPI
   module Authorization
-    VERSION = "1.0.0.alpha5".freeze
+    VERSION = "1.0.0.alpha6".freeze
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jsonapi-authorization
 version: !ruby/object:Gem::Version
-  version: 1.0.0.alpha5
+  version: 1.0.0.alpha6
 platform: ruby
 authors:
 - Vesa Laakso
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-06-04 00:00:00.000000000 Z
+date: 2017-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jsonapi-resources