jsonapi-authorization 1.0.0.alpha6 → 1.0.0.beta1

data/jsonapi-authorization.gemspec

@@ -21,13 +21,14 @@ Gem::Specification.new do |spec|
   spec.add_dependency "pundit", "~> 1.0"
 
   spec.add_development_dependency "bundler", "~> 1.11"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rake", "~> 12.0"
   spec.add_development_dependency "rspec", "~> 3.0"
-  spec.add_development_dependency "rspec-rails", "~> 3.0"
-  spec.add_development_dependency "pry", "~> 0.10"
-  spec.add_development_dependency "pry-byebug", "~> 1.3"
-  spec.add_development_dependency "pry-doc", "~> 0.6"
-  spec.add_development_dependency "pry-rails", "~> 0.3.4"
+  spec.add_development_dependency "rspec-rails", "~> 3.7"
+  spec.add_development_dependency "pry"
+  spec.add_development_dependency "pry-byebug"
+  spec.add_development_dependency "pry-doc"
+  spec.add_development_dependency "pry-rails"
   spec.add_development_dependency "rubocop", "~> 0.36.0"
   spec.add_development_dependency "phare", "~> 0.7.1"
+  spec.add_development_dependency "sqlite3"
 end

data/lib/jsonapi/authorization/authorizing_processor.rb

@@ -49,7 +49,7 @@ module JSONAPI
       end
 
       def authorize_find
-        authorizer.find(@resource_klass._model_class)
+        authorizer.find(source_class: @resource_klass._model_class)
       end
 
       def authorize_show
@@ -58,7 +58,7 @@ module JSONAPI
           context: context
         )._model
 
-        authorizer.show(record)
+        authorizer.show(source_record: record)
       end
 
       def authorize_show_relationship
@@ -81,7 +81,7 @@ module JSONAPI
 
         parent_record = parent_resource._model
         related_record = related_resource._model unless related_resource.nil?
-        authorizer.show_relationship(parent_record, related_record)
+        authorizer.show_relationship(source_record: parent_record, related_record: related_record)
       end
 
       def authorize_show_related_resource
@@ -95,7 +95,9 @@ module JSONAPI
 
         source_record = source_resource._model
         related_record = related_resource._model unless related_resource.nil?
-        authorizer.show_related_resource(source_record, related_record)
+        authorizer.show_related_resource(
+          source_record: source_record, related_record: related_record
+        )
       end
 
       def authorize_show_related_resources
@@ -104,7 +106,7 @@ module JSONAPI
           context: context
         )._model
 
-        authorizer.show_related_resources(source_record)
+        authorizer.show_related_resources(source_record: source_record)
       end
 
       def authorize_replace_fields
@@ -112,12 +114,18 @@ module JSONAPI
           params[:resource_id],
           context: context
         )._model
-        authorizer.replace_fields(source_record, related_models_with_context)
+        authorizer.replace_fields(
+          source_record: source_record,
+          related_records_with_context: related_models_with_context
+        )
       end
 
       def authorize_create_resource
         source_class = resource_klass._model_class
-        authorizer.create_resource(source_class, related_models_with_context)
+        authorizer.create_resource(
+          source_class: source_class,
+          related_records_with_context: related_models_with_context
+        )
       end
 
       def authorize_remove_resource
@@ -126,7 +134,7 @@ module JSONAPI
           context: context
         )._model
 
-        authorizer.remove_resource(record)
+        authorizer.remove_resource(source_record: record)
       end
 
       def authorize_replace_to_one_relationship
@@ -149,9 +157,9 @@ module JSONAPI
         new_related_record = new_related_resource._model unless new_related_resource.nil?
 
         authorizer.replace_to_one_relationship(
-          source_record,
-          new_related_record,
-          relationship_type
+          source_record: source_record,
+          new_related_record: new_related_record,
+          relationship_type: relationship_type
         )
       end
 
@@ -164,7 +172,11 @@ module JSONAPI
         relationship_type = params[:relationship_type].to_sym
         related_models = model_class_for_relationship(relationship_type).find(params[:data])
 
-        authorizer.create_to_many_relationship(source_record, related_models, relationship_type)
+        authorizer.create_to_many_relationship(
+          source_record: source_record,
+          new_related_records: related_models,
+          relationship_type: relationship_type
+        )
       end
 
       def authorize_replace_to_many_relationships
@@ -178,9 +190,9 @@ module JSONAPI
         new_related_records = model_class_for_relationship(relationship_type).find(params[:data])
 
         authorizer.replace_to_many_relationship(
-          source_record,
-          new_related_records,
-          relationship_type
+          source_record: source_record,
+          new_related_records: new_related_records,
+          relationship_type: relationship_type
         )
       end
 
@@ -204,9 +216,9 @@ module JSONAPI
         related_records = related_resources.map(&:_model)
 
         authorizer.remove_to_many_relationship(
-          source_record,
-          related_records,
-          relationship_type
+          source_record: source_record,
+          related_records: related_records,
+          relationship_type: relationship_type
         )
       end
 
@@ -218,7 +230,9 @@ module JSONAPI
 
         relationship_type = params[:relationship_type].to_sym
 
-        authorizer.remove_to_one_relationship(source_record, relationship_type)
+        authorizer.remove_to_one_relationship(
+          source_record: source_record, relationship_type: relationship_type
+        )
       end
 
       def authorize_replace_polymorphic_to_one_relationship
@@ -248,16 +262,16 @@ module JSONAPI
 
         relationship_type = params[:relationship_type].to_sym
         authorizer.replace_to_one_relationship(
-          source_record,
-          new_related_record,
-          relationship_type
+          source_record: source_record,
+          new_related_record: new_related_record,
+          relationship_type: relationship_type
         )
       end
 
       private
 
       def authorizer
-        @authorizer ||= ::JSONAPI::Authorization.configuration.authorizer.new(context)
+        @authorizer ||= ::JSONAPI::Authorization.configuration.authorizer.new(context: context)
       end
 
       # TODO: Communicate with upstream to fix this nasty hack
@@ -367,11 +381,13 @@ module JSONAPI
               relationship.relation_name(context: context)
             )
             return if related_record.nil?
-            authorizer.include_has_one_resource(source_record, related_record)
+            authorizer.include_has_one_resource(
+              source_record: source_record, related_record: related_record
+            )
           when JSONAPI::Relationship::ToMany
             authorizer.include_has_many_resource(
-              source_record,
-              relationship.resource_klass._model_class
+              source_record: source_record,
+              record_class: relationship.resource_klass._model_class
             )
           else
             raise "Unexpected relationship type: #{relationship.inspect}"

data/lib/jsonapi/authorization/default_pundit_authorizer.rb

@@ -18,7 +18,7 @@ module JSONAPI
       # ==== Parameters
       #
       # * +context+ - The context passed down from the controller layer
-      def initialize(context)
+      def initialize(context:)
         @user = JSONAPI::Authorization.configuration.user_context(context)
       end
 
@@ -27,7 +27,7 @@ module JSONAPI
       # ==== Parameters
       #
       # * +source_class+ - The source class (e.g. +Article+ for +ArticleResource+)
-      def find(source_class)
+      def find(source_class:)
         ::Pundit.authorize(user, source_class, 'index?')
       end
 
@@ -36,7 +36,7 @@ module JSONAPI
       # ==== Parameters
       #
       # * +source_record+ - The record to show
-      def show(source_record)
+      def show(source_record:)
         ::Pundit.authorize(user, source_record, 'show?')
       end
 
@@ -51,7 +51,7 @@ module JSONAPI
       # * +related_record+ - The associated +has_one+ record to show or +nil+
       #   if the associated record was not found. For a +has_many+ association,
       #   this will always be +nil+
-      def show_relationship(source_record, related_record)
+      def show_relationship(source_record:, related_record:)
         ::Pundit.authorize(user, source_record, 'show?')
         ::Pundit.authorize(user, related_record, 'show?') unless related_record.nil?
       end
@@ -65,7 +65,7 @@ module JSONAPI
       # * +source_record+ - The record whose relationship is queried
       # * +related_record+ - The associated record to show or +nil+ if the
       #   associated record was not found
-      def show_related_resource(source_record, related_record)
+      def show_related_resource(source_record:, related_record:)
         ::Pundit.authorize(user, source_record, 'show?')
         ::Pundit.authorize(user, related_record, 'show?') unless related_record.nil?
       end
@@ -77,7 +77,7 @@ module JSONAPI
       # ==== Parameters
       #
       # * +source_record+ - The record whose relationship is queried
-      def show_related_resources(source_record)
+      def show_related_resources(source_record:)
         ::Pundit.authorize(user, source_record, 'show?')
       end
 
@@ -88,9 +88,12 @@ module JSONAPI
       # * +source_record+ - The record to be modified
       # * +related_records_with_context+ - A hash with the association type,
       # the relationship name, an Array of new related records.
-      def replace_fields(source_record, related_records_with_context)
+      def replace_fields(source_record:, related_records_with_context:)
         ::Pundit.authorize(user, source_record, 'update?')
-        authorize_related_records(source_record, related_records_with_context)
+        authorize_related_records(
+          source_record: source_record,
+          related_records_with_context: related_records_with_context
+        )
       end
 
       # <tt>POST /resources</tt>
@@ -100,7 +103,7 @@ module JSONAPI
       # * +source_class+ - The class of the record to be created
       # * +related_records_with_context+ - A has with the association type,
       # the relationship name, and an Array of new related records.
-      def create_resource(source_class, related_records_with_context)
+      def create_resource(source_class:, related_records_with_context:)
         ::Pundit.authorize(user, source_class, 'create?')
         related_records_with_context.each do |data|
           relation_name = data[:relation_name]
@@ -127,7 +130,7 @@ module JSONAPI
       # ==== Parameters
       #
       # * +source_record+ - The record to be removed
-      def remove_resource(source_record)
+      def remove_resource(source_record:)
         ::Pundit.authorize(user, source_record, 'destroy?')
       end
 
@@ -140,9 +143,13 @@ module JSONAPI
       # * +source_record+ - The record whose relationship is modified
       # * +new_related_record+ - The new record replacing the old record
       # * +relationship_type+ - The relationship type
-      def replace_to_one_relationship(source_record, new_related_record, relationship_type)
+      def replace_to_one_relationship(source_record:, new_related_record:, relationship_type:)
         relationship_method = "replace_#{relationship_type}?"
-        authorize_relationship_operation(source_record, relationship_method, new_related_record)
+        authorize_relationship_operation(
+          source_record: source_record,
+          relationship_method: relationship_method,
+          related_record_or_records: new_related_record
+        )
       end
 
       # <tt>POST /resources/:id/relationships/other-resources</tt>
@@ -154,9 +161,13 @@ module JSONAPI
       # * +source_record+ - The record whose relationship is modified
       # * +new_related_records+ - The new records to be added to the association
       # * +relationship_type+ - The relationship type
-      def create_to_many_relationship(source_record, new_related_records, relationship_type)
+      def create_to_many_relationship(source_record:, new_related_records:, relationship_type:)
         relationship_method = "add_to_#{relationship_type}?"
-        authorize_relationship_operation(source_record, relationship_method, new_related_records)
+        authorize_relationship_operation(
+          source_record: source_record,
+          relationship_method: relationship_method,
+          related_record_or_records: new_related_records
+        )
       end
 
       # <tt>PATCH /resources/:id/relationships/other-resources</tt>
@@ -169,9 +180,13 @@ module JSONAPI
       # * +new_related_records+ - The new records replacing the entire +has_many+
       #   association
       # * +relationship_type+ - The relationship type
-      def replace_to_many_relationship(source_record, new_related_records, relationship_type)
+      def replace_to_many_relationship(source_record:, new_related_records:, relationship_type:)
         relationship_method = "replace_#{relationship_type}?"
-        authorize_relationship_operation(source_record, relationship_method, new_related_records)
+        authorize_relationship_operation(
+          source_record: source_record,
+          relationship_method: relationship_method,
+          related_record_or_records: new_related_records
+        )
       end
 
       # <tt>DELETE /resources/:id/relationships/other-resources</tt>
@@ -183,9 +198,13 @@ module JSONAPI
       # * +source_record+ - The record whose relationship is modified
       # * +related_records+ - The records which will be disassociated from +source_record+
       # * +relationship_type+ - The relationship type
-      def remove_to_many_relationship(source_record, related_records, relationship_type)
+      def remove_to_many_relationship(source_record:, related_records:, relationship_type:)
         relationship_method = "remove_from_#{relationship_type}?"
-        authorize_relationship_operation(source_record, relationship_method, related_records)
+        authorize_relationship_operation(
+          source_record: source_record,
+          relationship_method: relationship_method,
+          related_record_or_records: related_records
+        )
       end
 
       # <tt>DELETE /resources/:id/relationships/another-resource</tt>
@@ -196,9 +215,12 @@ module JSONAPI
       #
       # * +source_record+ - The record whose relationship is modified
       # * +relationship_type+ - The relationship type
-      def remove_to_one_relationship(source_record, relationship_type)
+      def remove_to_one_relationship(source_record:, relationship_type:)
         relationship_method = "remove_#{relationship_type}?"
-        authorize_relationship_operation(source_record, relationship_method)
+        authorize_relationship_operation(
+          source_record: source_record,
+          relationship_method: relationship_method
+        )
       end
 
       # Any request including <tt>?include=other-resources</tt>
@@ -216,9 +238,11 @@ module JSONAPI
       #                     article.comments check
       # * +record_class+ - The underlying record class for the relationships
       #                    resource.
-      def include_has_many_resource(_source_record, record_class)
+      # rubocop:disable Lint/UnusedMethodArgument
+      def include_has_many_resource(source_record:, record_class:)
         ::Pundit.authorize(user, record_class, 'index?')
       end
+      # rubocop:enable Lint/UnusedMethodArgument
 
       # Any request including <tt>?include=another-resource</tt>
       #
@@ -231,16 +255,18 @@ module JSONAPI
       # * +source_record+ — The source relationship record, e.g. an Article in
       #                     article.author check
       # * +related_record+ - The associated record to return
-      def include_has_one_resource(_source_record, related_record)
+      # rubocop:disable Lint/UnusedMethodArgument
+      def include_has_one_resource(source_record:, related_record:)
         ::Pundit.authorize(user, related_record, 'show?')
       end
+      # rubocop:enable Lint/UnusedMethodArgument
 
       private
 
       def authorize_relationship_operation(
-        source_record,
-        relationship_method,
-        related_record_or_records = nil
+        source_record:,
+        relationship_method:,
+        related_record_or_records: nil
       )
         policy = ::Pundit.policy(user, source_record)
         if policy.respond_to?(relationship_method)
@@ -261,19 +287,30 @@ module JSONAPI
         end
       end
 
-      def authorize_related_records(source_record, related_records_with_context)
+      def authorize_related_records(source_record:, related_records_with_context:)
         related_records_with_context.each do |data|
           relation_type = data[:relation_type]
           relation_name = data[:relation_name]
           records = data[:records]
           case relation_type
           when :to_many
-            replace_to_many_relationship(source_record, records, relation_name)
+            replace_to_many_relationship(
+              source_record: source_record,
+              new_related_records: records,
+              relationship_type: relation_name
+            )
           when :to_one
             if records.nil?
-              remove_to_one_relationship(source_record, relation_name)
+              remove_to_one_relationship(
+                source_record: source_record,
+                relationship_type: relation_name
+              )
             else
-              replace_to_one_relationship(source_record, records, relation_name)
+              replace_to_one_relationship(
+                source_record: source_record,
+                new_related_record: records,
+                relationship_type: relation_name
+              )
             end
           end
         end

data/lib/jsonapi/authorization/version.rb

@@ -1,5 +1,6 @@
+# frozen_string_literal: true
 module JSONAPI
   module Authorization
-    VERSION = "1.0.0.alpha6".freeze
+    VERSION = "1.0.0.beta1".freeze
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jsonapi-authorization
 version: !ruby/object:Gem::Version
-  version: 1.0.0.alpha6
+  version: 1.0.0.beta1
 platform: ruby
 authors:
 - Vesa Laakso
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-09-12 00:00:00.000000000 Z
+date: 2018-07-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jsonapi-resources
@@ -59,14 +59,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -87,70 +87,70 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.7'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: pry-byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: pry-doc
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: pry-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.3.4
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.3.4
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
@@ -179,6 +179,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.7.1
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Adds generic authorization to the jsonapi-resources gem using Pundit.
 email:
 - laakso.vesa@gmail.com
@@ -192,7 +206,6 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
-- ".ruby-version"
 - ".travis.yml"
 - Gemfile
 - LICENSE.txt
@@ -202,6 +215,7 @@ files:
 - bin/phare
 - bin/rubocop
 - bin/setup
+- docs/relationship-authorization.md
 - jsonapi-authorization.gemspec
 - lib/jsonapi-authorization.rb
 - lib/jsonapi/authorization.rb
@@ -230,7 +244,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.5.2
 signing_key: 
 specification_version: 4
 summary: Generic authorization for jsonapi-resources gem