jsonapi-authorization 1.0.0.alpha5 → 1.0.0.alpha6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 38df18640b26a88119c4c253745a5b78bf549f16
-  data.tar.gz: 1e3676e726ba546d80ed364d1a16673a2c78ebd2
+  metadata.gz: 1740e99c89b7ed5a7872ac09f90e25de714f2b3c
+  data.tar.gz: 4c7d58578b5814ba853ff871917df33904c61eb8
 SHA512:
-  metadata.gz: 41b360cfcee0708244121f9b1debea24e1414776c89346b7ede2e57c0b2e1178a0587f39a838ca8b2641e555c529cbbdc0f9505467aa30dfd022bc62f1a07422
-  data.tar.gz: c0ba742a117a18b2273ed7662187d70a65e404f3c09b1bb48e37801ebbe7396ba39dd1348508e6ecee7b0a14dfd7ddbd1639f7e73afcbab7b84ca2d1f5bb974a
+  metadata.gz: 5b0202b9e8f5a0fa11f594ff35f62173ae7e4c326dff6011783c4300ac0165b0be779beb1d5e8268000fa597417ebf9bd2c48fc59975eef95ecbb769a53236d1
+  data.tar.gz: 6846fa8b449885c8addfbfa11e36ab5fd4e6f4f62249bbabe70772a5ecad4d65ad5c5005b739f90812cb1e2ecd0d7e8ac39bf6b1cb4d539199083d24186ab4b6

data/lib/jsonapi/authorization/authorizing_processor.rb

@@ -16,6 +16,11 @@ module JSONAPI
       set_callback :create_to_many_relationships, :before, :authorize_create_to_many_relationships
       set_callback :replace_to_many_relationships, :before, :authorize_replace_to_many_relationships
       set_callback :remove_to_many_relationships, :before, :authorize_remove_to_many_relationships
+      set_callback(
+        :replace_polymorphic_to_one_relationship,
+        :before,
+        :authorize_replace_polymorphic_to_one_relationship
+      )
 
       [
         :find,
@@ -216,6 +221,39 @@ module JSONAPI
         authorizer.remove_to_one_relationship(source_record, relationship_type)
       end
 
+      def authorize_replace_polymorphic_to_one_relationship
+        return authorize_remove_to_one_relationship if params[:key_value].nil?
+
+        source_resource = @resource_klass.find_by_key(
+          params[:resource_id],
+          context: context
+        )
+        source_record = source_resource._model
+
+        # Fetch the name of the new class based on the incoming polymorphic
+        # "type" value. This will fail if there is no associated resource for the
+        # incoming "type" value so this shouldn't leak constants
+        related_record_class_name = source_resource
+          .send(:_model_class_name, params[:key_type])
+
+        # Fetch the underlying Resource class for the new record to-be-associated
+        related_resource_klass = @resource_klass.resource_for(related_record_class_name)
+
+        new_related_resource = related_resource_klass
+          .find_by_key(
+            params[:key_value],
+            context: context
+          )
+        new_related_record = new_related_resource._model unless new_related_resource.nil?
+
+        relationship_type = params[:relationship_type].to_sym
+        authorizer.replace_to_one_relationship(
+          source_record,
+          new_related_record,
+          relationship_type
+        )
+      end
+
       private
 
       def authorizer
@@ -309,7 +347,7 @@ module JSONAPI
             next_resource_klass = relationship.resource_klass
             Array.wrap(
               source_record.public_send(
-                relationship.relation_name(context)
+                relationship.relation_name(context: context)
               )
             ).each do |next_source_record|
               deep.each do |next_include_item|
@@ -326,7 +364,7 @@ module JSONAPI
           case relationship
           when JSONAPI::Relationship::ToOne
             related_record = source_record.public_send(
-              relationship.relation_name(context)
+              relationship.relation_name(context: context)
             )
             return if related_record.nil?
             authorizer.include_has_one_resource(source_record, related_record)

data/lib/jsonapi/authorization/pundit_scoped_resource.rb

@@ -31,7 +31,7 @@ module JSONAPI
 
       def fetch_relationship(association_name)
         relationships = self.class._relationships.select do |_k, v|
-          v.relation_name({}) == association_name
+          v.relation_name(context: context) == association_name
         end
         if relationships.empty?
           nil

data/lib/jsonapi/authorization/version.rb

@@ -1,5 +1,5 @@
 module JSONAPI
   module Authorization
-    VERSION = "1.0.0.alpha5".freeze
+    VERSION = "1.0.0.alpha6".freeze
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jsonapi-authorization
 version: !ruby/object:Gem::Version
-  version: 1.0.0.alpha5
+  version: 1.0.0.alpha6
 platform: ruby
 authors:
 - Vesa Laakso
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-06-04 00:00:00.000000000 Z
+date: 2017-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jsonapi-resources