jsonapi-authorization 2.0.0 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 51967700aa7fc54f56208840d0f71d789bccd43fb434e5d2b7d5931640ca1ca3
-  data.tar.gz: 31a03f59caf1aab5c5a6c5203bf1ac7125b05e15406010239e036ef6c3b8f489
+  metadata.gz: 278b251b6f19d74827e485421e8df96e4d34cd374f95da17f1f51d0007e9326d
+  data.tar.gz: d2416dc900f5303e36b6a1553b2e8833578e5313dbed6d6cf83c2bc810e6da1a
 SHA512:
-  metadata.gz: 8f199b730e179e9c3b71460e4f4c8053809efe7fe3a3b4197b7e3e5c38f7bd1b24d52024348384aa690c9718e15b259dcd217670a4cca9980d87ab8615384eef
-  data.tar.gz: c4f8cd84c1e1883e73eb13b701015166ef104256842f44ce3c8713783271b226c799acdc7dfd3054cf79b8a69efcbd5bf79d9360489be9edd573b10c60f4f059
+  metadata.gz: 01ae9ed91a1cb228137028c873a40a8456098ac63ab388c713b82472e182696554ede5ac0a7d364d6d45dba2231b5e19eae12f2df3836ca337523a50c2b307b9
+  data.tar.gz: 3a496d6e621e3da23f0bc9a24ae704b850c5026782bc4cee65e9240d4e3fb252e91a79b9d0398814ac63edda66e83e22b828cd76327256f375f45303adc924e2

data/.all-contributorsrc

@@ -137,6 +137,17 @@
         "test",
         "code"
       ]
+    },
+    {
+      "login": "brianswko",
+      "name": "brianswko",
+      "avatar_url": "https://avatars0.githubusercontent.com/u/3952486?v=4",
+      "profile": "https://github.com/brianswko",
+      "contributions": [
+        "bug",
+        "test",
+        "code"
+      ]
     }
   ],
   "repoType": "github",

data/.travis.yml

@@ -1,4 +1,7 @@
 language: ruby
+branches:
+  only:
+    - master
 rvm:
   - 2.3
 gemfile:
@@ -11,7 +14,6 @@ gemfile:
   - gemfiles/rails_5_1_pundit_2.gemfile
   - gemfiles/rails_5_2_pundit_2.gemfile
 before_install:
-  - rvm @global do gem uninstall bundler -a -x
   - gem install bundler -v '< 2'
 notifications:
   email: false

data/README.md

@@ -55,10 +55,18 @@ Or install it yourself as:
 
 * `v0.6.x` supports JR `v0.7.x`
 * `v0.8.x` supports JR `v0.8.x`
-* `v1.x.x` and `v2.0.x` releases support JR `v0.9.x`
+* Later releases support JR `v0.9.x`
 
 We aim to support the same Ruby and Ruby on Rails versions as `jsonapi-resources` does. If that's not the case, please [open an issue][issues].
 
+## Versioning and changelog
+
+`jsonapi-authorization` follows [Semantic Versioning](https://semver.org/). We prefer to make more major version bumps when we do changes that are likely to be backwards incompatible. That holds true even when it's likely the changes would be backwards compatible for a majority of our users.
+
+Given the nature of an authorization library, it is likely that most changes are major version bumps.
+
+Whenever we do changes, we strive to write good changelogs in the [GitHub releases page](https://github.com/venuu/jsonapi-authorization/releases).
+
 ## Usage
 
 First make sure you have a Pundit policy specified for every backing model that your JR resources use.
@@ -185,9 +193,8 @@ Thanks goes to these wonderful people ([emoji key](https://github.com/kentcdodds
 
 <!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
 <!-- prettier-ignore -->
-| [<img src="https://avatars.githubusercontent.com/u/482561?v=3" width="100px;" alt="Vesa Laakso"/><br /><sub><b>Vesa Laakso</b></sub>](http://vesalaakso.com)<br />[💻](https://github.com/Venuu/jsonapi-authorization/commits?author=valscion "Code") [📖](https://github.com/Venuu/jsonapi-authorization/commits?author=valscion "Documentation") [🚇](#infra-valscion "Infrastructure (Hosting, Build-Tools, etc)") [⚠️](https://github.com/Venuu/jsonapi-authorization/commits?author=valscion "Tests") [🐛](https://github.com/Venuu/jsonapi-authorization/issues?q=author%3Avalscion "Bug reports") [💬](#question-valscion "Answering Questions") [👀](#review-valscion "Reviewed Pull Requests") | [<img src="https://avatars.githubusercontent.com/u/562204?v=3" width="100px;" alt="Emil Sågfors"/><br /><sub><b>Emil Sågfors</b></sub>](https://github.com/lime)<br />[💻](https://github.com/Venuu/jsonapi-authorization/commits?author=lime "Code") [📖](https://github.com/Venuu/jsonapi-authorization/commits?author=lime "Documentation") [🚇](#infra-lime "Infrastructure (Hosting, Build-Tools, etc)") [⚠️](https://github.com/Venuu/jsonapi-authorization/commits?author=lime "Tests") [🐛](https://github.com/Venuu/jsonapi-authorization/issues?q=author%3Alime "Bug reports") [💬](#question-lime "Answering Questions") [👀](#review-lime "Reviewed Pull Requests") | [<img src="https://avatars.githubusercontent.com/u/1591161?v=3" width="100px;" alt="Matthias Grundmann"/><br /><sub><b>Matthias Grundmann</b></sub>](https://github.com/matthias-g)<br />[💻](https://github.com/Venuu/jsonapi-authorization/commits?author=matthias-g "Code") [📖](https://github.com/Venuu/jsonapi-authorization/commits?author=matthias-g "Documentation") [⚠️](https://github.com/Venuu/jsonapi-authorization/commits?author=matthias-g "Tests") [💬](#question-matthias-g "Answering Questions") | [<img src="https://avatars.githubusercontent.com/u/1322?v=3" width="100px;" alt="Thibaud Guillaume-Gentil"/><br /><sub><b>Thibaud Guillaume-Gentil</b></sub>](http://thibaud.gg)<br />[💻](https://github.com/Venuu/jsonapi-authorization/commits?author=thibaudgg "Code") | [<img src="https://avatars.githubusercontent.com/u/71660?v=3" width="100px;" alt="Daniel Schweighöfer"/><br /><sub><b>Daniel Schweighöfer</b></sub>](http://netsteward.net)<br />[💻](https://github.com/Venuu/jsonapi-authorization/commits?author=acid "Code") | [<img src="https://avatars.githubusercontent.com/u/5076967?v=3" width="100px;" alt="Bruno Sofiato"/><br /><sub><b>Bruno Sofiato</b></sub>](https://github.com/bsofiato)<br />[💻](https://github.com/Venuu/jsonapi-authorization/commits?author=bsofiato "Code") | [<img src="https://avatars.githubusercontent.com/u/1896026?v=3" width="100px;" alt="Adam Robertson"/><br /><sub><b>Adam Robertson</b></sub>](https://github.com/arcreative)<br />[📖](https://github.com/Venuu/jsonapi-authorization/commits?author=arcreative "Documentation") |
-| :---: | :---: | :---: | :---: | :---: | :---: | :---: |
-| [<img src="https://avatars3.githubusercontent.com/u/4742306?v=3" width="100px;" alt="Greg Fisher"/><br /><sub><b>Greg Fisher</b></sub>](https://github.com/gnfisher)<br />[💻](https://github.com/Venuu/jsonapi-authorization/commits?author=gnfisher "Code") [⚠️](https://github.com/Venuu/jsonapi-authorization/commits?author=gnfisher "Tests") | [<img src="https://avatars3.githubusercontent.com/u/370182?v=3" width="100px;" alt="Sam"/><br /><sub><b>Sam</b></sub>](http://samlh.com)<br />[💻](https://github.com/Venuu/jsonapi-authorization/commits?author=handlers "Code") [⚠️](https://github.com/Venuu/jsonapi-authorization/commits?author=handlers "Tests") | [<img src="https://avatars0.githubusercontent.com/u/2738630?v=3" width="100px;" alt="Justas Palumickas"/><br /><sub><b>Justas Palumickas</b></sub>](https://jpalumickas.com)<br />[🐛](https://github.com/Venuu/jsonapi-authorization/issues?q=author%3Ajpalumickas "Bug reports") [💻](https://github.com/Venuu/jsonapi-authorization/commits?author=jpalumickas "Code") [⚠️](https://github.com/Venuu/jsonapi-authorization/commits?author=jpalumickas "Tests") | [<img src="https://avatars1.githubusercontent.com/u/26158?v=4" width="100px;" alt="Nicholas Rutherford"/><br /><sub><b>Nicholas Rutherford</b></sub>](http://www.google.co.uk/profiles/nick.rutherford)<br />[💻](https://github.com/Venuu/jsonapi-authorization/commits?author=nruth "Code") [⚠️](https://github.com/Venuu/jsonapi-authorization/commits?author=nruth "Tests") [🚇](#infra-nruth "Infrastructure (Hosting, Build-Tools, etc)") | [<img src="https://avatars2.githubusercontent.com/u/5302372?v=4" width="100px;" alt="Matthijsy"/><br /><sub><b>Matthijsy</b></sub>](https://github.com/Matthijsy)<br />[🐛](https://github.com/Venuu/jsonapi-authorization/issues?q=author%3AMatthijsy "Bug reports") [⚠️](https://github.com/Venuu/jsonapi-authorization/commits?author=Matthijsy "Tests") [💻](https://github.com/Venuu/jsonapi-authorization/commits?author=Matthijsy "Code") |
+<table><tr><td align="center"><a href="http://vesalaakso.com"><img src="https://avatars.githubusercontent.com/u/482561?v=3" width="100px;" alt="Vesa Laakso"/><br /><sub><b>Vesa Laakso</b></sub></a><br /><a href="https://github.com/Venuu/jsonapi-authorization/commits?author=valscion" title="Code">💻</a> <a href="https://github.com/Venuu/jsonapi-authorization/commits?author=valscion" title="Documentation">📖</a> <a href="#infra-valscion" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="https://github.com/Venuu/jsonapi-authorization/commits?author=valscion" title="Tests">⚠️</a> <a href="https://github.com/Venuu/jsonapi-authorization/issues?q=author%3Avalscion" title="Bug reports">🐛</a> <a href="#question-valscion" title="Answering Questions">💬</a> <a href="#review-valscion" title="Reviewed Pull Requests">👀</a></td><td align="center"><a href="https://github.com/lime"><img src="https://avatars.githubusercontent.com/u/562204?v=3" width="100px;" alt="Emil Sågfors"/><br /><sub><b>Emil Sågfors</b></sub></a><br /><a href="https://github.com/Venuu/jsonapi-authorization/commits?author=lime" title="Code">💻</a> <a href="https://github.com/Venuu/jsonapi-authorization/commits?author=lime" title="Documentation">📖</a> <a href="#infra-lime" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a> <a href="https://github.com/Venuu/jsonapi-authorization/commits?author=lime" title="Tests">⚠️</a> <a href="https://github.com/Venuu/jsonapi-authorization/issues?q=author%3Alime" title="Bug reports">🐛</a> <a href="#question-lime" title="Answering Questions">💬</a> <a href="#review-lime" title="Reviewed Pull Requests">👀</a></td><td align="center"><a href="https://github.com/matthias-g"><img src="https://avatars.githubusercontent.com/u/1591161?v=3" width="100px;" alt="Matthias Grundmann"/><br /><sub><b>Matthias Grundmann</b></sub></a><br /><a href="https://github.com/Venuu/jsonapi-authorization/commits?author=matthias-g" title="Code">💻</a> <a href="https://github.com/Venuu/jsonapi-authorization/commits?author=matthias-g" title="Documentation">📖</a> <a href="https://github.com/Venuu/jsonapi-authorization/commits?author=matthias-g" title="Tests">⚠️</a> <a href="#question-matthias-g" title="Answering Questions">💬</a></td><td align="center"><a href="http://thibaud.gg"><img src="https://avatars.githubusercontent.com/u/1322?v=3" width="100px;" alt="Thibaud Guillaume-Gentil"/><br /><sub><b>Thibaud Guillaume-Gentil</b></sub></a><br /><a href="https://github.com/Venuu/jsonapi-authorization/commits?author=thibaudgg" title="Code">💻</a></td><td align="center"><a href="http://netsteward.net"><img src="https://avatars.githubusercontent.com/u/71660?v=3" width="100px;" alt="Daniel Schweighöfer"/><br /><sub><b>Daniel Schweighöfer</b></sub></a><br /><a href="https://github.com/Venuu/jsonapi-authorization/commits?author=acid" title="Code">💻</a></td><td align="center"><a href="https://github.com/bsofiato"><img src="https://avatars.githubusercontent.com/u/5076967?v=3" width="100px;" alt="Bruno Sofiato"/><br /><sub><b>Bruno Sofiato</b></sub></a><br /><a href="https://github.com/Venuu/jsonapi-authorization/commits?author=bsofiato" title="Code">💻</a></td><td align="center"><a href="https://github.com/arcreative"><img src="https://avatars.githubusercontent.com/u/1896026?v=3" width="100px;" alt="Adam Robertson"/><br /><sub><b>Adam Robertson</b></sub></a><br /><a href="https://github.com/Venuu/jsonapi-authorization/commits?author=arcreative" title="Documentation">📖</a></td></tr><tr><td align="center"><a href="https://github.com/gnfisher"><img src="https://avatars3.githubusercontent.com/u/4742306?v=3" width="100px;" alt="Greg Fisher"/><br /><sub><b>Greg Fisher</b></sub></a><br /><a href="https://github.com/Venuu/jsonapi-authorization/commits?author=gnfisher" title="Code">💻</a> <a href="https://github.com/Venuu/jsonapi-authorization/commits?author=gnfisher" title="Tests">⚠️</a></td><td align="center"><a href="http://samlh.com"><img src="https://avatars3.githubusercontent.com/u/370182?v=3" width="100px;" alt="Sam"/><br /><sub><b>Sam</b></sub></a><br /><a href="https://github.com/Venuu/jsonapi-authorization/commits?author=handlers" title="Code">💻</a> <a href="https://github.com/Venuu/jsonapi-authorization/commits?author=handlers" title="Tests">⚠️</a></td><td align="center"><a href="https://jpalumickas.com"><img src="https://avatars0.githubusercontent.com/u/2738630?v=3" width="100px;" alt="Justas Palumickas"/><br /><sub><b>Justas Palumickas</b></sub></a><br /><a href="https://github.com/Venuu/jsonapi-authorization/issues?q=author%3Ajpalumickas" title="Bug reports">🐛</a> <a href="https://github.com/Venuu/jsonapi-authorization/commits?author=jpalumickas" title="Code">💻</a> <a href="https://github.com/Venuu/jsonapi-authorization/commits?author=jpalumickas" title="Tests">⚠️</a></td><td align="center"><a href="http://www.google.co.uk/profiles/nick.rutherford"><img src="https://avatars1.githubusercontent.com/u/26158?v=4" width="100px;" alt="Nicholas Rutherford"/><br /><sub><b>Nicholas Rutherford</b></sub></a><br /><a href="https://github.com/Venuu/jsonapi-authorization/commits?author=nruth" title="Code">💻</a> <a href="https://github.com/Venuu/jsonapi-authorization/commits?author=nruth" title="Tests">⚠️</a> <a href="#infra-nruth" title="Infrastructure (Hosting, Build-Tools, etc)">🚇</a></td><td align="center"><a href="https://github.com/Matthijsy"><img src="https://avatars2.githubusercontent.com/u/5302372?v=4" width="100px;" alt="Matthijsy"/><br /><sub><b>Matthijsy</b></sub></a><br /><a href="https://github.com/Venuu/jsonapi-authorization/issues?q=author%3AMatthijsy" title="Bug reports">🐛</a> <a href="https://github.com/Venuu/jsonapi-authorization/commits?author=Matthijsy" title="Tests">⚠️</a> <a href="https://github.com/Venuu/jsonapi-authorization/commits?author=Matthijsy" title="Code">💻</a></td><td align="center"><a href="https://github.com/brianswko"><img src="https://avatars0.githubusercontent.com/u/3952486?v=4" width="100px;" alt="brianswko"/><br /><sub><b>brianswko</b></sub></a><br /><a href="https://github.com/Venuu/jsonapi-authorization/issues?q=author%3Abrianswko" title="Bug reports">🐛</a> <a href="https://github.com/Venuu/jsonapi-authorization/commits?author=brianswko" title="Tests">⚠️</a> <a href="https://github.com/Venuu/jsonapi-authorization/commits?author=brianswko" title="Code">💻</a></td></tr></table>
+
 <!-- ALL-CONTRIBUTORS-LIST:END -->
 
 This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind welcome!

data/lib/jsonapi/authorization/authorizing_processor.rb

@@ -219,6 +219,10 @@ module JSONAPI
 
         related_records = related_resources.map(&:_model)
 
+        if related_records.size != params[:associated_keys].uniq.size
+          fail JSONAPI::Exceptions::RecordNotFound, params[:associated_keys]
+        end
+
         authorizer.remove_to_many_relationship(
           source_record: source_record,
           related_records: related_records,
@@ -298,25 +302,6 @@ module JSONAPI
         resource_class_for_relationship(assoc_name)._model_class
       end
 
-      def related_models
-        data = params[:data]
-        return [] if data.nil?
-
-        [:to_one, :to_many].flat_map do |rel_type|
-          data[rel_type].flat_map do |assoc_name, assoc_value|
-            case assoc_value
-            when Hash # polymorphic relationship
-              resource_class = @resource_klass.resource_for(assoc_value[:type].to_s)
-              resource_class.find_by_key(assoc_value[:id], context: context)._model
-            else
-              resource_class = resource_class_for_relationship(assoc_name)
-              primary_key = resource_class._primary_key
-              resource_class._model_class.where(primary_key => assoc_value)
-            end
-          end
-        end
-      end
-
       def related_models_with_context
         data = params[:data]
         return { relationship: nil, relation_name: nil, records: nil } if data.nil?
@@ -330,12 +315,15 @@ module JSONAPI
               when Hash # polymorphic relationship
                 resource_class = @resource_klass.resource_for(assoc_value[:type].to_s)
                 resource_class.find_by_key(assoc_value[:id], context: context)._model
-              when Array
-                resource_class = resource_class_for_relationship(assoc_name)
-                resource_class.find_by_keys(assoc_value, context: context).map(&:_model)
               else
                 resource_class = resource_class_for_relationship(assoc_name)
-                resource_class.find_by_key(assoc_value, context: context)._model
+                resources = resource_class.find_by_keys(assoc_value, context: context)
+                resources.map(&:_model).tap do |scoped_records|
+                  related_ids = Array.wrap(assoc_value).uniq
+                  if scoped_records.count != related_ids.count
+                    fail JSONAPI::Exceptions::RecordNotFound, related_ids
+                  end
+                end
               end
 
             {

data/lib/jsonapi/authorization/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module JSONAPI
   module Authorization
-    VERSION = "2.0.0".freeze
+    VERSION = "3.0.0".freeze
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jsonapi-authorization
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 3.0.0
 platform: ruby
 authors:
 - Vesa Laakso
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-04 00:00:00.000000000 Z
+date: 2019-03-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jsonapi-resources