rails-rapido 0.9.4 → 0.9.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ba95de45e5c2da70d27301f8e1dfa05aa67826b67e5181b1b0a1abf99c8364c1
-  data.tar.gz: 135e89202da1052dc49da04497896d4254fb63e20f096b6473c6ef62b66b7367
+  metadata.gz: 8ad59d38c8d9c50021b6be12a144491e17d2025040f65c7714537ebe9831cf8e
+  data.tar.gz: b45ee3ef697c15438f7295704bcb4b0266a22612a9e59ddfb2c5f8e1c37a25c9
 SHA512:
-  metadata.gz: 7538a106aab6e8abce41e80fbf69809834bf798350298a23a695a98d9be9939f8e5f8721b4748b05d298f8249ec5b8196872279818b047ae43ba8d2e0c66aee7
-  data.tar.gz: afa72fbef3ad4a135dbddcb91ca8e2c2f0ecf7e1909ee863f9dc50d9a15fb0acbbf5df5a56790749e4ee63622ece92c245ef79df2f271072cb745c7908572c96
+  metadata.gz: 7bed2d6715e48d291343ae9dd18baed0feacbf9013372e518360c0df2ae0c02749f5b908d16de92756df30c2c3d2c889bfa91043def6571ce1127774e7c40b6c
+  data.tar.gz: '019ef8a8ff99a1c00a03e6ac395f435ee7ca96f1059afe2ef84b4ca1d0059703b0c8fbf05dd6f1ba3f4f10aed828902b70031f0ddae47dbf24ebf2e35ae47b63'

data/README.md

@@ -14,8 +14,14 @@ Below is a typical example of a class using Rapido. More examples are available
 
 class DocumentsController < ApplicationController
   include Rapido::ApiController
+
+  allow_if do
+    current_user.is_editor?
+  end
+
+  allow_only :create, :delete, :index, :show, :update
   
-  attr_permitted :file, file_name, :category
+  attr_permitted :file, :file_name, :category
   
   belongs_to :user, getter: :current_user
   
@@ -46,6 +52,14 @@ end
 
 ## API
 
+### `allow_if`
+
+Accepts a method name as symbol or block. Method supplied or block must return true to allow the action to proceed, otherwise a status 401 is returned with no body.
+
+### `allow_only`
+
+Accepts a list of symbols. These symbols specify the controller actions that are allowed for this controller.
+
 ### `attr_permitted`
 
 Accepts a list of symbols. These symbols specify the attributes that are supplied to StrongParameters as permitted parameters in `create` and `update` actions.

data/lib/rapido/api_controller.rb

@@ -18,6 +18,8 @@ module Rapido
       end
 
       before_action :permit_only_allowed_actions
+
+      before_action :permit_only_if
     end
 
     def index
@@ -129,6 +131,14 @@ module Rapido
       head :unauthorized unless allowed_actions.include?(params[:action].to_sym)
     end
 
+    def permit_only_if
+      if(allow_if)
+        unless (allow_if.is_a?(Symbol) ? send(allow_if) : instance_eval(&allow_if))
+          head :unauthorized
+        end
+      end
+    end
+
     def resource_presenter(new_resource = nil)
       @resource_presenter ||= begin
         args = presenter_args.nil? ? nil : presenter_args.map { |arg| params[arg] }

data/lib/rapido/controller.rb

@@ -28,6 +28,10 @@ module Rapido
         @allowed_actions = ary
       end
 
+      def allow_if(str = nil, &block)
+        @allow_if = str || block
+      end
+
       def attr_permitted(*ary)
         @resource_permitted_params = ary
       end
@@ -101,6 +105,10 @@ module Rapido
       setting(:allowed_actions)
     end
 
+    def allow_if
+      setting(:allow_if)
+    end
+
     def build_resource(params = {})
       return owner.send('build_' + resource_class_name, params) if setting(:has_one)
       return owner.send(resource_class_name.pluralize).build(params) if owner && owner.respond_to?(resource_class_name.pluralize)

data/lib/rapido/version.rb

@@ -1,3 +1,3 @@
 module Rapido
-  VERSION = '0.9.4'
+  VERSION = '0.9.5'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails-rapido
 version: !ruby/object:Gem::Version
-  version: 0.9.4
+  version: 0.9.5
 platform: ruby
 authors:
 - Jonathan Kirst
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-01 00:00:00.000000000 Z
+date: 2021-03-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler