Contents

require 'pundit'

module JSONAPI
  module Authorization
    module PunditScopedResource
      extend ActiveSupport::Concern

      module ClassMethods
        def records(options = {})
          ::Pundit.policy_scope!(options[:context][:user], _model_class)
        end
      end

      def records_for(association_name)
        record_or_records = @model.public_send(association_name)
        relationship = self.class._relationships[association_name]

        case relationship
        when JSONAPI::Relationship::ToOne
          record_or_records
        when JSONAPI::Relationship::ToMany
          ::Pundit.policy_scope!(context[:user], record_or_records)
        else
          raise "Unknown relationship type #{relationship.inspect}"
        end
      end
    end
  end
end

Version data entries

5 entries across 5 versions & 1 rubygems

Version	Path
jsonapi-authorization-0.8.0	lib/jsonapi/authorization/pundit_scoped_resource.rb
jsonapi-authorization-0.6.1	lib/jsonapi/authorization/pundit_scoped_resource.rb
jsonapi-authorization-0.6.0	lib/jsonapi/authorization/pundit_scoped_resource.rb
jsonapi-authorization-0.5.0	lib/jsonapi/authorization/pundit_scoped_resource.rb
jsonapi-authorization-0.4.0	lib/jsonapi/authorization/pundit_scoped_resource.rb