README.md in jsonapi-authorization-0.8.2 vs README.md in jsonapi-authorization-1.0.0.alpha1

- old
+ new

@@ -89,10 +89,43 @@ include JSONAPI::Authorization::PunditScopedResource abstract end ``` +### Policies + +To check whether an action is allowed JSONAPI::Authorization calls the respective actions of your pundit policies +(`index?`, `show?`, `create?`, `update?`, `destroy?`). + +For relationship operations by default `update?` is being called for all affected resources. +For a finer grained control you can define `add_to_<relation>?`, `replace_<relation>?`, and `remove_from_<relation>?` +as the following example shows. + +```ruby +class ArticlePolicy + + # (...) + + def add_to_comments?(new_comments) + record.published && new_comments.all? { |comment| comment.author == user } + end + + def replace_comments?(new_comments) + allowed = record.comments.all? { |comment| new_comments.include?(comment) || add_to_comments?([comment])} + allowed && new_comments.all? { |comment| record.comments.include?(comment) || remove_from_comments?(comment) } + end + + def remove_from_comments?(comment) + comment.author == user || user.admin? + end +end +``` + +Caveat: In case a relationship is modifiable through multiple ways it is your responsibility to ensure consistency. +For example if you have a many-to-many relationship with users and projects make sure that +`ProjectPolicy#add_to_users?(users)` and `UserPolicy#add_to_projects?(projects)` match up. + ## Configuration You can use a custom authorizer class by specifying a configure block in an initializer file. If using a custom authorizer class, be sure to require them at the top of the initializer before usage. ```ruby @@ -136,5 +169,17 @@ ## Contributing Bug reports and pull requests are welcome on GitHub at https://github.com/venuu/jsonapi-authorization. [issues]: https://github.com/venuu/jsonapi-authorization/issues + +## Contributors + +Thanks goes to these wonderful people ([emoji key](https://github.com/kentcdodds/all-contributors#emoji-key)): + +<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section --> +| [<img src="https://avatars.githubusercontent.com/u/482561?v=3" width="100px;"/><br /><sub>Vesa Laakso</sub>](http://vesalaakso.com)<br />[πŸ’»](https://github.com/Venuu/jsonapi-authorization/commits?author=valscion) [πŸ“–](https://github.com/Venuu/jsonapi-authorization/commits?author=valscion) πŸš‡ [⚠️](https://github.com/Venuu/jsonapi-authorization/commits?author=valscion) [πŸ›](https://github.com/Venuu/jsonapi-authorization/issues?q=author%3Avalscion) πŸ’¬ πŸ‘€ | [<img src="https://avatars.githubusercontent.com/u/562204?v=3" width="100px;"/><br /><sub>Emil SΓ₯gfors</sub>](https://github.com/lime)<br />[πŸ’»](https://github.com/Venuu/jsonapi-authorization/commits?author=lime) [πŸ“–](https://github.com/Venuu/jsonapi-authorization/commits?author=lime) πŸš‡ [⚠️](https://github.com/Venuu/jsonapi-authorization/commits?author=lime) [πŸ›](https://github.com/Venuu/jsonapi-authorization/issues?q=author%3Alime) πŸ’¬ πŸ‘€ | [<img src="https://avatars.githubusercontent.com/u/1591161?v=3" width="100px;"/><br /><sub>Matthias Grundmann</sub>](https://github.com/matthias-g)<br />[πŸ’»](https://github.com/Venuu/jsonapi-authorization/commits?author=matthias-g) [πŸ“–](https://github.com/Venuu/jsonapi-authorization/commits?author=matthias-g) [⚠️](https://github.com/Venuu/jsonapi-authorization/commits?author=matthias-g) πŸ’¬ | [<img src="https://avatars.githubusercontent.com/u/1322?v=3" width="100px;"/><br /><sub>Thibaud Guillaume-Gentil</sub>](http://thibaud.gg)<br />[πŸ’»](https://github.com/Venuu/jsonapi-authorization/commits?author=thibaudgg) | [<img src="https://avatars.githubusercontent.com/u/71660?v=3" width="100px;"/><br /><sub>Daniel SchweighΓΆfer</sub>](http://netsteward.net)<br />[πŸ’»](https://github.com/Venuu/jsonapi-authorization/commits?author=acid) | [<img src="https://avatars.githubusercontent.com/u/5076967?v=3" width="100px;"/><br /><sub>Bruno Sofiato</sub>](https://github.com/bsofiato)<br />[πŸ’»](https://github.com/Venuu/jsonapi-authorization/commits?author=bsofiato) | [<img src="https://avatars.githubusercontent.com/u/1896026?v=3" width="100px;"/><br /><sub>Adam Robertson</sub>](https://github.com/arcreative)<br />[πŸ“–](https://github.com/Venuu/jsonapi-authorization/commits?author=arcreative) | +| :---: | :---: | :---: | :---: | :---: | :---: | :---: | +| [<img src="https://avatars3.githubusercontent.com/u/4742306?v=3" width="100px;"/><br /><sub>Greg Fisher</sub>](https://github.com/gnfisher)<br />[πŸ’»](https://github.com/Venuu/jsonapi-authorization/commits?author=gnfisher) [⚠️](https://github.com/Venuu/jsonapi-authorization/commits?author=gnfisher) | [<img src="https://avatars3.githubusercontent.com/u/370182?v=3" width="100px;"/><br /><sub>Sam</sub>](http://samlh.com)<br />[πŸ’»](https://github.com/Venuu/jsonapi-authorization/commits?author=handlers) [⚠️](https://github.com/Venuu/jsonapi-authorization/commits?author=handlers) | +<!-- ALL-CONTRIBUTORS-LIST:END --> + +This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification. Contributions of any kind welcome! \ No newline at end of file