module Apiphobic::Authorization::Resource
Constants
- RESOURCE_COLLECTION_ACTIONS
Public Class Methods
included(base)
click to toggle source
# File lib/apiphobic/authorization/resource.rb, line 46 def self.included(base) base.include AppleCore::ActionController::ResourceNaming base.extend ClassMethods base.before_action :authorize end
Private Instance Methods
authorization_query()
click to toggle source
# File lib/apiphobic/authorization/resource.rb, line 140 def authorization_query @authorization_query ||= "able_to_#{action_name}?" end
authorize()
click to toggle source
# File lib/apiphobic/authorization/resource.rb, line 55 def authorize return if authorizer.public_send(authorization_query) Erratum.fail( 'Forbidden', resource_name: self.class.singular_underscored_base_resource_name, resource_id: [params[:id]], action: action_name, ) end
authorized_attributes()
click to toggle source
# File lib/apiphobic/authorization/resource.rb, line 95 def authorized_attributes @authorized_attributes ||= Authorization::Transformers::JsonApiToRailsAttributes .new(parameters: authorized_parameters.slice(:data)) .call end
authorized_audience()
click to toggle source
# File lib/apiphobic/authorization/resource.rb, line 132 def authorized_audience current_audience end
authorized_collection()
click to toggle source
# File lib/apiphobic/authorization/resource.rb, line 123 def authorized_collection return unless RESOURCE_COLLECTION_ACTIONS.include?(action_name) @authorized_collection ||= \ ::Apiphobic::Resource::Collection .new(resource: authorized_scope, parameters: authorized_parameters) end
authorized_inclusions()
click to toggle source
# File lib/apiphobic/authorization/resource.rb, line 78 def authorized_inclusions @authorized_inclusions ||= authorized_parameters[:include] end
authorized_issuer()
click to toggle source
# File lib/apiphobic/authorization/resource.rb, line 136 def authorized_issuer current_issuer end
authorized_parameters()
click to toggle source
# File lib/apiphobic/authorization/resource.rb, line 66 def authorized_parameters @authorized_parameters ||= self .class .authorizer_parameters_class .new(action: action_name, audience: authorized_audience, issuer: authorized_issuer, parameters: params, token: token) .call end
authorized_resource()
click to toggle source
# File lib/apiphobic/authorization/resource.rb, line 113 def authorized_resource return if RESOURCE_COLLECTION_ACTIONS.include?(action_name) @authorized_resource ||= \ ::Apiphobic::Resource::Model .new(resource: Object.const_get(self.class.singular_resource_class_name), id: params[:id], parameters: authorized_parameters) end
authorized_scope()
click to toggle source
# File lib/apiphobic/authorization/resource.rb, line 82 def authorized_scope @authorized_scope ||= self .class .authorizer_scope_class .new(action: action_name, audience: authorized_audience, issuer: authorized_issuer, parameters: authorized_parameters, scope_root: self.class.authorized_scope_root_class, token: token) .call end
authorizer()
click to toggle source
# File lib/apiphobic/authorization/resource.rb, line 101 def authorizer @authorizer ||= self .class .authorizer_class .new(action: action_name, audience: authorized_audience, issuer: authorized_issuer, parameters: authorized_parameters, resource: authorized_resource&.processed, token: token) end