module Drillbit::AuthorizableResource

Constants

RESOURCE_COLLECTION_ACTIONS

Public Class Methods

included(base) click to toggle source
# File lib/drillbit/authorizable_resource.rb, line 65
def self.included(base)
  base.include Resource::Naming
  base.extend  ClassMethods

  base.before_action :authorize
end

Private Instance Methods

authorization_query() click to toggle source
# File lib/drillbit/authorizable_resource.rb, line 217
def authorization_query
  @authorization_query ||= "able_to_#{action_name}?"
end
authorize() click to toggle source
# File lib/drillbit/authorizable_resource.rb, line 74
def authorize
  return if authorizer.public_send(authorization_query)

  Erratum.raise(
    'ForbiddenError',
    resource_name: self.class.singular_resource_name,
    resource_id:   [params[:id]],
    action:        action_name,
  )
end
authorized_attributes() click to toggle source

rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength rubocop:disable Metrics/BlockNesting

# File lib/drillbit/authorizable_resource.rb, line 135
def authorized_attributes
  @authorized_attributes ||= begin
    attributes             = authorized_params
                               .fetch(:data,       {})
                               .fetch(:attributes, authorized_params.class.new)

    relationships = authorized_params.class.new

    authorized_params
      .fetch(:data,          {})
      .fetch(:relationships, authorized_params.class.new)
      .each_pair do |name, relationship|
      if relationship[:data].is_a?(Array)
        if (relationship[:data][0] || {})[:attributes]
          relationships["#{name}_attributes"] = relationship[:data].map do |datum|
            attrs                             = datum[:attributes].dup

            attrs.delete(:__id__)
            attrs[:id] = datum[:id] if datum[:id]

            attrs
          end
        else
          attribute = "#{Drillbit::Utilities::String.singularize(name)}_ids".to_sym

          relationships[attribute] = relationship[:data].map { |datum| datum[:id] }
        end
      elsif relationship[:data].nil? || relationship[:data].is_a?(Hash)
        attribute = name.to_sym

        relationships[attribute] = relationship[:data][:id]
      end
    end

    relationships.permit! if relationships.respond_to?(:permit!)

    ActiveSupport::Deprecation.silence do
      attributes.merge(relationships)
    end
  end
end
authorized_collection() click to toggle source
# File lib/drillbit/authorizable_resource.rb, line 186
def authorized_collection
  return unless RESOURCE_COLLECTION_ACTIONS.include?(action_name)

  @authorized_collection ||= \
    Resource::Model
      .new(resource:   public_send(self.class.plural_resource_name),
           parameters: authorized_params)
end
authorized_inclusions() click to toggle source
# File lib/drillbit/authorizable_resource.rb, line 110
def authorized_inclusions
  @authorized_inclusions ||= self
                               .class
                               .authorizer_inclusions_params_class
                               .new(action: action_name,
                                    token:  token,
                                    user:   authorized_user,
                                    issuer: authorized_issuer,
                                    params: authorized_params)
                               .call
end
authorized_issuer() click to toggle source
# File lib/drillbit/authorizable_resource.rb, line 213
def authorized_issuer
  current_issuer
end
authorized_params() click to toggle source
# File lib/drillbit/authorizable_resource.rb, line 122
def authorized_params
  @authorized_params ||= authorizer_params_class
                           .new(action: action_name,
                                token:  token,
                                user:   authorized_user,
                                issuer: authorized_issuer,
                                params: params)
                           .call
end
authorized_resource() click to toggle source

rubocop:enable Metrics/BlockNesting rubocop:enable Metrics/CyclomaticComplexity, Metrics/MethodLength rubocop:enable Metrics/AbcSize, Metrics/PerceivedComplexity

# File lib/drillbit/authorizable_resource.rb, line 180
def authorized_resource
  return if RESOURCE_COLLECTION_ACTIONS.include?(action_name)

  @authorized_resource ||= public_send(self.class.singular_resource_name)
end
authorized_scope() click to toggle source
# File lib/drillbit/authorizable_resource.rb, line 97
def authorized_scope
  @authorized_scope ||= self
                          .class
                          .authorizer_scope_class
                          .new(action:     action_name,
                               token:      token,
                               user:       authorized_user,
                               issuer:     authorized_issuer,
                               params:     authorized_params,
                               scope_root: authorized_scope_root)
                          .call
end
authorized_scope_root() click to toggle source
# File lib/drillbit/authorizable_resource.rb, line 203
def authorized_scope_root
  @authorized_scope_root ||= "#{self.class.authorizer_prefix}" \
                             "#{self.class.resource_class_name}"
                               .constantize
end
authorized_user() click to toggle source
# File lib/drillbit/authorizable_resource.rb, line 209
def authorized_user
  current_user
end
authorizer() click to toggle source
# File lib/drillbit/authorizable_resource.rb, line 85
def authorizer
  @authorizer ||= self
                    .class
                    .authorizer_class
                    .new(action:   action_name,
                         token:    token,
                         user:     authorized_user,
                         issuer:   authorized_issuer,
                         params:   authorized_params,
                         resource: authorized_resource)
end
authorizer_params_class() click to toggle source
# File lib/drillbit/authorizable_resource.rb, line 195
def authorizer_params_class
  @authorizer_params_class ||= if RESOURCE_COLLECTION_ACTIONS.include?(action_name)
                                 self.class.authorizer_filtering_params_class
                               else
                                 self.class.authorizer_resource_params_class
                               end
end