module Skr::Concerns::JsonAttributeAccess::ClassMethods
Public Instance Methods
blacklist_json_attributes( *attributes )
click to toggle source
@param attributes [Array of symbols] attributes that are not safe for the API to set
# File lib/skr/concerns/json_attribute_access.rb, line 31 def blacklist_json_attributes( *attributes ) options = attributes.extract_options! self.blacklisted_json_attributes ||= {} attributes.each{|attr| self.blacklisted_json_attributes[ attr.to_sym ] = options } end
json_attr_accessor( *names )
click to toggle source
An attribute accessor that allows access from the API
# File lib/skr/concerns/json_attribute_access.rb, line 16 def json_attr_accessor( *names ) names.each do | attr | attr_accessor attr whitelist_json_attributes attr end end
json_attribute_is_allowed?(name, user = Skr::UserProxy.current)
click to toggle source
An attribute is allowed if it's white listed or it's a valid attribute and not black listed @param name [Symbol] @param user [UserProxy,User] who is performing request
# File lib/skr/concerns/json_attribute_access.rb, line 41 def json_attribute_is_allowed?(name, user = Skr::UserProxy.current) return false unless user.can_write?(self, name) (self.whitelisted_json_attributes && self.whitelisted_json_attributes.has_key?( name.to_sym)) || ( self.attribute_names.include?( name.to_s ) && ( self.blacklisted_json_attributes.nil? || ! self.blacklisted_json_attributes.has_key?( name.to_sym ) ) ) end
whitelist_json_attributes( *attributes )
click to toggle source
@param attributes [Array of symbols] attributes that are safe for the API to set
# File lib/skr/concerns/json_attribute_access.rb, line 24 def whitelist_json_attributes( *attributes ) options = attributes.extract_options! self.whitelisted_json_attributes ||= {} attributes.each{|attr| self.whitelisted_json_attributes[ attr.to_sym ] = options } end