module Skr::Concerns::SanitizeJson::ClassMethods

SanitizeJson is where all the exports_XXX concerns come together. It's responsible for only allowing associations and other data to be saved that have been marked as safe.

Public Instance Methods

sanitize_json(json, user = Skr::UserProxy.current) click to toggle source

Takes in a hash containing attribute name/value pairs, as well as sub hashes/arrays. It returns only the attributes that have been marked as exportable @param json [Hash] @param user [UserProxy,User] who is performing request

# File lib/skr/concerns/sanitize_json.rb, line 15
def sanitize_json(json, user = Skr::UserProxy.current)
    return {} unless user.can_write?(self)
    json.each_with_object(Hash.new) do | kv, result |
        ( key, value ) = kv

        if json_attribute_is_allowed?( key.to_sym, user )
            result[ key ] = value
        else
            # allow nested params to be specified using Rails _attributes
            name = key.to_s.gsub(/_attributes$/,'')

            next unless has_exported_nested_attribute?( name, user )

            klass_name = self.reflections[ name.to_sym ].class_name
            klass = klass_name.safe_constantize || "Skr::#{klass_name}".constantize

            # only Hash, Array & nil is valid for nesting attributes
            cleaned = case value
                      when Hash  then klass.sanitize_json( value, user )
                      when Array then value.map{ | nested | klass.sanitize_json( nested, user ) }
                      else
                          nil
                      end
            result[ (name + '_attributes').to_sym ] = cleaned unless cleaned.blank?
        end
    end
end