module JSONAPI::Authorization::PunditScopedResource

Public Instance Methods

records_for(association_name) click to toggle source
# File lib/jsonapi/authorization/pundit_scoped_resource.rb, line 15
def records_for(association_name)
  record_or_records = @model.public_send(association_name)
  relationship = fetch_relationship(association_name)

  case relationship
  when JSONAPI::Relationship::ToOne
    record_or_records
  when JSONAPI::Relationship::ToMany
    user_context = JSONAPI::Authorization.configuration.user_context(context)
    ::Pundit.policy_scope!(user_context, record_or_records)
  else
    raise "Unknown relationship type #{relationship.inspect}"
  end
end

Private Instance Methods

fetch_relationship(association_name) click to toggle source
# File lib/jsonapi/authorization/pundit_scoped_resource.rb, line 32
def fetch_relationship(association_name)
  relationships = self.class._relationships.select do |_k, v|
    v.relation_name(context: context) == association_name
  end
  if relationships.empty?
    nil
  else
    relationships.values.first
  end
end