module JSONAPI::Authorization::PunditScopedResource
Public Instance Methods
records_for(association_name)
click to toggle source
# File lib/jsonapi/authorization/pundit_scoped_resource.rb, line 15 def records_for(association_name) record_or_records = @model.public_send(association_name) relationship = fetch_relationship(association_name) case relationship when JSONAPI::Relationship::ToOne record_or_records when JSONAPI::Relationship::ToMany user_context = JSONAPI::Authorization.configuration.user_context(context) ::Pundit.policy_scope!(user_context, record_or_records) else raise "Unknown relationship type #{relationship.inspect}" end end
Private Instance Methods
fetch_relationship(association_name)
click to toggle source
# File lib/jsonapi/authorization/pundit_scoped_resource.rb, line 32 def fetch_relationship(association_name) relationships = self.class._relationships.select do |_k, v| v.relation_name(context: context) == association_name end if relationships.empty? nil else relationships.values.first end end