WIP Update for jsonapi-resources v0.10

Note this will break with earlier versions of JR
venuu · Jan 9, 2020 · c160242 · c160242
1 parent 0433692
commit c160242
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 30 deletions.
diff --git a/Gemfile b/Gemfile
@@ -1,3 +1,6 @@
 source 'https://rubygems.org'
 
+# ToDo: This is only for testing purposes
+gem 'jsonapi-resources', :git => 'https://github.com/cerebris/jsonapi-resources.git', :branch => 'track_join_options'
+
 gemspec
diff --git a/jsonapi-authorization.gemspec b/jsonapi-authorization.gemspec
@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "jsonapi-resources", "~> 0.9.0"
+  spec.add_dependency "jsonapi-resources", "~> 0.10.0"
   spec.add_dependency "pundit", ">= 1.0.0", "< 3.0.0"
 
   spec.add_development_dependency "appraisal"

diff --git a/lib/jsonapi/authorization/authorizing_processor.rb b/lib/jsonapi/authorization/authorizing_processor.rb
@@ -72,7 +72,7 @@ def authorize_show_relationship
         related_resource =
           case relationship
           when JSONAPI::Relationship::ToOne
-            parent_resource.public_send(params[:relationship_type].to_sym)
+            resources_from_relationship(source_klass, source_id, relationship.type, context).first
           when JSONAPI::Relationship::ToMany
             # Do nothing — already covered by policy scopes
           else
@@ -91,7 +91,7 @@ def authorize_show_related_resource
 
         source_resource = source_klass.find_by_key(source_id, context: context)
 
-        related_resource = source_resource.public_send(relationship_type)
+        related_resource = resources_from_relationship(source_klass, source_id, relationship_type, context).first
 
         source_record = source_resource._model
         related_record = related_resource._model unless related_resource.nil?
@@ -282,6 +282,14 @@ def authorizer
         @authorizer ||= ::JSONAPI::Authorization.configuration.authorizer.new(context: context)
       end
 
+      def resources_from_relationship(source_klass, source_id, relationship_type, context)
+        rid = source_klass.find_related_fragments([JSONAPI::ResourceIdentity.new(source_klass, source_id)],
+                                                  relationship_type,
+                                                  context: context).keys.first
+
+        rid.resource_klass.find_to_populate_by_keys(rid.id)
+      end
+
       # TODO: Communicate with upstream to fix this nasty hack
       def operation_resource_id
         case operation_type

diff --git a/lib/jsonapi/authorization/pundit_scoped_resource.rb b/lib/jsonapi/authorization/pundit_scoped_resource.rb
@@ -8,35 +8,19 @@ module PunditScopedResource
       module ClassMethods
         def records(options = {})
           user_context = JSONAPI::Authorization.configuration.user_context(options[:context])
-          ::Pundit.policy_scope!(user_context, _model_class)
+          ::Pundit.policy_scope!(user_context, super)
         end
-      end
-
-      def records_for(association_name)
-        record_or_records = @model.public_send(association_name)
-        relationship = fetch_relationship(association_name)
 
-        case relationship
-        when JSONAPI::Relationship::ToOne
-          record_or_records
-        when JSONAPI::Relationship::ToMany
-          user_context = JSONAPI::Authorization.configuration.user_context(context)
-          ::Pundit.policy_scope!(user_context, record_or_records)
-        else
-          raise "Unknown relationship type #{relationship.inspect}"
-        end
-      end
-
-      private
-
-      def fetch_relationship(association_name)
-        relationships = self.class._relationships.select do |_k, v|
-          v.relation_name(context: context) == association_name
-        end
-        if relationships.empty?
-          nil
-        else
-          relationships.values.first
+        def apply_joins(records, join_manager, options)
+          records = super
+          join_manager.join_details.each do |k, v|
+            next if k == '' || v[:join_type] == :root
+            v[:join_options][:relationship_details][:resource_klasses].each_key do |klass|
+              next unless klass.included_modules.include?(PunditScopedResource)
+              records = records.where(v[:alias] => { klass._primary_key => klass.records(options)})
+            end
+          end
+          records
         end
       end
     end