jsonapi-authorization
jsonapi-authorization copied to clipboard
Authorization for JSONAPI::Resource
Inspirations taken from: * https://github.com/venuu/jsonapi-authorization/pull/131 * https://github.com/venuu/jsonapi-authorization/pull/131#issuecomment-873061541 Problems faced: * https://github.com/cerebris/jsonapi-resources/issues/1305#issuecomment-1206396640
@valscion This is an early stage proof of concept to work with v0.10 and fix #64 Many specs are failing because the changes in the processor are now calling Resource.records,...
It would be nice to be able to enforce in the policy that a POST must have a related resource specified. Currently, via related_models_with_context, only related resources that are specified...
Seems like we will have to do some work in the future to be compatible with upcoming JR version, 0.10, where resources being closely coupled to ActiveRecord is being worked...
We have several situations where we would like to provide filter functionality, but only for certain users, e.g. admins. We're currently doing this by implementing a custom filter in JR...
Since `jsonapi-resources` v0.9.6 it has been possible to do updates to polymorphic `has_many` associations: https://github.com/cerebris/jsonapi-resources/pull/1217 We should probably have some sort of a test to verify `jsonapi-authorization` works for these...
We should document these two cases in https://github.com/venuu/jsonapi-authorization/blob/master/docs/relationship-authorization.md: * `GET /source_record/:id/has-one-resource` * `GET /source_record/:id/has-many-resources` Look at the existing docs in that file as an example on how these specs should...
Hello, I'm working on a version of the authorizing processor that can support accept a resource instead of a class for `create?` and `update?` actions as referenced in https://github.com/venuu/jsonapi-authorization/issues/25 and...
Mostly putting this out there as a discussion on possible ways to abstract the code to make it easier to extend. A few things I think would be useful: 1....
Perhaps I have overlooked it but it seems that the way this gem is designed we are unable to take advantage of [Pundit's Policy Namespacing](https://github.com/varvet/pundit#policy-namespacing) feature. We have a motivation...