Last active
December 29, 2015 18:18
-
-
Save arenoir/7709521 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class AccessControl < Struct.new(:user, :params) | |
| def authorized_params! | |
| authorized_params | |
| end | |
| def serialization_keys!(_keys, _resource) | |
| _authorized_keys = authorize_serialization_keys(_keys, _resource) | |
| _params_keys = serialization_keys_from_params | |
| if _params_keys.any? | |
| _authorized_keys & _params_keys | |
| else | |
| _authorized_keys | |
| end | |
| end | |
| private | |
| #safe defaluts. | |
| def authorized_params | |
| return [] | |
| end | |
| def authorize_serialization_keys(_keys, _resource) | |
| _keys | |
| end | |
| def _serialization_keys_from_params | |
| _params = params[serialization_keys_param_name] | |
| if _params && _params.is_a?(Array) | |
| return _params.map!(&:to_sym) | |
| else | |
| [] | |
| end | |
| end | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PostSerializer < ActiveModel::Serializer | |
| attributes :title, :body | |
| has_many :comments | |
| def filter(_keys) | |
| if scope | |
| scope.serialization_keys!(_keys, object) | |
| else | |
| _keys | |
| end | |
| end | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PostsAccessControl < AccessControl | |
| def authorize_serialization_keys(_keys, _resource) | |
| @_keys ||= _autorized_keys(_keys) | |
| end | |
| def authorized_params | |
| params.require(:post).permit(*_autorized_params) | |
| end | |
| private | |
| def _authorized_keys(_keys) | |
| if user.manager? | |
| _keys | |
| else | |
| _keys - [:comments] | |
| end | |
| end | |
| def _autorized_params | |
| _params = [:body] | |
| if user.manager? | |
| _params.push(:title) | |
| end | |
| return _params | |
| end | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class PostController < ActionController::Base | |
| #https://gist.github.com/arenoir/7709928 | |
| include JsonApiConcern | |
| #relevent part | |
| serialization_scope :access_control | |
| def access_control | |
| @access_control ||= PostsAccessControl.new(current_user, params) | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment