glenux-contrib/metamaps--metamaps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

policy_scope on has_many relationships in serializers (#840)

Browse source 
* token overrides current user in api

* policy scope has_many relationships

* fix hard coded topics - whoops

* handle policy_scope returning nil in application serializer
This commit is contained in:
Devin Howard 2016-10-26 19:56:30 +08:00 committed by GitHub
parent b13587456d
commit 175a3ee73e
2 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/api/v2/restful_controller.rb
View file

@ -45,7 +45,7 @@ module Api
end end
def current_user def current_user
super || token_user || doorkeeper_user || nil token_user || super || doorkeeper_user || nil
end end
def load_resource def load_resource

6
app/serializers/api/v2/application_serializer.rb
View file

@ -32,9 +32,11 @@ module Api
if attr.to_s.pluralize == attr.to_s if attr.to_s.pluralize == attr.to_s
attribute("#{attr.to_s.singularize}_ids".to_sym, attribute("#{attr.to_s.singularize}_ids".to_sym,
opts.merge(unless: -> { embeds.include?(key) })) do opts.merge(unless: -> { embeds.include?(key) })) do
object.send(attr).map(&:id) Pundit.policy_scope(scope[:current_user], object.send(attr))&.map(&:id) || []
end
has_many(attr, opts.merge(if: -> { embeds.include?(key) })) do
Pundit.policy_scope(scope[:current_user], object.send(attr)) || []
end end
has_many(attr, opts.merge(if: -> { embeds.include?(key) }))
else else
id_opts = opts.merge(key: "#{key}_id") id_opts = opts.merge(key: "#{key}_id")
attribute("#{attr}_id".to_sym, attribute("#{attr}_id".to_sym,