Comments (4)
@barelyknown would it be possible for you to use the records
method on the resource to apply the permission check? That's how I'm doing things in my code and it seems to work well. We're taking the approach that if a user doesn't have permission to see a record then they get a 404, even if the record exists. That may not work for you of course. But it does keep the logic more tightly confined to the resource.
If that doesn't work for you I'm not at all opposed to splitting up the controller methods as you proposed. It could DRY it up a bit either way.
from jsonapi-resources.
I'm using the same approach, but that doesn't work for the get_related_resource
action because the records
method loads the source resource, not the related resource(s).
from jsonapi-resources.
Good catch! In Resource._associate
we could add a method similar to records
for each association. Then the same approach could be used. I think that could work, but my mind's a bit tired now, so no promises.
from jsonapi-resources.
I was tired last night too!, but I thought about it more this morning and liked your suggestion. The PR implements that approach.
from jsonapi-resources.
Related Issues (20)
- Resource option `always_include_linkage_data: true` not working HOT 5
- Repeating the same sort attribute with reverse direction overwrites the previous direction for that attribute
- Documentation for ResourceSerializer with includes is incorrect HOT 3
- What's the status of version 0.11.0?? IS THIS PROJECT DEAD? HOT 1
- Alternative to ActiveRelationResource which does not produce extra DB queries HOT 2
- Adopt the `frozen_string_literal` magic comment to optimize string storage
- sort by country that is related to resource not directly but through the third relation is not work properly HOT 3
- Rails Namespace Conflict with jsonapi.rb
- unable to build w/o specifying rails version in ENV
- add support for rubocop
- Test for missing inverse relationships HOT 4
- Change ResourceIdentity <=> to take resource_klass into account when sorting.
- Class caching is too aggressive in dev HOT 1
- Aliased Attribute Names Are Not Used In Error Responses
- get_join_arel_node fails with include_optional_linkage_data if there is already a join
- RFC: Guide for handling generic filter/fieldset errors, such as empty inputs and 'undefined'
- Polymorphic Relationships Not Found On Aliased Resource HOT 1
- Basic Usage guide includes deprecated Faker method HOT 1
- Problem with deprecated config value: `default_processor_klass`. HOT 1
- `:unprocessable_entity` deprecated in newest Rack, and causing a `0` response
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jsonapi-resources.