Created
November 29, 2013 18:26
-
-
Save arenoir/7709928 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module JsonApiConcern | |
extend ActiveSupport::Concern | |
included do | |
self.rescue_from ::FpCommon::Exceptions::AccessDenied, :with => :access_denied | |
self.serialization_scope :access_control | |
end | |
def access_denied | |
render :json => I18n.t('controller.exceptions.access_denied'), :status => 403 | |
end | |
def index | |
authorize_collection! | |
render json: collection, each_serializer: each_serializer, meta: index_meta | |
end | |
def show | |
authorize_resource! | |
render json: resource, serializer: serializer, meta: show_meta | |
end | |
def update | |
authorize_resource! | |
if update_resource | |
render json: resource, serializer: serializer, meta: update_meta, status: :ok | |
else | |
render json: resource.errors, status: :unprocessable_entity | |
end | |
end | |
def create | |
build_resource | |
authorize_resource! | |
if resource.save | |
render json: resource, serializer: serializer, meta: create_meta, status: :created | |
else | |
render json: resource.errors, status: :unprocessable_entity | |
end | |
end | |
def destroy | |
authorize_resource! | |
if resource.destroy | |
render nothing: true, meta: destroy_meta, status: :no_content | |
else | |
render json: resource.errors, status: :unprocessable_entity | |
end | |
end | |
attr_reader :index_meta, :show_meta, :update_meta, :create_meta, :destroy_meta | |
def authorize_action! | |
access_control.authorize_action!(params[:action]) | |
end | |
def authorize_resource! | |
authorize_action! | |
access_control.authorize_resource!(resource) | |
end | |
def authorize_collection! | |
authorize_action! | |
access_control.authorize_collection!(collection) | |
end | |
def resource | |
@resource ||= end_of_assocation_chain.find(params[:id]) | |
end | |
def collection | |
@collection ||= end_of_assocation_chain | |
end | |
def resource_params | |
@resource_params ||= access_control.authorized_params! | |
end | |
def serializer | |
@serializer ||= "#{class_name.singularize}Serializer".constantize | |
end | |
def each_serializer | |
@each_serializer ||= serializer | |
end | |
protected | |
def access_control | |
@access_control ||= access_control_class.new(current_user, params) | |
end | |
def access_control_class | |
"#{class_name}AccessControl".constantize | |
end | |
def end_of_assocation_chain | |
apply_scopes(resource_class). | |
where( domain_id: current_user.domain_id ) | |
end | |
def class_name | |
@class_name ||= self.class.to_s.sub(/Controller$/, '') | |
end | |
def resource_class_name | |
@resource_class_name ||= self.controller_name.classify | |
end | |
def resource_name | |
@resource_name ||= resource_class_name.underscore | |
end | |
def resource_class | |
@resource_class ||= resource_class_name.constantize | |
end | |
def build_resource | |
@resource = resource_class.new(resource_params) | |
if @resource.respond_to?(:user_id) | |
@resource.user_id = current_user.id | |
end | |
return @resource | |
end | |
def update_resource | |
resource.update_attributes(resource_params) | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment