diff --git a/_site/guides/concepts/resources.html b/_site/guides/concepts/resources.html index 482bcbe..2927044 100644 --- a/_site/guides/concepts/resources.html +++ b/_site/guides/concepts/resources.html @@ -231,12 +231,17 @@

end

When guarding the :readable flag, the method can optionally accept the -model instance being serialized as an argument:

+model instance and the name of the attribute being serialized as arguments:

attribute :name, :string, readable: :allowed?
+attribute :age, :integer, readable: :attribute_allowed?
 
 def allowed?(model_instance)
   model_instance.internal == false
+end
+
+def attribute_allowed?(model_instance, attribute_name)
+  PolicyChecker.new(model_instance).attribute_readable?(attribute_name)
 end
@@ -256,6 +261,16 @@

self.attributes_sortable_by_default = false # default true self.attributes_schema_by_default = false # default true +

As for resource defined guards, you can pass a symbol to guard the +behavior globally. This can be used to globally delegate access control to a +dedicated system.

+ + 
self.attributes_readable_by_default = :attribute_readable? # default true
+
+def attribute_readable?(model_instance, attribute_name)
+  PolicyChecker.new(model_instance).attribute_readable?(attribute_name)
+end
+

@@ -1337,7 +1352,7 @@ 

class Employee < ApplicationRecord
   has_many :team_memberships
-  has_many :teams, through :team_memberships
+  has_many :teams, through: :team_memberships
 end
 
 class TeamMembership < ApplicationRecord
diff --git a/guides/concepts/resources.md b/guides/concepts/resources.md
index 07ed336..ad9cdf2 100644
--- a/guides/concepts/resources.md
+++ b/guides/concepts/resources.md
@@ -113,14 +113,19 @@ end
 {% endhighlight %}
 
 When guarding the `:readable` flag, the method can optionally accept the
-model instance being serialized as an argument:
+model instance and the name of the attribute being serialized as arguments:
 
 {% highlight ruby %}
 attribute :name, :string, readable: :allowed?
+attribute :age, :integer, readable: :attribute_allowed?
 
 def allowed?(model_instance)
   model_instance.internal == false
 end
+
+def attribute_allowed?(model_instance, attribute_name)
+  PolicyChecker.new(model_instance).attribute_readable?(attribute_name)
+end
 {% endhighlight %}
 
 {% include h.html tag="h4" text="2.2 Default Behavior" a="default-behavior" %}
@@ -137,6 +142,18 @@ self.attributes_sortable_by_default = false # default true
 self.attributes_schema_by_default = false # default true
 {% endhighlight %}
 
+As for resource defined guards, you can pass a symbol to guard the
+behavior globally. This can be used to globally delegate access control to a
+dedicated system.
+
+{% highlight ruby %}
+self.attributes_readable_by_default = :attribute_readable? # default true
+
+def attribute_readable?(model_instance, attribute_name)
+  PolicyChecker.new(model_instance).attribute_readable?(attribute_name)
+end
+{% endhighlight %}
+
 {% include h.html tag="h4" text="2.3 Customizing Display" a="customizing-display" %}
 
 Pass a block to `attribute` to customize display:




pFad - Phonifier reborn




Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.





Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.




Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy