Could we use authority with active model serializer ?

nathanl / authority

*CURRENTLY UNMAINTAINED*. Authority helps you authorize actions in your Rails app. It's ORM-neutral and has very little fancy syntax; just group your models under one or more Authorizer classes and write plain Ruby methods on them.

MIT License

1.21k stars 67 forks source link

Could we use authority with active model serializer ? #122

Closed imadmoussa1 closed 7 years ago

imadmoussa1 commented 7 years ago

Hello @nathanl ,

I am using the active model serializer (json_api ). When we make a call to the api, the response will include the associations and relations. render json: @articles, include: '*' However when the user in not authorized to "read" the relation model, I do not want to include the relation in the response .

Can we handle this case using Authority gem ?

thank you.

nathanl commented 7 years ago

There's no special support for this, but you can ask relation_model.authorizer.readable_by?(user) if that makes sense in your app.