v1.0.0.alpha3

• Fixes create_resource authorization breaking for has_one association, #66

v1.0.0.alpha2

Alpha release, fixes #62

v1.0.0.alpha1

Alpha release, see #48 for more details.

v0.8.2

• Fix relationships using the relation_name option (#42)

v0.8.1

• Added ability to custom pundit_user (#32)

v0.8.0

Breaking change

[https://github.com//pull/24] Updated authorization processor logic to be compatible with jsonapi-resources upcoming v0.8.0 version. Thanks @acid!

This version does not support JR v0.7.x versions. If you need that support, stick to v0.6.1

Usage instructions have changed, adapt your configuration to match the new instructions if you want to be able to run against JR v0.8.0.beta1

 JSONAPI.configure do |config|
-  config.operations_processor = :jsonapi_authorization
+  config.default_processor_klass = JSONAPI::Authorization::AuthorizingProcessor
   config.exception_class_whitelist = [Pundit::NotAuthorizedError]
 end

v0.6.1

Relaxes jsonapi-resources constraint to allow for beta releases of 0.7.x versions. See #17 for more info

v0.6.0

• Authorizes sideloaded (GET /resource/1?include=another-resource) resources with show? for has_one and index? for has_many relationships #10
• Adds support for custom primary_key on related model authorizations #11

v0.5.0

• Renames JSONAPI::Authorization::PunditOperationsProcessor to JSONAPI::Authorization::AuthorizingOperationsProcessor (#6)
• Allows JSONAPI configuration of operations_processor to use the symbol :jsonapi_authorization (#6)

v0.4.0

• Authorizes most operations, still excluding some relationship operations.
• Allows for a custom authorizer class, that ties together the operations with an authorization mechanism.
  • The default authorizer uses Pundit, and aims to create a sensible mapping from JSONAPI operations to Pundit default actions (show?, update? etc).
• Has jsonapi-resources dependency locked to v0.7.0. We currently rely on a lot of internal methods and deemed it likely that other versions would break.