Partially fix include directive specs

This code is somewhat copied from this branch:
https://github.com/crunchybananas/jsonapi-authorization/tree/v0_10

Author: valscion

lib/jsonapi/authorization/authorizing_processor.rb

@@ -37,17 +37,15 @@ class AuthorizingProcessor < JSONAPI::Processor
 
       def authorize_include_directive
         return if result.is_a?(::JSONAPI::ErrorsOperationResult)
-
-        resources = Array.wrap(
-          if result.respond_to?(:resources)
-            result.resources
-          elsif result.respond_to?(:resource)
-            result.resource
+        resources = result.resource_set.resource_klasses[@resource_klass]
+        return if resources.nil?
+
+        if params[:include_directives]
+          include_params = params[:include_directives].include_directives
+          resources.each do |id, current_resource|
+            source_record = current_resource[:resource]._model
+            authorize_include_directives(resource_klass, source_record, include_params)
           end
-        )
-
-        resources.each do |resource|
-          authorize_model_includes(resource._model)
         end
       end
 
@@ -327,11 +325,12 @@ def related_models_with_context
         end
       end
 
-      def authorize_model_includes(source_record)
-        return unless params[:include_directives]
+      def authorize_include_directives(current_resource_klass, source_record, include_directives)
+        include_directives[:include_related].each do |include_item, deep|
+          authorize_include_item(current_resource_klass, source_record, include_item)
 
-        params[:include_directives].model_includes.each do |include_item|
-          authorize_include_item(@resource_klass, source_record, include_item)
+          next_resource_klass = current_resource_klass._relationship(include_item).resource_klass
+          authorize_include_directives(next_resource_klass, source_record, deep)
         end
       end
 

spec/requests/included_resources_spec.rb

@@ -36,7 +36,7 @@
     describe 'one-level deep has_many relationship' do
       let(:include_query) { 'comments' }
 
-      context 'unauthorized for include_has_many_resource for Comment', pending: 'Compatibility with JR 0.10' do
+      context 'unauthorized for include_has_many_resource for Comment' do
         before do
           disallow_operation(
             'include_has_many_resource',
@@ -73,7 +73,7 @@
     describe 'one-level deep has_one relationship' do
       let(:include_query) { 'author' }
 
-      context 'unauthorized for include_has_one_resource for article.author', pending: 'Compatibility with JR 0.10' do
+      context 'unauthorized for include_has_one_resource for article.author' do
         before do
           disallow_operation(
             'include_has_one_resource',
@@ -108,7 +108,7 @@
     describe 'multiple one-level deep relationships' do
       let(:include_query) { 'author,comments' }
 
-      context 'unauthorized for include_has_one_resource for article.author', pending: 'Compatibility with JR 0.10' do
+      context 'unauthorized for include_has_one_resource for article.author' do
         before do
           disallow_operation(
             'include_has_one_resource',
@@ -121,7 +121,7 @@
         it { is_expected.to be_forbidden }
       end
 
-      context 'unauthorized for include_has_many_resource for Comment', pending: 'Compatibility with JR 0.10' do
+      context 'unauthorized for include_has_many_resource for Comment' do
         before do
           allow_operation('include_has_one_resource', source_record: an_instance_of(Article), related_record: an_instance_of(User), authorizer: chained_authorizer)
           disallow_operation('include_has_many_resource', source_record: an_instance_of(Article), record_class: Comment, authorizer: chained_authorizer)
@@ -156,7 +156,7 @@
     describe 'a deep relationship' do
       let(:include_query) { 'author.comments' }
 
-      context 'unauthorized for first relationship', pending: 'Compatibility with JR 0.10' do
+      context 'unauthorized for first relationship' do
         before do
           disallow_operation(
             'include_has_one_resource',
@@ -178,7 +178,7 @@
           it { is_expected.to be_forbidden }
         end
 
-        context 'authorized for second relationship' do
+        context 'authorized for second relationship', pending: 'Compatibility with JR 0.10' do
           before { allow_operation('include_has_many_resource', source_record: an_instance_of(User), record_class: Comment, authorizer: chained_authorizer) }
 
           it { is_expected.to be_successful }
@@ -202,7 +202,7 @@
     end
 
     describe 'a deep relationship with empty relations' do
-      context 'first level has_one is nil' do
+      context 'first level has_one is nil', pending: 'Compatibility with JR 0.10' do
         let(:include_query) { 'non-existing-article.comments' }
 
         it { is_expected.to be_successful }
@@ -211,13 +211,13 @@
       context 'first level has_many is empty' do
         let(:include_query) { 'empty-articles.comments' }
 
-        context 'unauthorized for first relationship', pending: 'Compatibility with JR 0.10' do
+        context 'unauthorized for first relationship' do
           before { disallow_operation('include_has_many_resource', source_record: an_instance_of(Article), record_class: Article, authorizer: chained_authorizer) }
 
           it { is_expected.to be_forbidden }
         end
 
-        context 'authorized for first relationship' do
+        context 'authorized for first relationship', pending: 'Compatibility with JR 0.10' do
           before { allow_operation('include_has_many_resource', source_record: an_instance_of(Article), record_class: Article, authorizer: chained_authorizer) }
 
           it { is_expected.to be_successful }
@@ -284,7 +284,7 @@
       context 'authorized for first relationship' do
         before { allow_operation('include_has_one_resource', source_record: an_instance_of(Article), related_record: an_instance_of(User), authorizer: chained_authorizer) }
 
-        context 'authorized for second relationship' do
+        context 'authorized for second relationship', pending: 'Compatibility with JR 0.10' do
           before { allow_operation('include_has_many_resource', source_record: an_instance_of(User), record_class: Comment, authorizer: chained_authorizer) }
 
           it { is_expected.to be_successful }