Add serialization_scope example

[bf4]

ref #1245

• add docs to https://github.com/rails-api/active_model_serializers/blob/master/docs/general/rendering.md#scope
• output bugs
  • Bug in serialization_scope nil scope methods existing on the serializer #1509

[beauby]

This is important but I find the example confusing.

[bf4]

@beauby how could the example be better. I was lazy and just cribbed the test, but maybe you have something in mind?

[beauby]

@bf4: Could you fill me in on what exactly we are testing here? It feels like we're making sure we can override the scope?

[bf4]

Not testing, documenting usage (no overriding)

B mobile phone

On Oct 8, 2015, at 5:27 PM, Lucas Hosseini [email protected] wrote:

In README.md:

++ +In order to do this, all we need to do is declare theserialization_scope: + +ruby
+class SomeController < ActionController::Base

• serialization_scope :current_admin

• def current_admin
• User.new(id: 2, name: 'Bob', admin: true)
• end

• def index
• render json: User.new(id: 1, name: 'Pete', admin: false), serializer: AdminUserSerializer, adapter: :json_api
• end
  +end
  @bf4: Could you fill me in on what exactly we are testing here? It feels like we're making sure we can override the scope?

—
Reply to this email directly or view it on GitHub.

[beauby]

Haha right, I was a bit confused. What do you think about:

class PostSerializer < AMS
  attributes :title, :body, :can_edit?

  def can_edit?
    scope.admin?
  end
end

[bf4]

sure, wanna edit? I'm busy for a while

[bf4]

ref: #1281 (comment)

[bf4]

Updated, but the example needs help from someone who's used the feature

[bf4]

@rails-api/ams any thoughts on this?

[NullVoxPopuli]

I think the example is good. If there are no other objects, I'll merge it

[beauby]

This sentence is a bit hard to understand (at least for me). What is "the serialization_scope"? The parameter to the (class) method call serialization_scope :foo? (i.e. :foo in this case) I guess not as you talk about the controller.

[bf4]

So, here's my dirty secret: this part of the code is a bit hard to understand.. by putting something in master, it forces a few more questions and I'm hoping maybe someone else can may it clearer :)

[NullVoxPopuli]

👍 I'm on board with that.

[bf4]

omg, great examples in https://github.com/rails-api/active_model_serializers/tree/0-9-stable#customizing-scope and see filter https://github.com/rails-api/active_model_serializers/tree/0-9-stable#attributes

[bf4]

Found another related issue: #741

It references an example setting serialization_scope to view_context and http://railscasts.com/episodes/409-active-model-serializers?view=asciicast

Our serializer is now working well but we have some issues with how the scope works. One problem is that it loads the current user record every time it makes a JSON request in our application, even if the user record isn’t accessed in the serializer. This can result in unnecessary database queries and potential performance issues. Another issue is that the name scope is rather generic and it’s not really obvious that the admin? method is called on the current user when we call it on scope. It would be much better if we could call current_user directly in our serializer. To get this to work we can customize the scope object that’s passed in to our serializers by changing the ApplicationController, calling serialization_scope and telling it to use something other than the current user, such as a view_context.

/app/controllers/application_controller.rb

serialization_scope :view_context

We can now call the current user through this view context and any other helper methods that we might need to access within our serializer. We’ll go back to our serializer and tell it to delegate the current_user method to the scope and then call admin? on that.

/app/serializers/article_serializer.rb

delegate :current_user, to: :scope

def attributes
  data = super
  data[:edit_url] = edit_article_url(object) if current_user.admin?
  data
end

Our page now has the same functionality as it did before but the current user is only loaded in as needed. One downside of this approach is that it can make testing a little more difficult as we need to provide access to the entire view context for the serializer. To get around this we can test it in a similar way to how we test helper methods by inheriting from ActionView::TestCase. This will automatically set up the view context for us so that we can pass it into the serializer.

[bf4]

I think there's bugs hiding here

[bf4]

I updated with some more thought and comparison to 0.9. I like the examples better, and now understand the discussion of 'authorization context'

I think we lost the usage of the scope option in the controller, need to confirm with tests.

e.g. <%= react_component('CommunityRouter', posts: ActiveModel::SerializableResource.new(@posts, scope: current_business).serializable_hash ) %>

Also, looks like the serializer could break if scope_name is passed in but not a scope.

[buren]

I think in general this documentation is good and a well needed addition :) 👍 @bf4

However I also noticed some problems trying to pass in scope in controllers. I had some other problems there (in my app-code..), so will need to confirm that that is actually happening.. Will update when/if I can confirm anything.

[bf4]

Feel free to make a pr into my branch

B mobile phone

On Feb 8, 2016, at 2:31 AM, Jacob Burenstam [email protected] wrote:

I think in general this documentation is good and a well needed addition :) @bf4

However I also noticed some problems trying to pass in scope in controllers. I had some other problems there (in my code..), so will need to confirm that that is actually happening.. Will update when/if I can confirm anything.

—
Reply to this email directly or view it on GitHub.

[bf4]

@buren I may have found the bug

[bf4]

The controller defineds

      class_attribute :_serialization_scope
      self._serialization_scope = :current_user

    def serialization_scope
      send(_serialization_scope) if _serialization_scope &&
        respond_to?(_serialization_scope, true)
    end
      def serialization_scope(scope)
        self._serialization_scope = scope
      end
    end

then serialization resource calls

        serializable_resource.serialization_scope ||= serialization_scope
        serializable_resource.serialization_scope_name = _serialization_scope

notice that serialization_scope is actually the return value of sending the _serialization_scope method in the controller (if that method exists).

Those two setters correspond to the serializar options scope and scope_name respectively, which may also be passed in as params to render

[bf4]

Bug in Serializer._serializer_instance_methods is causing the scoped method to sometimes be available to read_attribute_for_serialization and sometime not, since the public instance methods are cached once, but they change with scopes.

[NullVoxPopuli]

is the fix for this bug for another PR?

[bf4]

is same as object.comments.where(created_by: scope)

[bf4]

There is currently a bug that prevents you from passing scope or scope_name via render options.

[buren]

@bf4 wow great work! Impressed that you found the "special" Rails 4 behaviour 👍

[bf4]

Impressed that you found the "special" Rails 4 behaviour

@buren well, it failed tests.. so..

[NullVoxPopuli]

👍