include_directives are not passed down properly to operations #755
Description
It seems that processor callbacks for these operation types:
:create_resource:replace_fields:show_related_resource:show_related_resources
no longer can reach out to the include directives as before. Tracing the path, it seems that the culprit is in JSONAPI::RequestParser where include_directives is no longer being passed down:
This seems like a regression caused by #694.
I can still verify that these requests however DO sideload the resources.
POST /articles?include=authorPATCH /articles/1?include=authorGET /articles/1/author?include=postsGET /users/1/articles?include=comments
This regression causes venuu/jsonapi-authorization gems PR to update to new operation processing model_includes authorization tests to fail against JR master version. This is because inside an operation callback, params[:include_directives] is not present for the operation types I mentioned above.
jsonapi-authorization specs work on the request level and ensure that a certain request will be checked for authorization. For these four operations, the include directives are never authorized and go through even when they shouldn't.
I'll see if I can whip up a PR to fix this. This should be quite easy to fix, though, as all we need is just to get the include_directives passed for the operation types I mentioned. I haven't looked into how to test that behaviour, though.