Register replace_polymorphic_to_one_relationship callback

[plantfansam]

This pull requests registers a callback on JSONAPI::Processor#replace_polymorphic_to_one_relationship, which is defined as an eligible callback here: https://github.com/cerebris/jsonapi-resources/blame/master/lib/jsonapi/processor.rb#L13.

I am not sure what the expected behavior ought to be, so I have simply filled in raise NotImplementedError so that we can decide.

This was originally part of #52 (comment: #52 (comment)). It is not necessary for tests to pass against jsonapi-resources 0.9.

[plantfansam]

Would it be helpful for me to try to implement an authorization strategy here, rather than simply raising the NotImplementedError?

[valscion]

Would it be helpful for me to try to implement an authorization strategy here, rather than simply raising the NotImplementedError?

That would be lovely!

I'm not quite sure what kind of policy method we'll want to call and in what cases is the replace_polymorphic_to_one_relationship callback even called. Are you able to enumerate what operations to what type of resources are affected? If you're able to setup tests that expect this method to be called correctly, that would be amazing!

You might want to check out the last comment in #51 on how authorization on resource level could also work. The #51 should also give good context on how we've thought about the relationship authorizations.

[plantfansam]

Excellent, thanks so much. I will give it a shot!

[valscion]

I'll close this PR in favor of #75. Thank you @handlers for finding this case!