This is mainly to document major new features and backwards-incompatible changes.
Authority::Authorizer.defaultclass method which is called before the
default_strategyproc and delegates to that proc. This can be overridden per authorizer.
config.security_violation_handlerso users can specify which controller method to use when rescuing
- Removed generator to make blank authorizers. On further consideration, one authorizer per model is counterproductive for most use cases, and I'd rather not encourage misuse.
Added generator to make blank authorizers. See
rails g authority:authorizers --help.
- Rename controller methods (again):
- Cleaned up
authorize_action_forto only accept a
resourceargument (the current user is determined by
Rename controller methods:
Initial release (basically)