This is mainly to document major new features and backwards-incompatible changes.
Breaking change: models now assume their authorizer is
ApplicationAuthorizerunless told otherwise. Generator creates a blank
ApplicationAuthorizer. This, combined with the change in v1.1.0, makes the
default_strategyproc obsolete in favor of straightforward inheritance of a
defaultmethod, so support for
- Added accessors to
Authority::SecurityViolationfor user, action and resource, for use in custom security violation handlers.
Authority::Authorizer.defaultclass method which is called before the
default_strategyproc and delegates to that proc. This can be overridden per authorizer.
config.security_violation_handlerso users can specify which controller method to use when rescuing
- Removed generator to make blank authorizers. On further consideration, one authorizer per model is counterproductive for most use cases, and I'd rather not encourage misuse.
Added generator to make blank authorizers. See
rails g authority:authorizers --help.
- Rename controller methods (again):
- Cleaned up
authorize_action_forto only accept a
resourceargument (the current user is determined by
Rename controller methods:
Initial release (basically)