- Added generic
current_user.can?(:mimic_lemurs)for cases where there is no resource to work with. This calls a corresponding class method on
authority_actions(plural) to reflect the fact that you can set multiple actions at once. Use of the old method will raise a deprecation warning.
- Lots of test cleanup so that test output is clearer - run rspec with
--format doc --order defaultto see it.
Allow passing options hash to
authorize_action_for(@llama, :sporting => @hat_style).
Allow passing options hash, like
current_user.can_create?(Comment, :for => @post).
Documentation and test cleanup.
Breaking change: models now assume their authorizer is
ApplicationAuthorizerunless told otherwise. Generator creates a blank
ApplicationAuthorizer. This, combined with the change in v1.1.0, makes the
default_strategyproc obsolete in favor of straightforward inheritance of a
defaultmethod, so support for
- Added accessors to
Authority::SecurityViolationfor user, action and resource, for use in custom security violation handlers.
Authority::Authorizer.defaultclass method which is called before the
default_strategyproc and delegates to that proc. This can be overridden per authorizer.
config.security_violation_handlerso users can specify which controller method to use when rescuing
- Removed generator to make blank authorizers. On further consideration, one authorizer per model is counterproductive for most use cases, and I'd rather not encourage misuse.
Added generator to make blank authorizers. See
rails g authority:authorizers --help.
- Rename controller methods (again):
- Cleaned up
authorize_action_forto only accept a
resourceargument (the current user is determined by
Rename controller methods:
Initial release (basically)