Permalink
Browse files

Simpler explanation of custom exception handling [ci skip]

  • Loading branch information...
1 parent 5df4220 commit 1fd156cba1edb19bce17b32a312f95280f0caa41 @nathanl committed Jan 10, 2013
Showing with 2 additions and 24 deletions.
  1. +2 −24 README.markdown
View
@@ -389,12 +389,12 @@ Use this very sparingly, and consider it a [code smell](http://en.wikipedia.org/
If you're using Authority's view helpers, users should only see links for actions they're authorized to take. If a user deliberately tries to access a restricted resource (for instance, by typing the URL directly), Authority raises and rescues an `Authority::SecurityViolation`.
-When it rescues the exception, Authority calls whatever controller method is specified by your `security_violation_handler` option, handing it the exception. The default handler is `authority_forbidden`, which Authority adds to your `ApplicationController`. It does the following:
+When it rescues the exception, Authority calls whatever controller method is specified by your `security_violation_handler` option, handing it the exception. The default handler is `authority_forbidden`, which Authority mixes in to your `ApplicationController`. It does the following:
- Renders `public/403.html`
- Logs the violation to whatever logger you configured.
-You can define your own `authority_forbidden` method:
+You can define your own `authority_forbidden` method on `ApplicationController` and/or any other controller. For example:
```ruby
# Send 'em back where they came from with a slap on the wrist
@@ -404,28 +404,6 @@ def authority_forbidden(error)
end
```
-... or specify a different handler like this:
-
-```ruby
-# config/initializers/authority.rb
-config.security_violation_handler = :fire_ze_missiles
-```
-Then define the method on your controller:
-
-```ruby
-# app/controllers/application_controller.rb
-class ApplicationController < ActionController::Base
-
- def fire_ze_missiles(exception)
- # Log? Set a flash message? Dispatch minions to
- # fill their mailbox with goose droppings? It's up to you.
- end
-...
-end
-```
-
-If you want different error handling per controller, define `fire_ze_missiles` on each of them.
-
Your method will be handed the `SecurityViolation`, which has a `message` method. In case you want to build your own message, it also exposes `user`, `action` and `resource`.
<a name="credits">

0 comments on commit 1fd156c

Please sign in to comment.