Skip to content
Browse files

Clarify default strategy args in README; update TODO

  • Loading branch information...
1 parent fe7142d commit bb159446f260512ac87e9588806532f0219e7760 @nathanl committed Apr 20, 2012
Showing with 2 additions and 0 deletions.
  1. +1 −0 README.markdown
  2. +1 −0 TODO.markdown
1 README.markdown
@@ -180,6 +180,7 @@ You can configure a different default strategy. For example, you might want one
# In config/initializers/authority.rb
+# Example args: :creatable, AdminAuthorizer, user
config.default_strategy = do |able, authorizer, user|
# Does the user have any of the roles which give this permission?
(roles_which_grant(able, authorizer) & user.roles).any?
1 TODO.markdown
@@ -11,3 +11,4 @@
## Features
- It would be nice to have an `authorized_link_to` method, which determines from the given path and the user's permissions whether to show the link. Not sure yet how hard this would be.
+- **Breaking change**: Rework default strategies: instead of a single proc, have the configuration control the definition of `def self.default_strategy` on `Authority::Authorizer`. This will enable the user to override that method on any individual authorizer. So, for example, one could express "anyone can do anything with a widget" by defining `WidgetAuthorizer#default_strategy` to always return `true`, and "any admin can do anything with an admin-only resource, but nobody else can mess with them" by defining `AdminAuthorizer#default_strategy` to always return `user.is_admin?`.

0 comments on commit bb15944

Please sign in to comment.
Something went wrong with that request. Please try again.