Clarify default strategy args in README; update TODO

nathanl · Apr 20, 2012 · bb15944 · bb15944
1 parent fe7142d
commit bb15944
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/README.markdown b/README.markdown
@@ -180,6 +180,7 @@ You can configure a different default strategy. For example, you might want one
 
 ```ruby
 # In config/initializers/authority.rb
+# Example args: :creatable, AdminAuthorizer, user
 config.default_strategy = Proc.new do |able, authorizer, user|
   # Does the user have any of the roles which give this permission?
   (roles_which_grant(able, authorizer) & user.roles).any?

diff --git a/TODO.markdown b/TODO.markdown
@@ -11,3 +11,4 @@
 ## Features
 
 - It would be nice to have an `authorized_link_to` method, which determines from the given path and the user's permissions whether to show the link. Not sure yet how hard this would be.
+- **Breaking change**: Rework default strategies: instead of a single proc, have the configuration control the definition of `def self.default_strategy` on `Authority::Authorizer`. This will enable the user to override that method on any individual authorizer. So, for example, one could express "anyone can do anything with a widget" by defining `WidgetAuthorizer#default_strategy` to always return `true`, and "any admin can do anything with an admin-only resource, but nobody else can mess with them" by defining `AdminAuthorizer#default_strategy` to always return `user.is_admin?`.