Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Extend NotAuthorizedError with user, record and query information

  • Loading branch information...
commit 6c2707bddf25914151e548689d245dfe55c1e722 1 parent baf681a
Thomas Klemm authored
Showing with 14 additions and 2 deletions.
  1. +6 −2 lib/pundit.rb
  2. +8 −0 spec/pundit_spec.rb
8 lib/pundit.rb
View
@@ -5,7 +5,9 @@
require "active_support/core_ext/object/blank"
module Pundit
- class NotAuthorizedError < StandardError; end
+ class NotAuthorizedError < StandardError
+ attr_accessor :user, :record, :query
+ end
class NotDefinedError < StandardError; end
extend ActiveSupport::Concern
@@ -56,7 +58,9 @@ def authorize(record, query=nil)
query ||= params[:action].to_s + "?"
@_policy_authorized = true
unless policy(record).public_send(query)
- raise NotAuthorizedError, "not allowed to #{query} this #{record}"
+ e = NotAuthorizedError.new
+ e.user, e.record, e.query = pundit_user, record, query
+ raise e, "not allowed to #{query} this #{record}"
end
true
end
8 spec/pundit_spec.rb
View
@@ -224,6 +224,14 @@ def destroy?
it "raises an error when the permission check fails" do
expect { controller.authorize(Post.new) }.to raise_error(Pundit::NotAuthorizedError)
end
+
+ it "raises an error with a user, record and query" do
+ expect { controller.authorize(post, :destroy?) }.to raise_error do |error|
+ expect(error.user).to eq user
+ expect(error.record).to eq post
+ expect(error.query).to eq :destroy?
+ end
+ end
end
describe "#pundit_user" do
Please sign in to comment.
Something went wrong with that request. Please try again.