New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add #query and #record properties to Pundit::NotAuthorizedError. #114

Merged
merged 1 commit into from Mar 5, 2014
Jump to file or symbol
Failed to load files and symbols.
+20 −3
Diff settings

Always

Just for now

View
@@ -5,7 +5,10 @@
require "active_support/core_ext/object/blank"
module Pundit
class NotAuthorizedError < StandardError; end
class NotAuthorizedError < StandardError
attr_accessor :query, :record, :policy
end
class NotDefinedError < StandardError; end
extend ActiveSupport::Concern
@@ -55,9 +58,15 @@ def verify_policy_scoped
def authorize(record, query=nil)
query ||= params[:action].to_s + "?"
@_policy_authorized = true
unless policy(record).public_send(query)
raise NotAuthorizedError, "not allowed to #{query} this #{record}"
policy = policy(record)
unless policy.public_send(query)
error = NotAuthorizedError.new("not allowed to #{query} this #{record}")
error.query, error.record, error.policy = query, record, policy
raise error
end
true
end
View
@@ -224,6 +224,14 @@ def destroy?
it "raises an error when the permission check fails" do
expect { controller.authorize(Post.new) }.to raise_error(Pundit::NotAuthorizedError)
end
it "raises an error with a query and action" do
expect { controller.authorize(post, :destroy?) }.to raise_error do |error|
expect(error.query).to eq :destroy?
expect(error.record).to eq post
expect(error.policy).to eq controller.policy(post)
end
end
end
describe "#pundit_user" do
ProTip! Use n and p to navigate between commits in a pull request.