lib/authoreyes/helpers/in_controller.rb in authoreyes-0.2.1 vs lib/authoreyes/helpers/in_controller.rb in authoreyes-0.2.2

@@ -12,11 +12,10 @@
 
       # ApplicationController.send :before_action, :redirect_if_unauthorized
 
       # TODO: Implement this!
       def filter_resource_access(options = {})
-
       end
 
       ActionController::Base.send(:define_method, :redirect_if_unauthorized) do
         begin
           permitted_to! action_name
@@ -34,20 +33,28 @@
           session.delete :request_unauthorized
           response.status = :forbidden
         end
       end
 
+      ActionController::Metal.send(:define_method, :authorization_object) do
+        if params[:id].present?
+          begin
+            controller_name.singularize.capitalize.constantize.find(params[:id])
+          rescue NameError
+            logger.warn '[Authoreyes] Could not interpolate object!'
+          end
+        end
+      end
+
       ActionController::API.send(:define_method, :render_unauthorized) do
         begin
-          permitted_to! action_name
+          permitted_to! action_name, authorization_object
         rescue Authoreyes::Authorization::NotAuthorized => e
-          puts e
-          response_object = ActiveModelSerializers::Model.new()
-          response_object.attributes.merge!({
-            action: action_name,
-            controller: controller_name
-          })
+          logger.warn "[Authoreyes] #{e}"
+          response_object = ActiveModelSerializers::Model.new
+          response_object.attributes.merge!(action: action_name,
+                                            controller: controller_name)
           response_object.errors.add :action, e
           # Assumes ActiveModel::Serializers is used.
           # If not used, you will have to override `render_unauthorized`
           # in your ApplicationController.
           render json: response_object, status: :forbidden, adapter: :json_api, serializer: ActiveModel::Serializer::ErrorSerializer
@@ -92,25 +99,24 @@
       # Create hash of options to be used with ENGINE's permit methods
       def options_for_permit(object_or_sym = nil, options = {}, bang = true)
         context = object = nil
         if object_or_sym.nil?
           context = controller_name.to_sym
-        elsif !Authorization.is_a_association_proxy?(object_or_sym) and object_or_sym.is_a?(Symbol)
+        elsif !Authorization.is_a_association_proxy?(object_or_sym) && object_or_sym.is_a?(Symbol)
           context = object_or_sym
         else
           object = object_or_sym
         end
 
-        result = {:object => object,
-          :context => context,
-          :skip_attribute_test => object.nil?,
-          :bang => bang}.merge(options)
+        result = { object: object,
+                   context: context,
+                   # :skip_attribute_test => object.nil?,
+                   bang: bang }.merge(options)
         result[:user] = current_user unless result.key?(:user)
         result
       end
 
       class_methods do
-
       end
     end
   end
 end