lib/authority/controller.rb in authority-1.0.0.pre4 vs lib/authority/controller.rb in authority-1.0.0

@@ -4,14 +4,22 @@
     # Gets included into the app's controllers automatically by the railtie
 
     extend ActiveSupport::Concern
 
     included do
-      rescue_from Authority::SecurityViolation, :with => :authority_forbidden
+      rescue_from(Authority::SecurityViolation, :with => Authority::Controller.security_violation_callback)
       class_attribute :authority_resource
     end
 
+    def self.security_violation_callback
+      Proc.new do |exception|
+        # Through the magic of ActiveSupport's Proc#bind, `ActionController::Base#rescue_from`
+        # can call this proc and make `self` the actual controller instance
+        self.send(Authority.configuration.security_violation_handler, exception)
+      end
+    end
+
     module ClassMethods
 
       # Sets up before_filter to ensure user is allowed to perform a given controller action
       #
       # @param [Class] model_class - class whose authorizer should be consulted
@@ -35,9 +43,10 @@
       #
       # @return [Hash] A duplicated copy of the configured controller_action_map
       def authority_action_map
         @authority_action_map ||= Authority.configuration.controller_action_map.dup
       end
+
     end
 
     protected
 
     # Renders a static file to minimize the chances of further errors.