lib/authority.rb in authority-2.1.0 vs lib/authority.rb in authority-2.2.0
- old
+ new
@@ -24,16 +24,20 @@
end
# @param [Symbol] action
# @param [Model] resource instance
# @param [User] user instance
+ # @param [Hash] options, arbitrary options hash to delegate to the authorizer
# @raise [SecurityViolation] if user is not allowed to perform action on resource
# @return [Model] resource instance
- def self.enforce(action, resource, user)
- action_authorized = user.send("can_#{action}?", resource)
- unless action_authorized
- raise SecurityViolation.new(user, action, resource)
- end
+ def self.enforce(action, resource, user, *options)
+ action_authorized = if options.empty?
+ user.send("can_#{action}?", resource)
+ else
+ user.send("can_#{action}?", resource, Hash[*options])
+ end
+ raise SecurityViolation.new(user, action, resource) unless action_authorized
+
resource
end
class << self
attr_accessor :configuration