lib/authority.rb in authority-2.2.0 vs lib/authority.rb in authority-2.3.0
- old
+ new
@@ -1,10 +1,11 @@
require 'active_support/concern'
require 'active_support/core_ext/class/attribute'
require 'active_support/core_ext/hash/keys'
require 'active_support/core_ext/string/inflections'
require 'logger'
+require 'authority/security_violation'
module Authority
# NOTE: once this method is called, the library has started meta programming
# and abilities should no longer be modified
@@ -28,20 +29,24 @@
# @param [User] user instance
# @param [Hash] options, arbitrary options hash to delegate to the authorizer
# @raise [SecurityViolation] if user is not allowed to perform action on resource
# @return [Model] resource instance
def self.enforce(action, resource, user, *options)
- action_authorized = if options.empty?
- user.send("can_#{action}?", resource)
- else
- user.send("can_#{action}?", resource, Hash[*options])
- end
- raise SecurityViolation.new(user, action, resource) unless action_authorized
-
+ unless action_authorized?(action, resource, user, *options)
+ raise SecurityViolation.new(user, action, resource)
+ end
resource
end
+ def self.action_authorized?(action, resource, user, *options)
+ if options.empty?
+ user.send("can_#{action}?", resource)
+ else
+ user.send("can_#{action}?", resource, Hash[*options])
+ end
+ end
+
class << self
attr_accessor :configuration
end
def self.configure
@@ -56,23 +61,9 @@
def self.require_authority_internals!
require 'authority/abilities'
require 'authority/authorizer'
require 'authority/user_abilities'
- end
-
- class SecurityViolation < StandardError
- attr_reader :user, :action, :resource
-
- def initialize(user, action, resource)
- @user = user
- @action = action
- @resource = resource
- end
-
- def message
- "#{@user} is not authorized to #{@action} this resource: #{@resource}"
- end
end
end
require 'authority/configuration'