lib/pragma/operation/authorization.rb in pragma-operation-1.5.0 vs lib/pragma/operation/authorization.rb in pragma-operation-1.6.0
- old
+ new
@@ -71,11 +71,13 @@
params.each_pair do |name, value|
next unless policy.resource.respond_to?("#{name}=")
policy.resource.send("#{name}=", value)
end
- policy.send("#{self.class.operation_name}?")
+ policy.send("#{self.class.operation_name}?").tap do |result|
+ after_authorization result
+ end
end
# Authorizes this operation on the provided resource or policy. If the user is not
# authorized to perform the operation, responds with 403 Forbidden and an error body and
# halts the execution.
@@ -89,9 +91,15 @@
resource: {
error_type: :forbidden,
error_message: 'You are not authorized to perform this operation.'
}
)
+ end
+
+ # Runs after authorization is done.
+ #
+ # @param result [Boolean] the result of the authorization
+ def after_authorization(result)
end
# Scopes the provided collection.
#
# If no policy class is defined, simply returns the collection.