lib/rasti/app/policy.rb in rasti-app-0.0.5 vs lib/rasti/app/policy.rb in rasti-app-0.0.6
- old
+ new
@@ -1,13 +1,22 @@
module Rasti
class App
class Policy
class UnauthorizedError < StandardError
+
+ attr_reader :user, :permission
+
def initialize(user, permission)
- super "Access denied [#{user} -> #{permission}]"
+ @user = user
+ @permission = permission
end
+
+ def message
+ "Permission denied [#{user} -> #{permission}]"
+ end
+
end
class << self
def authorizations
@@ -29,18 +38,18 @@
def initialize(container, context)
@container = container
@context = context
end
- def authorized?(permission, params)
+ def authorized?(permission, params={})
if self.class.authorizations.key? permission
self.class.authorizations[permission].call params
else
user.authorized? permission
end
end
- def authorize!(permission, params)
+ def authorize!(permission, params={})
raise UnauthorizedError.new(user.name, permission) unless authorized? permission, params
end
private
\ No newline at end of file