From ef22de689bd600dc932476c847e3ee261e6b0843 Mon Sep 17 00:00:00 2001 From: Ryan Bates Date: Tue, 15 Dec 2009 10:53:05 -0800 Subject: [PATCH] adding custom message argument to unauthorized! method - closes #18 --- CHANGELOG.rdoc | 3 +++ README.rdoc | 2 +- lib/cancan/controller_additions.rb | 18 ++++++++---------- spec/cancan/controller_additions_spec.rb | 10 ++++++++-- 4 files changed, 20 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.rdoc b/CHANGELOG.rdoc index 5e9e7ae..6be73e5 100644 --- a/CHANGELOG.rdoc +++ b/CHANGELOG.rdoc @@ -1,3 +1,6 @@ +* Adding custom message argument to unauthorized! method (thanks tjwallace) - see issue #18 + + 1.0.1 (Dec 14, 2009) * Adding :class option to load_resource so one can customize which class to use for the model - see issue #17 diff --git a/README.rdoc b/README.rdoc index d5c6f27..beb96dc 100644 --- a/README.rdoc +++ b/README.rdoc @@ -66,7 +66,7 @@ If the user authorization fails, a CanCan::AccessDenied exception will be raised class ApplicationController < ActionController::Base rescue_from CanCan::AccessDenied do |exception| - flash[:error] = "Sorry, you are not allowed to access that page." + flash[:error] = exception.message redirect_to root_url end end diff --git a/lib/cancan/controller_additions.rb b/lib/cancan/controller_additions.rb index 92695a6..4d1f05b 100644 --- a/lib/cancan/controller_additions.rb +++ b/lib/cancan/controller_additions.rb @@ -123,24 +123,22 @@ module CanCan # unauthorized! if cannot? :read, @article # end # - # You can rescue from the exception in the controller to specify - # the user experience. + # The unauthorized! method accepts an optional argument which sets the + # message of the exception. + # + # You can rescue from the exception in the controller to define the behavior. # # class ApplicationController < ActionController::Base - # rescue_from CanCan::AccessDenied, :with => :access_denied - # - # protected - # - # def access_denied - # flash[:error] = "Sorry, you are not allowed to access that page." + # rescue_from CanCan::AccessDenied do |exception| + # flash[:error] = exception.message # redirect_to root_url # end # end # # See the load_and_authorize_resource method to automatically add # the "unauthorized!" behavior to a RESTful controller's actions. - def unauthorized! - raise AccessDenied, "You are unable to access this page." + def unauthorized!(message = "You are not authorized to access this page.") + raise AccessDenied, message end # Creates and returns the current user's ability. You generally do not invoke diff --git a/spec/cancan/controller_additions_spec.rb b/spec/cancan/controller_additions_spec.rb index 31e1eb0..ac5bbd8 100644 --- a/spec/cancan/controller_additions_spec.rb +++ b/spec/cancan/controller_additions_spec.rb @@ -9,10 +9,16 @@ describe CanCan::ControllerAdditions do @controller_class.send(:include, CanCan::ControllerAdditions) end - it "should read from the cache with request uri as key and render that text" do + it "should raise access denied with default message when calling unauthorized!" do lambda { @controller.unauthorized! - }.should raise_error(CanCan::AccessDenied) + }.should raise_error(CanCan::AccessDenied, "You are not authorized to access this page.") + end + + it "should raise access denied with custom message when calling unauthorized!" do + lambda { + @controller.unauthorized! "Access denied!" + }.should raise_error(CanCan::AccessDenied, "Access denied!") end it "should have a current_ability method which generates an ability for the current user" do