adding custom message argument to unauthorized! method - closes #18

2009-12-15 10:53:05 -08:00 · 2009-12-15 10:53:05 -08:00 · ef22de689b
commit ef22de689b
parent 67416532f4
4 changed files with 20 additions and 13 deletions
--- a/CHANGELOG.rdoc
+++ b/CHANGELOG.rdoc
@ -1,3 +1,6 @@
+* Adding custom message argument to unauthorized! method (thanks tjwallace) - see issue #18
+
+
 1.0.1 (Dec 14, 2009)

 * Adding :class option to load_resource so one can customize which class to use for the model - see issue #17
--- a/README.rdoc
+++ b/README.rdoc
@ -66,7 +66,7 @@ If the user authorization fails, a CanCan::AccessDenied exception will be raised

  class ApplicationController < ActionController::Base
    rescue_from CanCan::AccessDenied do |exception|
-      flash[:error] = "Sorry, you are not allowed to access that page."
+      flash[:error] = exception.message
      redirect_to root_url
    end
  end
--- a/lib/cancan/controller_additions.rb
+++ b/lib/cancan/controller_additions.rb
@ -123,24 +123,22 @@ module CanCan
    #     unauthorized! if cannot? :read, @article
    #   end
    # 
-    # You can rescue from the exception in the controller to specify
-    # the user experience.
+    # The unauthorized! method accepts an optional argument which sets the
+    # message of the exception.
+    # 
+    # You can rescue from the exception in the controller to define the behavior.
    # 
    #   class ApplicationController < ActionController::Base
-    #     rescue_from CanCan::AccessDenied, :with => :access_denied
-    #   
-    #     protected
-    #   
-    #     def access_denied
-    #       flash[:error] = "Sorry, you are not allowed to access that page."
+    #     rescue_from CanCan::AccessDenied do |exception|
+    #       flash[:error] = exception.message
    #       redirect_to root_url
    #     end
    #   end
    # 
    # See the load_and_authorize_resource method to automatically add
    # the "unauthorized!" behavior to a RESTful controller's actions.
-    def unauthorized!
-      raise AccessDenied, "You are unable to access this page."
+    def unauthorized!(message = "You are not authorized to access this page.")
+      raise AccessDenied, message
    end
    
    # Creates and returns the current user's ability. You generally do not invoke
--- a/spec/cancan/controller_additions_spec.rb
+++ b/spec/cancan/controller_additions_spec.rb
@ -9,10 +9,16 @@ describe CanCan::ControllerAdditions do
    @controller_class.send(:include, CanCan::ControllerAdditions)
  end
  
-  it "should read from the cache with request uri as key and render that text" do
+  it "should raise access denied with default message when calling unauthorized!" do
    lambda {
      @controller.unauthorized!
-    }.should raise_error(CanCan::AccessDenied)
+    }.should raise_error(CanCan::AccessDenied, "You are not authorized to access this page.")
+  end
+  
+  it "should raise access denied with custom message when calling unauthorized!" do
+    lambda {
+      @controller.unauthorized! "Access denied!"
+    }.should raise_error(CanCan::AccessDenied, "Access denied!")
  end
  
  it "should have a current_ability method which generates an ability for the current user" do