Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improved NotAuthorizedError message when record is a class #647

Closed

Conversation

mrloop
Copy link

@mrloop mrloop commented Mar 12, 2020

In some cases you may want to authorize actions against a class not
instance of that class. If authorization fails when a class is passed to
authorize the error message is unhelpful. For example

not allowed to index? Class

This PR checks if an instance or class was passed and provides more
informative error message in the case of a class. The error
message for an instance being passed remains the same.

For a concrete example of class being passed see jsonapi-authorization

https://github.com/venuu/jsonapi-authorization/blob/3251c6589d31bc931ee3a98c5c47e16eedd82b97/lib/jsonapi/authorization/default_pundit_authorizer.rb#L28-L31

@mrloop mrloop force-pushed the better-error-message-for-record-class branch from bb0c5bb to 2bda793 Compare March 12, 2020 09:31
In some cases you may want to authorize actions against a class not an
instance of that class. If authorization fails when a class is passed to
authorize the error message is unhelpful. For example

    not allowed to index? Class

This PR checks if an instance or class was passed and provides more
informative error message in the case of a class. The error
message for an instance being passed remains the same.

For a concrete example of class being passed see jsonapi-authorization
https://github.com/venuu/jsonapi-authorization/blob/3251c6589d31bc931ee3a98c5c47e16eedd82b97/lib/jsonapi/authorization/default_pundit_authorizer.rb#L28-L31
@mrloop mrloop force-pushed the better-error-message-for-record-class branch from 2bda793 to 03d01bb Compare March 12, 2020 09:46
@Burgestrand Burgestrand changed the title Better error message if authorize passed a Class Improved NotAuthorizedError message when record is a class May 30, 2024
@Burgestrand Burgestrand added this to the Next Pundit release milestone Jun 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants