73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
# File 'lib/authority.rb', line 73
def message
"You tried to check authorization on `nil`. Authority doesn't know what
`nil` is allowed to do. There are two ways you can fix this.
1. Authenticate before authorizing. If the user isn't signed in, force
them to sign in before they can attempt any action that requires
authorization.
2. When the user is not signed in, return a Null Object instead of
`nil`. (You could create an AnonymousUser class, for example.) It should
respond to the normal methods Authority will call (like `can_delete?`),
possibly by including `Authority::UserAbilities` and teaching your authorizers
what an anonymous user can do.
The downside of solution #2 is that a user who forgot to sign in will be
told they are not authorized for an action they could normally do. This might
be confusing.
However, you might use both strategies in different parts of your application.
"
end
|