Models could assume an authorizer based on name, if it exists

nathanl / authority

*CURRENTLY UNMAINTAINED*. Authority helps you authorize actions in your Rails app. It's ORM-neutral and has very little fancy syntax; just group your models under one or more Authorizer classes and write plain Ruby methods on them.

MIT License

1.21k stars 67 forks source link

Models could assume an authorizer based on name, if it exists #27

Closed nathanl closed 11 years ago

nathanl commented 11 years ago

A possible feature for consideration: models currently start out assuming that their authorizer is ApplicationAuthorizer. The Comment model doesn't automatically look for a CommentAuthorizer because it often makes sense to group multiple models under the same authorizer.

However, wouldn't it be sensible to at least check for the existence of an authorizer with a corresponding name? It's unlikely that you'd create a Comment model and a CommentAuthorizer and not want to hook them together.

If Comment hasn't been told what authorizer to use, should it look for CommentAuthorizer first, then failing that, assume ApplicationAuthorizer?

adamhunter commented 11 years ago

:+1: (make sure you handle namespaced models properly though)

nathanl commented 11 years ago

@adamhunter - Good point.

I'd say Piano::Key should look for Piano::KeyAuthorizer, not PianoKeyAuthorizer or somesuch thing. Agreed?

nathanl commented 11 years ago

Also, would you consider this a breaking change, needing a major version bump? If anyone has a CommentAuthorizer and haven't specified an authorizer for Comment, all of a sudden they will get switched from ApplicationAuthorizer. Seems like a small chance, though.

adamhunter commented 11 years ago

I think you can get away with a minor version bump. If anything the person in that use case is broken, not Authority.

nathanl commented 11 years ago

Done - released 2.5.0.