Authorization check done in an after filter

[div]

Added a simple check in an after_filter ensuring that authorisation was indeed performed. If called from ApplicationController this method will make sure you explicitly define all the actions that do not need authorisation to be performed, kind of whitelisting approach. The implementation is basically taken from cancan.

[nathanl]

It took me some time to understand this feature, but I like it! I think it can make applications safer.

Of course, by the time we get to the after_filter, the action has already been completed, with or without authorization. But hopefully this exception will get the developers' attention while before their code reaches production.

I'm going to make a couple of comments on the code for changes I'd like to see.

[div]

Hey, Nathan! Please take a look and I can squash if all is fine.

[nathanl]

This looks great! I'm really pleased with this feature and look forward to using it myself. You did a great job on it.

Thanks so much! Squash as you like and let me know when you want it merged.

[div]

Thanks for the kind words! I think i would prefer not to squash so to not mess things up, since i've merged master in already.

[nathanl]

Merged! Thanks so much!

I'm going to add some info in the README and in the CHANGELOG. I'd like to put a little line of thanks in the CHANGELOG for your work on this. Your profile doesn't list your actual name. Would you like me to credit you as @div or something else?

[div]

Thanks, I'm Igor Davydov, had no idea there's no real name there.

[nathanl]

Great. See how this looks to you: https://github.com/nathanl/authority/pull/58