From b0cf1a56422e1a2ffbc99ddeb422a205a5557227 Mon Sep 17 00:00:00 2001 From: Brendan Thomas Date: Mon, 4 Mar 2019 16:38:26 -0500 Subject: [PATCH] return a safer NotAuthorizedError message --- lib/pundit.rb | 2 +- spec/pundit_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pundit.rb b/lib/pundit.rb index a5331ab..7ab1c4e 100644 --- a/lib/pundit.rb +++ b/lib/pundit.rb @@ -30,7 +30,7 @@ module Pundit @record = options[:record] @policy = options[:policy] - message = options.fetch(:message) { "not allowed to #{query} this #{record.inspect}" } + message = options.fetch(:message) { "not allowed to #{query} this #{record.class}" } end super(message) diff --git a/spec/pundit_spec.rb b/spec/pundit_spec.rb index 9630c42..6f17860 100644 --- a/spec/pundit_spec.rb +++ b/spec/pundit_spec.rb @@ -36,7 +36,7 @@ describe Pundit do # rubocop:disable Style/MultilineBlockChain expect do Pundit.authorize(user, post, :destroy?) - end.to raise_error(Pundit::NotAuthorizedError, "not allowed to destroy? this #") do |error| + end.to raise_error(Pundit::NotAuthorizedError, "not allowed to destroy? this Post") do |error| expect(error.query).to eq :destroy? expect(error.record).to eq post expect(error.policy).to eq Pundit.policy(user, post)