kotovalexarian-likes-github/varvet--pundit
1
0
Fork 0
mirror of https://github.com/varvet/pundit.git synced 2022-11-09 12:30:11 -05:00
Code Releases Activity

Document a way to handle error messages using I18n.

Browse source
This commit is contained in:
Ulysse Carion 2014-03-05 09:05:00 -08:00
parent f19e8c1c78
commit ce79b470cf
1 changed files with 42 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
README.md
View file

@ -276,7 +276,10 @@ end
## Rescuing a denied Authorization in Rails ## Rescuing a denied Authorization in Rails
Pundit raises a `Pundit::NotAuthorizedError` you can [rescue_from](http://guides.rubyonrails.org/action_controller_overview.html#rescue-from) in your `ApplicationController`. You can customize the `user_not_authorized` method in every controller. Pundit raises a `Pundit::NotAuthorizedError` you can
[rescue_from](http://guides.rubyonrails.org/action_controller_overview.html#rescue-from)
in your `ApplicationController`. You can customize the `user_not_authorized`
method in every controller.
```ruby ```ruby
class ApplicationController < ActionController::Base class ApplicationController < ActionController::Base
@ -289,11 +292,48 @@ class ApplicationController < ActionController::Base
def user_not_authorized def user_not_authorized
flash[:error] = "You are not authorized to perform this action." flash[:error] = "You are not authorized to perform this action."
redirect_to request.headers["Referer"] || root_path redirect_to(request.referrer || root_path)
end end
end end
``` ```
### Creating custom error messages
`NotAuthorizedError`s provide information on what query (e.g. `:create?`), what
record (e.g. an instance of `Post`), and what policy (e.g. an instance of
`PostPolicy`) caused the error to be raised.
One way to use these `query`, `record`, and `policy` properties is to connect
them with `I18n` to generate error messages. Here's how you might go about doing
that.
```ruby
class ApplicationController < ActionController::Base
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
private
def user_not_authorized(exception)
policy_name = exception.policy.class.to_s.underscore
flash[:error] = I18n.t "pundit.#{policy_name}.#{exception.query}",
default: 'You cannot perform this action.'
redirect_to(request.referrer || root_path)
end
end
```
```yaml
en:
pundit:
post_policy:
update?: 'You cannot edit this post!'
create?: 'You cannot create posts!'
```
Of course, this is just an example. Pundit is agnostic as to how you implement
your error messaging.
## Manually retrieving policies and scopes ## Manually retrieving policies and scopes
Sometimes you want to retrieve a policy for a record outside the controller or Sometimes you want to retrieve a policy for a record outside the controller or