From d13f6e6568d8f2d4c196488c74fa0bf43afb7d28 Mon Sep 17 00:00:00 2001 From: Jonas Nicklas Date: Mon, 19 Nov 2012 13:06:48 +0100 Subject: [PATCH] Mention second argument to authorize in README --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index 23d704a..69ce581 100644 --- a/README.md +++ b/README.md @@ -87,6 +87,18 @@ and the given record. It then infers from the action name, that it should call raise "not authorized" unless PostPolicy.new(current_user, @post).create? ``` +You can pass a second arguent to `authorize` if the name of the permission you +want to check doesn't match the action name. For example: + +``` ruby +def publish + @post = Post.find(params[:id]) + authorize @post, :update? + @post.publish! + redirect_to @post +end +``` + You can easily get a hold of an instance of the policy through the `policy` method in both the view and controller. This is especially useful for conditionally showing links or buttons in the view: