class Authority::MissingUser

Public Instance Methods

message() click to toggle source
# File lib/authority.rb, line 73
def message
  "You tried to check authorization on `nil`. Authority doesn't know what
  `nil` is allowed to do.  There are two ways you can fix this.

  1. Authenticate before authorizing. If the user isn't signed in, force
  them to sign in before they can attempt any action that requires
  authorization.

  2. When the user is not signed in, return a Null Object instead of
  `nil`. (You could create an AnonymousUser class, for example.) It should
  respond to the normal methods Authority will call (like `can_delete?`),
  possibly by including `Authority::UserAbilities` and teaching your authorizers
  what an anonymous user can do.

  The downside of solution #2 is that a user who forgot to sign in will be
  told they are not authorized for an action they could normally do. This might
  be confusing.

  However, you might use both strategies in different parts of your application.
  "
end