class Authority::MissingUser
Public Instance Methods
message()
click to toggle source
# File lib/authority.rb, line 73 def message "You tried to check authorization on `nil`. Authority doesn't know what `nil` is allowed to do. There are two ways you can fix this. 1. Authenticate before authorizing. If the user isn't signed in, force them to sign in before they can attempt any action that requires authorization. 2. When the user is not signed in, return a Null Object instead of `nil`. (You could create an AnonymousUser class, for example.) It should respond to the normal methods Authority will call (like `can_delete?`), possibly by including `Authority::UserAbilities` and teaching your authorizers what an anonymous user can do. The downside of solution #2 is that a user who forgot to sign in will be told they are not authorized for an action they could normally do. This might be confusing. However, you might use both strategies in different parts of your application. " end