Authority has had two new features for Rails controllers, added recently by Igor Davydov.
Preventing "forgot to authorize" errors
First, we have a new controller method, ensure_authorization_performed. This sets up an after_filter to raise an exception if the action completes without having any authorization run.
This should be a handy tool in development mode for making sure you haven't forgotten any actions. Igor borrowed the idea from CanCan's check_authorization method, but Authority's implementation is a bit more flexible, allowing you to roll your own skippable filters if you like.
Shorthand for nested resources
Second, for times when you want to authorize all actions in a controller the same way, we now have an all_actions key. This could be handy for nested resources. As the README says: you might say "you're allowed to do anything you like with an employee if you're allowed to update their organization".
class EmployeesController < ApplicationController
authorize_actions_for :parent_resource, all_actions: :update
private
def parent_resource
Employer.find(params[:employer_id])
end
endBoth features are now documented in the README and in the CHANGELOG file.