Merge pull request #27 from venuu/readme-updates-for-pr-24

Update README to accommodate changes done in #24
venuu · Aug 4, 2016 · 14123c7 · 14123c7
2 parents 166fc01 + c3bbca2
commit 14123c7
Showing 1 changed file with 29 additions and 34 deletions.
diff --git a/README.md b/README.md
@@ -2,6 +2,13 @@
 
 [![Build Status](https://img.shields.io/travis/venuu/jsonapi-authorization/master.svg?style=flat&maxAge=3600)](https://travis-ci.org/venuu/jsonapi-authorization) [![Gem Version](https://img.shields.io/gem/v/jsonapi-authorization.svg?style=flat&maxAge=3600)](https://rubygems.org/gems/jsonapi-authorization)
 
+**NOTE:** This README is the documentation for `JSONAPI::Authorization`. If you are viewing this at the
+[project page on Github](https://github.com/venuu/jsonapi-authorization) you are viewing the documentation for the `master`
+branch. This may contain information that is not relevant to the release you are using. Please see the README for the
+[version](https://github.com/venuu/jsonapi-authorization/releases) you are using.
+
+ ---
+
 `JSONAPI::Authorization` adds authorization to the [jsonapi-resources][jr] (JR) gem using [Pundit][pundit].
 
 ***PLEASE NOTE:*** This gem is still considered to be ***alpha quality***. Make sure to test for authorization in your application, too. We should have coverage of all operations, though. If that isn't the case, please [open an issue][issues].
@@ -28,25 +35,34 @@ Or install it yourself as:
 
 ## Usage
 
-Make sure you have a Pundit policy specified for every backing model that your JR resources use. Then hook this gem up to your application like so:
+First make sure you have a Pundit policy specified for every backing model that your JR resources use.
+
+Hook up this gem as the default processor for JR, and optionally allow rescuing from `Pundit::NotAuthorizedError` to output better errors for unauthorized requests:
 
 ```ruby
+# config/initializers/jsonapi-resources.rb
 JSONAPI.configure do |config|
-  config.operations_processor = :jsonapi_authorization
+  config.default_processor_klass = JSONAPI::Authorization::AuthorizingProcessor
+  config.exception_class_whitelist = [Pundit::NotAuthorizedError]
 end
 ```
 
-Make all your JR controllers specify the user in the `context` if you are using the default authorizer class (see [Configuration](#configuration) below):
+Make all your JR controllers specify the user in the `context` and rescue errors thrown by unauthorized requests:
 
 ```ruby
 class BaseResourceController < ActionController::Base
   include JSONAPI::ActsAsResourceController
+  rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
 
   private
 
   def context
     {user: current_user}
   end
+
+  def user_not_authorized
+    head :forbidden
+  end
 end
 ```
 
@@ -59,49 +75,28 @@ class BaseResource < JSONAPI::Resource
 end
 ```
 
-If you want to send a custom response for unauthorized requests, add a `rescue_from` hook to your `BaseResourceController` and whitelist `Pundit::NotAuthorizedError` in your JR configuration.
-
-## Known bugs
+## Configuration
 
-There is a bug affecting `jsonapi-resources` error whitelisting, see https://github.com/cerebris/jsonapi-resources/pull/573. To make your whitelisting and `rescue_from` to work properly, here is a potential workaround:
+You can use a custom authorizer class by specifying a configure block in an initializer file. If using a custom authorizer class, be sure to require them at the top of the initializer before usage.
 
 ```ruby
-JSONAPI.configure do |config|
-  config.exception_class_whitelist = [Pundit::NotAuthorizedError]
+JSONAPI::Authorization.configure do |config|
+  config.authorizer = MyCustomAuthorizer
 end
 ```
 
-```ruby
-class BaseResourceController < ActionController::Base
-  rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
+## Troubleshooting
 
-  private
+### "Unable to find policy" exception for a request
 
-  # https://github.com/cerebris/jsonapi-resources/pull/573
-  def handle_exceptions(e)
-    if JSONAPI.configuration.exception_class_whitelist.any? { |k| e.class.ancestors.include?(k) }
-      raise e
-    else
-      super
-    end
-  end
+The exception might look like this for resource class `ArticleResource` that is backed by `Article` model:
 
-  def user_not_authorized
-    head :forbidden
-  end
-end
 ```
-
-## Configuration
-
-You can use a custom authorizer class by specifying a configure block in an initializer file. If using a custom authorizer class, be sure to require them at the top of the initializer before usage.
-
-```ruby
-JSONAPI::Authorization.configure do |config|
-  config.authorizer = MyCustomAuthorizer
-end
+unable to find policy `ArticlePolicy` for `Article'
 ```
 
+This means that you don't have a policy class created for your model. Create one and the error should go away.
+
 ## Development
 
 After checking out the repo, run `bundle install` to install dependencies. Then, run `bundle exec rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.