v0.4.0

CHANGELOG.md

@@ -1,3 +1,13 @@
+# v0.4.0
+
+## Fixes
+
+- Returns `403` status code, to represent recognized but not authorized, instead `401`;
+
+## Features
+
+- Added `denied` callback allowing a custom acess denied treatment;
+
 # v0.3.0
 
 ## Features

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authorizy (0.3.0)
+    authorizy (0.4.0)
 
 GEM
   remote: https://rubygems.org/
@@ -112,7 +112,7 @@ GEM
     rubocop-performance (1.11.5)
       rubocop (>= 1.7.0, < 2.0)
       rubocop-ast (>= 0.4.0)
-    rubocop-rails (2.11.3)
+    rubocop-rails (2.12.2)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 1.7.0, < 2.0)

README.md

@@ -8,10 +8,6 @@
 
 A JSON based Authorization.
 
-##### Why not [cancancan](https://github.com/CanCanCommunity/cancancan)?
-
-I have been working with cancan/cancancan for years. Since the beginning with [database access](https://github.com/CanCanCommunity/cancancan/blob/develop/docs/Abilities-in-Database.md). After a while, I realised I built a couple of abstractions around `ability` class and suddenly migrated to JSON for better performance. As I need a full role admin I decided to start to extract this logic to a gem.
-
 ## Install
 
 Add the following code on your `Gemfile` and run `bundle install`:
@@ -142,6 +138,14 @@ Authorizy.configure do |config|
 end
 ```
 
+### Denied
+
+When some access is denied, by default, Authorizy checks if it is a XHR request or not and then redirect or serializes a message with status code `403`. You can rescue it by yourself:
+
+```ruby
+config.denied = ->(context) { context.redirect_to(subscription_path, info: 'Subscription expired!') }
+```
+
 ### Dependencies
 
 You can allow access to one or more controllers and actions based on your permissions. It'll consider not only the `action`, like [aliases](#aliases) but the controller either.

lib/authorizy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Authorizy
-  VERSION = '0.3.0'
+  VERSION = '0.4.0'
 end