From f50400c147ad19e7854d3f2469cefe92dea2687b Mon Sep 17 00:00:00 2001
From: Bill Tihen <btihen@gmail.com>
Date: Wed, 26 Aug 2020 12:49:30 +0200
Subject: [PATCH] remove auth_dsl_file '.freeze' so that Engines can also load
 auth info too

---
 lib/declarative_authorization/authorization.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/declarative_authorization/authorization.rb b/lib/declarative_authorization/authorization.rb
index 429e4bab..8d8565e2 100644
--- a/lib/declarative_authorization/authorization.rb
+++ b/lib/declarative_authorization/authorization.rb
@@ -20,7 +20,12 @@ class AuthorizationUsageError < AuthorizationError; end
   # The exception is raised to ensure that the entire rule is invalidated.
   class NilAttributeValueError < AuthorizationError; end
 
-  AUTH_DSL_FILES = [Pathname.new(Rails.root || '').join('config', 'authorization_rules.rb').to_s].freeze unless defined? AUTH_DSL_FILES
+  # although .freeze is a good idea, unfortunately this breaks when engines
+  # add information after 'AUTH_DSL_FILES' is defined by rails core
+  AUTH_DSL_FILES  = [ Pathname.new(Rails.root || '')
+                              .join('config', 'authorization_rules.rb')
+                              .to_s
+                    ] unless defined? AUTH_DSL_FILES
 
   # Controller-independent method for retrieving the current user.
   # Needed for model security where the current controller is not available.