Let authorizer raise error, rename authorizing methods, and fix response if not found. (!248) · Merge requests · schleuder / schleuder

paz requested to merge paz/authorize-with-a-bang into release-4.0 Jan 08, 2019

If we use exceptions in case of authorization failures, we should raise them closer to the code that is responsible for the authorization decision. This way, calling code has the same responses to expect also for authorization requests that pass the resource-controllers.
The authorization methods do not return a boolean, which we would have to check, but raise an exception, so they should end in an exclamation mark, not a question mark.
This MR also changes one behaviour: Previously, if a request was authorized successfully, and a resource could not be found, the resource-controller raised Errors::Unauthorized. I think that's a bug and fixed it so that (only for authorized requests) the return value of the resource-controller is nil, and the api-controller responds with 404.

Edited Jan 11, 2019 by paz

Let authorizer raise error, rename authorizing methods, and fix response if not found.