Verified Commit 68747ea4 authored by paz's avatar paz

Let Authorizer raise the error, name the method appropriately.

If we use exceptions for authorization failures, we should do it
consistently also for code that checks authorization on its own (not
through the controllers).

This also paves the way to raise different exceptions (or provide
different messages) for different authorization problems.
parent ccabd85d
......@@ -23,8 +23,8 @@ module SchleuderApiDaemonHelper
end
end
def authorized?(resource, action)
current_account.authorized?(resource, action) || halt(403)
def authorize!(resource, action)
current_account.authorize!(resource, action) || halt(403)
end
def current_account
......
......@@ -37,8 +37,8 @@ module Schleuder
admin_lists.where(email: list.email).exists?
end
def authorized?(resource, action)
authorizer.authorized?(resource, action)
def authorize!(resource, action)
authorizer.authorize!(resource, action)
end
def scoped(resource)
......
......@@ -8,12 +8,12 @@ module Schleuder
@account = account
end
def authorized?(resource, action)
def authorize!(resource, action)
return nil if resource.nil?
action = action.to_s
action << '?' unless action.last == '?'
policy(resource).public_send(action)
policy(resource).public_send(action) or fail(Errors::Unauthorized.new)
end
def scoped(klass)
......
......@@ -9,7 +9,7 @@ module Schleuder
private
def authorize!(resource, action)
current_account.authorized?(resource, action) || raise(Errors::Unauthorized.new)
current_account.authorize!(resource, action)
end
def get_list_by_id_or_email(identifier)
......
require 'spec_helper'
describe Schleuder::Authorizer do
describe '#authorized?' do
it 'returns nil when resource is nil' do
describe '#authorize!' do
it 'raises an error when resource is nil' do
account = create(:account)
expect(Authorizer.new(account).authorized?(nil, :some_action)).to eq nil
expect(Authorizer.new(account).authorize!(nil, :some_action)).to eql nil
end
it 'returns true if account is authorized' do
it 'does not raise an error if account is authorized' do
list = create(:list)
subscription = create(:subscription, list_id: list.id, admin: false)
account = create(:account, email: subscription.email)
expect(Authorizer.new(account).authorized?(list, :read)).to eq true
caught_exception = nil
begin
Authorizer.new(account).authorize!(list, :read)
rescue Schleuder::Errors::Unauthorized => exc
caught_exception = exc
end
expect(caught_exception.class).to eql NilClass
end
it 'returns false if account is NOT authorized' do
it 'raises an error if account is NOT authorized' do
account = create(:account)
list = create(:list)
expect(Authorizer.new(account).authorized?(list, :read)).to eq false
begin
Authorizer.new(account).authorize!(list, :read)
rescue Schleuder::Errors::Unauthorized => exc
caught_exception = exc
end
expect(caught_exception.class).to eql Errors::Unauthorized
end
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment