renaming AccessDenied exception to Unauthorized
This commit is contained in:
parent
bcac159b3e
commit
cf2896f011
|
@ -66,10 +66,10 @@ See {Authorizing Controller Actions}[https://github.com/ryanb/cancan/wiki/author
|
||||||
|
|
||||||
=== 3. Handle Unauthorized Access
|
=== 3. Handle Unauthorized Access
|
||||||
|
|
||||||
If the user authorization fails, a <tt>CanCan::AccessDenied</tt> exception will be raised. You can catch this and modify its behavior in the +ApplicationController+.
|
If the user authorization fails, a <tt>CanCan::Unauthorized</tt> exception will be raised. You can catch this and modify its behavior in the +ApplicationController+.
|
||||||
|
|
||||||
class ApplicationController < ActionController::Base
|
class ApplicationController < ActionController::Base
|
||||||
rescue_from CanCan::AccessDenied do |exception|
|
rescue_from CanCan::Unauthorized do |exception|
|
||||||
redirect_to root_url, :alert => exception.message
|
redirect_to root_url, :alert => exception.message
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -219,7 +219,7 @@ module CanCan
|
||||||
attribute = args.first
|
attribute = args.first
|
||||||
if cannot?(action, subject, *args)
|
if cannot?(action, subject, *args)
|
||||||
message ||= unauthorized_message(action, subject)
|
message ||= unauthorized_message(action, subject)
|
||||||
raise AccessDenied.new(message, action, subject)
|
raise Unauthorized.new(message, action, subject)
|
||||||
elsif sufficient_attribute_check?(action, subject, attribute) && sufficient_condition_check?(action, subject)
|
elsif sufficient_attribute_check?(action, subject, attribute) && sufficient_condition_check?(action, subject)
|
||||||
fully_authorized!(action, subject)
|
fully_authorized!(action, subject)
|
||||||
end
|
end
|
||||||
|
|
|
@ -292,7 +292,7 @@ module CanCan
|
||||||
base.helper_method :can?, :cannot?
|
base.helper_method :can?, :cannot?
|
||||||
end
|
end
|
||||||
|
|
||||||
# Raises a CanCan::AccessDenied exception if the current_ability cannot
|
# Raises a CanCan::Unauthorized exception if the current_ability cannot
|
||||||
# perform the given action. This is usually called in a controller action or
|
# perform the given action. This is usually called in a controller action or
|
||||||
# before filter to perform the authorization.
|
# before filter to perform the authorization.
|
||||||
#
|
#
|
||||||
|
@ -319,12 +319,12 @@ module CanCan
|
||||||
# access is displayed to the user.
|
# access is displayed to the user.
|
||||||
#
|
#
|
||||||
# class ApplicationController < ActionController::Base
|
# class ApplicationController < ActionController::Base
|
||||||
# rescue_from CanCan::AccessDenied do |exception|
|
# rescue_from CanCan::Unauthorized do |exception|
|
||||||
# redirect_to root_url, :alert => exception.message
|
# redirect_to root_url, :alert => exception.message
|
||||||
# end
|
# end
|
||||||
# end
|
# end
|
||||||
#
|
#
|
||||||
# See the CanCan::AccessDenied exception for more details on working with the exception.
|
# See the CanCan::Unauthorized exception for more details on working with the exception.
|
||||||
#
|
#
|
||||||
# See the load_and_authorize_resource method to automatically add the authorize! behavior
|
# See the load_and_authorize_resource method to automatically add the authorize! behavior
|
||||||
# to the default RESTful actions.
|
# to the default RESTful actions.
|
||||||
|
|
|
@ -163,7 +163,7 @@ module CanCan
|
||||||
elsif @options[:shallow]
|
elsif @options[:shallow]
|
||||||
resource_class
|
resource_class
|
||||||
else
|
else
|
||||||
raise AccessDenied # maybe this should be a record not found error instead?
|
raise Unauthorized # maybe this should be a record not found error instead?
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
resource_class
|
resource_class
|
||||||
|
|
|
@ -18,7 +18,7 @@ module CanCan
|
||||||
# This usually happens within a call to ControllerAdditions#authorize! but can be
|
# This usually happens within a call to ControllerAdditions#authorize! but can be
|
||||||
# raised manually.
|
# raised manually.
|
||||||
#
|
#
|
||||||
# raise CanCan::AccessDenied.new("Not authorized!", :read, Article)
|
# raise CanCan::Unauthorized.new("Not authorized!", :read, Article)
|
||||||
#
|
#
|
||||||
# The passed message, action, and subject are optional and can later be retrieved when
|
# The passed message, action, and subject are optional and can later be retrieved when
|
||||||
# rescuing from the exception.
|
# rescuing from the exception.
|
||||||
|
@ -33,9 +33,9 @@ module CanCan
|
||||||
# exception.default_message = "Default error message"
|
# exception.default_message = "Default error message"
|
||||||
# exception.message # => "Default error message"
|
# exception.message # => "Default error message"
|
||||||
#
|
#
|
||||||
# See ControllerAdditions#authorized! for more information on rescuing from this exception
|
# See ControllerAdditions#authorize! for more information on rescuing from this exception
|
||||||
# and customizing the message using I18n.
|
# and customizing the message using I18n.
|
||||||
class AccessDenied < Error
|
class Unauthorized < Error
|
||||||
attr_reader :action, :subject
|
attr_reader :action, :subject
|
||||||
attr_writer :default_message
|
attr_writer :default_message
|
||||||
|
|
||||||
|
|
|
@ -277,6 +277,8 @@ describe CanCan::Ability do
|
||||||
@ability.should_not be_fully_authorized(:update, :users)
|
@ability.should_not be_fully_authorized(:update, :users)
|
||||||
@ability.authorize! :create, :users
|
@ability.authorize! :create, :users
|
||||||
@ability.should_not be_fully_authorized(:create, :users)
|
@ability.should_not be_fully_authorized(:create, :users)
|
||||||
|
@ability.authorize! :create, :users, :name
|
||||||
|
@ability.should be_fully_authorized(:create, :users)
|
||||||
@ability.authorize! :destroy, :users
|
@ability.authorize! :destroy, :users
|
||||||
@ability.should be_fully_authorized(:destroy, :users)
|
@ability.should be_fully_authorized(:destroy, :users)
|
||||||
end
|
end
|
||||||
|
@ -347,15 +349,15 @@ describe CanCan::Ability do
|
||||||
|
|
||||||
# Unauthorized Exception
|
# Unauthorized Exception
|
||||||
|
|
||||||
it "raises CanCan::AccessDenied when calling authorize! on unauthorized action" do
|
it "raises CanCan::Unauthorized when calling authorize! on unauthorized action" do
|
||||||
begin
|
begin
|
||||||
@ability.authorize! :read, :books, :message => "Access denied!"
|
@ability.authorize! :read, :books, :message => "Access denied!"
|
||||||
rescue CanCan::AccessDenied => e
|
rescue CanCan::Unauthorized => e
|
||||||
e.message.should == "Access denied!"
|
e.message.should == "Access denied!"
|
||||||
e.action.should == :read
|
e.action.should == :read
|
||||||
e.subject.should == :books
|
e.subject.should == :books
|
||||||
else
|
else
|
||||||
fail "Expected CanCan::AccessDenied exception to be raised"
|
fail "Expected CanCan::Unauthorized exception to be raised"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -385,11 +387,11 @@ describe CanCan::Ability do
|
||||||
it "should raise access denied exception with default message if not specified" do
|
it "should raise access denied exception with default message if not specified" do
|
||||||
begin
|
begin
|
||||||
@ability.authorize! :read, :books
|
@ability.authorize! :read, :books
|
||||||
rescue CanCan::AccessDenied => e
|
rescue CanCan::Unauthorized => e
|
||||||
e.default_message = "Access denied!"
|
e.default_message = "Access denied!"
|
||||||
e.message.should == "Access denied!"
|
e.message.should == "Access denied!"
|
||||||
else
|
else
|
||||||
fail "Expected CanCan::AccessDenied exception to be raised"
|
fail "Expected CanCan::Unauthorized exception to be raised"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -96,32 +96,32 @@ describe CanCan::ControllerResource do
|
||||||
it "should not authorize single resource in collection action" do
|
it "should not authorize single resource in collection action" do
|
||||||
@params[:action] = "index"
|
@params[:action] = "index"
|
||||||
@controller.instance_variable_set(:@project, :some_project)
|
@controller.instance_variable_set(:@project, :some_project)
|
||||||
stub(@controller).authorize!(:index, :projects) { raise CanCan::AccessDenied }
|
stub(@controller).authorize!(:index, :projects) { raise CanCan::Unauthorized }
|
||||||
resource = CanCan::ControllerResource.new(@controller)
|
resource = CanCan::ControllerResource.new(@controller)
|
||||||
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
|
lambda { resource.authorize_resource }.should raise_error(CanCan::Unauthorized)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should authorize parent resource in collection action" do
|
it "should authorize parent resource in collection action" do
|
||||||
@params[:action] = "index"
|
@params[:action] = "index"
|
||||||
@controller.instance_variable_set(:@category, :some_category)
|
@controller.instance_variable_set(:@category, :some_category)
|
||||||
stub(@controller).authorize!(:show, :some_category) { raise CanCan::AccessDenied }
|
stub(@controller).authorize!(:show, :some_category) { raise CanCan::Unauthorized }
|
||||||
resource = CanCan::ControllerResource.new(@controller, :category, :parent => true)
|
resource = CanCan::ControllerResource.new(@controller, :category, :parent => true)
|
||||||
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
|
lambda { resource.authorize_resource }.should raise_error(CanCan::Unauthorized)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should perform authorization using controller action and loaded model" do
|
it "should perform authorization using controller action and loaded model" do
|
||||||
@params.merge!(:action => "show", :id => 123)
|
@params.merge!(:action => "show", :id => 123)
|
||||||
@controller.instance_variable_set(:@project, :some_project)
|
@controller.instance_variable_set(:@project, :some_project)
|
||||||
stub(@controller).authorize!(:show, :some_project) { raise CanCan::AccessDenied }
|
stub(@controller).authorize!(:show, :some_project) { raise CanCan::Unauthorized }
|
||||||
resource = CanCan::ControllerResource.new(@controller)
|
resource = CanCan::ControllerResource.new(@controller)
|
||||||
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
|
lambda { resource.authorize_resource }.should raise_error(CanCan::Unauthorized)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should perform authorization using controller action and non loaded model" do
|
it "should perform authorization using controller action and non loaded model" do
|
||||||
@params.merge!(:action => "show", :id => 123)
|
@params.merge!(:action => "show", :id => 123)
|
||||||
stub(@controller).authorize!(:show, :projects) { raise CanCan::AccessDenied }
|
stub(@controller).authorize!(:show, :projects) { raise CanCan::Unauthorized }
|
||||||
resource = CanCan::ControllerResource.new(@controller)
|
resource = CanCan::ControllerResource.new(@controller)
|
||||||
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
|
lambda { resource.authorize_resource }.should raise_error(CanCan::Unauthorized)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should call load_resource and authorize_resource for load_and_authorize_resource" do
|
it "should call load_resource and authorize_resource for load_and_authorize_resource" do
|
||||||
|
@ -229,13 +229,13 @@ describe CanCan::ControllerResource do
|
||||||
@controller.instance_variable_get(:@project).should == project
|
@controller.instance_variable_get(:@project).should == project
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should raise AccessDenied when attempting to load resource through nil" do
|
it "should raise Unauthorized when attempting to load resource through nil" do
|
||||||
project = Project.create!
|
project = Project.create!
|
||||||
@params.merge!(:action => "show", :id => project.id)
|
@params.merge!(:action => "show", :id => project.id)
|
||||||
resource = CanCan::ControllerResource.new(@controller, :through => :category)
|
resource = CanCan::ControllerResource.new(@controller, :through => :category)
|
||||||
lambda {
|
lambda {
|
||||||
resource.load_resource
|
resource.load_resource
|
||||||
}.should raise_error(CanCan::AccessDenied)
|
}.should raise_error(CanCan::Unauthorized)
|
||||||
@controller.instance_variable_get(:@project).should be_nil
|
@controller.instance_variable_get(:@project).should be_nil
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -243,9 +243,9 @@ describe CanCan::ControllerResource do
|
||||||
@params.merge!(:action => "index")
|
@params.merge!(:action => "index")
|
||||||
category = Object.new
|
category = Object.new
|
||||||
@controller.instance_variable_set(:@category, category)
|
@controller.instance_variable_set(:@category, category)
|
||||||
stub(@controller).authorize!(:index, category => :projects) { raise CanCan::AccessDenied }
|
stub(@controller).authorize!(:index, category => :projects) { raise CanCan::Unauthorized }
|
||||||
resource = CanCan::ControllerResource.new(@controller, :through => :category)
|
resource = CanCan::ControllerResource.new(@controller, :through => :category)
|
||||||
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
|
lambda { resource.authorize_resource }.should raise_error(CanCan::Unauthorized)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should load through first matching if multiple are given" do
|
it "should load through first matching if multiple are given" do
|
||||||
|
@ -296,9 +296,9 @@ describe CanCan::ControllerResource do
|
||||||
it "should only authorize :show action on parent resource" do
|
it "should only authorize :show action on parent resource" do
|
||||||
project = Project.create!
|
project = Project.create!
|
||||||
@params.merge!(:action => "new", :project_id => project.id)
|
@params.merge!(:action => "new", :project_id => project.id)
|
||||||
stub(@controller).authorize!(:show, project) { raise CanCan::AccessDenied }
|
stub(@controller).authorize!(:show, project) { raise CanCan::Unauthorized }
|
||||||
resource = CanCan::ControllerResource.new(@controller, :project, :parent => true)
|
resource = CanCan::ControllerResource.new(@controller, :project, :parent => true)
|
||||||
lambda { resource.load_and_authorize_resource }.should raise_error(CanCan::AccessDenied)
|
lambda { resource.load_and_authorize_resource }.should raise_error(CanCan::Unauthorized)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should load the model using a custom class" do
|
it "should load the model using a custom class" do
|
||||||
|
@ -311,17 +311,17 @@ describe CanCan::ControllerResource do
|
||||||
|
|
||||||
it "should authorize based on resource name if class is false" do
|
it "should authorize based on resource name if class is false" do
|
||||||
@params.merge!(:action => "show", :id => 123)
|
@params.merge!(:action => "show", :id => 123)
|
||||||
stub(@controller).authorize!(:show, :projects) { raise CanCan::AccessDenied }
|
stub(@controller).authorize!(:show, :projects) { raise CanCan::Unauthorized }
|
||||||
resource = CanCan::ControllerResource.new(@controller, :class => false)
|
resource = CanCan::ControllerResource.new(@controller, :class => false)
|
||||||
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
|
lambda { resource.authorize_resource }.should raise_error(CanCan::Unauthorized)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should load and authorize using custom instance name" do
|
it "should load and authorize using custom instance name" do
|
||||||
project = Project.create!
|
project = Project.create!
|
||||||
@params.merge!(:action => "show", :id => project.id)
|
@params.merge!(:action => "show", :id => project.id)
|
||||||
stub(@controller).authorize!(:show, project) { raise CanCan::AccessDenied }
|
stub(@controller).authorize!(:show, project) { raise CanCan::Unauthorized }
|
||||||
resource = CanCan::ControllerResource.new(@controller, :instance_name => :custom_project)
|
resource = CanCan::ControllerResource.new(@controller, :instance_name => :custom_project)
|
||||||
lambda { resource.load_and_authorize_resource }.should raise_error(CanCan::AccessDenied)
|
lambda { resource.load_and_authorize_resource }.should raise_error(CanCan::Unauthorized)
|
||||||
@controller.instance_variable_get(:@custom_project).should == project
|
@controller.instance_variable_get(:@custom_project).should == project
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
require "spec_helper"
|
require "spec_helper"
|
||||||
|
|
||||||
describe CanCan::AccessDenied do
|
describe CanCan::Unauthorized do
|
||||||
describe "with action and subject" do
|
describe "with action and subject" do
|
||||||
before(:each) do
|
before(:each) do
|
||||||
@exception = CanCan::AccessDenied.new(nil, :some_action, :some_subject)
|
@exception = CanCan::Unauthorized.new(nil, :some_action, :some_subject)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should have action and subject accessors" do
|
it "should have action and subject accessors" do
|
||||||
|
@ -20,7 +20,7 @@ describe CanCan::AccessDenied do
|
||||||
|
|
||||||
describe "with only a message" do
|
describe "with only a message" do
|
||||||
before(:each) do
|
before(:each) do
|
||||||
@exception = CanCan::AccessDenied.new("Access denied!")
|
@exception = CanCan::Unauthorized.new("Access denied!")
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should have nil action and subject" do
|
it "should have nil action and subject" do
|
||||||
|
|
Loading…
Reference in New Issue
Block a user