renaming AccessDenied exception to Unauthorized

This commit is contained in:
Ryan Bates 2011-03-25 14:43:36 -07:00
parent bcac159b3e
commit cf2896f011
8 changed files with 38 additions and 36 deletions

View File

@ -66,10 +66,10 @@ See {Authorizing Controller Actions}[https://github.com/ryanb/cancan/wiki/author
=== 3. Handle Unauthorized Access === 3. Handle Unauthorized Access
If the user authorization fails, a <tt>CanCan::AccessDenied</tt> exception will be raised. You can catch this and modify its behavior in the +ApplicationController+. If the user authorization fails, a <tt>CanCan::Unauthorized</tt> exception will be raised. You can catch this and modify its behavior in the +ApplicationController+.
class ApplicationController < ActionController::Base class ApplicationController < ActionController::Base
rescue_from CanCan::AccessDenied do |exception| rescue_from CanCan::Unauthorized do |exception|
redirect_to root_url, :alert => exception.message redirect_to root_url, :alert => exception.message
end end
end end

View File

@ -219,7 +219,7 @@ module CanCan
attribute = args.first attribute = args.first
if cannot?(action, subject, *args) if cannot?(action, subject, *args)
message ||= unauthorized_message(action, subject) message ||= unauthorized_message(action, subject)
raise AccessDenied.new(message, action, subject) raise Unauthorized.new(message, action, subject)
elsif sufficient_attribute_check?(action, subject, attribute) && sufficient_condition_check?(action, subject) elsif sufficient_attribute_check?(action, subject, attribute) && sufficient_condition_check?(action, subject)
fully_authorized!(action, subject) fully_authorized!(action, subject)
end end

View File

@ -292,7 +292,7 @@ module CanCan
base.helper_method :can?, :cannot? base.helper_method :can?, :cannot?
end end
# Raises a CanCan::AccessDenied exception if the current_ability cannot # Raises a CanCan::Unauthorized exception if the current_ability cannot
# perform the given action. This is usually called in a controller action or # perform the given action. This is usually called in a controller action or
# before filter to perform the authorization. # before filter to perform the authorization.
# #
@ -319,12 +319,12 @@ module CanCan
# access is displayed to the user. # access is displayed to the user.
# #
# class ApplicationController < ActionController::Base # class ApplicationController < ActionController::Base
# rescue_from CanCan::AccessDenied do |exception| # rescue_from CanCan::Unauthorized do |exception|
# redirect_to root_url, :alert => exception.message # redirect_to root_url, :alert => exception.message
# end # end
# end # end
# #
# See the CanCan::AccessDenied exception for more details on working with the exception. # See the CanCan::Unauthorized exception for more details on working with the exception.
# #
# See the load_and_authorize_resource method to automatically add the authorize! behavior # See the load_and_authorize_resource method to automatically add the authorize! behavior
# to the default RESTful actions. # to the default RESTful actions.

View File

@ -163,7 +163,7 @@ module CanCan
elsif @options[:shallow] elsif @options[:shallow]
resource_class resource_class
else else
raise AccessDenied # maybe this should be a record not found error instead? raise Unauthorized # maybe this should be a record not found error instead?
end end
else else
resource_class resource_class

View File

@ -18,7 +18,7 @@ module CanCan
# This usually happens within a call to ControllerAdditions#authorize! but can be # This usually happens within a call to ControllerAdditions#authorize! but can be
# raised manually. # raised manually.
# #
# raise CanCan::AccessDenied.new("Not authorized!", :read, Article) # raise CanCan::Unauthorized.new("Not authorized!", :read, Article)
# #
# The passed message, action, and subject are optional and can later be retrieved when # The passed message, action, and subject are optional and can later be retrieved when
# rescuing from the exception. # rescuing from the exception.
@ -33,9 +33,9 @@ module CanCan
# exception.default_message = "Default error message" # exception.default_message = "Default error message"
# exception.message # => "Default error message" # exception.message # => "Default error message"
# #
# See ControllerAdditions#authorized! for more information on rescuing from this exception # See ControllerAdditions#authorize! for more information on rescuing from this exception
# and customizing the message using I18n. # and customizing the message using I18n.
class AccessDenied < Error class Unauthorized < Error
attr_reader :action, :subject attr_reader :action, :subject
attr_writer :default_message attr_writer :default_message

View File

@ -277,6 +277,8 @@ describe CanCan::Ability do
@ability.should_not be_fully_authorized(:update, :users) @ability.should_not be_fully_authorized(:update, :users)
@ability.authorize! :create, :users @ability.authorize! :create, :users
@ability.should_not be_fully_authorized(:create, :users) @ability.should_not be_fully_authorized(:create, :users)
@ability.authorize! :create, :users, :name
@ability.should be_fully_authorized(:create, :users)
@ability.authorize! :destroy, :users @ability.authorize! :destroy, :users
@ability.should be_fully_authorized(:destroy, :users) @ability.should be_fully_authorized(:destroy, :users)
end end
@ -347,15 +349,15 @@ describe CanCan::Ability do
# Unauthorized Exception # Unauthorized Exception
it "raises CanCan::AccessDenied when calling authorize! on unauthorized action" do it "raises CanCan::Unauthorized when calling authorize! on unauthorized action" do
begin begin
@ability.authorize! :read, :books, :message => "Access denied!" @ability.authorize! :read, :books, :message => "Access denied!"
rescue CanCan::AccessDenied => e rescue CanCan::Unauthorized => e
e.message.should == "Access denied!" e.message.should == "Access denied!"
e.action.should == :read e.action.should == :read
e.subject.should == :books e.subject.should == :books
else else
fail "Expected CanCan::AccessDenied exception to be raised" fail "Expected CanCan::Unauthorized exception to be raised"
end end
end end
@ -385,11 +387,11 @@ describe CanCan::Ability do
it "should raise access denied exception with default message if not specified" do it "should raise access denied exception with default message if not specified" do
begin begin
@ability.authorize! :read, :books @ability.authorize! :read, :books
rescue CanCan::AccessDenied => e rescue CanCan::Unauthorized => e
e.default_message = "Access denied!" e.default_message = "Access denied!"
e.message.should == "Access denied!" e.message.should == "Access denied!"
else else
fail "Expected CanCan::AccessDenied exception to be raised" fail "Expected CanCan::Unauthorized exception to be raised"
end end
end end

View File

@ -96,32 +96,32 @@ describe CanCan::ControllerResource do
it "should not authorize single resource in collection action" do it "should not authorize single resource in collection action" do
@params[:action] = "index" @params[:action] = "index"
@controller.instance_variable_set(:@project, :some_project) @controller.instance_variable_set(:@project, :some_project)
stub(@controller).authorize!(:index, :projects) { raise CanCan::AccessDenied } stub(@controller).authorize!(:index, :projects) { raise CanCan::Unauthorized }
resource = CanCan::ControllerResource.new(@controller) resource = CanCan::ControllerResource.new(@controller)
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied) lambda { resource.authorize_resource }.should raise_error(CanCan::Unauthorized)
end end
it "should authorize parent resource in collection action" do it "should authorize parent resource in collection action" do
@params[:action] = "index" @params[:action] = "index"
@controller.instance_variable_set(:@category, :some_category) @controller.instance_variable_set(:@category, :some_category)
stub(@controller).authorize!(:show, :some_category) { raise CanCan::AccessDenied } stub(@controller).authorize!(:show, :some_category) { raise CanCan::Unauthorized }
resource = CanCan::ControllerResource.new(@controller, :category, :parent => true) resource = CanCan::ControllerResource.new(@controller, :category, :parent => true)
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied) lambda { resource.authorize_resource }.should raise_error(CanCan::Unauthorized)
end end
it "should perform authorization using controller action and loaded model" do it "should perform authorization using controller action and loaded model" do
@params.merge!(:action => "show", :id => 123) @params.merge!(:action => "show", :id => 123)
@controller.instance_variable_set(:@project, :some_project) @controller.instance_variable_set(:@project, :some_project)
stub(@controller).authorize!(:show, :some_project) { raise CanCan::AccessDenied } stub(@controller).authorize!(:show, :some_project) { raise CanCan::Unauthorized }
resource = CanCan::ControllerResource.new(@controller) resource = CanCan::ControllerResource.new(@controller)
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied) lambda { resource.authorize_resource }.should raise_error(CanCan::Unauthorized)
end end
it "should perform authorization using controller action and non loaded model" do it "should perform authorization using controller action and non loaded model" do
@params.merge!(:action => "show", :id => 123) @params.merge!(:action => "show", :id => 123)
stub(@controller).authorize!(:show, :projects) { raise CanCan::AccessDenied } stub(@controller).authorize!(:show, :projects) { raise CanCan::Unauthorized }
resource = CanCan::ControllerResource.new(@controller) resource = CanCan::ControllerResource.new(@controller)
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied) lambda { resource.authorize_resource }.should raise_error(CanCan::Unauthorized)
end end
it "should call load_resource and authorize_resource for load_and_authorize_resource" do it "should call load_resource and authorize_resource for load_and_authorize_resource" do
@ -229,13 +229,13 @@ describe CanCan::ControllerResource do
@controller.instance_variable_get(:@project).should == project @controller.instance_variable_get(:@project).should == project
end end
it "should raise AccessDenied when attempting to load resource through nil" do it "should raise Unauthorized when attempting to load resource through nil" do
project = Project.create! project = Project.create!
@params.merge!(:action => "show", :id => project.id) @params.merge!(:action => "show", :id => project.id)
resource = CanCan::ControllerResource.new(@controller, :through => :category) resource = CanCan::ControllerResource.new(@controller, :through => :category)
lambda { lambda {
resource.load_resource resource.load_resource
}.should raise_error(CanCan::AccessDenied) }.should raise_error(CanCan::Unauthorized)
@controller.instance_variable_get(:@project).should be_nil @controller.instance_variable_get(:@project).should be_nil
end end
@ -243,9 +243,9 @@ describe CanCan::ControllerResource do
@params.merge!(:action => "index") @params.merge!(:action => "index")
category = Object.new category = Object.new
@controller.instance_variable_set(:@category, category) @controller.instance_variable_set(:@category, category)
stub(@controller).authorize!(:index, category => :projects) { raise CanCan::AccessDenied } stub(@controller).authorize!(:index, category => :projects) { raise CanCan::Unauthorized }
resource = CanCan::ControllerResource.new(@controller, :through => :category) resource = CanCan::ControllerResource.new(@controller, :through => :category)
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied) lambda { resource.authorize_resource }.should raise_error(CanCan::Unauthorized)
end end
it "should load through first matching if multiple are given" do it "should load through first matching if multiple are given" do
@ -296,9 +296,9 @@ describe CanCan::ControllerResource do
it "should only authorize :show action on parent resource" do it "should only authorize :show action on parent resource" do
project = Project.create! project = Project.create!
@params.merge!(:action => "new", :project_id => project.id) @params.merge!(:action => "new", :project_id => project.id)
stub(@controller).authorize!(:show, project) { raise CanCan::AccessDenied } stub(@controller).authorize!(:show, project) { raise CanCan::Unauthorized }
resource = CanCan::ControllerResource.new(@controller, :project, :parent => true) resource = CanCan::ControllerResource.new(@controller, :project, :parent => true)
lambda { resource.load_and_authorize_resource }.should raise_error(CanCan::AccessDenied) lambda { resource.load_and_authorize_resource }.should raise_error(CanCan::Unauthorized)
end end
it "should load the model using a custom class" do it "should load the model using a custom class" do
@ -311,17 +311,17 @@ describe CanCan::ControllerResource do
it "should authorize based on resource name if class is false" do it "should authorize based on resource name if class is false" do
@params.merge!(:action => "show", :id => 123) @params.merge!(:action => "show", :id => 123)
stub(@controller).authorize!(:show, :projects) { raise CanCan::AccessDenied } stub(@controller).authorize!(:show, :projects) { raise CanCan::Unauthorized }
resource = CanCan::ControllerResource.new(@controller, :class => false) resource = CanCan::ControllerResource.new(@controller, :class => false)
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied) lambda { resource.authorize_resource }.should raise_error(CanCan::Unauthorized)
end end
it "should load and authorize using custom instance name" do it "should load and authorize using custom instance name" do
project = Project.create! project = Project.create!
@params.merge!(:action => "show", :id => project.id) @params.merge!(:action => "show", :id => project.id)
stub(@controller).authorize!(:show, project) { raise CanCan::AccessDenied } stub(@controller).authorize!(:show, project) { raise CanCan::Unauthorized }
resource = CanCan::ControllerResource.new(@controller, :instance_name => :custom_project) resource = CanCan::ControllerResource.new(@controller, :instance_name => :custom_project)
lambda { resource.load_and_authorize_resource }.should raise_error(CanCan::AccessDenied) lambda { resource.load_and_authorize_resource }.should raise_error(CanCan::Unauthorized)
@controller.instance_variable_get(:@custom_project).should == project @controller.instance_variable_get(:@custom_project).should == project
end end

View File

@ -1,9 +1,9 @@
require "spec_helper" require "spec_helper"
describe CanCan::AccessDenied do describe CanCan::Unauthorized do
describe "with action and subject" do describe "with action and subject" do
before(:each) do before(:each) do
@exception = CanCan::AccessDenied.new(nil, :some_action, :some_subject) @exception = CanCan::Unauthorized.new(nil, :some_action, :some_subject)
end end
it "should have action and subject accessors" do it "should have action and subject accessors" do
@ -20,7 +20,7 @@ describe CanCan::AccessDenied do
describe "with only a message" do describe "with only a message" do
before(:each) do before(:each) do
@exception = CanCan::AccessDenied.new("Access denied!") @exception = CanCan::Unauthorized.new("Access denied!")
end end
it "should have nil action and subject" do it "should have nil action and subject" do