From 5d52be2baef4ce253f87afdd9e4bfb82733b798a Mon Sep 17 00:00:00 2001 From: Micha Wrobel Date: Sun, 4 Mar 2012 15:26:05 +0100 Subject: [PATCH] Add Forbiden Exception and refactor existing actions --- app/controllers/application_controller.rb | 19 +++++ app/controllers/comments_controller.rb | 2 +- .../application_controller_spec.rb | 69 +++++++++++++++++++ spec/controllers/comments_controller_spec.rb | 14 ++-- 4 files changed, 98 insertions(+), 6 deletions(-) create mode 100644 spec/controllers/application_controller_spec.rb diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index dca77c5..45832c7 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -5,6 +5,10 @@ class ApplicationController < ActionController::Base rescue_from(ActiveRecord::RecordNotFound) { render 'exceptions/not_found' } class Unauthorized < Exception; end + class Forbiden < Exception; end + + rescue_from Unauthorized, :with => :unathorized + rescue_from Forbiden, :with => :forbiden helper_method :current_user @@ -28,4 +32,19 @@ class ApplicationController < ActionController::Base raise Unauthorized unless current_user end + def forbiden + if request.xhr? + render :json => "Forbiden", :status => 403 + else + redirect_to root_path, :alert => "This action is forbiden" + end + end + + def unathorized + if request.xhr? + render :json => "Unauthorized", :status => 401 + else + redirect_to login_path, :notice => "Please login" + end + end end diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb index 5233213..7fdff2a 100644 --- a/app/controllers/comments_controller.rb +++ b/app/controllers/comments_controller.rb @@ -24,7 +24,7 @@ class CommentsController < ApplicationController if comment.user == current_user respond_with comment.delete else - raise Unauthorized + raise Forbiden end end diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb new file mode 100644 index 0000000..dd1e2a0 --- /dev/null +++ b/spec/controllers/application_controller_spec.rb @@ -0,0 +1,69 @@ +require 'spec_helper' + +class FakeController < ApplicationController + + def foo + raise Unauthorized + end + + def bar + raise Forbiden + end + +end + +describe FakeController do + + describe "#ensure_authenticated!" do + end + + describe "action raise unauthorized" do + + context "when xhr" do + before{ request.stub(:xhr?).and_return(true) } + + it "response with 401" do + get :foo + + response.status.should == 401 + end + + end + + context "when typical request" do + + it "redirects to login_path" do + get :foo + + flash[:notice].should == "Please login" + should redirect_to(login_path) + end + + end + end + + context "when action raise forbiden" do + context "when xhr" do + before{ request.stub(:xhr?).and_return(true) } + + it "response with 401" do + get :bar + + response.status.should == 403 + end + end + + context "when typical request" do + + it "redirects to root_path" do + get :bar + + flash[:alert].should == "This action is forbiden" + should redirect_to(root_path) + end + + end + end + +end + diff --git a/spec/controllers/comments_controller_spec.rb b/spec/controllers/comments_controller_spec.rb index 6cc72ae..3f79b7d 100644 --- a/spec/controllers/comments_controller_spec.rb +++ b/spec/controllers/comments_controller_spec.rb @@ -82,7 +82,7 @@ describe CommentsController do it "calls delete on comment" do comment.should_receive(:delete) - delete :destroy, :id => 1 + delete :destroy, :id => 1, :format => :json end end @@ -94,10 +94,14 @@ describe CommentsController do comment.stub(:user).and_return(other_user) end - it "raise Unauthorized exception" do - expect { - delete :destroy, :id => 1 - }.to raise_error + it "doesn't call delete on comment" do + comment.should_not_receive(:delete) + delete :destroy, :id => 1, :format => :json + end + + it "responses with 403 when xhr" do + xhr :delete, :destroy, :id => 1, :format => :json + response.status.should == 403 end end