Merge pull request #214 from eclarizio/update_custom_pundit_exceptions

Use custom error_message if a policy exposes it
RedHatInsights · Jan 13, 2021 · 4a44a3b · 4a44a3b
2 parents 582492c + 7b8bdf3
commit 4a44a3b
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 14 deletions.
diff --git a/lib/insights/api/common/custom_exceptions.rb b/lib/insights/api/common/custom_exceptions.rb
@@ -7,7 +7,8 @@ class CustomExceptions
         def self.custom_message(exception)
           case exception.class.to_s
           when "Pundit::NotAuthorizedError"
-            "You are not authorized to #{exception.query.to_s.delete_suffix('?')} this #{exception.record.model_name.human.downcase}"
+            exception.policy.try(:error_message) ||
+              "You are not authorized to perform the #{exception.query.to_s.delete_suffix('?')} action for this #{exception.record.model_name.human.downcase}"
           end
         end
       end

diff --git a/spec/dummy/app/controllers/api/v1x0.rb b/spec/dummy/app/controllers/api/v1x0.rb
@@ -88,11 +88,12 @@ class SourceTypesController < Api::V1::SourceTypesController; end
 
 module Pundit
   class NotAuthorizedError < StandardError
-    attr_accessor :query, :record
+    attr_accessor :query, :record, :policy
 
-    def initialize(query, record)
+    def initialize(query, record, policy = nil)
       @query = query
       @record = record
+      @policy = policy
     end
   end
 end
diff --git a/spec/lib/insights/api/common/custom_exceptions_spec.rb b/spec/lib/insights/api/common/custom_exceptions_spec.rb
@@ -1,26 +1,41 @@
 describe Insights::API::Common::CustomExceptions do
   describe ".custom_message with Pundit::NotAuthorizedError exception" do
     let(:record) { SourceType.new }
-    let(:exception) { double(:class => "Pundit::NotAuthorizedError", :query => query, :record => record) }
+    let(:exception) { double(:class => "Pundit::NotAuthorizedError", :query => query, :record => record, :policy => policy) }
+
+    context "when a custom error message exists on the policy" do
+      let(:query) { "create?" }
+      let(:policy) { double(:error_message => "This custom error message says 'no', you can't do that") }
 
-    shared_examples_for "#test_message" do
       it "returns a customized message" do
         expect(Insights::API::Common::CustomExceptions.custom_message(exception)).to eq(
-          "You are not authorized to create this source type"
+          "This custom error message says 'no', you can't do that"
         )
       end
     end
 
-    context "when the query is String" do
-      let(:query) { "create?" }
+    context "when a custom error message does not exist on the policy" do
+      let(:policy) { nil }
 
-      it_behaves_like "#test_message"
-    end
+      shared_examples_for "#test_message" do
+        it "returns a customized message" do
+          expect(Insights::API::Common::CustomExceptions.custom_message(exception)).to eq(
+            "You are not authorized to perform the create action for this source type"
+          )
+        end
+      end
 
-    context "when the query is Symbol" do
-      let(:query) { :create? }
+      context "when the query is String" do
+        let(:query) { "create?" }
 
-      it_behaves_like "#test_message"
+        it_behaves_like "#test_message"
+      end
+
+      context "when the query is Symbol" do
+        let(:query) { :create? }
+
+        it_behaves_like "#test_message"
+      end
     end
   end
 end
diff --git a/spec/requests/exception_handling_spec.rb b/spec/requests/exception_handling_spec.rb
@@ -30,7 +30,7 @@
     it "returns a customized error message" do
       get("/api/v1.0/pundit_error", :headers => headers)
       expect(response.status).to eq(403)
-      expect(error.first["detail"]).to match(/You are not authorized to create this source type/)
+      expect(error.first["detail"]).to match(/You are not authorized to perform the create action for this source type/)
     end
   end