diff --git a/lib/insights/api/common/custom_exceptions.rb b/lib/insights/api/common/custom_exceptions.rb index 91378c43..13f15f2a 100644 --- a/lib/insights/api/common/custom_exceptions.rb +++ b/lib/insights/api/common/custom_exceptions.rb @@ -7,7 +7,8 @@ class CustomExceptions def self.custom_message(exception) case exception.class.to_s when "Pundit::NotAuthorizedError" - "You are not authorized to #{exception.query.to_s.delete_suffix('?')} this #{exception.record.model_name.human.downcase}" + exception.policy.try(:error_message) || + "You are not authorized to perform the #{exception.query.to_s.delete_suffix('?')} action for this #{exception.record.model_name.human.downcase}" end end end diff --git a/spec/dummy/app/controllers/api/v1x0.rb b/spec/dummy/app/controllers/api/v1x0.rb index 7170d154..fbdc814b 100644 --- a/spec/dummy/app/controllers/api/v1x0.rb +++ b/spec/dummy/app/controllers/api/v1x0.rb @@ -88,11 +88,12 @@ class SourceTypesController < Api::V1::SourceTypesController; end module Pundit class NotAuthorizedError < StandardError - attr_accessor :query, :record + attr_accessor :query, :record, :policy - def initialize(query, record) + def initialize(query, record, policy = nil) @query = query @record = record + @policy = policy end end end diff --git a/spec/lib/insights/api/common/custom_exceptions_spec.rb b/spec/lib/insights/api/common/custom_exceptions_spec.rb index 2f6ba5c6..2cd3b097 100644 --- a/spec/lib/insights/api/common/custom_exceptions_spec.rb +++ b/spec/lib/insights/api/common/custom_exceptions_spec.rb @@ -1,26 +1,41 @@ describe Insights::API::Common::CustomExceptions do describe ".custom_message with Pundit::NotAuthorizedError exception" do let(:record) { SourceType.new } - let(:exception) { double(:class => "Pundit::NotAuthorizedError", :query => query, :record => record) } + let(:exception) { double(:class => "Pundit::NotAuthorizedError", :query => query, :record => record, :policy => policy) } + + context "when a custom error message exists on the policy" do + let(:query) { "create?" } + let(:policy) { double(:error_message => "This custom error message says 'no', you can't do that") } - shared_examples_for "#test_message" do it "returns a customized message" do expect(Insights::API::Common::CustomExceptions.custom_message(exception)).to eq( - "You are not authorized to create this source type" + "This custom error message says 'no', you can't do that" ) end end - context "when the query is String" do - let(:query) { "create?" } + context "when a custom error message does not exist on the policy" do + let(:policy) { nil } - it_behaves_like "#test_message" - end + shared_examples_for "#test_message" do + it "returns a customized message" do + expect(Insights::API::Common::CustomExceptions.custom_message(exception)).to eq( + "You are not authorized to perform the create action for this source type" + ) + end + end - context "when the query is Symbol" do - let(:query) { :create? } + context "when the query is String" do + let(:query) { "create?" } - it_behaves_like "#test_message" + it_behaves_like "#test_message" + end + + context "when the query is Symbol" do + let(:query) { :create? } + + it_behaves_like "#test_message" + end end end end diff --git a/spec/requests/exception_handling_spec.rb b/spec/requests/exception_handling_spec.rb index 13218c79..bb84c559 100644 --- a/spec/requests/exception_handling_spec.rb +++ b/spec/requests/exception_handling_spec.rb @@ -30,7 +30,7 @@ it "returns a customized error message" do get("/api/v1.0/pundit_error", :headers => headers) expect(response.status).to eq(403) - expect(error.first["detail"]).to match(/You are not authorized to create this source type/) + expect(error.first["detail"]).to match(/You are not authorized to perform the create action for this source type/) end end