Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does Rails come with a "not authorized" exception?

Tags:

ruby

ruby-on-rails

actioncontroller

I am writing an application that uses plain old Ruby objects (POROs) to abstract authorization logic out of controllers.

Currently, I have a custom exception class called NotAuthorized that I rescue_from at the controller level, but I was curious to know: Does Rails 4 already come with an exception to indicate that an action was not authorized? Am I reinventing the wheel by implementing this exception?

Clarification: The raise AuthorizationException is not happening anywhere inside of a controller, it is happening inside of a completely decoupled PORO outside of the controller. The object has no knowledge of HTTP, routes or controllers.

like image 576
Rick Avatar asked Sep 17 '14 13:09

Rick

People also ask

What is authentication in Rails?

Stealing a user's session ID lets an attacker use the web application in the victim's name. Many web applications have an authentication system: a user provides a username and password, the web application checks them and stores the corresponding user id in the session hash. From now on, the session is valid.

How do I create an exception message in Rails?

Exception handling in Ruby on Rails is similar to exception handling in Ruby. Which means, we enclose the code that could raise an exception in a begin/end block and use rescue clauses to tell Ruby the types of exceptions we want to handle.

1 Answers

Rails doesn't seem to map an exception to :unauthorized.

The default mappings are defined in activerecord/lib/active_record/railtie.rb:

config.action_dispatch.rescue_responses.merge!(   'ActiveRecord::RecordNotFound'   => :not_found,   'ActiveRecord::StaleObjectError' => :conflict,   'ActiveRecord::RecordInvalid'    => :unprocessable_entity,   'ActiveRecord::RecordNotSaved'   => :unprocessable_entity )

and actionpack/lib/action_dispatch/middleware/exception_wrapper.rb:

@@rescue_responses.merge!(   'ActionController::RoutingError'             => :not_found,   'AbstractController::ActionNotFound'         => :not_found,   'ActionController::MethodNotAllowed'         => :method_not_allowed,   'ActionController::UnknownHttpMethod'        => :method_not_allowed,   'ActionController::NotImplemented'           => :not_implemented,   'ActionController::UnknownFormat'            => :not_acceptable,   'ActionController::InvalidAuthenticityToken' => :unprocessable_entity,   'ActionDispatch::ParamsParser::ParseError'   => :bad_request,   'ActionController::BadRequest'               => :bad_request,   'ActionController::ParameterMissing'         => :bad_request )

You could add a custom exception from within your application's configuration (or a custom Railtie):

Your::Application.configure do    config.action_dispatch.rescue_responses.merge!(     'AuthorizationException' => :unauthorized   )    # ...  end

Or simply use rescue_from.

like image 190
Stefan Avatar answered Sep 21 '22 13:09

Stefan
Sign in to Comment

Related questions

Ruby - ActiveRecord::ConnectionNotEstablished
Automatic code quality tool for Ruby? [closed]
Ruby Geolocation Gem/Plugins [closed]
How do you get the Ruby on Rails generated id of a form element for reference in JavaScript?
Undefined method with "_path" while using rails form_for
Ruby on Rails memory leak when looping through large number of records; find_each doesn't help
Rails model.valid? flushing custom errors and falsely returning true
Rails 3 - select with Include?
pry gem how to reload?
How would you test observers with rSpec in a Ruby on Rails application?
How to pass an instance variable to an RSpec shared example
Rails 3 remote form: How do I specify the content type?
How to properly do model testing with ActiveStorage in rails?
Generate PDF from Rails
How to cancel scheduled job with delayed_job in Rails?
How much performance do you get out a Heroku dynos/workers?
How can I get url for paperclip image in to_json
How to update ruby in windows
Is Time.zone.now.to_date equivalent to Date.today?
How do I declare a string with both single and double quotes in YAML?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!