声明性授权 - 捕获“Authorization :: NotAuthorized”异常

时间:2010-09-28 09:57:59

标签: ruby-on-rails declarative-authorization

我目前正在我的应用程序上使用声明式授权,并尝试从类型Authorization :: NotAuthorized中捕获异常。

我有一个有类别的实体。根据角色,用户可以在创建此实体时创建新类别。在我的:before_validation回调我分配了类别,并希望能够在他没有权限的情况下捕获授权例外。

我可以检查它的角色并制作条件指令,但之后必须编写所有角色。

异常被抛出,但我无法在“新”指令中捕获它。

代码如下:

# Model
before_validation :set_category

def category_name
    @category_name ||= category.name unless category.nil?
    @category_name
end

def category_name=(name)
    name.strip!
    name.downcase!
    @category_name = name
end

def set_category
    if @category_name and not company.blank?
        lookup_category = company.categories.not_deleted.find_by_name(@category_name)
        begin 
            category = lookup_category.blank? ? company.categories.new(:name => @category_name) : lookup_category
        rescue Authorization::NotAuthorized
           errors.add(:category, I18n.t('activerecord.errors.messages.exclusion'))
        end
    end
end

# Controller
def create
    @ticket = current_user.created_tickets.new(params[:ticket])
    if @ticket.save  # Line 88
    ...

异常堆栈跟踪:

Authorization::NotAuthorized (No matching rules found for create for #<User id: 36,..."> (roles [:Requester], privileges [:create], context :categories).):
  /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4.1/lib/declarative_authorization/authorization.rb:168:in `permit!'
  /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4.1/lib/declarative_authorization/in_model.rb:131:in `using_access_control'
  /Library/Ruby/Gems/1.8/gems/after_commit-1.0.7/lib/after_commit/connection_adapters.rb:12:in `transaction'
  /Library/Ruby/Gems/1.8/gems/after_commit-1.0.7/lib/after_commit/connection_adapters.rb:12:in `transaction'
  app/controllers/tickets_controller.rb:88:in `create'

调试器进入块内:

# Debugger
lookup_category = company.categories.not_deleted.find_by_name(@category_name)
(rdb:3) list
[275, 284] in /Users/Pedro/projects/trunk/app/models/ticket.rb
   275    
   276    def set_category
   277      if @category_name and not self.company.blank?
   278        begin
   279          debugger
=> 280          lookup_category = company.categories.not_deleted.find_by_name(@category_name)
   281          self.category = lookup_category.blank? ? company.categories.new(:name => @category_name) : lookup_category
   282        rescue Authorization::NotAuthorized
   283          self.errors.add(:category, I18n.t('activerecord.errors.messages.exclusion'))
   284        end
(rdb:3) n
/Users/Pedro/projects/trunk/app/models/ticket.rb:281
self.category = lookup_category.blank? ? company.categories.new(:name => @category_name) : lookup_category
(rdb:3) list
[276, 285] in /Users/Pedro/projects/trunk/app/models/ticket.rb
   276    def set_category
   277      if @category_name and not self.company.blank?
   278        begin
   279          debugger
   280          lookup_category = company.categories.not_deleted.find_by_name(@category_name)
=> 281          self.category = lookup_category.blank? ? company.categories.new(:name => @category_name) : lookup_category
   282        rescue Authorization::NotAuthorized
   283          self.errors.add(:category, I18n.t('activerecord.errors.messages.exclusion'))
   284        end
   285      end
(rdb:3) n
/Users/Pedro/.gem/ruby/1.8/gems/activesupport-2.3.8/lib/active_support/callbacks.rb:94
break result if terminator.call(result, object)
(rdb:3) list
[89, 98] in /Users/Pedro/.gem/ruby/1.8/gems/activesupport-2.3.8/lib/active_support/callbacks.rb
   89          unless block_given?
   90            send(enumerator) { |callback| callback.call(object) }
   91          else
   92            send(enumerator) do |callback|
   93              result = callback.call(object)
=> 94              break result if terminator.call(result, object)
   95            end
   96          end
   97        end
   98  
(rdb:3)

2 个答案:

答案 0 :(得分:0)

我会说它在begin ... rescue区块之外突破,因此没有被救援抓住。尝试在控制器的第88行进行相同的救援。

如果要在验证过程中处理此问题,可能会在创建对象之前尝试对用户的角色或权限进行测试,而不是捕获仅在创建时抛出的异常。

答案 1 :(得分:0)

在回调之前捕获异常是不可能的。我发现做这种验证的最好方法是:

# Model code
begin 
    User.with_permissions_to :create, :categories  # Raises exception if not permitted
    ... do whatever you want
rescue
    ... do whatever you want
end

感谢所有帮助