From 0c9bd7c224b5b8d4ce27bfdb3ec445335fda9c03 Mon Sep 17 00:00:00 2001 From: Victor Pereira Date: Tue, 11 Aug 2020 00:07:20 +0200 Subject: [PATCH] Move Webui::WebuiController rescue_from blocks to a concern --- src/api/.rubocop.yml | 1 + .../concerns/webui/rescue_handler.rb | 56 +++++++++++++++++++ .../app/controllers/webui/webui_controller.rb | 52 +---------------- 3 files changed, 58 insertions(+), 51 deletions(-) create mode 100644 src/api/app/controllers/concerns/webui/rescue_handler.rb diff --git a/src/api/.rubocop.yml b/src/api/.rubocop.yml index 56e968dc8fd..08a8152d608 100644 --- a/src/api/.rubocop.yml +++ b/src/api/.rubocop.yml @@ -75,6 +75,7 @@ Metrics/BlockLength: - '**/*.rake' # FIXME: Since exclusions in `.rubocop_todo.yml` are simply ignored when we also exclude files here, the following exclusions are TODOs - 'app/controllers/concerns/rescue_handler.rb' + - 'app/controllers/concerns/webui/rescue_handler.rb' - 'app/models/binary_release.rb' - 'app/models/branch_package.rb' - 'app/models/bs_request.rb' diff --git a/src/api/app/controllers/concerns/webui/rescue_handler.rb b/src/api/app/controllers/concerns/webui/rescue_handler.rb new file mode 100644 index 00000000000..8a8efb9c0c9 --- /dev/null +++ b/src/api/app/controllers/concerns/webui/rescue_handler.rb @@ -0,0 +1,56 @@ +module Webui::RescueHandler + extend ActiveSupport::Concern + + included do + rescue_from Pundit::NotAuthorizedError do |exception| + pundit_action = case exception.try(:query).to_s + when 'index?' then 'list' + when 'show?' then 'view' + when 'create?' then 'create' + when 'new?' then 'create' + when 'update?' then 'update' + when 'edit?' then 'edit' + when 'destroy?' then 'delete' + when 'create_branch?' then 'create_branch' + else exception.try(:query) + end + message = if pundit_action && exception.record + "Sorry, you are not authorized to #{pundit_action} this #{exception.record.class}." + else + 'Sorry, you are not authorized to perform this action.' + end + if request.xhr? + render json: { error: message }, status: 400 + else + flash[:error] = message + redirect_back(fallback_location: root_path) + end + end + + rescue_from Backend::Error, Timeout::Error do |exception| + Airbrake.notify(exception) + message = case exception + when Backend::Error + 'There has been an internal error. Please try again.' + when Timeout::Error + 'The request timed out. Please try again.' + end + + if request.xhr? + render json: { error: message }, status: 400 + else + flash[:error] = message + redirect_back(fallback_location: root_path) + end + end + + # FIXME: just because there is some data missing to compute the request? + # Please check: + # http://guides.rubyonrails.org/active_record_validations.html + class MissingParameterError < RuntimeError; end + rescue_from MissingParameterError do |exception| + logger.debug "#{exception.class.name} #{exception.message} #{exception.backtrace.join('\n')}" + render file: Rails.root.join('public/404'), status: 404, layout: false, formats: [:html] + end + end +end diff --git a/src/api/app/controllers/webui/webui_controller.rb b/src/api/app/controllers/webui/webui_controller.rb index 1b760635353..eecffc80b6f 100644 --- a/src/api/app/controllers/webui/webui_controller.rb +++ b/src/api/app/controllers/webui/webui_controller.rb @@ -10,6 +10,7 @@ class Webui::WebuiController < ActionController::Base include Pundit include FlipperFeature + include Webui::RescueHandler protect_from_forgery before_action :set_influxdb_data @@ -24,57 +25,6 @@ class Webui::WebuiController < ActionController::Base # :notice and :alert are default, we add :success and :error add_flash_types :success, :error - rescue_from Pundit::NotAuthorizedError do |exception| - pundit_action = case exception.try(:query).to_s - when 'index?' then 'list' - when 'show?' then 'view' - when 'create?' then 'create' - when 'new?' then 'create' - when 'update?' then 'update' - when 'edit?' then 'edit' - when 'destroy?' then 'delete' - when 'create_branch?' then 'create_branch' - else exception.try(:query) - end - if pundit_action && exception.record - message = "Sorry, you are not authorized to #{pundit_action} this #{exception.record.class}." - else - message = 'Sorry, you are not authorized to perform this action.' - end - if request.xhr? - render json: { error: message }, status: 400 - else - flash[:error] = message - redirect_back(fallback_location: root_path) - end - end - - rescue_from Backend::Error, Timeout::Error do |exception| - Airbrake.notify(exception) - message = case exception - when Backend::Error - 'There has been an internal error. Please try again.' - when Timeout::Error - 'The request timed out. Please try again.' - end - - if request.xhr? - render json: { error: message }, status: 400 - else - flash[:error] = message - redirect_back(fallback_location: root_path) - end - end - - # FIXME: This is more than stupid. Why do we tell the user that something isn't found - # just because there is some data missing to compute the request? Someone needs to read - # http://guides.rubyonrails.org/active_record_validations.html - class MissingParameterError < RuntimeError; end - rescue_from MissingParameterError do |exception| - logger.debug "#{exception.class.name} #{exception.message} #{exception.backtrace.join('\n')}" - render file: Rails.root.join('public/404'), status: 404, layout: false, formats: [:html] - end - def valid_xml_id(rawid) rawid = "_#{rawid}" if rawid !~ /^[A-Za-z_]/ # xs:ID elements have to start with character or '_' CGI.escapeHTML(rawid.gsub(/[+&: .\/~()@#]/, '_'))