Extract permission denied logic into object

sealink · Nov 5, 2015 · 90bde59 · 90bde59
1 parent e1bec45
commit 90bde59
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 22 deletions.
diff --git a/lib/right_on/action_controller_extensions.rb b/lib/right_on/action_controller_extensions.rb
@@ -40,35 +40,16 @@ def access_allowed?(opts={})
 
     # Called if a security check determines permission is denied
     def permission_denied
-      @right_allowed = Right.all.detect{|right| right.allowed?(controller_action_options)}
-      @roles_allowed = @right_allowed.roles if @right_allowed
-      @controller_name = params[:controller] unless @right_allowed
+      @permission_denied_response = PermissionDeniedResponse.new(params, controller_action_options)
 
       respond_to do |format|
         format.html { render status: 401, template: 'permission_denied', layout: (permission_denied_layout || false) }
         format.json do
-          render status: 401, json: {
-            error: 'Permission Denied',
-            right_allowed: @right_allowed.try(:name) || 'No right assigned for this action. Please contact your system administrator',
-            roles_for_right: @roles_allowed ? @roles_allowed.map(&:title) : 'N/A (as no right is assigned for this action)'
-          }
+          render status: 401, json: @permission_denied_response.to_json
         end
         format.js do
           render :update, status: 401 do |page|
-            msg = if @right_allowed
-              <<-MESSAGE
-You are not authorised to perform the requested operation.
-Right required: #{@right_allowed}
-This right is given to the following roles: #{@roles_allowed.map(&:title).join(", ")}.
-Contact your system manager to be given this right.
-MESSAGE
-            else
-              <<-MESSAGE
-No right is defined for this page: #{@controller_name}
-Contact your system manager to notify this problem.
-MESSAGE
-            end
-            page.alert(msg)
+            page.alert(@permission_denied_layout.text_message)
           end
         end
       end

diff --git a/lib/right_on/permission_denied_response.rb b/lib/right_on/permission_denied_response.rb
@@ -0,0 +1,43 @@
+module RightOn
+  class PermissionDeniedResponse
+    attr_reader :right_allowed, :roles_allowed, :controller_name
+
+    def initialize(params, controller_action_options)
+      @params = params
+      @right_allowed = Right.all.detect{|right| right.allowed?(controller_action_options)}
+      @roles_allowed = @right_allowed.roles if @right_allowed
+      @controller_name = @params[:controller] unless @right_allowed
+    end
+
+    def text_message
+      if @right_allowed
+        <<-MESSAGE
+You are not authorised to perform the requested operation.
+Right required: #{@right_allowed}
+This right is given to the following roles: #{@roles_allowed.map(&:title).join(", ")}.
+Contact your system manager to be given this right.
+MESSAGE
+      else
+        no_right_for_page
+      end
+    end
+
+    def to_json
+      {
+        error: 'Permission Denied',
+        right_allowed: (@right_allowed ? @right_allowed.name : no_right_for_page),
+        roles_for_right: (@roles_allowed ? @roles_allowed.map(&:title) : no_roles_for_page)
+      }
+    end
+
+    private
+
+    def no_right_for_page
+      "No right is defined for this page: #{@controller_name}. Contact your system manager to notify this problem."
+    end
+
+    def no_roles_for_page
+      'N/A (as no right is assigned for this action)'
+    end
+  end
+end