sealink · mnoack · Apr 13, 2018 · Apr 12, 2018 · Apr 13, 2018 · Apr 12, 2018
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@ This changelog adheres to [Keep a CHANGELOG](http://keepachangelog.com/).
 - Internal improvement of RightOn::ByGroup
 - Internal extraction of 'allowed?' feature for failure message
 - CanCanRight functionality merged into RightOn
+- Cleanup of CanCanRight/RightOn merge
 
 ### Fixed
 - [TT-3352] Ensure roles currently in use cannot be deleted

diff --git a/lib/right_on/action_controller_extensions.rb b/lib/right_on/action_controller_extensions.rb
diff --git a/lib/right_on/by_group.rb b/lib/right_on/by_group.rb
@@ -42,7 +42,9 @@ def action_rights(controller, actions)
     end
 
     def rights_by_name!(name)
-      @rights_by_name[name] or fail name.inspect
+      @rights_by_name[name] or fail RightOn::RightNotFound, name.inspect
     end
   end
+
+  RightNotFound = Class.new(RightOn::Error)
 end
diff --git a/lib/right_on/controller_additions.rb b/lib/right_on/controller_additions.rb
@@ -1,5 +1,14 @@
 module RightOn
   module ControllerAdditions
+    def self.included(base)
+      base.module_eval do
+        class_attribute :rights_from
+        class_attribute :permission_denied_layout
+      end
+    end
+
+    private
+
     def authorize_action!
       controller = (self.rights_from || params[:controller]).to_s
       action = params[:action].to_s
@@ -10,14 +19,34 @@ def authorize_action!
     end
 
     def can_access_controller_action?(controller, action)
-      (can?(:access, controller) && !Right.where(subject: controller + '#' + action).exists?) ||
+      (can?(:access, controller) && !Right.where(ccr_subject: controller + '#' + action).exists?) ||
         can?(:access, controller + '#' + action)
     end
-  end
-end
 
-if defined? ActionController::Base
-  ActionController::Base.class_eval do
-    include RightOn::ControllerAdditions
+    def access_granted?
+      can? :access, [params[:controller], params[:action]].join('#')
+    end
+
+    def rescue_access_denied(exception)
+      @permission_denied_response = RightOn::PermissionDeniedResponse.new(params, controller_action_options)
+
+      respond_to do |format|
+        format.html do
+          render status:   :unauthorized,
+                 template: 'permission_denied',
+                 layout:   ( permission_denied_layout || false )
+        end
+
+        format.json do
+          render status: :unauthorized, json: @permission_denied_response.to_json
+        end
+      end
+    end
+
+    def controller_action_options
+      opts = params.slice(:controller, :action)
+      opts[:controller] = rights_from.to_s if rights_from
+      opts
+    end
   end
 end
diff --git a/lib/right_on/rails.rb b/lib/right_on/rails.rb
@@ -1,7 +1,11 @@
 require 'right_on/role_model'
+require 'right_on/ability'
+require 'right_on/rule'
+require 'right_on/error'
 require 'right_on/right'
 require 'right_on/role'
 require 'right_on/right_allowed'
 require 'right_on/by_group'
-require 'right_on/action_controller_extensions'
+require 'cancan/exceptions'
+require 'right_on/controller_additions'
 require 'right_on/permission_denied_response'
diff --git a/spec/action_controller_extensions_spec.rb b/spec/action_controller_extensions_spec.rb
diff --git a/spec/controller_additions_spec.rb b/spec/controller_additions_spec.rb
@@ -22,7 +22,6 @@ def self.where(args)
 describe RightOn::ControllerAdditions do
   let(:rule_override) { false }
   before do
-    rule_class = class_double('RightOn::ControllerAdditions::Model')
     allow(RightOn::Right).to receive(:where).and_return(double(exists?: rule_override))
   end
 
@@ -36,6 +35,8 @@ def initialize(user)
     end
 
     class Controller < ActionController::Base
+      include RightOn::ControllerAdditions
+
       def rights_from
         nil
       end
@@ -54,10 +55,6 @@ def current_user
     Controller.new
   }
 
-  it 'should respond to authorize_action!' do
-    expect(controller.respond_to? :authorize_action!).to be_truthy
-  end
-
   describe 'private #authorize_action!' do
     context 'when the ability has a matching rule' do
       let(:right) {

diff --git a/spec/right_on_spec.rb b/spec/right_on_spec.rb
@@ -100,38 +100,3 @@
     end
   end
 end
-
-describe 'when checking accessibility to a controller' do
-
-  let(:test_controller_right) { RightOn::Right.new(name: 'test', controller: 'test') }
-  let(:user) { double(rights: [test_controller_right]) }
-  let(:controller) { 'test' }
-  let(:action) { 'index' }
-  let(:params) { {controller: 'test', action: 'index'} }
-
-  before do
-    stub_const 'TestController', double(current_user: user, params: params)
-    TestController.extend RightOn::ActionControllerExtensions
-    allow(TestController).to receive(:rights_from).and_return(nil)
-  end
-
-  specify { expect(TestController.access_allowed?(controller)).to be_truthy }
-  specify { expect(TestController.access_allowed?('other')).to be_falsey }
-  specify { expect(TestController.access_allowed_to_controller?(controller)).to be_truthy }
-  specify { expect(TestController.access_allowed_to_controller?('other')).to be_falsey }
-
-  describe 'when inheriting rights' do
-    let(:controller) { 'test_inherited' }
-
-    before do
-      stub_const 'TestInheritedController', double(current_user: user, params: params)
-      TestInheritedController.extend RightOn::ActionControllerExtensions
-      allow(TestInheritedController).to receive(:rights_from).and_return(:test)
-    end
-
-    specify { expect(TestInheritedController.access_allowed?(controller)).to be_falsey }
-    specify { expect(TestInheritedController.access_allowed?('other')).to be_falsey }
-    specify { expect(TestInheritedController.access_allowed_to_controller?(controller)).to be_truthy }
-    specify { expect(TestInheritedController.access_allowed_to_controller?('other')).to be_falsey }
-  end
-end
diff --git a/spec/support/bootstrap.rb b/spec/support/bootstrap.rb
@@ -1,18 +1,4 @@
 class Bootstrap
-  def self.reset_database
-    RightOn::Right.delete_all
-    RightOn::Role.delete_all
-    User.delete_all
-
-    basic_right = RightOn::Right.create!(name: 'basic', controller: 'basic')
-    admin_right = RightOn::Right.create!(name: 'admin', controller: 'admin')
-    basic_role  = RightOn::Role.create!(title: 'Basic', rights: [basic_right])
-    admin_role  = RightOn::Role.create!(title: 'Admin', rights: [admin_right])
-
-    User.create!(name: 'basic', roles: [basic_role])
-    User.create!(name: 'admin', roles: [basic_role, admin_role])
-  end
-
   def self.various_rights_with_actions
     RightOn::Right.delete_all
     {

diff --git a/spec/support/coverage_loader.rb b/spec/support/coverage_loader.rb
@@ -1,4 +1,4 @@
 require 'simplecov-rcov'
 require 'coveralls'
 require 'coverage/kit'
-Coverage::Kit.setup(minimum_coverage: 92.2)
+Coverage::Kit.setup(minimum_coverage: 92.8)