Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade cancancan gem #181

Merged
merged 3 commits into from
May 10, 2024
Merged

upgrade cancancan gem #181

merged 3 commits into from
May 10, 2024

Conversation

wendelfabianchinsamy
Copy link
Contributor

Purpose

closes: Add github issue that originated this PR

Approach

Open Questions and Pre-Merge TODOs

Learning

Types of changes

  • Bug fix (non-breaking change which fixes an issue)

  • New feature (non-breaking change which adds functionality)

  • Breaking change (fix or feature that would cause existing functionality to change)

Reviewer, please remember our guidelines:

  • Be humble in the language and feedback you give, ask don't tell.
  • Consider using positive language as opposed to neutral when offering feedback. This is to avoid the negative bias that can occur with neutral language appearing negative.
  • Offer suggestions on how to improve code e.g. simplification or expanding clarity.
  • Ensure you give reasons for the changes you are proposing.

@wendelfabianchinsamy wendelfabianchinsamy requested review from codycooperross and a team May 9, 2024 13:06
richardhallett
richardhallett reviewed May 9, 2024
View reviewed changes
app/controllers/reports_controller.rb Outdated
@@ -152,6 +152,9 @@ def set_report
end

def set_user_hash
if current_user&.uid.blank?
raise CanCan::AccessDenied.new("Not authorized")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should already be covered by:
https://github.com/datacite/sashimi/blob/master/app/controllers/reports_controller.rb#L17
That should raise the cancan exception, typically you dont raise it yourself.
But perhaps the order is wrong for when the JWT is decoded.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@richardhallett seems that authorize_resource seems to pass even when no token is provided. I've rather bumped the gem version this seems to give me the NoMethodError instead of a 500 error.

@wendelfabianchinsamy wendelfabianchinsamy changed the title handle unauthorized requests gracefully upgrade cancancan gem May 10, 2024
@wendelfabianchinsamy wendelfabianchinsamy requested a review from a team May 10, 2024 14:40
@wendelfabianchinsamy wendelfabianchinsamy merged commit c99fae4 into master May 10, 2024
2 checks passed
@wendelfabianchinsamy wendelfabianchinsamy deleted the test-sentry-logging branch May 10, 2024 14:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaysiz kaysiz kaysiz approved these changes

@richardhallett richardhallett richardhallett approved these changes

@codycooperross codycooperross Awaiting requested review from codycooperross

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wendelfabianchinsamy @richardhallett @kaysiz