Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CRM457-2019: Move all authorisation logic to Pundit #819

Merged
merged 3 commits into from
Oct 23, 2024
Merged

CRM457-2019: Move all authorisation logic to Pundit #819

merged 3 commits into from
Oct 23, 2024

Conversation

patrick-laa
Copy link
Contributor

@patrick-laa patrick-laa commented Oct 22, 2024
edited
Loading

Description of change

  • Move all logic about what a user can/can't to to Policy objects
  • add authorize calls to controller layer so that users can no longer access screens that are associated with permissions they don't have
  • If a controller action calls neither authorize nor skip_authorization, Pundit will raise an error. This ensures we don't accidentally forget to add authorisation to new actions etc.
  • If a user is unauthorised, redirect to root path with an error message

Link to relevant ticket

Notes for reviewer

The NSM controller specs all broke because Pundit doesn't play nicely with doubled Claim objects. As those controller specs were pretty shonky (they were line-by-line describing the controller code and stubbing every instantiated view model instead of describing the behaviour of the controller), I've rewritten a lot of them.

@patrick-laa patrick-laa marked this pull request as ready for review October 22, 2024 09:13
@patrick-laa patrick-laa requested a review from a team as a code owner October 22, 2024 09:13
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Oct 23, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@patrick-laa patrick-laa merged commit 92c316c into main Oct 23, 2024
9 of 11 checks passed
@patrick-laa patrick-laa deleted the CRM457-2019-pundit branch October 23, 2024 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ivanELEC ivanELEC ivanELEC approved these changes

Assignees
No one assigned
Labels
approved In QA
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@patrick-laa @ivanELEC