Add PermissionDeniedError error class under GDS::SSO namespace

- Adds a warning log message that the existing PermissionDeniedException should be depracated on a new major release, but it will still work for current apps. The reason is that the new error GDS::SSO::PermissionDeniedError has been created to replace the existing GDS::SSO::ControllerMethods::PermissionDeniedException. Also the new error has been placed on the outer layer of the name-spacing (GDS::SSO), which is more generic than the existing GDS::SSO::ControllerMethods one. And it follows the Rails conventions that the error class names should end with ...Error, which is more indicative that they inherit from StandardError rather than the top level error class Exception. - Updates the Railtie so any rescue errors from PermissionDeniedError will be transformed to :forbidden Rails specific ones.
alphagov · Apr 29, 2024 · 40afea5 · 40afea5
1 parent 41fc5ff
commit 40afea5
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 2 deletions.
diff --git a/lib/gds-sso.rb b/lib/gds-sso.rb
@@ -15,6 +15,7 @@ module SSO
     autoload :User,                     "gds-sso/user"
     autoload :ApiAccess,                "gds-sso/api_access"
     autoload :AuthorisedUserConstraint, "gds-sso/authorised_user_constraint"
+    autoload :PermissionDeniedError,    "gds-sso/controller_methods"
 
     # User to return as logged in during tests
     mattr_accessor :test_user

diff --git a/lib/gds-sso/controller_methods.rb b/lib/gds-sso/controller_methods.rb
@@ -1,11 +1,19 @@
 module GDS
   module SSO
+    class PermissionDeniedError < StandardError
+    end
+
     module ControllerMethods
-      class PermissionDeniedException < StandardError
+      # TODO: remove this for the next major release
+      class PermissionDeniedException < PermissionDeniedError
+        def initialize(...)
+          warn "GDS::SSO::ControllerMethods::PermissionDeniedException is deprecated, please replace with GDS::SSO::PermissionDeniedError"
+          super(...)
+        end
       end
 
       def self.included(base)
-        base.rescue_from PermissionDeniedException do |e|
+        base.rescue_from PermissionDeniedError do |e|
           if GDS::SSO::Config.api_only
             render json: { message: e.message }, status: :forbidden
           else

diff --git a/lib/gds-sso/railtie.rb b/lib/gds-sso/railtie.rb
@@ -7,6 +7,10 @@ class Railtie < Rails::Railtie
           config.api_only = Rails.configuration.api_only
         end
         OmniAuth.config.logger = Rails.logger
+
+        config.action_dispatch.rescue_responses.merge!(
+          "GDS::SSO::PermissionDeniedError" => :forbidden,
+        )
       end
     end
   end