Commit 1ff08c9
committed
Don't load resource via CanCanCan in Api::ProjectsController
As I explained in the previous commit, the `load_project` before action
is where we want the project to be loaded, i.e. via `ProjectLoader` so
that it's found by a combination of `Project#identifier` and
`Project#locale`.
To make this clearer, I've changed the `load_and_authorize_resource`
before action to `authorize_resource` [1], so the CanCanCan
authorization uses the project found by the `load_project` before
action.
However, this meant that if the project was *not* found by the
`load_project` before action an exception was raised in
`Project::Update.call` resulting in a 422 Unprocessable Entity response
with the following error message:
Error persisting changes: undefined method `components' for nil:NilClass
To fix this I'm now raising an `ActiveRecord::RecordNotFound` exception
in the `load_project` before action if no project is found. This results
in the expected 404 Not Found response.
I think there's a strong case to be made the this exception raising
behaviour should be added to `ProjectLoader#load`. However, that's a
bigger change with a lot more risk, so I'm going to leave that for now.
Note that I've retained the load resource functionality for the `create`
action, because the `load_project` before action isn't triggered for
`create` and the authorize resource functionality seems to rely on the
project built by the load resource step and I want to keep changes to a
minimum.
[1]: https://github.com/CanCanCommunity/cancancan/blob/3.4.0/docs/controller_helpers.md#authorize_resource-load_resource-load_and_authorize_resource1 parent 939fa85 commit 1ff08c9
1 file changed
+3
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
10 | | - | |
| 10 | + | |
| 11 | + | |
11 | 12 | | |
12 | 13 | | |
13 | 14 | | |
| |||
73 | 74 | | |
74 | 75 | | |
75 | 76 | | |
| 77 | + | |
76 | 78 | | |
77 | 79 | | |
78 | 80 | | |
| |||
0 commit comments