声明式授权 - 抓住“授权::未授权”例外

Question

我目前在我的应用程序上使用声明式授权，并尝试从类型Authorization :: NotAuthorized中捕获异常。

我有一个实体，有一个类别。取决于用户在创建此实体时可以创建新类别的角色。在我的：before_validation回调函数中，我指定了类别，并希望能够捕获授权异常以防万一他没有权限。

我可以检查它的作用，并创建一个条件指令，但然后将不得不写所有的角色。

异常被抛出，但我无法在“新”指令中捕捉到它。

代码如下：

# Model 
before_validation :set_category 

def category_name 
    @category_name ||= category.name unless category.nil? 
    @category_name 
end 

def category_name=(name) 
    name.strip! 
    name.downcase! 
    @category_name = name 
end 

def set_category 
    if @category_name and not company.blank? 
     lookup_category = company.categories.not_deleted.find_by_name(@category_name) 
     begin 
      category = lookup_category.blank? ? company.categories.new(:name => @category_name) : lookup_category 
     rescue Authorization::NotAuthorized 
      errors.add(:category, I18n.t('activerecord.errors.messages.exclusion')) 
     end 
    end 
end 

# Controller 
def create 
    @ticket = current_user.created_tickets.new(params[:ticket]) 
    if @ticket.save # Line 88 
    ... 

异常堆栈跟踪：

Authorization::NotAuthorized (No matching rules found for create for #<User id: 36,..."> (roles [:Requester], privileges [:create], context :categories).): 
    /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4.1/lib/declarative_authorization/authorization.rb:168:in `permit!' 
    /Library/Ruby/Gems/1.8/gems/declarative_authorization-0.4.1/lib/declarative_authorization/in_model.rb:131:in `using_access_control' 
    /Library/Ruby/Gems/1.8/gems/after_commit-1.0.7/lib/after_commit/connection_adapters.rb:12:in `transaction' 
    /Library/Ruby/Gems/1.8/gems/after_commit-1.0.7/lib/after_commit/connection_adapters.rb:12:in `transaction' 
    app/controllers/tickets_controller.rb:88:in `create' 

调试器去块内：

# Debugger 
lookup_category = company.categories.not_deleted.find_by_name(@category_name) 
(rdb:3) list 
[275, 284] in /Users/Pedro/projects/trunk/app/models/ticket.rb 
    275  
    276 def set_category 
    277  if @category_name and not self.company.blank? 
    278  begin 
    279   debugger 
=> 280   lookup_category = company.categories.not_deleted.find_by_name(@category_name) 
    281   self.category = lookup_category.blank? ? company.categories.new(:name => @category_name) : lookup_category 
    282  rescue Authorization::NotAuthorized 
    283   self.errors.add(:category, I18n.t('activerecord.errors.messages.exclusion')) 
    284  end 
(rdb:3) n 
/Users/Pedro/projects/trunk/app/models/ticket.rb:281 
self.category = lookup_category.blank? ? company.categories.new(:name => @category_name) : lookup_category 
(rdb:3) list 
[276, 285] in /Users/Pedro/projects/trunk/app/models/ticket.rb 
    276 def set_category 
    277  if @category_name and not self.company.blank? 
    278  begin 
    279   debugger 
    280   lookup_category = company.categories.not_deleted.find_by_name(@category_name) 
=> 281   self.category = lookup_category.blank? ? company.categories.new(:name => @category_name) : lookup_category 
    282  rescue Authorization::NotAuthorized 
    283   self.errors.add(:category, I18n.t('activerecord.errors.messages.exclusion')) 
    284  end 
    285  end 
(rdb:3) n 
/Users/Pedro/.gem/ruby/1.8/gems/activesupport-2.3.8/lib/active_support/callbacks.rb:94 
break result if terminator.call(result, object) 
(rdb:3) list 
[89, 98] in /Users/Pedro/.gem/ruby/1.8/gems/activesupport-2.3.8/lib/active_support/callbacks.rb 
    89   unless block_given? 
    90   send(enumerator) { |callback| callback.call(object) } 
    91   else 
    92   send(enumerator) do |callback| 
    93    result = callback.call(object) 
=> 94    break result if terminator.call(result, object) 
    95   end 
    96   end 
    97  end 
    98 
(rdb:3) 

Answer 1

我会说，它打破了begin ... rescue块外面，因此没有被救援所抓住。尝试在控制器的第88行上执行相同的救援。

如果您想在验证过程中处理此操作，可能会尝试在创建对象之前对用户的角色或权限进行测试，而不是捕获只会在创建时引发的异常。

Answer 2

在回调之前捕捉异常是不可能的。我发现做这种验证的最好的办法是：

# Model code 
begin 
    User.with_permissions_to :create, :categories # Raises exception if not permitted 
    ... do whatever you want 
rescue 
    ... do whatever you want 
end 

感谢所有帮助