fix(permissions): fetch permissions return an exception when the server doesn't return an 200 response (#635)

Author: matthv

app/controllers/forest_liana/application_controller.rb

@@ -4,6 +4,7 @@
 module ForestLiana
   class ApplicationController < ForestLiana::BaseController
     rescue_from ForestLiana::Ability::Exceptions::AccessDenied, with: :render_error
+    rescue_from ForestLiana::Errors::HTTP403Error, with: :render_error
     rescue_from ForestLiana::Errors::HTTP422Error, with: :render_error
 
     def self.papertrail?

app/services/forest_liana/ability/fetch.rb

@@ -2,20 +2,12 @@ module ForestLiana
   module Ability
     module Fetch
       def get_permissions(route)
-        begin
-          response = ForestLiana::ForestApiRequester.get(route)
+        response = ForestLiana::ForestApiRequester.get(route)
 
-          if response.is_a?(Net::HTTPOK)
-            JSON.parse(response.body)
-          else
-            raise "Forest API returned an #{ForestLiana::Errors::HTTPErrorHelper.format(response)}"
-          end
-        rescue => exception
-          FOREST_REPORTER.report exception
-          FOREST_LOGGER.error 'Cannot retrieve the permissions from the Forest server.'
-          FOREST_LOGGER.error 'Which was caused by:'
-          ForestLiana::Errors::ExceptionHelper.recursively_print(exception, margin: ' ', is_error: true)
-          nil
+        if response.is_a?(Net::HTTPOK)
+          JSON.parse(response.body)
+        else
+          raise ForestLiana::Errors::HTTP403Error.new("Permission could not be retrieved")
         end
       end
     end

app/services/forest_liana/ability/permission.rb

@@ -6,7 +6,7 @@ module Ability
     module Permission
       include Fetch
 
-      TTL = (ENV['FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS'] || 1).to_i.second
+      TTL = (ENV['FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS'] || 900).to_i.second
 
       def is_crud_authorized?(action, user, collection)
         return true unless has_permission_system?

spec/services/forest_liana/ability/permission_spec.rb

@@ -327,6 +327,17 @@ module Ability
           expect {dummy_class.is_smart_action_authorized?(user, String, parameters, '/forest/actions/my_action', 'POST')}.to raise_error(ForestLiana::Errors::ExpectedError, 'The collection String doesn\'t exist')
         end
       end
+
+      describe 'when the server doesn\'t return an success response' do
+        before do
+          Rails.cache.clear
+        end
+
+        it 'should return an exception' do
+          allow(ForestLiana::ForestApiRequester).to receive(:get).and_return(instance_double(HTTParty::Response, code: 500, body: nil))
+          expect { dummy_class.is_crud_authorized?('browse', user, Island.first) }.to raise_error(ForestLiana::Errors::HTTP403Error, 'Permission could not be retrieved')
+        end
+      end
     end
   end
 end