fix: raise error when an action is call on a smartcollection (#605)

Author: matthv

app/controllers/forest_liana/smart_actions_controller.rb

@@ -5,20 +5,19 @@ class SmartActionsController < ForestLiana::ApplicationController
     rescue_from ForestLiana::Ability::Exceptions::ActionConditionError, with: :render_error
     include ForestLiana::Ability
     if Rails::VERSION::MAJOR < 4
-      before_filter :smart_action_pre_perform_checks
+      before_filter :get_smart_action_request
+      before_filter :find_resource
+      before_filter :check_permission_for_smart_route
+      before_filter :ensure_record_ids_in_scope
     else
-      before_action :smart_action_pre_perform_checks
+      before_action :get_smart_action_request
+      before_action :find_resource
+      before_action :check_permission_for_smart_route
+      before_action :ensure_record_ids_in_scope
     end
 
     private
 
-    def smart_action_pre_perform_checks
-      get_smart_action_request
-      find_resource
-      check_permission_for_smart_route
-      ensure_record_ids_in_scope
-    end
-
     def get_smart_action_request
       begin
         params[:data][:attributes]
@@ -31,18 +30,11 @@ def get_smart_action_request
     end
 
     def find_resource
-      begin
         @resource = SchemaUtils.find_model_from_collection_name(@parameters[:data][:attributes][:collection_name])
-        if @resource.nil? || !SchemaUtils.model_included?(@resource) ||
-          !@resource.ancestors.include?(ActiveRecord::Base)
-          render serializer: nil, json: { status: 404 }, status: :not_found
+        if @resource.nil? || !SchemaUtils.model_included?(@resource) || !@resource.ancestors.include?(ActiveRecord::Base)
+          raise ForestLiana::Errors::HTTP422Error.new('The conditional smart actions are not supported with Smart Collection. Please contact an administrator.')
         end
         @resource
-      rescue => error
-        FOREST_REPORTER.report error
-        FOREST_LOGGER.error "Find Collection error: #{error}\n#{format_stacktrace(error)}"
-        render serializer: nil, json: { status: 404 }, status: :not_found
-      end
     end
 
     def check_permission_for_smart_route

app/services/forest_liana/ability.rb

@@ -7,18 +7,27 @@ module Ability
     def forest_authorize!(action, user, collection, args = {})
       case action
       when 'browse', 'read', 'edit', 'add', 'delete', 'export'
-          raise ForestLiana::Ability::Exceptions::AccessDenied.new unless is_crud_authorized?(action, user, collection)
+        raise ForestLiana::Ability::Exceptions::AccessDenied.new unless is_crud_authorized?(action, user, collection)
       when 'chart'
-          if ALLOWED_PERMISSION_LEVELS.exclude?(user['permission_level'])
-            raise ForestLiana::Errors::HTTP422Error.new('The argument parameters is missing') if args[:parameters].nil?
-            raise ForestLiana::Ability::Exceptions::AccessDenied.new unless is_chart_authorized?(user, args[:parameters])
-          end
+        if ALLOWED_PERMISSION_LEVELS.exclude?(user['permission_level'])
+          raise ForestLiana::Errors::HTTP422Error.new('The argument parameters is missing') if args[:parameters].nil?
+          raise ForestLiana::Ability::Exceptions::AccessDenied.new unless is_chart_authorized?(user, args[:parameters])
+        end
       when 'action'
-          raise ForestLiana::Errors::HTTP422Error.new('You must implement the arguments : parameters, endpoint & http_method') if args[:parameters].nil? || args[:endpoint].nil? || args[:http_method].nil?
-          is_smart_action_authorized?(user, collection, args[:parameters], args[:endpoint], args[:http_method])
+        validate_collection collection
+        raise ForestLiana::Errors::HTTP422Error.new('You must implement the arguments : parameters, endpoint & http_method') if args[:parameters].nil? || args[:endpoint].nil? || args[:http_method].nil?
+        is_smart_action_authorized?(user, collection, args[:parameters], args[:endpoint], args[:http_method])
       else
         raise ForestLiana::Ability::Exceptions::AccessDenied.new
       end
     end
+
+    private
+
+    def validate_collection(collection)
+      if collection.nil? || !SchemaUtils.model_included?(collection)
+        raise ForestLiana::Errors::HTTP422Error.new('The conditional smart actions are not supported with Smart Collection. Please contact an administrator.')
+      end
+    end
   end
 end

app/services/forest_liana/schema_utils.rb

@@ -32,7 +32,6 @@ def self.many_associations(active_record_class)
 
     def self.find_model_from_collection_name(collection_name, logs = false)
       model_found = nil
-
       ForestLiana.models.each do |model|
         if model.abstract_class?
           model_found = self.find_model_from_abstract_class(model, collection_name)

spec/services/forest_liana/ability/ability_spec.rb

@@ -42,6 +42,14 @@ module Ability
           user['permission_level'] = 'admin'
           expect(dummy_class.forest_authorize!('chart', user, Island.first, {parameters: []})).to equal nil
         end
+
+        it 'should raise error 422 when the collection is nil on action ability' do
+          expect { dummy_class.forest_authorize!('action', :user, nil) }.to raise_error(ForestLiana::Errors::HTTP422Error, "The conditional smart actions are not supported with Smart Collection. Please contact an administrator.")
+        end
+
+        it 'should raise error 422 when the collection is not a ActiveRecord children on action ability' do
+          expect { dummy_class.forest_authorize!('action', :user, class Example; end ) }.to raise_error(ForestLiana::Errors::HTTP422Error, "The conditional smart actions are not supported with Smart Collection. Please contact an administrator.")
+        end
       end
     end
   end