Refactoring: Removed use of unnecessary exception wrapper method response_access_deny.

2019-02-26 11:37:31 +01:00 · 2019-02-26 11:37:31 +01:00 · e48256c130
commit e48256c130
parent 4f494b57ac
9 changed files with 27 additions and 74 deletions
--- a/.gitignore
+++ b/.gitignore
@ -84,3 +84,6 @@

 # RDoc / YARD
 /doc
+
+# Backup files
+*~
--- a/app/controllers/application_controller/authenticates.rb
+++ b/app/controllers/application_controller/authenticates.rb
@ -3,10 +3,6 @@ module ApplicationController::Authenticates

  private

-  def response_access_deny
-    raise Exceptions::NotAuthorized
-  end
-
  def permission_check(key)
    if @_token_auth
      user = Token.check(
@ -121,9 +117,7 @@ module ApplicationController::Authenticates
      logger.debug { "oauth2 token auth check '#{token}'" }
      access_token = Doorkeeper::AccessToken.by_token(token)

-      if !access_token
-        raise Exceptions::NotAuthorized, 'Invalid token!'
-      end
+      raise Exceptions::NotAuthorized, 'Invalid token!' if !access_token

      # check expire
      if access_token.expires_in && (access_token.created_at + access_token.expires_in) < Time.zone.now
@ -146,9 +140,7 @@ module ApplicationController::Authenticates
      raise Exceptions::NotAuthorized, 'Maintenance mode enabled!'
    end

-    if user.active == false
-      raise Exceptions::NotAuthorized, 'User is inactive!'
-    end
+    raise Exceptions::NotAuthorized, 'User is inactive!' if !user.active

    # check scopes / permission check
    if auth_param[:permission] && !user.permissions?(auth_param[:permission])
--- a/app/controllers/concerns/checks_user_attributes_by_current_user_permission.rb
+++ b/app/controllers/concerns/checks_user_attributes_by_current_user_permission.rb
@ -8,7 +8,7 @@ module ChecksUserAttributesByCurrentUserPermission
    return true if current_user.permissions?('admin.user')

    # non-agents (customers) can't set anything
-    response_access_deny if !current_user.permissions?('ticket.agent')
+    raise Exceptions::NotAuthorized if !current_user.permissions?('ticket.agent')

    # regular agents are not allowed to set Groups and Roles
    %w[Role Group].each do |model|
--- a/app/controllers/form_controller.rb
+++ b/app/controllers/form_controller.rb
@ -159,44 +159,37 @@ class FormController < ApplicationController
  def token_valid?(token, fingerprint)
    if token.blank?
      Rails.logger.info 'No token for form!'
-      response_access_deny
-      return false
+      raise Exceptions::NotAuthorized
    end
    begin
      crypt = ActiveSupport::MessageEncryptor.new(Setting.get('application_secret')[0, 32])
      result = crypt.decrypt_and_verify(Base64.decode64(token))
    rescue
      Rails.logger.info 'Invalid token for form!'
-      response_access_deny
-      return false
+      raise Exceptions::NotAuthorized
    end
    if result.blank?
      Rails.logger.info 'Invalid token for form!'
-      response_access_deny
-      return false
+      raise Exceptions::NotAuthorized
    end
    parts = result.split(/:/)
    if parts.count != 3
      Rails.logger.info "Invalid token for form (need to have 3 parts, only #{parts.count} found)!"
-      response_access_deny
-      return false
+      raise Exceptions::NotAuthorized
    end
    fqdn_local = Base64.decode64(parts[0])
    if fqdn_local != Setting.get('fqdn')
      Rails.logger.info "Invalid token for form (invalid fqdn found #{fqdn_local} != #{Setting.get('fqdn')})!"
-      response_access_deny
-      return false
+      raise Exceptions::NotAuthorized
    end
    fingerprint_local = Base64.decode64(parts[2])
    if fingerprint_local != fingerprint
      Rails.logger.info "Invalid token for form (invalid fingerprint found #{fingerprint_local} != #{fingerprint})!"
-      response_access_deny
-      return false
+      raise Exceptions::NotAuthorized
    end
    if parts[1].to_i < (Time.zone.now.to_i - 60 * 60 * 24)
      Rails.logger.info 'Invalid token for form (token expired})!'
-      response_access_deny
-      return false
+      raise Exceptions::NotAuthorized
    end
    true
  end
@ -206,24 +199,15 @@ class FormController < ApplicationController

    form_limit_by_ip_per_hour = Setting.get('form_ticket_create_by_ip_per_hour') || 20
    result = SearchIndexBackend.search("preferences.form.remote_ip:'#{request.remote_ip}' AND created_at:>now-1h", 'Ticket', limit: form_limit_by_ip_per_hour)
-    if result.count >= form_limit_by_ip_per_hour.to_i
-      response_access_deny
-      return true
-    end
+    raise Exceptions::NotAuthorized if result.count >= form_limit_by_ip_per_hour.to_i

    form_limit_by_ip_per_day = Setting.get('form_ticket_create_by_ip_per_day') || 240
    result = SearchIndexBackend.search("preferences.form.remote_ip:'#{request.remote_ip}' AND created_at:>now-1d", 'Ticket', limit: form_limit_by_ip_per_day)
-    if result.count >= form_limit_by_ip_per_day.to_i
-      response_access_deny
-      return true
-    end
+    raise Exceptions::NotAuthorized if result.count >= form_limit_by_ip_per_day.to_i

    form_limit_per_day = Setting.get('form_ticket_create_per_day') || 5000
    result = SearchIndexBackend.search('preferences.form.remote_ip:* AND created_at:>now-1d', 'Ticket', limit: form_limit_per_day)
-    if result.count >= form_limit_per_day.to_i
-      response_access_deny
-      return true
-    end
+    raise Exceptions::NotAuthorized if result.count >= form_limit_per_day.to_i

    false
  end
@ -232,16 +216,14 @@ class FormController < ApplicationController
    return true if params[:fingerprint].present? && params[:fingerprint].length > 30

    Rails.logger.info 'No fingerprint given!'
-    response_access_deny
-    false
+    raise Exceptions::NotAuthorized
  end

  def enabled?
    return true if params[:test] && current_user && current_user.permissions?('admin.channel_formular')
    return true if Setting.get('form_ticket_create')

-    response_access_deny
-    false
+    raise Exceptions::NotAuthorized
  end

 end
--- a/app/controllers/online_notifications_controller.rb
+++ b/app/controllers/online_notifications_controller.rb
@ -185,11 +185,9 @@ curl http://localhost/api/v1/online_notifications/mark_all_as_read -v -u #{login

  def access?
    notification = OnlineNotification.find(params[:id])
-    if notification.user_id != current_user.id
-      response_access_deny
-      return false
-    end
-    true
+    return true if notification.user_id == current_user.id
+
+    raise Exceptions::NotAuthorized
  end

 end
--- a/app/controllers/organizations_controller.rb
+++ b/app/controllers/organizations_controller.rb
@ -224,10 +224,7 @@ curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Co

  # GET /api/v1/organizations/search
  def search
-
-    if !current_user.permissions?(['admin.organization', 'ticket.agent'])
-      raise Exceptions::NotAuthorized
-    end
+    raise Exceptions::NotAuthorized if !current_user.permissions?(['admin.organization', 'ticket.agent'])

    per_page = params[:per_page] || params[:limit] || 100
    per_page = per_page.to_i
@ -304,11 +301,7 @@ curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Co

  # GET /api/v1/organizations/history/1
  def history
-
-    # permission check
-    if !current_user.permissions?(['admin.organization', 'ticket.agent'])
-      raise Exceptions::NotAuthorized
-    end
+    raise Exceptions::NotAuthorized if !current_user.permissions?(['admin.organization', 'ticket.agent'])

    # get organization data
    organization = Organization.find(params[:id])
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@ -9,10 +9,7 @@ class SearchController < ApplicationController
  def search_generic

    # enable search only for users with valid session
-    if !current_user
-      response_access_deny
-      return true
-    end
+    raise Exceptions::NotAuthorized if !current_user

    # get params
    query = params[:query]
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -242,10 +242,7 @@ class SessionsController < ApplicationController
  def switch_back_to_user

    # check if it's a swich back
-    if !session[:switched_from_user_id]
-      response_access_deny
-      return false
-    end
+    raise Exceptions::NotAuthorized if !session[:switched_from_user_id]

    user = User.lookup(id: session[:switched_from_user_id])
    if !user
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -367,11 +367,7 @@ class UsersController < ApplicationController
  # @response_message 200 [Array<User>] A list of User records matching the search term.
  # @response_message 401               Invalid session.
  def search
-
-    if !current_user.permissions?(['ticket.agent', 'admin.user'])
-      response_access_deny
-      return
-    end
+    raise Exceptions::NotAuthorized if !current_user.permissions?(['ticket.agent', 'admin.user'])

    per_page = params[:per_page] || params[:limit] || 100
    per_page = per_page.to_i
@ -491,12 +487,7 @@ class UsersController < ApplicationController
  # @response_message 200 [History] The History records of the requested User record.
  # @response_message 401           Invalid session.
  def history
-
-    # permission check
-    if !current_user.permissions?(['admin.user', 'ticket.agent'])
-      response_access_deny
-      return
-    end
+    raise Exceptions::NotAuthorized if !current_user.permissions?(['admin.user', 'ticket.agent'])

    # get user data
    user = User.find(params[:id])