lib/gds-sso/controller_methods.rb in gds-sso-19.0.0 vs lib/gds-sso/controller_methods.rb in gds-sso-19.1.0

@@ -1,13 +1,21 @@
 module GDS
   module SSO
+    class PermissionDeniedError < StandardError
+    end
+
     module ControllerMethods
-      class PermissionDeniedException < StandardError
+      # TODO: remove this for the next major release
+      class PermissionDeniedException < PermissionDeniedError
+        def initialize(...)
+          warn "GDS::SSO::ControllerMethods::PermissionDeniedException is deprecated, please replace with GDS::SSO::PermissionDeniedError"
+          super(...)
+        end
       end
 
       def self.included(base)
-        base.rescue_from PermissionDeniedException do |e|
+        base.rescue_from PermissionDeniedError do |e|
           if GDS::SSO::Config.api_only
             render json: { message: e.message }, status: :forbidden
           else
             render "authorisations/unauthorised", layout: "unauthorised", status: :forbidden, locals: { message: e.message }
           end
@@ -22,26 +30,11 @@
       def authorise_user!(permissions)
         # Ensure that we're authenticated (and by extension that current_user is set).
         # Otherwise current_user might be nil, and we'd error out
         authenticate_user!
 
-        case permissions
-        when String
-          unless current_user.has_permission?(permissions)
-            raise PermissionDeniedException, "Sorry, you don't seem to have the #{permissions} permission for this app."
-          end
-        when Hash
-          raise ArgumentError, "Must be either `any_of` or `all_of`" unless permissions.keys.size == 1
-
-          if permissions[:any_of]
-            authorise_user_with_at_least_one_of_permissions!(permissions[:any_of])
-          elsif permissions[:all_of]
-            authorise_user_with_all_permissions!(permissions[:all_of])
-          else
-            raise ArgumentError, "Must be either `any_of` or `all_of`"
-          end
-        end
+        GDS::SSO::AuthoriseUser.call(current_user, permissions)
       end
 
       def authenticate_user!
         warden.authenticate!
       end
@@ -62,25 +55,9 @@
         warden.logout
       end
 
       def warden
         request.env["warden"]
-      end
-
-    private
-
-      def authorise_user_with_at_least_one_of_permissions!(permissions)
-        if permissions.none? { |permission| current_user.has_permission?(permission) }
-          raise PermissionDeniedException,
-                "Sorry, you don't seem to have any of the permissions: #{permissions.to_sentence} for this app."
-        end
-      end
-
-      def authorise_user_with_all_permissions!(permissions)
-        unless permissions.all? { |permission| current_user.has_permission?(permission) }
-          raise PermissionDeniedException,
-                "Sorry, you don't seem to have all of the permissions: #{permissions.to_sentence} for this app."
-        end
       end
     end
   end
 end