-1

In my application_controller.rb I have the following line

rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized

Now, in one method, I would like to handle that specific error differently and I've added this to one method in a controller.

class MyClass < ApplicationController
  def my_method

    # raising the Pundit::NotAuthorizedError in the method
    authorize resource, :my_method?
  
  rescue Pundit::NotAuthorizedError
    # code on how to deal with the error
  end
end

If I execute the code, the error handler from application_controller.rb will be handling my error instead of the error handler in the method.

So my question is, what is the precedence of the error handlers and is there any way I can change this, so that the error is handled in the method and not globally?

fydelio
  • 932
  • 1
  • 8
  • 22
  • I am pretty sure that the `rescue` in the method should have precedence over the `rescue_from`. In other words, afaik there is no chance for the rescue to bubble up to the `rescue_from` unless you re-raise it. Is there any chance, that the `Pundid::NotAuthorizedError` caught by the `rescue_from` was triggered by a different method? In your code example I do not see a typo in the Error-Name, but I'd also double check this in your real code. – trueunlessfalse Jul 01 '21 at 07:37
  • No, actually you seem to be right. I can reproduce it. I have to think about it for a moment. – trueunlessfalse Jul 01 '21 at 07:44

1 Answers1

-1

Please forget my previous answer, I myself made a mistake when reproducing your issue. In deed I am not able to reproduce it.

Please have a look at this little demo app I created:

https://github.com/andi-dev/rescue-handler-demo/blob/master/app/controllers/peas_controller.rb

The rescue_from handler is not executed, and the browser shows what I render from the rescue block within the action-method.

trueunlessfalse
  • 1,163
  • 10
  • 16
  • I think it's releated to the Pundit Gem. With authorize (Pundit method) I'm calling a different class, where the authorization / permissions are checked. Hence the error get's raised in a different class (CustomApplicationPolicy < ApplicationPolicy), which is why probably the global error handling is catching the error. My assumption – fydelio Jul 01 '21 at 08:36
  • If the call to `authorize` is directly triggering the error, it shouldn't matter that it is being raised in a different class. If `authorize` however only registers how this action should be authorized, and the actual authorization happens somewhere else, you could well be right. – trueunlessfalse Jul 01 '21 at 08:52
  • But looking into the pundit code, here it seems that the exception should be directly raised when calling `authorize`: https://github.com/varvet/pundit/blob/a09548c826b85ced18a2e54ec6195f68cb61dad2/lib/pundit.rb#L224 – trueunlessfalse Jul 01 '21 at 08:55
  • I would still recommend to debug this further on your end. Are you doing something in the methods rescue-block, that could trigger another Pundit::NotAuthorizedError? For instance redirecting to a different action? – trueunlessfalse Jul 01 '21 at 08:57
  • You are right. I did find the error. In one of the authorize methods (in a pundit class) I did explicitly raise the Pundit::NotAuthorizedError, which then the global rescue_from error_handler catched! – fydelio Jul 01 '21 at 09:30
  • @fydelio Cool, glad I could help. It would be nice if you could accept my answer :) – trueunlessfalse Jul 02 '21 at 16:05