Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

re-enabling auth for rx #417

Merged
merged 10 commits into from
Nov 2, 2016
Merged

re-enabling auth for rx #417

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
df9fea1
re-enabling auth for rx
saneshark Nov 2, 2016
3ecac32
fixing stupid
saneshark Nov 2, 2016
60b907a
DRY up MHV concerns
saneshark Nov 2, 2016
4dd2815
Merge branch 'master' into reenable_auth_rx
saneshark Nov 2, 2016
1d5bd6e
add in the concerns
saneshark Nov 2, 2016
234465f
Merge branch 'reenable_auth_rx' of https://github.com/department-of-v…
saneshark Nov 2, 2016
703df08
bypass simplecov stupidness
saneshark Nov 2, 2016
9cdf16b
fixing issue from code review
saneshark Nov 2, 2016
90a0e9a
Merge branch 'master' into reenable_auth_rx
saneshark Nov 2, 2016
11d258e
Merge branch 'master' into reenable_auth_rx
saneshark Nov 2, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions app/controllers/concerns/mhv_controller_concerns.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# frozen_string_literal: true
module MHVControllerConcerns
extend ActiveSupport::Concern

included do
before_action :authorize
before_action :authenticate_client
end

def authorize
current_user&.can_access_mhv? || raise_access_denied
end

def authenticate_client
client.authenticate if client.session.expired?
end
end
21 changes: 4 additions & 17 deletions app/controllers/rx_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,28 +3,15 @@

class RxController < ApplicationController
include ActionController::Serialization

# Temporarily disabling authenticate from ApplicationController
skip_before_action :authenticate
# before_action :authorize_rx
before_action :authenticate_client
include MHVControllerConcerns

protected

def client
# @client ||= Rx::Client.new(session: { user_id: current_user.mhv_correlation_id })
@client ||= Rx::Client.new(session: { user_id: ENV['MHV_USER_ID'] })
@client ||= Rx::Client.new(session: { user_id: current_user.mhv_correlation_id })
end

# def authorize_rx
# current_user&.can_access_mhv? || raise_access_denied
# end

# def raise_access_denied
# raise Common::Exceptions::Forbidden, detail: 'You do not have access to prescriptions'
# end

def authenticate_client
client.authenticate if client.session.expired?
def raise_access_denied
raise Common::Exceptions::Forbidden, detail: 'You do not have access to prescriptions'
end
end
12 changes: 1 addition & 11 deletions app/controllers/sm_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,25 +3,15 @@

class SMController < ApplicationController
include ActionController::Serialization

before_action :authorize_sm
before_action :authenticate_client
include MHVControllerConcerns

protected

def client
@client ||= SM::Client.new(session: { user_id: current_user.mhv_correlation_id })
end

def authorize_sm
current_user&.can_access_mhv? || raise_access_denied
end

def raise_access_denied
raise Common::Exceptions::Forbidden, detail: 'You do not have access to messaging'
end

def authenticate_client
client.authenticate if client.session.expired?
end
end
2 changes: 1 addition & 1 deletion spec/request/attachments_request_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
let(:message_id) { 573_302 }

before(:each) do
allow_any_instance_of(SMController).to receive(:client).and_return(authenticated_client)
allow(SM::Client).to receive(:new).and_return(authenticated_client)
use_authenticated_current_user(current_user: current_user)
end

Expand Down
2 changes: 1 addition & 1 deletion spec/request/folders_request_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
let(:inbox_id) { 0 }

before(:each) do
allow_any_instance_of(SMController).to receive(:client).and_return(authenticated_client)
allow(SM::Client).to receive(:new).and_return(authenticated_client)
use_authenticated_current_user(current_user: current_user)
end

Expand Down
2 changes: 1 addition & 1 deletion spec/request/message_drafts_request_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
let(:params) { draft.slice(:category, :subject, :body, :recipient_id) }

before(:each) do
allow_any_instance_of(SMController).to receive(:client).and_return(authenticated_client)
allow(SM::Client).to receive(:new).and_return(authenticated_client)
use_authenticated_current_user(current_user: current_user)
end

Expand Down
2 changes: 1 addition & 1 deletion spec/request/messages_request_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
let(:message_id) { 573_059 }

before(:each) do
allow_any_instance_of(SMController).to receive(:client).and_return(authenticated_client)
allow(SM::Client).to receive(:new).and_return(authenticated_client)
use_authenticated_current_user(current_user: current_user)
end

Expand Down
5 changes: 3 additions & 2 deletions spec/request/prescriptions_request_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,14 @@
let(:current_user) { build(:mhv_user) }

before(:each) do
allow_any_instance_of(RxController).to receive(:client).and_return(authenticated_client)
allow(Rx::Client).to receive(:new).and_return(authenticated_client)
use_authenticated_current_user(current_user: current_user)
end

context 'forbidden user' do
let(:current_user) { build(:user) }

xit 'raises access denied' do
it 'raises access denied' do
get '/v0/prescriptions/13651310'

expect(response).to have_http_status(:forbidden)
Expand Down
2 changes: 1 addition & 1 deletion spec/request/triage_teams_request_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
let(:current_user) { build(:mhv_user) }

it 'responds to GET #index' do
allow_any_instance_of(SMController).to receive(:client).and_return(authenticated_client)
allow(SM::Client).to receive(:new).and_return(authenticated_client)
use_authenticated_current_user(current_user: current_user)

VCR.use_cassette('sm_client/triage_teams/gets_a_collection_of_triage_team_recipients') do
Expand Down