Merge pull request #20 from appfolio/fixMethodNotAllowedException

allow grape to return 405 when route method for route is not defined
appfolio · Jul 29, 2019 · 79c6605 · 79c6605
2 parents c98c3a4 + a6bfe01
commit 79c6605
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/lib/declarative_authorization/controller/grape.rb b/lib/declarative_authorization/controller/grape.rb
@@ -37,6 +37,12 @@ def authorization_engine
           end
 
           def filter_access_filter # :nodoc:
+            begin
+              route
+            rescue
+              # Acceessing route raises an exception when the response is a 405 MethodNotAllowed
+              return
+            end
             unless allowed?("#{request.request_method} #{route.origin}")
               if respond_to?(:permission_denied, true)
                 # permission_denied needs to render or redirect

diff --git a/test/grape_api_test.rb b/test/grape_api_test.rb
@@ -26,6 +26,12 @@ class SpecificMocks < MocksAPI
   class BasicAPITest < ApiTestCase
     tests SpecificMocks
 
+    def test_method_not_allowed
+      reader = Authorization::Reader::DSLReader.new
+      request!(MockUser.new(:test_role), "/specific_mocks/test_action", reader, method: :delete)
+      assert_equal 405, last_response.status
+    end
+
     def test_filter_access_to_receiving_an_explicit_array
       reader = Authorization::Reader::DSLReader.new