Module: EVSS::Authorizeable

Extended by:

ActiveSupport::Concern

Defined in:

app/controllers/concerns/evss/authorizeable.rb

Instance Method Summary

• #authorize_evss! ⇒ Object
• #error_detail ⇒ Object private
• #missing_values ⇒ String private

  Returns a comma-separated string of the user’s blank attributes.

Instance Method Details

#authorize_evss! ⇒ Object

# File 'app/controllers/concerns/evss/authorizeable.rb', line 7

def authorize_evss!
  unless EVSSPolicy.new(@current_user, :evss).access?
    raise Common::Exceptions::Forbidden.new(detail: error_detail, source: 'EVSS')
  end
end

#error_detail ⇒ Object (private)

# File 'app/controllers/concerns/evss/authorizeable.rb', line 15

def error_detail
  "User does not have access to the requested resource due to missing values: #{missing_values}"
end

#missing_values ⇒ String (private)

Returns a comma-separated string of the user’s blank attributes. ‘participant_id` is AKA `corp_id`.

Returns:

• (String) —

  Comma-separated string of the attribute names

# File 'app/controllers/concerns/evss/authorizeable.rb', line 23

def missing_values
  missing = []

  missing << 'corp_id' if @current_user.participant_id.blank?
  missing << 'edipi' if @current_user.edipi.blank?
  missing << 'ssn' if @current_user.ssn.blank?

  missing.join(', ')
end