refactor forbidden

Author: idelahoz

app/controllers/application_controller.rb

@@ -1,8 +1,11 @@
+require 'errors/forbidden_path_error'
+
 class ApplicationController < ActionController::API
   include CanCan::ControllerAdditions
 
   rescue_from CanCan::AccessDenied, with: :not_authorized
   rescue_from ActiveRecord::RecordNotFound, :with => :not_found
+  rescue_from ForbiddenPathError, :with => :forbidden
 
   before_filter :fetch_team
 
@@ -24,6 +27,10 @@ def current_team_membership
     TeamMembership.find_by!(user: current_user, team: current_team) if current_team.present?
   end
 
+  def restrict_to_team_subdomain
+    raise ForbiddenPathError, "Resource not allowed" unless has_team_subdomain?
+  end
+
   private
 
   def has_team_subdomain?

app/controllers/pages_controller.rb

@@ -6,6 +6,8 @@
 class PagesController < ApplicationController
   acts_as_token_authentication_handler_for User, fallback_to_devise: false
 
+  before_filter :restrict_to_team_subdomain
+
   def index
     authorize! :read, Page
 
@@ -29,16 +31,12 @@ def create
   end
 
   def update
-    if has_team_subdomain?
-      authorize! :update, current_page
-      page = TeamPlaybook::Scenario::UpdatePage.new.call(page: current_page, page_params: page_params)
-      if page.valid?
-        render json: page, status: 200
-      else
-        render json: {error: page.errors.full_messages.to_sentence}, status: :unprocessable_entity
-      end
+    authorize! :update, current_page
+    page = TeamPlaybook::Scenario::UpdatePage.new.call(page: current_page, page_params: page_params)
+    if page.valid?
+      render json: page, status: 200
     else
-      forbidden
+      render json: {error: page.errors.full_messages.to_sentence}, status: :unprocessable_entity
     end
   end
 

lib/errors/forbidden_path_error.rb

@@ -0,0 +1,2 @@
+class ForbiddenPathError < StandardError
+end