Refactor rest authorization to raise exceptions deeper

The idea is to raise an AuthorizationException at the same place
we check the authorization instead of in an upper level to be
able to spot where the authorization took place in the exception
backtrace.

Moreover, this changes also makes Rights::allowed? to return
the matching acl so that the upper layer can have a chance to
report which ACL resulted in the match.

Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>

1 files changed, 4 insertions, 4 deletions

diff --git a/spec/unit/network/http/handler.rb b/spec/unit/network/http/handler.rb
index 7b7ef4722..0786d37d2 100755
--- a/spec/unit/network/http/handler.rb
+++ b/spec/unit/network/http/handler.rb
@@ -49,7 +49,7 @@ describe Puppet::Network::HTTP::Handler do
 
             @result = stub 'result', :render => "mytext"
 
-            @handler.stubs(:authorized?).returns(true)
+            @handler.stubs(:check_authorization)
 
             stub_server_interface
         end
@@ -97,7 +97,7 @@ describe Puppet::Network::HTTP::Handler do
 
             @handler.expects(:do_mymethod).with(request, @request, @response)
 
-            @handler.expects(:authorized?).with(request).returns(true)
+            @handler.expects(:check_authorization).with(request)
 
             @handler.process(@request, @response)
         end
@@ -108,9 +108,9 @@ describe Puppet::Network::HTTP::Handler do
 
             @handler.expects(:do_mymethod).never
 
-            @handler.expects(:authorized?).with(request).returns(false)
+            @handler.expects(:check_authorization).with(request).raises(Puppet::Network::AuthorizationError.new("forbindden"))
 
-            @handler.expects(:set_response)#.with { |response, body, status| status == 403 }
+            @handler.expects(:set_response).with { |response, body, status| status == 403 }
 
             @handler.process(@request, @response)
         end