Refactor /insights to throw a Pundit exception if no current_user is set

app/controllers/application_controller.rb

@@ -14,8 +14,15 @@ class ApplicationController < ActionController::Base
     @current_user ||= ExternalUser.find_by(id: session[:external_user_id]) || login_from_session || login_from_other_sources
   end
 
+  def require_user!
+    raise Pundit::NotAuthorizedError unless current_user
+  end
+
   def render_not_authorized
-    redirect_to(request.referrer || :root, alert: t('application.not_authorized'))
+    respond_to do |format|
+      format.html { redirect_to(request.referrer || :root, alert: t('application.not_authorized')) }
+      format.json { render json: {error: t('application.not_authorized')}, status: :unauthorized }
+    end
   end
   private :render_not_authorized
 

app/controllers/flowr_controller.rb

@@ -1,13 +1,7 @@
 class FlowrController < ApplicationController
 
   def insights
-    unless current_user
+    require_user!
-      skip_authorization
-      respond_to do |format|
-        format.html { render_not_authorized }
-        format.json { render json: {}, status: :unauthorized }
-      end
-    else
     # get the latest submission for this user that also has a test run (i.e. structured_errors if applicable)
     submission = Submission.joins(:testruns)
                      .where(submissions: {user_id: current_user.id, user_type: current_user.class.name})
@@ -28,11 +22,8 @@ class FlowrController < ApplicationController
       { submission: submission, error: error, attributes: attributes, query: query }
     end
 
-      respond_to do |format|
+    # Always return JSON
-        format.html { render json: insights, status: :ok }
+    render json: insights, status: :ok
-        format.json { render json: insights, status: :ok }
-      end
-    end
   end
 
   def is_interesting(attribute)