Create custom error page for Pundit errors

StemboltHQ · Apr 4, 2017 · 4073dc8 · 4073dc8
1 parent 304a1ed
commit 4073dc8
Show file tree

Hide file tree

Showing 7 changed files with 57 additions and 0 deletions.
diff --git a/app/controllers/errors_controller.rb b/app/controllers/errors_controller.rb
@@ -0,0 +1,5 @@
+class ErrorsController < ApplicationController
+  def forbidden
+    render status: 403
+  end
+end
diff --git a/app/views/errors/forbidden.html.erb b/app/views/errors/forbidden.html.erb
@@ -0,0 +1,7 @@
+<div class='main'>
+  <h1>Woops!</h1>
+  <p>You do not have access to this page.</p>
+  <% if !current_person %>
+    <p>  This is most likely being caused because you are not <%= link_to 'signed in', '/auth/google_oauth2' %>.</p>
+  <% end %>
+</div>
diff --git a/config/application.rb b/config/application.rb
@@ -11,5 +11,11 @@ class Application < Rails::Application
     # Settings in config/environments/* take precedence over those specified here.
     # Application configuration should go into files in config/initializers
     # -- all .rb files in that directory are automatically loaded.
+
+    config.action_dispatch
+          .rescue_responses["Pundit::NotAuthorizedError"] = :forbidden
+
+    require Rails.root.join('lib/custom_public_exceptions')
+    config.exceptions_app = CustomPublicExceptions.new(Rails.public_path)
   end
 end
diff --git a/config/routes.rb b/config/routes.rb
@@ -3,6 +3,7 @@
   get 'auth/failure', to: redirect('/')
   get 'signout', to: 'sessions#destroy', as: 'signout'
   get 'authentication/google', to: 'authentication#google'
+  match '/403', to: 'errors#forbidden', via: :all
 
   resources :sessions, only: [:destroy]
   resources :people

diff --git a/lib/custom_public_exceptions.rb b/lib/custom_public_exceptions.rb
@@ -0,0 +1,10 @@
+class CustomPublicExceptions < ActionDispatch::PublicExceptions
+  def call(env)
+    status = env["PATH_INFO"][1..-1]
+    if status == '403'
+      Rails.application.routes.call(env)
+    else
+      super
+    end
+  end
+end
diff --git a/spec/controllers/errors_controller_spec.rb b/spec/controllers/errors_controller_spec.rb
@@ -0,0 +1,9 @@
+require 'rails_helper'
+
+RSpec.describe ErrorsController, type: :controller do
+  describe 'GET #forbidden' do
+    subject { get :forbidden }
+    it { is_expected.to render_template :forbidden }
+    it { is_expected.to have_http_status(403) }
+  end
+end
diff --git a/spec/lib/custom_public_exceptions_spec.rb b/spec/lib/custom_public_exceptions_spec.rb
@@ -0,0 +1,19 @@
+require 'rails_helper'
+
+RSpec.describe CustomPublicExceptions do
+  describe '#call' do
+    subject { described_class.new(Rails.public_path).call(env) }
+
+    context 'the status is 403' do
+      let(:env) { Rack::MockRequest.env_for('/403') }
+      it { is_expected.to be_instance_of(Array) }
+      it { is_expected.to start_with 403 }
+    end
+
+    context 'the status is not 403' do
+      let(:env) { Rack::MockRequest.env_for('/500') }
+      it { is_expected.to be_instance_of(Array) }
+      it { is_expected.to start_with 500 }
+    end
+  end
+end