Refs #3033 : Redirect to 403 page if not authorised

5 files changed, 13 insertions, 13 deletions

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 2bdf8078a..f2c9b4c6f 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -22,7 +22,7 @@ class ApplicationController < ActionController::Base
   protected
 
   def user_not_authorized
-    render :file => "#{Rails.root}/public/403.html", :status => :forbidden, :layout => false
+    redirect_to forbidden_path
   end
 
   def current_organisation
diff --git a/app/controllers/errors_controller.rb b/app/controllers/errors_controller.rb
index 94e0d7b4c..252b8fdfa 100644
--- a/app/controllers/errors_controller.rb
+++ b/app/controllers/errors_controller.rb
@@ -7,7 +7,7 @@ class ErrorsController < ApplicationController
     render status: 500
   end
 
-  def not_allowed
+  def forbidden
     render status: 403
   end
 end
diff --git a/app/views/errors/not_allowed.html.slim b/app/views/errors/forbidden.html.slim
index 6c94328cc..4ca3a6dbf 100644
--- a/app/views/errors/not_allowed.html.slim
+++ b/app/views/errors/forbidden.html.slim
@@ -11,11 +11,11 @@
           - if I18n.locale == :fr
             p
               strong = "Désolé, la page demandée la page n'est pas accessible avec votre profil utilisateur."
-            
+
             p = "Vous pouvez néanmoins continuer à utiliser l'application IBOO."
-              
+
           - else
             p
               strong = "You are not allowed to access the page you were looking for."
-            
+
             p = "You can still continue the use the IBOO application. Thank you for understanding."
diff --git a/config/routes.rb b/config/routes.rb
index 5b9cf0ea8..8415d49df 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -213,9 +213,9 @@ ChouetteIhm::Application.routes.draw do
 
   get '/help/(*slug)' => 'help#show'
 
-  match '/404', to: 'errors#not_found', via: :all
-  match '/403', to: 'errors#not_allowed', via: :all
-  match '/422', to: 'errors#server_error', via: :all
-  match '/500', to: 'errors#server_error', via: :all
+  match '/404', to: 'errors#not_found', via: :all, as: 'not_found'
+  match '/403', to: 'errors#forbidden', via: :all, as: 'forbidden'
+  match '/422', to: 'errors#server_error', via: :all, as: 'unprocessable_entity'
+  match '/500', to: 'errors#server_error', via: :all, as: 'server_error'
 
 end
diff --git a/spec/controllers/errors_controller_spec.rb b/spec/controllers/errors_controller_spec.rb
index 558fd0aa4..7f95d5470 100644
--- a/spec/controllers/errors_controller_spec.rb
+++ b/spec/controllers/errors_controller_spec.rb
@@ -15,11 +15,11 @@ RSpec.describe ErrorsController, type: :controller do
     end
   end
 
-  describe 'GET not_allowed' do
-    before(:each) { get 'not_allowed' }
+  describe 'GET forbidden' do
+    before(:each) { get 'forbidden' }
 
-    it 'renders the not_allowed template' do
-      expect(response).to render_template('not_allowed')
+    it 'renders the forbidden template' do
+      expect(response).to render_template('forbidden')
     end
 
     it 'returns 403 status code' do