Merge branch 'master' into staging

author: Luc Donnet 2016-10-12 23:06:15 +0200
committer: Luc Donnet 2016-10-12 23:06:15 +0200
commit: 56e6b5146aca41563b8e64ce95a7cd183fe80b13 (patch)
tree: d3a845d76419a77fafbda66b9bf08f5379ce1ca5 /app/controllers/application_controller.rb
parent: c2403fa61c0639d2165af57e6db993a429ae5984 (diff)
parent: d66abf8f9b58ddeeabc4e53e8ed1fd382b9f1907 (diff)
download: chouette-core-56e6b5146aca41563b8e64ce95a7cd183fe80b13.tar.bz2
1 files changed, 8 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index fa3874632..c2414f5bb 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,9 +1,13 @@
 class ApplicationController < ActionController::Base
+  include Pundit
+  rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
+
   # TODO : Delete hack to authorize Cross Request for js and json get request from javascript
   protect_from_forgery unless: -> { request.get? && (request.format.json? || request.format.js?) }
   before_action :authenticate_user!
   before_action :set_locale
 
+
   # Load helpers in rails engine
   helper LanguageEngine::Engine.helpers
 
@@ -13,6 +17,10 @@ class ApplicationController < ActionController::Base
 
   protected
 
+  def user_not_authorized
+    render :file => "#{Rails.root}/public/403.html", :status => :forbidden, :layout => false
+  end
+
   def current_organisation
     current_user.organisation if current_user
   end
author	Luc Donnet	2016-10-12 23:06:15 +0200
committer	Luc Donnet	2016-10-12 23:06:15 +0200
commit	56e6b5146aca41563b8e64ce95a7cd183fe80b13 (patch)
tree	d3a845d76419a77fafbda66b9bf08f5379ce1ca5 /app/controllers/application_controller.rb
parent	c2403fa61c0639d2165af57e6db993a429ae5984 (diff)
parent	d66abf8f9b58ddeeabc4e53e8ed1fd382b9f1907 (diff)
download	chouette-core-56e6b5146aca41563b8e64ce95a7cd183fe80b13.tar.bz2