diff options
| author | Xinhui | 2016-10-07 15:57:34 +0200 |
|---|---|---|
| committer | Xinhui | 2016-10-07 15:57:38 +0200 |
| commit | 8bf58bfada05c61dbd773b74e9e6d91f01d3aae1 (patch) | |
| tree | 78bf4c81874ae161d6d6702be3d311a7c88cd5ca /app/controllers/application_controller.rb | |
| parent | 58c529ecfb27e6f3aea1cf5909dfd86ae1a1c6a9 (diff) | |
| download | chouette-core-8bf58bfada05c61dbd773b74e9e6d91f01d3aae1.tar.bz2 | |
Policy Chouette::StopArea
Refs #1780
Diffstat (limited to 'app/controllers/application_controller.rb')
| -rw-r--r-- | app/controllers/application_controller.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index fa3874632..c2414f5bb 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,9 +1,13 @@ class ApplicationController < ActionController::Base + include Pundit + rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized + # TODO : Delete hack to authorize Cross Request for js and json get request from javascript protect_from_forgery unless: -> { request.get? && (request.format.json? || request.format.js?) } before_action :authenticate_user! before_action :set_locale + # Load helpers in rails engine helper LanguageEngine::Engine.helpers @@ -13,6 +17,10 @@ class ApplicationController < ActionController::Base protected + def user_not_authorized + render :file => "#{Rails.root}/public/403.html", :status => :forbidden, :layout => false + end + def current_organisation current_user.organisation if current_user end |