diff options
Diffstat (limited to 'app/controllers/application_controller.rb')
| -rw-r--r-- | app/controllers/application_controller.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index fa3874632..c2414f5bb 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,9 +1,13 @@ class ApplicationController < ActionController::Base + include Pundit + rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized + # TODO : Delete hack to authorize Cross Request for js and json get request from javascript protect_from_forgery unless: -> { request.get? && (request.format.json? || request.format.js?) } before_action :authenticate_user! before_action :set_locale + # Load helpers in rails engine helper LanguageEngine::Engine.helpers @@ -13,6 +17,10 @@ class ApplicationController < ActionController::Base protected + def user_not_authorized + render :file => "#{Rails.root}/public/403.html", :status => :forbidden, :layout => false + end + def current_organisation current_user.organisation if current_user end |