From 5848e03e9655d74cdea84eb66286cf7696ee2ee4 Mon Sep 17 00:00:00 2001
From: Vlatka Pavisic
Date: Tue, 25 Apr 2017 16:00:32 +0200
Subject: Refs #3033 : Redirect to 403 page if not authorised

---
 app/controllers/application_controller.rb |  2 +-
 app/controllers/errors_controller.rb      |  2 +-
 app/views/errors/forbidden.html.slim      | 21 +++++++++++++++++++++
 app/views/errors/not_allowed.html.slim    | 21 ---------------------
 4 files changed, 23 insertions(+), 23 deletions(-)
 create mode 100644 app/views/errors/forbidden.html.slim
 delete mode 100644 app/views/errors/not_allowed.html.slim

(limited to 'app')

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 2bdf8078a..f2c9b4c6f 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -22,7 +22,7 @@ class ApplicationController < ActionController::Base
   protected
 
   def user_not_authorized
-    render :file => "#{Rails.root}/public/403.html", :status => :forbidden, :layout => false
+    redirect_to forbidden_path
   end
 
   def current_organisation
diff --git a/app/controllers/errors_controller.rb b/app/controllers/errors_controller.rb
index 94e0d7b4c..252b8fdfa 100644
--- a/app/controllers/errors_controller.rb
+++ b/app/controllers/errors_controller.rb
@@ -7,7 +7,7 @@ class ErrorsController < ApplicationController
     render status: 500
   end
 
-  def not_allowed
+  def forbidden
     render status: 403
   end
 end
diff --git a/app/views/errors/forbidden.html.slim b/app/views/errors/forbidden.html.slim
new file mode 100644
index 000000000..4ca3a6dbf
--- /dev/null
+++ b/app/views/errors/forbidden.html.slim
@@ -0,0 +1,21 @@
+/ PageHeader
+= pageheader 'bug',
+             'Erreur 403',
+             ''
+
+.page_content
+  .container-fluid
+    .row
+      .col-lg-12
+        .alert.alert-danger
+          - if I18n.locale == :fr
+            p
+              strong = "Désolé, la page demandée la page n'est pas accessible avec votre profil utilisateur."
+
+            p = "Vous pouvez néanmoins continuer à utiliser l'application IBOO."
+
+          - else
+            p
+              strong = "You are not allowed to access the page you were looking for."
+
+            p = "You can still continue the use the IBOO application. Thank you for understanding."
diff --git a/app/views/errors/not_allowed.html.slim b/app/views/errors/not_allowed.html.slim
deleted file mode 100644
index 6c94328cc..000000000
--- a/app/views/errors/not_allowed.html.slim
+++ /dev/null
@@ -1,21 +0,0 @@
-/ PageHeader
-= pageheader 'bug',
-             'Erreur 403',
-             ''
-
-.page_content
-  .container-fluid
-    .row
-      .col-lg-12
-        .alert.alert-danger
-          - if I18n.locale == :fr
-            p
-              strong = "Désolé, la page demandée la page n'est pas accessible avec votre profil utilisateur."
-            
-            p = "Vous pouvez néanmoins continuer à utiliser l'application IBOO."
-              
-          - else
-            p
-              strong = "You are not allowed to access the page you were looking for."
-            
-            p = "You can still continue the use the IBOO application. Thank you for understanding."
-- 
cgit v1.2.3