handle rescue_from Pundit::NotAuthorizedError

3 years ago · 1aa34a5cb8
3 changed files with 31 additions and 3 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,12 +1,18 @@
 class ApplicationController < ActionController::Base
  include Pundit::Authorization
  rescue_from Pundit::NotAuthorizedError, with: :render_not_authorized
  before_action :set_paper_trail_whodunnit
  def render_not_found
    render "errors/not_found", status: :not_found
  end
  def render_not_authorized
    render "errors/not_found", status: :unauthorized
  end
  def render_not_found_json(class_name, id)
    render json: { error: "#{class_name} #{id} not found" }, status: :not_found
  end
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@ -0,0 +1,23 @@
 require "rails_helper"
 RSpec.describe ApplicationController do
  describe "when Pundit::NotAuthorizedError raised" do
    render_views
    controller do
      def index
        raise Pundit::NotAuthorizedError, "error goes here"
      end
    end
    it "returns status 401 unauthorized" do
      get :index
      expect(response).to be_unauthorized
    end
    it "renders page not found" do
      get :index
      expect(response.body).to have_content("Page not found")
    end
  end
 end
--- a/spec/requests/bulk_upload_lettings_results_controller_spec.rb
+++ b/spec/requests/bulk_upload_lettings_results_controller_spec.rb
@ -45,9 +45,8 @@ RSpec.describe BulkUploadLettingsResultsController, type: :request do
      let(:viewing_user) { other_user }
      it "is not accessible" do
-        expect {
+        get "/lettings-logs/bulk-upload-results/#{bulk_upload.id}/summary"
-          get "/lettings-logs/bulk-upload-results/#{bulk_upload.id}/summary"
+        expect(response).to be_unauthorized
        }.to raise_error(Pundit::NotAuthorizedError)
      end
    end