Unverified Commit 70756ece authored by azul's avatar azul
Browse files

pundit: treat NotAuthorizedError as forbidden

This way it's getting handled by the exceptions app
which will render a 403 with the appropriate message.

includes test.
parent d45fa292
......@@ -58,6 +58,7 @@ module Crabgrass
'ErrorNotFound' => :not_found,
'Wiki::Sections::SectionNotFoundError' => :not_found,
'PermissionDenied' => :forbidden,
'Pundit::NotAuthorizedError' => :forbidden,
'AuthenticationRequired' => :unauthorized
)
......
......@@ -43,4 +43,14 @@ class ErrorFlowTest < IntegrationTest
assert_content 'Not Found'
assert_equal '/asdfswera', current_path
end
def test_not_authorized
visit '/'
fill_in 'login', with: 'red'
fill_in 'password', with: 'red'
click_button :sign_in.t
visit 'groups/groupwithcouncil/profile/edit'
assert_content 'Permission Denied'
end
end
require 'integration_test'
class GroupProfileTest < IntegrationTest
def setup
super
@user = users(:blue)
login
end
def test_editing_profile
@user = users(:blue)
login
visit '/animals'
click_on 'Settings'
click_on 'Profile'
......@@ -16,4 +13,5 @@ class GroupProfileTest < IntegrationTest
assert_selector 'div[style*="background"][style*="pictures"]'
assert_content 'Summary'
end
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment