From 62b7f139d90e7122f5f26b183c71c54fd87eeef5 Mon Sep 17 00:00:00 2001
From: Torsten <torsten@rubydesign.fi>
Date: Mon, 16 Jan 2023 19:30:10 +0200
Subject: [PATCH] catch unoothorized

---
 app/controllers/application_controller.rb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index e5a826c..b9887bf 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,11 +1,18 @@
 class ApplicationController < ActionController::Base
   before_action :configure_permitted_parameters, if: :devise_controller?
+
   include Pundit::Authorization
   alias :current_user :current_member
+  rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
 
   protected
 
   def configure_permitted_parameters
     devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
   end
+
+  def user_not_authorized
+    flash[:alert] = "You are not authorized to perform this action."
+    redirect_back(fallback_location: root_path)
+  end
 end