catch unoothorized

This commit is contained in:
Torsten 2023-01-16 19:30:10 +02:00
parent 459cea35e1
commit 62b7f139d9

View File

@ -1,11 +1,18 @@
class ApplicationController < ActionController::Base class ApplicationController < ActionController::Base
before_action :configure_permitted_parameters, if: :devise_controller? before_action :configure_permitted_parameters, if: :devise_controller?
include Pundit::Authorization include Pundit::Authorization
alias :current_user :current_member alias :current_user :current_member
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
protected protected
def configure_permitted_parameters def configure_permitted_parameters
devise_parameter_sanitizer.permit(:sign_up, keys: [:name]) devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
end end
def user_not_authorized
flash[:alert] = "You are not authorized to perform this action."
redirect_back(fallback_location: root_path)
end
end end