catch unoothorized

app/controllers/application_controller.rb

@@ -1,11 +1,18 @@
 class ApplicationController < ActionController::Base
   before_action :configure_permitted_parameters, if: :devise_controller?
+
   include Pundit::Authorization
   alias :current_user :current_member
+  rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
 
   protected
 
   def configure_permitted_parameters
     devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
   end
+
+  def user_not_authorized
+    flash[:alert] = "You are not authorized to perform this action."
+    redirect_back(fallback_location: root_path)
+  end
 end