app controller: standardize access denied error handling.

Refactor to use `render_error_page` to handle User::PrivilegeError exceptions. This way these exceptions are logged to New Relic. Changes: * Anonymous users aren't automatically redirected to the login page. Instead they're taken to the access denied page, which links to the login/signup pages. * JSON/XML error responses return `message` instead of `reason`.
2019-08-24 22:55:36 -05:00
parent d4c43af1dd
commit c7f8fbbec2
4 changed files with 26 additions and 41 deletions
--- a/test/functional/application_controller_test.rb
+++ b/test/functional/application_controller_test.rb
@@ -120,13 +120,6 @@ class ApplicationControllerTest < ActionDispatch::IntegrationTest
        end
      end

-      context "without any authentication" do
-        should "redirect to the login page" do
-          get edit_user_path(@user)
-          assert_redirected_to new_session_path(url: edit_user_path(@user))
-        end
-      end
-
      context "with cookie-based authentication" do
        should "not allow non-GET requests without a CSRF token" do
          # get the csrf token from the login page so we can login
@@ -158,6 +151,15 @@ class ApplicationControllerTest < ActionDispatch::IntegrationTest
      end
    end

+    context "accessing an unauthorized page" do
+      should "render the access denied page" do
+        get news_updates_path
+
+        assert_response 403
+        assert_select "h1", /Access Denied/
+      end
+    end
+
    context "when the api limit is exceeded" do
      should "fail with a 429 error" do
        user = create(:user)