diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php
old mode 100644
new mode 100755
index 545c4e6a..6bf9ea83
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
@@ -5,12 +5,14 @@
 use Whoops\Run;
 use Whoops\Handler\PrettyPageHandler;
 use Gzero\Validator\ValidationException;
+use Gzero\Api\AccessForbiddenException;
 use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
 
 class Handler extends ExceptionHandler {
 
     const VALIDATION_ERROR = 400;   // (Bad Request)
     const SERVER_ERROR = 500;       // (Internal Server Error)
+    const FORBIDDEN_ERROR = 403;    // (Forbidden Error)
 
     /**
      * A list of the exception types that should not be reported.
@@ -59,35 +61,48 @@ public function render($request, Exception $e)
                     ),
                     $request
                 );
-            } else if (App::environment() == 'production') {
+            } elseif ($e instanceof AccessForbiddenException) {
                 return $CORS->addActualRequestHeaders(
                     response()->json(
                         [
-                            'code'  => self::SERVER_ERROR,
-                            'error' => [
-                                'message' => ($e->getMessage()) ? $e->getMessage() : 'Internal Server Error',
-                            ]
+                            'code'  => self::FORBIDDEN_ERROR,
+                            'error' => ($e->getMessage()) ? $e->getMessage() : 'Forbidden.'
                         ],
-                        self::SERVER_ERROR
+                        self::FORBIDDEN_ERROR
                     ),
                     $request
                 );
             } else {
-                return $CORS->addActualRequestHeaders(
-                    response()->json(
-                        [
-                            'code'  => self::SERVER_ERROR,
-                            'error' => [
-                                'type'    => get_class($e),
-                                'message' => ($e->getMessage()) ? $e->getMessage() : 'Internal Server Error',
-                                'file'    => $e->getFile(),
-                                'line'    => $e->getLine(),
-                            ]
-                        ],
-                        self::SERVER_ERROR
-                    ),
-                    $request
-                );
+                if (App::environment() == 'production') {
+                    return $CORS->addActualRequestHeaders(
+                        response()->json(
+                            [
+                                'code'  => self::SERVER_ERROR,
+                                'error' => [
+                                    'message' => ($e->getMessage()) ? $e->getMessage() : 'Internal Server Error',
+                                ]
+                            ],
+                            self::SERVER_ERROR
+                        ),
+                        $request
+                    );
+                } else {
+                    return $CORS->addActualRequestHeaders(
+                        response()->json(
+                            [
+                                'code'  => self::SERVER_ERROR,
+                                'error' => [
+                                    'type'    => get_class($e),
+                                    'message' => ($e->getMessage()) ? $e->getMessage() : 'Internal Server Error',
+                                    'file'    => $e->getFile(),
+                                    'line'    => $e->getLine(),
+                                ]
+                            ],
+                            self::SERVER_ERROR
+                        ),
+                        $request
+                    );
+                }
             }
         } else {
             if (config('app.debug')) {