Move CanCan-specific rescuing out from core into auth where it belongs.

Fixes spree#1262. h/t @citrus

auth/app/controllers/spree/admin/admin_resource_controller_decorator.rb

@@ -0,0 +1,3 @@
+Spree::Admin::ResourceController.class_eval do
+  rescue_from CanCan::AccessDenied, :with => :unauthorized
+end

core/app/controllers/spree/admin/resource_controller.rb

@@ -4,7 +4,6 @@ class Spree::Admin::ResourceController < Spree::Admin::BaseController
   helper_method :new_object_url, :edit_object_url, :object_url, :collection_url
   prepend_before_filter :load_resource
   rescue_from ActiveRecord::RecordNotFound, :with => :resource_not_found
-  rescue_from CanCan::AccessDenied, :with => :unauthorized
 
   respond_to :html
   respond_to :js, :except => [:show, :index]

core/spec/requests/admin/products/products_spec.rb

@@ -1,13 +1,6 @@
 require 'spec_helper'
 
 describe "Products" do
-  context "as anonymous user" do
-    # regression test for #1250
-    it "is redirected to login page when attempting to access product listing" do
-      lambda { visit spree.admin_products_path }.should_not raise_error
-    end
-  end
-
   context "as admin user" do
     before(:each) do
       sign_in_as!(Factory(:admin_user))