Handling denied permissions in your controllers

Aegis raises Access::Denied when a permission is denied. If you need your application to handle denied permissions in a specific way, use one of the built-in mechanisms in Rails:

• rescue_from
• rescue_action_in_public
• around_filter

Example using rescue_from

Here is an example using rescue_from which displays an Aegis exception as a 403 error:

class ApplicationController < ActionController::Base

  rescue_from Aegis::AccessDenied, :with => :access_denied

  private

  def access_denied
    render :text => e.message, :status => :forbidden
  end 

end

Note that the exception will only be rescued when Rails does not consider the request local. In a default development Rails environment config.consider_all_requests_local is set to true, meaning all rescue mechanisms are disabled and errors will show stack traces instead.

When you’re using Cucumber and Capybara, you can tag a scenario with @allow-rescue to rescue errors for that one scenario.

Example using around_filter

Here is an example for an around_filter which displays an Aegis exception as a 403 error:

class ApplicationController < ActionController::Base

  around_filter :rescue_access_denied

  private

  def rescue_access_denied
    yield
  rescue Aegis::AccessDenied => e 
    render :text => e.message, :status => :forbidden
  end

end