Skip to content

Rescue from denied permissions in your controllers

henning-koch edited this page Sep 16, 2010 · 1 revision

When a permission check fails, Aegis::AccessDenied is raised. In this case you might want to show an error message instead of the default "Something went wrong" box.

A quick way to do this is to set a flash and redirect somewhere else:

class ApplicationController < ActionController::Base
  rescue_from Aegis::AccessDenied do |e|
    flash[:error] = "Access denied"
    redirect_to dashboard_path
  end
end

Here is a Cucumber feature that tests this behavior:

Feature: Authentication
  Scenario: Denied permissions set an error flash and redirect to the dashboard
    When I sign in as an author
    And I go to the admin users page
    Then I should see "Access denied"
    And I should be on the dashboard
Something went wrong with that request. Please try again.