Respond with 403 Forbidden instead of 401 Unauthorized

2019-02-02 07:00:49 +05:00 · 2019-02-02 07:00:49 +05:00 · 0686053927
parent 783363a6c6
commit 0686053927
12 changed files with 15 additions and 15 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -12,7 +12,7 @@ class ApplicationController < ActionController::Base
  after_action :verify_policy_scoped, only: :index

  rescue_from ActiveRecord::RecordNotFound, with: :render_not_found
-  rescue_from Pundit::NotAuthorizedError,   with: :render_unauthorized
+  rescue_from Pundit::NotAuthorizedError,   with: :render_forbidden

  helper_method :current_account

@ -53,8 +53,8 @@ private
    end
  end

-  def render_unauthorized
-    render status: :unauthorized, json: {}
+  def render_forbidden
+    render status: :forbidden, json: {}
  end

  def render_method_not_allowed
--- a/spec/requests/callbacks/telegram_bots/updates/create_spec.rb
+++ b/spec/requests/callbacks/telegram_bots/updates/create_spec.rb
@ -34,7 +34,7 @@ RSpec.describe 'POST /callbacks/telegram_bots/:telegram_bot_id/updates' do
    end

    specify do
-      expect(response).to have_http_status :unauthorized
+      expect(response).to have_http_status :forbidden
    end
  end
 end
--- a/spec/requests/membership_apps/create_spec.rb
+++ b/spec/requests/membership_apps/create_spec.rb
@ -63,7 +63,7 @@ RSpec.describe 'POST /join' do
      before { make_request }

      specify do
-        expect(response).to have_http_status :unauthorized
+        expect(response).to have_http_status :forbidden
      end
    end
  end
@ -85,7 +85,7 @@ RSpec.describe 'POST /join' do
      before { make_request }

      specify do
-        expect(response).to have_http_status :unauthorized
+        expect(response).to have_http_status :forbidden
      end
    end
  end
--- a/spec/requests/settings/profile/edit_spec.rb
+++ b/spec/requests/settings/profile/edit_spec.rb
@ -10,7 +10,7 @@ RSpec.describe 'GET /settings/profile/edit' do

  for_account_types nil do
    specify do
-      expect(response).to have_http_status :unauthorized
+      expect(response).to have_http_status :forbidden
    end
  end

--- a/spec/requests/settings/profile/update_spec.rb
+++ b/spec/requests/settings/profile/update_spec.rb
@ -25,7 +25,7 @@ RSpec.describe 'PATCH/PUT /settings/profile' do
    before { make_request }

    specify do
-      expect(response).to have_http_status :unauthorized
+      expect(response).to have_http_status :forbidden
    end
  end

--- a/spec/requests/settings/telegram_contacts/index_spec.rb
+++ b/spec/requests/settings/telegram_contacts/index_spec.rb
@ -15,7 +15,7 @@ RSpec.describe 'GET /settings/telegram_contacts' do

  for_account_types nil do
    specify do
-      expect(response).to have_http_status :unauthorized
+      expect(response).to have_http_status :forbidden
    end
  end

--- a/spec/requests/staff/membership_apps/index_spec.rb
+++ b/spec/requests/staff/membership_apps/index_spec.rb
@ -13,7 +13,7 @@ RSpec.describe 'GET /staff/membership_apps' do

  for_account_types nil, :guest, :usual do
    specify do
-      expect(response).to have_http_status :unauthorized
+      expect(response).to have_http_status :forbidden
    end
  end

--- a/spec/requests/staff/membership_apps/show_spec.rb
+++ b/spec/requests/staff/membership_apps/show_spec.rb
@ -12,7 +12,7 @@ RSpec.describe 'GET /staff/membership_apps/:id' do

  for_account_types nil, :guest, :usual do
    specify do
-      expect(response).to have_http_status :unauthorized
+      expect(response).to have_http_status :forbidden
    end
  end

--- a/spec/requests/staff/telegram_bots/index_spec.rb
+++ b/spec/requests/staff/telegram_bots/index_spec.rb
@ -13,7 +13,7 @@ RSpec.describe 'GET /staff/telegram_bots' do

  for_account_types nil, :guest, :usual do
    specify do
-      expect(response).to have_http_status :unauthorized
+      expect(response).to have_http_status :forbidden
    end
  end

--- a/spec/requests/staff/telegram_bots/show_spec.rb
+++ b/spec/requests/staff/telegram_bots/show_spec.rb
@ -12,7 +12,7 @@ RSpec.describe 'GET /staff/telegram_bots/:id' do

  for_account_types nil, :guest, :usual do
    specify do
-      expect(response).to have_http_status :unauthorized
+      expect(response).to have_http_status :forbidden
    end
  end

--- a/spec/requests/staff/telegram_chats/index_spec.rb
+++ b/spec/requests/staff/telegram_chats/index_spec.rb
@ -13,7 +13,7 @@ RSpec.describe 'GET /staff/telegram_chats' do

  for_account_types nil, :guest, :usual do
    specify do
-      expect(response).to have_http_status :unauthorized
+      expect(response).to have_http_status :forbidden
    end
  end

--- a/spec/requests/staff/telegram_chats/show_spec.rb
+++ b/spec/requests/staff/telegram_chats/show_spec.rb
@ -12,7 +12,7 @@ RSpec.describe 'GET /staff/telegram_chats/:id' do

  for_account_types nil, :guest, :usual do
    specify do
-      expect(response).to have_http_status :unauthorized
+      expect(response).to have_http_status :forbidden
    end
  end