Respond with 403 Forbidden instead of 401 Unauthorized
This commit is contained in:
parent
783363a6c6
commit
0686053927
|
@ -12,7 +12,7 @@ class ApplicationController < ActionController::Base
|
|||
after_action :verify_policy_scoped, only: :index
|
||||
|
||||
rescue_from ActiveRecord::RecordNotFound, with: :render_not_found
|
||||
rescue_from Pundit::NotAuthorizedError, with: :render_unauthorized
|
||||
rescue_from Pundit::NotAuthorizedError, with: :render_forbidden
|
||||
|
||||
helper_method :current_account
|
||||
|
||||
|
@ -53,8 +53,8 @@ private
|
|||
end
|
||||
end
|
||||
|
||||
def render_unauthorized
|
||||
render status: :unauthorized, json: {}
|
||||
def render_forbidden
|
||||
render status: :forbidden, json: {}
|
||||
end
|
||||
|
||||
def render_method_not_allowed
|
||||
|
|
|
@ -34,7 +34,7 @@ RSpec.describe 'POST /callbacks/telegram_bots/:telegram_bot_id/updates' do
|
|||
end
|
||||
|
||||
specify do
|
||||
expect(response).to have_http_status :unauthorized
|
||||
expect(response).to have_http_status :forbidden
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -63,7 +63,7 @@ RSpec.describe 'POST /join' do
|
|||
before { make_request }
|
||||
|
||||
specify do
|
||||
expect(response).to have_http_status :unauthorized
|
||||
expect(response).to have_http_status :forbidden
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -85,7 +85,7 @@ RSpec.describe 'POST /join' do
|
|||
before { make_request }
|
||||
|
||||
specify do
|
||||
expect(response).to have_http_status :unauthorized
|
||||
expect(response).to have_http_status :forbidden
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -10,7 +10,7 @@ RSpec.describe 'GET /settings/profile/edit' do
|
|||
|
||||
for_account_types nil do
|
||||
specify do
|
||||
expect(response).to have_http_status :unauthorized
|
||||
expect(response).to have_http_status :forbidden
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@ RSpec.describe 'PATCH/PUT /settings/profile' do
|
|||
before { make_request }
|
||||
|
||||
specify do
|
||||
expect(response).to have_http_status :unauthorized
|
||||
expect(response).to have_http_status :forbidden
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@ RSpec.describe 'GET /settings/telegram_contacts' do
|
|||
|
||||
for_account_types nil do
|
||||
specify do
|
||||
expect(response).to have_http_status :unauthorized
|
||||
expect(response).to have_http_status :forbidden
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ RSpec.describe 'GET /staff/membership_apps' do
|
|||
|
||||
for_account_types nil, :guest, :usual do
|
||||
specify do
|
||||
expect(response).to have_http_status :unauthorized
|
||||
expect(response).to have_http_status :forbidden
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@ RSpec.describe 'GET /staff/membership_apps/:id' do
|
|||
|
||||
for_account_types nil, :guest, :usual do
|
||||
specify do
|
||||
expect(response).to have_http_status :unauthorized
|
||||
expect(response).to have_http_status :forbidden
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ RSpec.describe 'GET /staff/telegram_bots' do
|
|||
|
||||
for_account_types nil, :guest, :usual do
|
||||
specify do
|
||||
expect(response).to have_http_status :unauthorized
|
||||
expect(response).to have_http_status :forbidden
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@ RSpec.describe 'GET /staff/telegram_bots/:id' do
|
|||
|
||||
for_account_types nil, :guest, :usual do
|
||||
specify do
|
||||
expect(response).to have_http_status :unauthorized
|
||||
expect(response).to have_http_status :forbidden
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ RSpec.describe 'GET /staff/telegram_chats' do
|
|||
|
||||
for_account_types nil, :guest, :usual do
|
||||
specify do
|
||||
expect(response).to have_http_status :unauthorized
|
||||
expect(response).to have_http_status :forbidden
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@ RSpec.describe 'GET /staff/telegram_chats/:id' do
|
|||
|
||||
for_account_types nil, :guest, :usual do
|
||||
specify do
|
||||
expect(response).to have_http_status :unauthorized
|
||||
expect(response).to have_http_status :forbidden
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Reference in New Issue