diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index b4b2114..6cd30c3 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,4 +2,15 @@ class ApplicationController < ActionController::Base before_filter :authenticate_user! include SentientController protect_from_forgery + + rescue_from CanCan::AccessDenied, ActiveScaffold::ActionNotAllowed do |exception| + flash.now[:error] = exception.message + render :template => 'errors/access_denied', :layout => 'errors' + end + + rescue_from ActiveScaffold::ActionNotAllowed do |exception| + flash.now[:error] = I18n.t("action_not_allowed") + render :template => 'errors/access_denied', :layout => 'errors' + end + end diff --git a/app/views/errors/_messages.html.erb b/app/views/errors/_messages.html.erb new file mode 100644 index 0000000..4d87e19 --- /dev/null +++ b/app/views/errors/_messages.html.erb @@ -0,0 +1,10 @@ +<% for name in [:info, :warning, :error] %> + <% if flash[name] %> +
"> + <%= h flash[name] %> + <% if request.xhr? %> + <%= as_(:close) %> + <% end %> +
+ <% end %> +<% end %> diff --git a/app/views/errors/access_denied.html.erb b/app/views/errors/access_denied.html.erb new file mode 100644 index 0000000..69c2980 --- /dev/null +++ b/app/views/errors/access_denied.html.erb @@ -0,0 +1,11 @@ +
+
+ <% if request.xhr? %> +
+ <%= render(:partial => 'messages') %> +
+ <% else %> + <%= link_to 'Back', :back %> + <% end %> +
+
diff --git a/app/views/errors/access_denied.js.rjs b/app/views/errors/access_denied.js.rjs new file mode 100644 index 0000000..7340571 --- /dev/null +++ b/app/views/errors/access_denied.js.rjs @@ -0,0 +1,5 @@ +if controller.class.uses_active_scaffold? + form_selector = "#{element_form_id(:action => params[:action])}" + page << "var action_link = ActiveScaffold.find_action_link('#{form_selector}');" + page << "action_link.update_flash_messages('#{escape_javascript(render(:partial => 'messages').strip)}');" +end