Handle exceptions during TURBO_STREAM requests

app/controllers/application_controller.rb

@@ -3,8 +3,19 @@ class ApplicationController < ActionController::Base
 
   before_action :authenticate_user!
 
-  class AccessForbidden < StandardError
-  end
+  class AccessForbidden < StandardError; end
+  class ParameterInvalid < StandardError; end
+
+  # Exceptions are handled depending on request format:
+  # * HTML is handled by PublicExceptions, resulting in display of
+  #   'public/<status-code>.html' template.
+  # * TURBO_STREAM is handled by method specified below, which writes flash
+  #   message and forces redirect to referer - to display flash and make page
+  #   content consistent with database (which may or may not have been
+  #   modified before exception).
+  #   This requires referer to be available in TURBO_STREAM format. Otherwise
+  #   Turbo will reload 2nd time with HTML format and flashes will be lost.
+  rescue_from *ActionDispatch::ExceptionWrapper.rescue_responses.keys, with: :rescue_turbo
 
   protected
 
@@ -23,4 +34,14 @@ class ApplicationController < ActionController::Base
   def after_sign_out_path_for(scope)
     new_user_session_path
   end
+
+  private
+
+  def rescue_turbo(exception)
+    raise unless request.format.to_sym == :turbo_stream
+
+    message_id = ActionDispatch::ExceptionWrapper.rescue_responses[exception.class.to_s]
+    flash.alert = t("actioncontroller.exceptions.status.#{message_id}")
+    redirect_to request.referer
+  end
 end

app/controllers/users_controller.rb

@@ -17,12 +17,12 @@ class UsersController < ApplicationController
   end
 
   def update
-    raise ArgumentError if current_user == @user
+    raise ParameterInvalid if current_user == @user
     @user.update!(params.require(:user).permit(:status))
   end
 
   def disguise
-    raise ArgumentError unless allow_disguise?(@user)
+    raise ParameterInvalid unless allow_disguise?(@user)
     session[:revert_to_id] = current_user.id
     bypass_sign_in(@user)
     redirect_to root_url
@@ -35,8 +35,8 @@ class UsersController < ApplicationController
   end
 
   # NOTE: limited actions availabe to :admin by design. Users are meant to
-  # manage their accounts by themselves through registrations. In future :admin
-  # may be allowed to sing-in as user and make changes there.
+  # manage their accounts by themselves through registrations. :admin
+  # is allowed to sign-in (disguise) as user and make changes from there.
 
   protected
 

config/locales/en.yml

@@ -13,10 +13,25 @@ en:
         created_at: registered
         confirmed_at: confirmed
         unconfirmed_email: Awaiting confirmation for
+  actioncontroller:
+    exceptions:
+      status:
+        forbidden: >
+          You have not been granted access to this action (403 Forbidden).
+          This should not happen, please notify site administrator.
+        unprocessable_entity: >
+          The request is semantically incorrect and was rejected (422 Unprocessable Entity).
+          This should not happen, please notify site administrator.
   helpers:
     submit:
       create: Create
       update: Update
+  layouts:
+    application:
+      revert: Revert
+      sign_out: Sign out
+      units: Units
+      users: Users
   units:
     index:
       add_unit: Add unit
@@ -53,12 +68,6 @@ en:
     sessions:
       new:
         remember_me: Remember me
-  layouts:
-    application:
-      revert: Revert
-      sign_out: Sign out
-      units: Units
-      users: Users
   actions: Actions
   add: Add
   back: Back