diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 029951e..02293a8 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -3,8 +3,19 @@ class ApplicationController < ActionController::Base before_action :authenticate_user! - class AccessForbidden < StandardError - end + class AccessForbidden < StandardError; end + class ParameterInvalid < StandardError; end + + # Exceptions are handled depending on request format: + # * HTML is handled by PublicExceptions, resulting in display of + # 'public/.html' template. + # * TURBO_STREAM is handled by method specified below, which writes flash + # message and forces redirect to referer - to display flash and make page + # content consistent with database (which may or may not have been + # modified before exception). + # This requires referer to be available in TURBO_STREAM format. Otherwise + # Turbo will reload 2nd time with HTML format and flashes will be lost. + rescue_from *ActionDispatch::ExceptionWrapper.rescue_responses.keys, with: :rescue_turbo protected @@ -23,4 +34,14 @@ class ApplicationController < ActionController::Base def after_sign_out_path_for(scope) new_user_session_path end + + private + + def rescue_turbo(exception) + raise unless request.format.to_sym == :turbo_stream + + message_id = ActionDispatch::ExceptionWrapper.rescue_responses[exception.class.to_s] + flash.alert = t("actioncontroller.exceptions.status.#{message_id}") + redirect_to request.referer + end end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index a8fc04f..29f4cbb 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -17,12 +17,12 @@ class UsersController < ApplicationController end def update - raise ArgumentError if current_user == @user + raise ParameterInvalid if current_user == @user @user.update!(params.require(:user).permit(:status)) end def disguise - raise ArgumentError unless allow_disguise?(@user) + raise ParameterInvalid unless allow_disguise?(@user) session[:revert_to_id] = current_user.id bypass_sign_in(@user) redirect_to root_url @@ -35,8 +35,8 @@ class UsersController < ApplicationController end # NOTE: limited actions availabe to :admin by design. Users are meant to - # manage their accounts by themselves through registrations. In future :admin - # may be allowed to sing-in as user and make changes there. + # manage their accounts by themselves through registrations. :admin + # is allowed to sign-in (disguise) as user and make changes from there. protected diff --git a/config/locales/en.yml b/config/locales/en.yml index 8838154..c77fc85 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -13,10 +13,25 @@ en: created_at: registered confirmed_at: confirmed unconfirmed_email: Awaiting confirmation for + actioncontroller: + exceptions: + status: + forbidden: > + You have not been granted access to this action (403 Forbidden). + This should not happen, please notify site administrator. + unprocessable_entity: > + The request is semantically incorrect and was rejected (422 Unprocessable Entity). + This should not happen, please notify site administrator. helpers: submit: create: Create update: Update + layouts: + application: + revert: Revert + sign_out: Sign out + units: Units + users: Users units: index: add_unit: Add unit @@ -53,12 +68,6 @@ en: sessions: new: remember_me: Remember me - layouts: - application: - revert: Revert - sign_out: Sign out - units: Units - users: Users actions: Actions add: Add back: Back