lib/gds-sso/controller_methods.rb in gds-sso-0.7.7 vs lib/gds-sso/controller_methods.rb in gds-sso-0.7.8

@@ -2,13 +2,22 @@
   module SSO
     module ControllerMethods
       class PermissionDeniedException < StandardError
       end
 
+      def self.included(base)
+        base.rescue_from PermissionDeniedException do |e|
+          render "authorisations/unauthorised", layout: "unauthorised", status: :forbidden, locals: { message: e.message }
+        end
+        base.helper_method :user_signed_in?
+        base.helper_method :current_user
+      end
+
+
       def authorise_user!(scope, permission)
         if not current_user.has_permission?(scope, permission)
-          raise PermissionDeniedException
+          raise PermissionDeniedException, "Sorry, you don't seem to have the #{permission} permission for #{scope}."
         end
       end
 
       def require_signin_permission!
         authorise_user!(GDS::SSO::Config.default_scope, 'signin')
@@ -33,14 +42,9 @@
         warden.log_out
       end
 
       def warden
         request.env['warden']
-      end
-
-      def self.included(base)
-        base.helper_method :user_signed_in?
-        base.helper_method :current_user
       end
     end
   end
 end