lib/gds-sso/controller_methods.rb in gds-sso-13.4.0 vs lib/gds-sso/controller_methods.rb in gds-sso-13.5.0

@@ -4,13 +4,20 @@
       class PermissionDeniedException < StandardError
       end
 
       def self.included(base)
         base.rescue_from PermissionDeniedException do |e|
-          render "authorisations/unauthorised", layout: "unauthorised", status: :forbidden, locals: { message: e.message }
+          if GDS::SSO::Config.api_only?
+            render json: { message: e.message }, status: :forbidden
+          else
+            render "authorisations/unauthorised", layout: "unauthorised", status: :forbidden, locals: { message: e.message }
+          end
         end
-        base.helper_method :user_signed_in?
-        base.helper_method :current_user
+
+        unless GDS::SSO::Config.api_only?
+          base.helper_method :user_signed_in?
+          base.helper_method :current_user
+        end
       end
 
 
       def authorise_user!(permissions)
         # Ensure that we're authenticated (and by extension that current_user is set).