application_controller.rb in guts-3.0.0

- old
+ new
@@ -2,30 +2,31 @@
   # Main inherited controller class
   # @abstract
   class ApplicationController < ActionController::Base
     include SessionConcern
     include MultisiteConcern
+    include Pundit
 
     protect_from_forgery with: :exception
     before_action :current_user
 
-    # Handles when user is not authorized from CanCanCan
-    rescue_from CanCan::AccessDenied do |exception|
-      # Redirects to login screen with error message
-      redirect_to new_session_path, alert: exception.message
-    end
+    rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
 
-    # Used by CanCanCan for getting the current abilities of the current user
-    # @return [Class] the abilities for the current user
-    def current_ability
-      @current_ability ||= Guts::Ability.new current_user
-    end
+    private
 
-    protected
-
     # Gets the current user's record
+    # @private
+    # @note This is a `before_action` callback
     # @return [Object] the user object
     def current_user
       @current_user ||= User.find_by(id: session[:user_id])
+    end
+
+    # Sends the user to the login screen if not authorized
+    # @note This is called when Pundit raises exception
+    # @private
+    def user_not_authorized
+      flash[:alert] = 'You are not authorized.'
+      redirect_to new_session_path
     end
   end
 end