CanCan exception in Spree::Api::BaseController

Open Zigreal opened this issue 3 years ago • 0 comments

Discussed in https://github.com/solidusio/solidus/discussions/4819

^{Originally posted by Zigreal December 29, 2022} Hi everybody! Can you please tell me if it makes sense that rescue_from CanCan::AccessDenied, with: :unauthorized returns 401 when the user is denied an action? For example, "authorize! :update, @order, order_token" - if I set a condition in the rights set that I can't update the order, then I'll get 401, not 403, because the controller has rescue_from CanCan::AccessDenied, with: :unauthorized. How can i get 403 in normal way?

Dec 29 '22 10:12 Zigreal