Attempt to send pretty 403 errors to web browsers

app/controllers/application_controller.rb

@@ -483,9 +483,15 @@ class ApplicationController < ActionController::Base
       report_error t("oauth.permissions.missing"), :forbidden
     elsif current_user
       set_locale
-      report_error t("application.permission_denied"), :forbidden
+      respond_to do |format|
+        format.html { redirect_to :controller => "errors", :action => "forbidden" }
+        format.any { report_error t("application.permission_denied"), :forbidden }
+      end
     elsif request.get?
-      redirect_to :controller => "users", :action => "login", :referer => request.fullpath
+      respond_to do |format|
+        format.html { redirect_to :controller => "users", :action => "login", :referer => request.fullpath }
+        format.any { head :forbidden }
+      end
     else
       head :forbidden
     end

test/controllers/redactions_controller_test.rb

@@ -63,7 +63,8 @@ class RedactionsControllerTest < ActionController::TestCase
     session[:user] = create(:user).id
 
     get :new
-    assert_response :forbidden
+    assert_response :redirect
+    assert_redirected_to :controller => "errors", :action => "forbidden"
   end
 
   def test_create_moderator
@@ -86,7 +87,8 @@ class RedactionsControllerTest < ActionController::TestCase
     session[:user] = create(:user).id
 
     post :create, :params => { :redaction => { :title => "Foo", :description => "Description here." } }
-    assert_response :forbidden
+    assert_response :redirect
+    assert_redirected_to :controller => "errors", :action => "forbidden"
   end
 
   def test_destroy_moderator_empty
@@ -117,7 +119,8 @@ class RedactionsControllerTest < ActionController::TestCase
     session[:user] = create(:user).id
 
     delete :destroy, :params => { :id => create(:redaction).id }
-    assert_response :forbidden
+    assert_response :redirect
+    assert_redirected_to :controller => "errors", :action => "forbidden"
   end
 
   def test_edit
@@ -139,7 +142,8 @@ class RedactionsControllerTest < ActionController::TestCase
     session[:user] = create(:user).id
 
     get :edit, :params => { :id => create(:redaction).id }
-    assert_response :forbidden
+    assert_response :redirect
+    assert_redirected_to :controller => "errors", :action => "forbidden"
   end
 
   def test_update_moderator
@@ -168,6 +172,7 @@ class RedactionsControllerTest < ActionController::TestCase
     redaction = create(:redaction)
 
     put :update, :params => { :id => redaction.id, :redaction => { :title => "Foo", :description => "Description here." } }
-    assert_response :forbidden
+    assert_response :redirect
+    assert_redirected_to :controller => "errors", :action => "forbidden"
   end
 end

test/controllers/user_blocks_controller_test.rb

@@ -145,7 +145,8 @@ class UserBlocksControllerTest < ActionController::TestCase
 
     # Check that normal users can't load the block creation page
     get :new, :params => { :display_name => target_user.display_name }
-    assert_response :forbidden
+    assert_response :redirect
+    assert_redirected_to :controller => "errors", :action => "forbidden"
 
     # Login as a moderator
     session[:user] = create(:moderator_user).id
@@ -188,7 +189,8 @@ class UserBlocksControllerTest < ActionController::TestCase
 
     # Check that normal users can't load the block edit page
     get :edit, :params => { :id => active_block.id }
-    assert_response :forbidden
+    assert_response :redirect
+    assert_redirected_to :controller => "errors", :action => "forbidden"
 
     # Login as a moderator
     session[:user] = create(:moderator_user).id
@@ -230,7 +232,8 @@ class UserBlocksControllerTest < ActionController::TestCase
 
     # Check that normal users can't create blocks
     post :create
-    assert_response :forbidden
+    assert_response :redirect
+    assert_redirected_to :controller => "errors", :action => "forbidden"
 
     # Login as a moderator
     session[:user] = moderator_user.id
@@ -292,7 +295,8 @@ class UserBlocksControllerTest < ActionController::TestCase
 
     # Check that normal users can't update blocks
     put :update, :params => { :id => active_block.id }
-    assert_response :forbidden
+    assert_response :redirect
+    assert_redirected_to :controller => "errors", :action => "forbidden"
 
     # Login as the wrong moderator
     session[:user] = second_moderator_user.id
@@ -359,7 +363,8 @@ class UserBlocksControllerTest < ActionController::TestCase
 
     # Check that normal users can't load the block revoke page
     get :revoke, :params => { :id => active_block.id }
-    assert_response :forbidden
+    assert_response :redirect
+    assert_redirected_to :controller => "errors", :action => "forbidden"
 
     # Login as a moderator
     session[:user] = create(:moderator_user).id