Merge pull request #706 from projecthydra-labs/unauthorized

Handle unauthorized when curation_concern is not set

app/views/curation_concerns/base/unauthorized.html.erb

@@ -1,3 +1,7 @@
 <h1>Unauthorized</h1>
-<p>The <%= curation_concern.human_readable_type.downcase %> you have tried to access is private<p>
-<p>ID: <%= curation_concern.id %>
+<% if respond_to?(:curation_concern) %>
+  <p>The <%= curation_concern.human_readable_type.downcase %> you have tried to access is private<p>
+  <p>ID: <%= curation_concern.id %>
+<% else %>
+  <p>The page you have tried to access is private<p>
+<% end %>

spec/views/curation_concerns/base/unauthorized.html.erb_spec.rb

@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe 'curation_concerns/base/unauthorized.html.erb' do
+  context "when it responds to curation_concern" do
+    let(:concern) { double(human_readable_type: 'Book', id: '777') }
+    before do
+      allow(view).to receive(:curation_concern).and_return(concern)
+      render
+    end
+    it "shows a message to the user" do
+      expect(rendered).to have_content "Unauthorized The book you have tried to access is private ID: 777"
+    end
+  end
+
+  context "when it doesn't respond to curation_concern" do
+    before do
+      render
+    end
+    it "shows a message to the user" do
+      expect(rendered).to have_content "Unauthorized The page you have tried to access is private"
+    end
+  end
+end