Fix tests

app/controllers/application_controller.rb

@@ -118,6 +118,48 @@ def acting_as?
     acting_user.object_id != session_user.object_id
   end
 
+  # Global exception handlers
+  rescue_from ActiveRecord::RecordNotFound do |exception|
+    Rails.logger.debug("#{exception.message}: #{exception.backtrace.join("\n")}") unless Rails.env.production?
+    render_404(exception)
+  end
+
+  rescue_from ActionController::RoutingError do |exception|
+    Rails.logger.debug("#{exception.message}: #{exception.backtrace.join("\n")}") unless Rails.env.production?
+    render_404(exception)
+  end
+
+  def render_404(_exception)
+    # Add html fallback in case the 404 is a PDF or XML so the view can be found
+    render "errors/not_found", status: 404, layout: "application", formats: formats_with_html_fallback
+  end
+
+  rescue_from NUCore::PermissionDenied, CanCan::AccessDenied, with: :render_403
+  def render_403(_exception)
+    # if current_user is nil, the user should be redirected to login
+    if current_user
+      render "errors/forbidden", status: 403, layout: "application", formats: formats_with_html_fallback
+    else
+      store_location_for(:user, request.fullpath)
+      redirect_to new_user_session_path
+    end
+  end
+
+  rescue_from NUCore::NotPermittedWhileActingAs, with: :render_acting_error
+  def render_acting_error
+    render "error/acting_error", status: 403, layout: "application", formats: formats_with_html_fallback
+  end
+
+  rescue_from NUCore::PermissionDenied, CanCan::AccessDenied, with: :render_403
+  def render_403(_exception)
+    if current_user
+      render "errors/forbidden", status: 403, layout: "application", formats: formats_with_html_fallback
+    else
+      store_location_for(:user, request.fullpath)
+      redirect_to new_user_session_path
+    end
+  end
+
   def after_sign_out_path_for(_)
     if current_facility.present?
       facility_path(current_facility)
@@ -151,14 +193,6 @@ def current_ability
     @current_ability ||= Ability.new(current_user, ability_resource, self)
   end
 
-  rescue_from CanCan::AccessDenied do |exception|
-    if current_user.nil?
-      redirect_to new_user_session_path, alert: "You need to log in to access this page."
-    else
-      render "errors/forbidden", status: :forbidden
-    end
-  end
-
   private
 
   #

app/views/errors/forbidden.html.erb

@@ -1,2 +1,2 @@
 <% content_for :h1 do %>403 &ndash; Permission Denied<% end %>
-<p class="notice"><%= @error_message %></p>
+Sorry, you don't have permission to access this page.

config/routes.rb

@@ -455,3 +455,4 @@
   match "/404", to: "errors#not_found", via: :all
   match "/500", to: "errors#internal_server_error", via: :all
 end
+

spec/price_policies_controller_shared_examples.rb

@@ -211,7 +211,7 @@
         do_request
         expect(assigns[:start_date]).to eq(Time.zone.parse(@params[:id]))
         expect(assigns[:price_policies]).to be_empty
-        is_expected.to render_template "404"
+        is_expected.to render_template "errors/not_found"
       end
     end
 

vendor/engines/bulk_email/spec/controllers/bulk_email/bulk_email_controller_spec.rb

@@ -118,12 +118,12 @@
 
       context "as an unprivileged user" do
         let(:user) { FactoryBot.create(:user) }
-        it { is_expected.to render_template("403") }
+        it { is_expected.to render_template("errors/forbidden") }
       end
 
       context "when logged in as facility staff" do
         let(:user) { FactoryBot.create(:user, :staff, facility: facility) }
-        it { is_expected.to render_template("403") }
+        it { is_expected.to render_template("errors/forbidden") }
       end
 
       context "when logged in as senior facility staff" do
@@ -136,7 +136,7 @@
 
         context "in a cross-facility context" do
           let(:facility) { Facility.cross_facility }
-          it { is_expected.to render_template("403") }
+          it { is_expected.to render_template("errors/forbidden") }
         end
       end