[fix] adding a 401 page and a new method in service controller to controll access to curators only

Author: Chris Talib

app/controllers/services_controller.rb

@@ -1,5 +1,6 @@
 class ServicesController < ApplicationController
   before_action :authenticate_user!, except: [:index, :show]
+  before_action :set_curator, except: [:index, :show]
   before_action :set_service, only: [:show, :edit, :update, :destroy]
 
   def index
@@ -74,4 +75,9 @@ def service_params
     params.require(:service).permit(:name, :url, :query)
   end
 
+  def set_curator
+    unless current_user.curator?
+      render :file => "public/401.html", :status => :unauthorized
+    end
+  end
 end

public/401.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<body style="background-color: #FdFdFd;color: #F89300;text-align: center;">
+<!-- This file lives in public/401.html -->
+<h1>Uh-Oh!</h1>
+<h2>You are not authorized to do this!</h2>
+<div class="back-home" style="margin-top: 50px;margin-bottom: 10px;">
+<a href="/" class="btn" style="margin-top: 30px;background-color: #49A347;border-radius: 50px;color: white;font-weight: bold;padding: 10px 20px;">
+Back Home</a>
+</div>
+<p>
+  <a href="https://github.com/tosdr/phoenix/issues/" style="margin: 0;text-decoration: none;color: grey;">Open an issue on Github</a>
+</p>
+<p>
+  <a href="mailto:[email protected]" style="margin: 0;text-decoration: none;color: grey;">Contact us</a>
+</p>
+</body>
+</html>