Refactor unauthorized access handling in SolidusAdmin

Enhance the SolidusAdmin authorization mechanism to improve user 
experience during unauthorized access attempts. Now, instead of 
previous behavior, users are redirected to a dedicated unauthorized 
page when attempting to access a resource for which they do not have 
permission.

admin/app/controllers/solidus_admin/controller_helpers/authorization.rb

@@ -5,6 +5,10 @@ module SolidusAdmin::ControllerHelpers::Authorization
 
   included do
     before_action :authorize_solidus_admin_user!
+
+    rescue_from CanCan::AccessDenied do
+      render 'unauthorized', status: :forbidden
+    end
   end
 
   private

admin/app/views/solidus_admin/base/unauthorized.html.erb

@@ -0,0 +1,2 @@
+<h1><%= t('solidus_admin.errors.authorization.access_denied.title') %></h1>
+<p><%= t('solidus_admin.errors.authorization.access_denied.description') %></p>

admin/config/locales/errors.en.yml

@@ -0,0 +1,7 @@
+en:
+  solidus_admin:
+    errors:
+      authorization:
+        access_denied:
+          title: "Access Denied"
+          description: "You are not authorized to access this page."

admin/spec/controllers/solidus_admin/base_controller_spec.rb

@@ -15,10 +15,22 @@ def index
       allow_any_instance_of(SolidusAdmin::BaseController).to receive(:spree_current_user).and_return(nil)
     end
 
-    it "redirects to unauthorized" do
+    it "redirects to unauthorized for no user" do
       get :index
       expect(response).to redirect_to '/unauthorized'
     end
+
+    context "with a user without update permission" do
+      before do
+        user = create(:user, email: '[email protected]')
+        allow_any_instance_of(SolidusAdmin::BaseController).to receive(:spree_current_user).and_return(user)
+      end
+
+      it "redirects to unauthorized" do
+        get :index
+        expect(response).to have_http_status(:forbidden)
+      end
+    end
   end
 
   context "successful request" do