diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0e6503ef..6d10c553 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,5 +1,6 @@
 class ApplicationController < ActionController::Base
   include Pundit
+  rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized
   protect_from_forgery
 
   before_action :get_invite_link
@@ -23,6 +24,10 @@ class ApplicationController < ActionController::Base
       stored_location_for(resource) || request.referer || root_path
     end
   end
+
+  def handle_unauthorized
+    head :forbidden # TODO make this better
+  end
   
 private