From 3edca8b1041d5e2ede118a65181b121d6b26ff1d Mon Sep 17 00:00:00 2001
From: Blake Erickson <o.blakeerickson@gmail.com>
Date: Tue, 22 May 2018 16:17:44 -0600
Subject: [PATCH] Return a 403 instead of 200 when trying to delete a user with
 posts

See [this commit][1] for more info

[1]: https://github.com/discourse/discourse/commit/bd352a17bff9019db21196d70cd9829e678a33be
---
 app/controllers/admin/users_controller.rb       | 2 +-
 spec/controllers/admin/users_controller_spec.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index b9a24b38fd5..c43a3e8f05f 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -382,7 +382,7 @@ class Admin::UsersController < Admin::AdminController
         render json: {
           deleted: false,
           message: "User #{user.username} has #{user.post_count} posts, so they can't be deleted."
-        }
+        }, status: 403
       end
     end
   end
diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb
index 9fb6329fc77..d026d7bfb53 100644
--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@@ -531,7 +531,7 @@ describe Admin::UsersController do
 
         it "returns an api response that the user can't be deleted because it has posts" do
           delete :destroy, params: { id: delete_me.id }, format: :json
-          expect(response).to be_success
+          expect(response).to be_forbidden
           json = ::JSON.parse(response.body)
           expect(json['deleted']).to eq(false)
         end