FIX: staff members should be able to see raw email of deleted posts

2016-08-01 23:55:22 +02:00 · 2016-08-01 23:55:22 +02:00 · 681f566a66
parent 7d0dc7cb7a
commit 681f566a66
2 changed files with 2 additions and 2 deletions
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@ -114,7 +114,7 @@ class PostsController < ApplicationController
  end

  def raw_email
-    post = Post.find(params[:id].to_i)
+    post = Post.unscoped.find(params[:id].to_i)
    guardian.ensure_can_view_raw_email!(post)
    render json: { raw_email: post.raw_email }
  end
--- a/spec/controllers/posts_controller_spec.rb
+++ b/spec/controllers/posts_controller_spec.rb
@ -146,7 +146,7 @@ describe PostsController do

    describe "when logged in" do
      let(:user) { log_in }
-      let(:post) { Fabricate(:post, user: user, raw_email: 'email_content') }
+      let(:post) { Fabricate(:post, deleted_at: 2.hours.ago, user: user, raw_email: 'email_content') }

      it "raises an error if the user doesn't have permission to view raw email" do
        Guardian.any_instance.expects(:can_view_raw_email?).returns(false)