FIX: Show a nicer error when a user tries to access a category they

can't see.
2014-02-05 15:33:52 -05:00 · 2014-02-05 15:33:52 -05:00 · aff16f372b
parent 95585503ac
commit aff16f372b
2 changed files with 10 additions and 0 deletions
--- a/app/controllers/list_controller.rb
+++ b/app/controllers/list_controller.rb
@ -217,6 +217,7 @@ class ListController < ApplicationController

    @category = Category.where(slug: slug_or_id, parent_category_id: parent_category_id).includes(:featured_users).first ||
                Category.where(id: slug_or_id.to_i, parent_category_id: parent_category_id).includes(:featured_users).first
+    guardian.ensure_can_see!(@category)

    raise Discourse::NotFound.new if @category.blank?
  end
--- a/spec/controllers/list_controller_spec.rb
+++ b/spec/controllers/list_controller_spec.rb
@ -56,6 +56,15 @@ describe ListController do
    context 'in a category' do
      let(:category) { Fabricate(:category) }

+      context 'without access to see the category' do
+        before do
+          Guardian.any_instance.expects(:can_see?).with(category).returns(false)
+          xhr :get, :category_latest, category: category.slug
+        end
+
+        it { should_not respond_with(:success) }
+      end
+
      context 'with access to see the category' do
        before do
          xhr :get, :category_latest, category: category.slug