Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: Show a nicer error when a user tries to access a category they 

can't see.
This commit is contained in:
Robin Ward 2014-02-05 15:33:52 -05:00
parent 95585503ac
commit aff16f372b
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/list_controller.rb
View File

@ -217,6 +217,7 @@ class ListController < ApplicationController
@category = Category.where(slug: slug_or_id, parent_category_id: parent_category_id).includes(:featured_users).first || @category = Category.where(slug: slug_or_id, parent_category_id: parent_category_id).includes(:featured_users).first ||
Category.where(id: slug_or_id.to_i, parent_category_id: parent_category_id).includes(:featured_users).first Category.where(id: slug_or_id.to_i, parent_category_id: parent_category_id).includes(:featured_users).first
guardian.ensure_can_see!(@category)
raise Discourse::NotFound.new if @category.blank? raise Discourse::NotFound.new if @category.blank?
end end

9
spec/controllers/list_controller_spec.rb
View File

@ -56,6 +56,15 @@ describe ListController do
context 'in a category' do context 'in a category' do
let(:category) { Fabricate(:category) } let(:category) { Fabricate(:category) }
context 'without access to see the category' do
before do
Guardian.any_instance.expects(:can_see?).with(category).returns(false)
xhr :get, :category_latest, category: category.slug
end
it { should_not respond_with(:success) }
end
context 'with access to see the category' do context 'with access to see the category' do
before do before do
xhr :get, :category_latest, category: category.slug xhr :get, :category_latest, category: category.slug