FIX: Return error if new topic category not found take 2

If creating a topic via the api as an admin and the category you specify cannot be found an error will now be returned instead of just creating the topic with no category. This will prevent accidental public topic creation originally intended for a private category. This commit is follow up to 535c594891 and still allows for the creation of topics where the category param is blank.
2019-05-09 11:22:09 -06:00 · 2019-05-09 11:22:09 -06:00 · d1dbafebbc
parent b5c8f5f900
commit d1dbafebbc
2 changed files with 30 additions and 0 deletions
--- a/lib/topic_creator.rb
+++ b/lib/topic_creator.rb
@ -121,6 +121,8 @@ class TopicCreator
    category = find_category
    @guardian.ensure_can_create!(Topic, category) unless (@opts[:skip_validations] || @opts[:archetype] == Archetype.private_message)

+    raise Discourse::NotFound if @opts[:category] && !@opts[:category].blank? && category.nil?
+
    topic_params[:category_id] = category.id if category.present?

    topic_params[:created_at] = Time.zone.parse(@opts[:created_at].to_s) if @opts[:created_at].present?
--- a/spec/requests/posts_controller_spec.rb
+++ b/spec/requests/posts_controller_spec.rb
@ -775,6 +775,34 @@ describe PostsController do
        }
        expect(response.status).to eq(403)
      end
+
+      it 'will raise an error if specified category cannot be found' do
+        user = Fabricate(:admin)
+        master_key = ApiKey.create_master_key.key
+
+        post "/posts.json", params: {
+          api_username: user.username,
+          api_key: master_key,
+          title: 'this is a test title',
+          raw: 'this is test body',
+          category: 'invalid'
+        }
+        expect(response.status).to eq(404)
+      end
+
+      it 'can create topics with an empty category param' do
+        user = Fabricate(:admin)
+        master_key = ApiKey.create_master_key.key
+
+        post "/posts.json", params: {
+          api_username: user.username,
+          api_key: master_key,
+          title: 'title for a topic without a category',
+          raw: 'body for my topic without a category',
+          category: ''
+        }
+        expect(response.status).to eq(200)
+      end
    end

    describe "when logged in" do