From e78b7a243eea344a17c34b1f8973a4d0bee59470 Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Fri, 9 Sep 2016 12:15:56 -0400
Subject: [PATCH] FIX: Don't enqueue posts if the user can't create them (ex:
 closed)

---
 lib/guardian/topic_guardian.rb            |  1 +
 lib/new_post_manager.rb                   | 11 +++++++++++
 spec/components/new_post_manager_spec.rb  |  6 +++---
 spec/controllers/posts_controller_spec.rb | 17 ++++++++++++++++-
 spec/fabricators/topic_fabricator.rb      |  4 ++++
 5 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/lib/guardian/topic_guardian.rb b/lib/guardian/topic_guardian.rb
index fabf1c879e7..892a8517d9a 100644
--- a/lib/guardian/topic_guardian.rb
+++ b/lib/guardian/topic_guardian.rb
@@ -20,6 +20,7 @@ module TopicGuardian
 
   def can_create_post_on_topic?(topic)
     # No users can create posts on deleted topics
+    return false if topic.blank?
     return false if topic.trashed?
     return true if is_admin?
 
diff --git a/lib/new_post_manager.rb b/lib/new_post_manager.rb
index f354a277ad1..2a1bab05ffc 100644
--- a/lib/new_post_manager.rb
+++ b/lib/new_post_manager.rb
@@ -80,6 +80,17 @@ class NewPostManager
   def self.default_handler(manager)
     if user_needs_approval?(manager)
 
+      # Can the user create the post in the first place?
+      if manager.args[:topic_id]
+        topic = Topic.unscoped.where(id: manager.args[:topic_id]).first
+
+        unless manager.user.guardian.can_create_post_on_topic?(topic)
+          result = NewPostResult.new(:created_post, false)
+          result.errors[:base] << I18n.t(:topic_not_found)
+          return result
+        end
+      end
+
       result = manager.enqueue('default')
 
       if is_fast_typer?(manager) || matches_auto_block_regex?(manager)
diff --git a/spec/components/new_post_manager_spec.rb b/spec/components/new_post_manager_spec.rb
index 955292e7b3a..fb116adbf77 100644
--- a/spec/components/new_post_manager_spec.rb
+++ b/spec/components/new_post_manager_spec.rb
@@ -233,16 +233,16 @@ describe NewPostManager do
       default = NewPostManager.new(u,{})
       expect(NewPostManager.user_needs_approval?(default)).to eq(false)
 
-      with_check = NewPostManager.new(u,{first_post_checks: true})
+      with_check = NewPostManager.new(u, first_post_checks: true)
       expect(NewPostManager.user_needs_approval?(with_check)).to eq(true)
 
       u.user_stat.post_count = 1
-      with_check_and_post = NewPostManager.new(u,{first_post_checks: true})
+      with_check_and_post = NewPostManager.new(u, first_post_checks: true)
       expect(NewPostManager.user_needs_approval?(with_check_and_post)).to eq(false)
 
       u.user_stat.post_count = 0
       u.trust_level = 1
-      with_check_tl1 = NewPostManager.new(u,{first_post_checks: true})
+      with_check_tl1 = NewPostManager.new(u, first_post_checks: true)
       expect(NewPostManager.user_needs_approval?(with_check_tl1)).to eq(false)
     end
   end
diff --git a/spec/controllers/posts_controller_spec.rb b/spec/controllers/posts_controller_spec.rb
index fa904ba1283..9ebeb761235 100644
--- a/spec/controllers/posts_controller_spec.rb
+++ b/spec/controllers/posts_controller_spec.rb
@@ -584,7 +584,6 @@ describe PostsController do
       end
 
       it 'queues the post if min_first_post_typing_time is not met' do
-
         SiteSetting.min_first_post_typing_time = 3000
         # our logged on user here is tl1
         SiteSetting.auto_block_fast_typers_max_trust_level = 1
@@ -606,7 +605,23 @@ describe PostsController do
 
         user.reload
         expect(user.blocked).to eq(false)
+      end
 
+      it "doesn't enqueue replies when the topic is closed" do
+        SiteSetting.min_first_post_typing_time = 3000
+        SiteSetting.auto_block_fast_typers_max_trust_level = 1
+
+        topic = Fabricate(:closed_topic)
+
+        xhr :post, :create, {
+          raw: 'this is the test content',
+          title: 'this is the test title for the topic',
+          topic_id: topic.id
+        }
+
+        expect(response).not_to be_success
+        parsed = ::JSON.parse(response.body)
+        expect(parsed["action"]).not_to eq("enqueued")
       end
 
       it 'blocks correctly based on auto_block_first_post_regex' do
diff --git a/spec/fabricators/topic_fabricator.rb b/spec/fabricators/topic_fabricator.rb
index c11b05e4bf8..bd6eff9413d 100644
--- a/spec/fabricators/topic_fabricator.rb
+++ b/spec/fabricators/topic_fabricator.rb
@@ -8,6 +8,10 @@ Fabricator(:deleted_topic, from: :topic) do
   deleted_at Time.now
 end
 
+Fabricator(:closed_topic, from: :topic) do
+  closed true
+end
+
 Fabricator(:topic_allowed_user) do
 end