From bafdf9290d19291370f7c48041757a392f4f7ec6 Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Thu, 6 Aug 2015 10:32:53 +1000
Subject: [PATCH] FIX: don't let blocked users reach post creator or new post
 queue

correct broken spec
---
 app/controllers/posts_controller.rb       | 9 +++++++++
 spec/controllers/posts_controller_spec.rb | 2 ++
 2 files changed, 11 insertions(+)

diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
index f6f34fc7ed8..ea2c3a08f75 100644
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -88,6 +88,15 @@ class PostsController < ApplicationController
   end
 
   def create
+
+    if !is_api? && current_user.blocked?
+
+      # error has parity with what user would get if they posted when blocked
+      # and it went through post creator
+      render json: {errors: [I18n.t("topic_not_found")]}, status: 422
+      return
+    end
+
     @manager_params = create_params
     @manager_params[:first_post_checks] = !is_api?
 
diff --git a/spec/controllers/posts_controller_spec.rb b/spec/controllers/posts_controller_spec.rb
index c26a98ca4d8..76e76f6f3da 100644
--- a/spec/controllers/posts_controller_spec.rb
+++ b/spec/controllers/posts_controller_spec.rb
@@ -484,6 +484,8 @@ describe PostsController do
       it 'queues the post if min_first_post_typing_time is not met' do
 
         SiteSetting.min_first_post_typing_time = 3000
+        # our logged on user here is tl1
+        SiteSetting.auto_block_fast_typers_max_trust_level = 1
 
         xhr :post, :create, {raw: 'this is the test content', title: 'this is the test title for the topic'}