Fix #5317: Don't allow users to flag posts they can't see.

A couple non-obvious consequences:

* Users can't flag non-rating:G posts in safe mode.
* Non-Gold users can flag Gold-only posts if they're the uploader.

test/functional/post_flags_controller_test.rb

@@ -155,6 +155,16 @@ class PostFlagsControllerTest < ActionDispatch::IntegrationTest
         assert_equal(true, @post.reload.is_deleted?)
         assert_equal(0, @post.flags.count)
       end
+
+      should "not allow flagging a post that is not visible to the user" do
+        @post = create(:post, is_banned: true)
+        post_auth post_flags_path, @flagger, params: { post_flag: { post_id: @post.id, reason: "xxx" }}, as: :javascript
+
+        assert_response :success
+        assert_equal(false, @post.reload.is_flagged?)
+        assert_equal(0, @post.flags.count)
+      end
+
     end
 
     context "edit action" do