forum posts: raise privilege error when viewing restricted topics.

Raise a privilege error when trying to view a restricted topic instead of handling it in the controller. This way error handling is standardized.
2019-09-08 15:32:31 -05:00
parent 31c7386b9e
commit 32343303d2
4 changed files with 18 additions and 36 deletions
--- a/app/controllers/forum_posts_controller.rb
+++ b/app/controllers/forum_posts_controller.rb
@@ -76,24 +76,7 @@ private
  end

  def check_min_level
-    if CurrentUser.user.level < @forum_topic.min_level
-      respond_with(@forum_topic) do |fmt|
-        fmt.html do
-          flash[:notice] = "Access denied"
-          redirect_to forum_topics_path
-        end
-
-        fmt.json do
-          render json: nil, :status => 403
-        end
-
-        fmt.xml do
-          render xml: nil, :status => 403
-        end
-      end
-
-      return false
-    end
+    raise User::PrivilegeError if CurrentUser.user.level < @forum_topic.min_level
  end

  def check_privilege(forum_post)
--- a/app/controllers/forum_topics_controller.rb
+++ b/app/controllers/forum_topics_controller.rb
@@ -140,24 +140,7 @@ private
  end

  def check_min_level
-    if CurrentUser.user.level < @forum_topic.min_level
-      respond_with(@forum_topic) do |fmt|
-        fmt.html do
-          flash[:notice] = "Access denied"
-          redirect_to forum_topics_path
-        end
-
-        fmt.json do
-          render json: nil, :status => 403
-        end
-
-        fmt.xml do
-          render xml: nil, :status => 403
-        end
-      end
-
-      return false
-    end
+    raise User::PrivilegeError if CurrentUser.user.level < @forum_topic.min_level
  end

  def forum_topic_params(context)
--- a/test/functional/forum_posts_controller_test.rb
+++ b/test/functional/forum_posts_controller_test.rb
@@ -103,6 +103,15 @@ class ForumPostsControllerTest < ActionDispatch::IntegrationTest
      end
    end

+    context "show action" do
+      should "raise an error if the user doesn't have permission to view the topic" do
+        as(@user) { @forum_post.topic.update(min_level: User::Levels::ADMIN) }
+        get_auth forum_post_path(@forum_post), @user
+
+        assert_response 403
+      end
+    end
+
    context "edit action" do
      should "render if the editor is the creator of the topic" do
        get_auth edit_forum_post_path(@forum_post), @user
--- a/test/functional/forum_topics_controller_test.rb
+++ b/test/functional/forum_topics_controller_test.rb
@@ -79,6 +79,13 @@ class ForumTopicsControllerTest < ActionDispatch::IntegrationTest
        get forum_topic_path(@forum_topic), params: {:format => :atom}
        assert_response :success
      end
+
+      should "raise an error if the user doesn't have permission to view the topic" do
+        as(@user) { @forum_topic.update(min_level: User::Levels::ADMIN) }
+        get_auth forum_topic_path(@forum_topic), @user
+
+        assert_response 403
+      end
    end

    context "index action" do