Fix #4360: Something broke random=true.

When random mode is enabled @post_set.posts returns an array, which caused `authorize` to try to lookup the wrong policy. This only happens when `authorize` is given an array with more than one element, which is why it wasn't caught by the tests.
2020-03-27 04:23:32 -05:00
parent 557c15123b
commit d24c746417
2 changed files with 8 additions and 1 deletions
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -11,7 +11,7 @@ class PostsController < ApplicationController
    else
      tag_query = params[:tags] || params.dig(:post, :tags)
      @post_set = PostSets::Post.new(tag_query, params[:page], params[:limit], raw: params[:raw], random: params[:random], format: params[:format])
-      @posts = authorize @post_set.posts
+      @posts = authorize @post_set.posts, policy_class: PostPolicy
      respond_with(@posts) do |format|
        format.atom
      end
--- a/test/functional/posts_controller_test.rb
+++ b/test/functional/posts_controller_test.rb
@@ -105,6 +105,13 @@ class PostsControllerTest < ActionDispatch::IntegrationTest
          get posts_path(format: :json), params: { random: "1" }
          assert_response :success
        end
+
+        should "render with multiple posts" do
+          @posts = create_list(:post, 2)
+
+          get posts_path, params: { random: "1" }
+          assert_response :success
+        end
      end

      context "with the .atom format" do