additional checks on forum topic visibility

2016-11-04 16:24:54 -07:00
parent a22a7c3302
commit eb6746a8a8
9 changed files with 35 additions and 11 deletions
--- a/app/controllers/forum_posts_controller.rb
+++ b/app/controllers/forum_posts_controller.rb
@@ -5,7 +5,10 @@ class ForumPostsController < ApplicationController
  before_filter :check_min_level, :only => [:edit, :show, :update, :destroy, :undelete]

  def new
-    @forum_topic = ForumTopic.find(params[:topic_id]) if params[:topic_id]
+    if params[:topic_id]
+      @forum_topic = ForumTopic.find(params[:topic_id]) 
+      raise User::PrivilegeError.new unless @forum_topic.visible?(CurrentUser.user)
+    end
    @forum_post = ForumPost.new_reply(params)
    respond_with(@forum_post)
  end