diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb index d1b368514..06c186081 100644 --- a/app/controllers/comments_controller.rb +++ b/app/controllers/comments_controller.rb @@ -97,6 +97,7 @@ class CommentsController < ApplicationController if request.format.atom? @comments = @comments.includes(:creator, :post) + @comments = @comments.select { |comment| comment.post.visible? } elsif request.format.html? @comments = @comments.includes(:creator, :updater, post: :uploader) @comments = @comments.includes(:votes) if CurrentUser.is_member? diff --git a/test/functional/comments_controller_test.rb b/test/functional/comments_controller_test.rb index 43e8c2770..b0c74dbe5 100644 --- a/test/functional/comments_controller_test.rb +++ b/test/functional/comments_controller_test.rb @@ -93,9 +93,21 @@ class CommentsControllerTest < ActionDispatch::IntegrationTest assert_response :success end - should "render for atom feeds" do - get comments_path(format: "atom") - assert_response :success + context "for atom feeds" do + should "render" do + @comment = as(@user) { create(:comment, post: @post) } + get comments_path(format: "atom") + assert_response :success + end + + should "not show comments on restricted posts" do + @post.update!(is_banned: true) + @comment = as(@user) { create(:comment, post: @post) } + + get comments_path(format: "atom") + assert_response :success + assert_equal(0, response.parsed_body.css("entry").size) + end end end diff --git a/test/test_helper.rb b/test/test_helper.rb index 6fed3f46b..0959a8ccd 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -64,6 +64,7 @@ class ActionDispatch::IntegrationTest extend ControllerHelper register_encoder :xml, response_parser: ->(body) { Nokogiri.XML(body) } + register_encoder :atom, response_parser: ->(body) { Nokogiri.XML(body) } register_encoder :html, response_parser: ->(body) { Nokogiri.HTML5(body) } def method_authenticated(method_name, url, user, **options)