Make articles from a user with spam role inaccessible (direct access) (

forem#20515) * Make articles inaccessible if their author has spam role * Improve specs a bit for showing spammer articles
hackerspace-team · Jan 12, 2024 · 9c7476d · 9c7476d
1 parent 33fd983
commit 9c7476d
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/app/controllers/stories_controller.rb b/app/controllers/stories_controller.rb
@@ -262,6 +262,7 @@ def assign_feed_stories
   def assign_article_show_variables
     not_found if permission_denied?
     not_found unless @article.user
+    not_found if @article.user.spam?
 
     @pinned_article_id = PinnedArticle.id
 

diff --git a/spec/requests/articles/articles_show_spec.rb b/spec/requests/articles/articles_show_spec.rb
@@ -129,6 +129,25 @@
     end
   end
 
+  context "when author has spam role" do
+    before do
+      article.user.add_role(:spam)
+    end
+
+    it "renders 404" do
+      expect do
+        get article.path
+      end.to raise_error(ActiveRecord::RecordNotFound)
+    end
+
+    it "renders 404 for authorized user" do
+      sign_in user
+      expect do
+        get article.path
+      end.to raise_error(ActiveRecord::RecordNotFound)
+    end
+  end
+
   context "when user signed in" do
     before do
       sign_in user