404, not 500, if signed out user wants to see a non public/existing post

Also add some specs for Post#find_by_guid_or_id_with_user

404, not 500, if signed out user wants to see a non public/existing post
11eecc3d · Jonne Haß · aa60fac2 · 11eecc3d · 11eecc3d · 11eecc3d
--- a/Changelog.md
+++ b/Changelog.md
@@ -109,6 +109,7 @@ everything is set up.
 * Refactor develop install script [#4111](https://github.com/diaspora/diaspora/pull/4111)
 * Remove special hacks for supporting Ruby 1.8 [#4113] (https://github.com/diaspora/diaspora/pull/4139)
 * Moved custom oEmbed providers to config/oembed_providers.yml [#4131](https://github.com/diaspora/diaspora/pull/4131)
+* Add specs for Post#find_by_guid_or_id_with_user
 ## Bug fixes
@@ -141,6 +142,7 @@ everything is set up.
 * Fix mentions at end of post. [#3746](https://github.com/diaspora/diaspora/issues/3746)
 * Fix missing indent to correct logged-out-header container relative positioning [#4134](https://github.com/diaspora/diaspora/pull/4134)
 * Private post dont show error 404 when you are not authorized on mobile page [#4129](https://github.com/diaspora/diaspora/issues/4129)
+* Show 404 instead of 500 if a not signed in user wants to see a non public or non existing post.
 ## Features

--- a/app/models/post.rb
+++ b/app/models/post.rb
@@ -150,7 +150,7 @@ class Post < ActiveRecord::Base
           end
    # is that a private post?
-    raise(Diaspora::NonPublic) unless user || post.public?
+    raise(Diaspora::NonPublic) unless user || post.try(:public?)
    post || raise(ActiveRecord::RecordNotFound.new("could not find a post with id #{id}"))
  end

--- a/spec/models/post_spec.rb
+++ b/spec/models/post_spec.rb
@@ -370,5 +370,43 @@ describe Post do
    end
  end
+  describe "#find_by_guid_or_id_with_user" do
+    it "succeeds with an id" do
+      post = FactoryGirl.create :status_message, public: true
+      Post.find_by_guid_or_id_with_user(post.id).should == post
+    end
+    it "succeeds with an guid" do
+      post = FactoryGirl.create :status_message, public: true
+      Post.find_by_guid_or_id_with_user(post.guid).should == post
+    end
+    it "looks up on the passed user object if it's non-nil" do
+      post = FactoryGirl.create :status_message
+      user = mock
+      user.should_receive(:find_visible_shareable_by_id).with(Post, post.id, key: :id).and_return(post)
+      Post.find_by_guid_or_id_with_user post.id, user
+    end
+    it "raises ActiveRecord::RecordNotFound with a non-existing id and a user" do
+      user = stub(find_visible_shareable_by_id: nil)
+      expect {
+        Post.find_by_guid_or_id_with_user 123, user
+      }.to raise_error ActiveRecord::RecordNotFound
+    end
+    it "raises Diaspora::NonPublic for a non-existing id without a user" do
+      Post.stub where: stub(includes: stub(first: nil))
+      expect {
+        Post.find_by_guid_or_id_with_user 123
+      }.to raise_error Diaspora::NonPublic
+    end
+    it "raises Diaspora::NonPublic for a private post without a user" do
+      post = FactoryGirl.create :status_message
+      expect {
+        Post.find_by_guid_or_id_with_user post.id
+      }.to raise_error Diaspora::NonPublic
+    end
+  end
 end