From 11eecc3d3acc6ad5e0a3f28b4ce6a23c6dedd3ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonne=20Ha=C3=9F?= <me@mrzyx.de>
Date: Sat, 18 May 2013 20:55:22 +0200
Subject: [PATCH] 404, not 500, if  signed out user wants to see a non
 public/existing post

Also add some specs for Post#find_by_guid_or_id_with_user
---
 Changelog.md             |  2 ++
 app/models/post.rb       |  2 +-
 spec/models/post_spec.rb | 38 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/Changelog.md b/Changelog.md
index 33b570f3f2..12d9e1518c 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -109,6 +109,7 @@ everything is set up.
 * Refactor develop install script [#4111](https://github.com/diaspora/diaspora/pull/4111)
 * Remove special hacks for supporting Ruby 1.8 [#4113] (https://github.com/diaspora/diaspora/pull/4139)
 * Moved custom oEmbed providers to config/oembed_providers.yml [#4131](https://github.com/diaspora/diaspora/pull/4131)
+* Add specs for Post#find_by_guid_or_id_with_user
 
 ## Bug fixes
 
@@ -141,6 +142,7 @@ everything is set up.
 * Fix mentions at end of post. [#3746](https://github.com/diaspora/diaspora/issues/3746)
 * Fix missing indent to correct logged-out-header container relative positioning [#4134](https://github.com/diaspora/diaspora/pull/4134)
 * Private post dont show error 404 when you are not authorized on mobile page [#4129](https://github.com/diaspora/diaspora/issues/4129)
+* Show 404 instead of 500 if a not signed in user wants to see a non public or non existing post.
 
 ## Features
 
diff --git a/app/models/post.rb b/app/models/post.rb
index 3926a0abfb..d5e466caba 100644
--- a/app/models/post.rb
+++ b/app/models/post.rb
@@ -150,7 +150,7 @@ class Post < ActiveRecord::Base
            end
 
     # is that a private post?
-    raise(Diaspora::NonPublic) unless user || post.public?
+    raise(Diaspora::NonPublic) unless user || post.try(:public?)
 
     post || raise(ActiveRecord::RecordNotFound.new("could not find a post with id #{id}"))
   end
diff --git a/spec/models/post_spec.rb b/spec/models/post_spec.rb
index d7f577e06e..0721ffe625 100644
--- a/spec/models/post_spec.rb
+++ b/spec/models/post_spec.rb
@@ -370,5 +370,43 @@ describe Post do
     end
   end
 
+  describe "#find_by_guid_or_id_with_user" do
+    it "succeeds with an id" do
+      post = FactoryGirl.create :status_message, public: true
+      Post.find_by_guid_or_id_with_user(post.id).should == post
+    end
+
+    it "succeeds with an guid" do
+      post = FactoryGirl.create :status_message, public: true
+      Post.find_by_guid_or_id_with_user(post.guid).should == post
+    end
 
+    it "looks up on the passed user object if it's non-nil" do
+      post = FactoryGirl.create :status_message
+      user = mock
+      user.should_receive(:find_visible_shareable_by_id).with(Post, post.id, key: :id).and_return(post)
+      Post.find_by_guid_or_id_with_user post.id, user
+    end
+
+    it "raises ActiveRecord::RecordNotFound with a non-existing id and a user" do
+      user = stub(find_visible_shareable_by_id: nil)
+      expect {
+        Post.find_by_guid_or_id_with_user 123, user
+      }.to raise_error ActiveRecord::RecordNotFound
+    end
+
+    it "raises Diaspora::NonPublic for a non-existing id without a user" do
+      Post.stub where: stub(includes: stub(first: nil))
+      expect {
+        Post.find_by_guid_or_id_with_user 123
+      }.to raise_error Diaspora::NonPublic
+    end
+
+    it "raises Diaspora::NonPublic for a private post without a user" do
+      post = FactoryGirl.create :status_message
+      expect {
+        Post.find_by_guid_or_id_with_user post.id
+      }.to raise_error Diaspora::NonPublic
+    end
+  end
 end
-- 
GitLab