From 4cd5ccdf1f319962827f32dd3c045dd482e74256 Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Mon, 24 Feb 2014 14:52:21 -0500
Subject: [PATCH] BUGFIX: Don't return child categories if you can't see the
 parent category.

---
 app/models/site.rb       |  4 ++++
 spec/models/site_spec.rb | 12 +++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/app/models/site.rb b/app/models/site.rb
index 55abb97142f..84716f87a80 100644
--- a/app/models/site.rb
+++ b/app/models/site.rb
@@ -43,9 +43,13 @@ class Site
 
       allowed_topic_create = Set.new(Category.topic_create_allowed(@guardian).pluck(:id))
 
+      by_id = {}
       categories.each do |category|
         category.permission = CategoryGroup.permission_types[:full] if allowed_topic_create.include?(category.id)
+        by_id[category.id] = category
       end
+
+      categories.reject! {|c| c.parent_category_id && !by_id[c.parent_category_id]}
       categories
     end
   end
diff --git a/spec/models/site_spec.rb b/spec/models/site_spec.rb
index 63ed9a7d8a5..717c6e9ab6d 100644
--- a/spec/models/site_spec.rb
+++ b/spec/models/site_spec.rb
@@ -11,11 +11,21 @@ describe Site do
     category.set_permissions(:everyone => :create_post)
     category.save
 
-    Site.new(Guardian.new(user))
+    guardian = Guardian.new(user)
+
+    Site.new(guardian)
         .categories
         .keep_if{|c| c.name == category.name}
         .first
         .permission
         .should_not == CategoryGroup.permission_types[:full]
+
+    # If a parent category is not visible, the child categories should not be returned
+    category.set_permissions(:staff => :full)
+    category.save
+
+    sub_category = Fabricate(:category, parent_category_id: category.id)
+    Site.new(guardian).categories.should_not include(sub_category)
   end
+
 end