From 9c606dd99a7ce227bde38527986b250d6e6c22dc Mon Sep 17 00:00:00 2001 From: Blake Erickson Date: Wed, 8 May 2019 14:59:05 -0600 Subject: [PATCH] FIX: Return error if new topic category not found If creating a topic via the api as an admin and the category you specify cannot be found an error will now be returned instead of just creating the topic with no category. This will prevent accidental public topic creation originally intended for a private category. --- lib/topic_creator.rb | 3 +++ spec/requests/posts_controller_spec.rb | 14 ++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/lib/topic_creator.rb b/lib/topic_creator.rb index f65f3023d45..57b921fe708 100644 --- a/lib/topic_creator.rb +++ b/lib/topic_creator.rb @@ -122,6 +122,9 @@ class TopicCreator @guardian.ensure_can_create!(Topic, category) unless (@opts[:skip_validations] || @opts[:archetype] == Archetype.private_message) + if @opts[:category] && category.nil? + raise Discourse::NotFound + end topic_params[:category_id] = category.id if category.present? topic_params[:created_at] = Time.zone.parse(@opts[:created_at].to_s) if @opts[:created_at].present? diff --git a/spec/requests/posts_controller_spec.rb b/spec/requests/posts_controller_spec.rb index 3657507c7b7..af119c536eb 100644 --- a/spec/requests/posts_controller_spec.rb +++ b/spec/requests/posts_controller_spec.rb @@ -775,6 +775,20 @@ describe PostsController do } expect(response.status).to eq(403) end + + it 'will raise an error if specified category cannot be found' do + user = Fabricate(:admin) + master_key = ApiKey.create_master_key.key + + post "/posts.json", params: { + api_username: user.username, + api_key: master_key, + title: 'this is a test title', + raw: 'this is test body', + category: 'invalid' + } + expect(response.status).to eq(404) + end end describe "when logged in" do