From c4f1cb0d7b64f4653d4eaf943a07b3932dbcd7a9 Mon Sep 17 00:00:00 2001
From: Alexander <alxndr+github@gmail.com>
Date: Tue, 5 Mar 2013 14:02:23 -0800
Subject: [PATCH] Raise 404 from Admin::UsersController#show if no user found
 [Fixes #353]

---
 app/controllers/admin/users_controller.rb     |  1 +
 .../admin/users_controller_spec.rb            | 19 ++++++++++++++-----
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index ada4943a005..0a83e9feb0c 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -16,6 +16,7 @@ class Admin::UsersController < Admin::AdminController
 
   def show
     @user = User.where(username_lower: params[:id]).first
+    raise Discourse::NotFound.new unless @user
     render_serialized(@user, AdminDetailedUserSerializer, root: false)
   end
 
diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb
index 1e5d645ccc7..ae7e9559f1d 100644
--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@@ -2,7 +2,7 @@ require 'spec_helper'
 
 describe Admin::UsersController do
 
-  it "is a subclass of AdminController" do
+  it 'is a subclass of AdminController' do
     (Admin::UsersController < Admin::AdminController).should be_true
   end
 
@@ -23,10 +23,19 @@ describe Admin::UsersController do
       end
     end
 
-    context '.show' do
-      it 'returns success' do
-        xhr :get, :show, id: @user.username
-        response.should be_success
+    describe '.show' do
+      context 'an existing user' do
+        it 'returns success' do
+          xhr :get, :show, id: @user.username
+          response.should be_success
+        end
+      end
+
+      context 'an existing user' do
+        it 'returns success' do
+          xhr :get, :show, id: 'foobar'
+          response.should_not be_success
+        end
       end
     end