From c18510938014a59a292444e1cca4275338696308 Mon Sep 17 00:00:00 2001
From: venarius <tim.lange@titanhq.de>
Date: Tue, 2 Apr 2019 14:16:45 +0200
Subject: [PATCH] FIX: Restricted site text better error

---
 app/controllers/admin/site_texts_controller.rb    | 3 ++-
 config/locales/server.en.yml                      | 1 +
 spec/requests/admin/site_texts_controller_spec.rb | 6 ++++--
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/controllers/admin/site_texts_controller.rb b/app/controllers/admin/site_texts_controller.rb
index 74dde2b3991..fe235bff205 100644
--- a/app/controllers/admin/site_texts_controller.rb
+++ b/app/controllers/admin/site_texts_controller.rb
@@ -119,7 +119,8 @@ class Admin::SiteTextsController < Admin::AdminController
   end
 
   def find_site_text
-    raise Discourse::NotFound unless I18n.exists?(params[:id]) && !self.class.restricted_keys.include?(params[:id])
+    raise Discourse::NotFound unless I18n.exists?(params[:id])
+    raise Discourse::InvalidAccess.new(nil, nil, custom_message: 'email_template_cant_be_modified') if self.class.restricted_keys.include?(params[:id])
     record_for(params[:id])
   end
 
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index a248c8dff20..a0dd059f516 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -242,6 +242,7 @@ en:
   provider_not_found: "You are not permitted to view the requested resource. The authentication provider does not exist."
   read_only_mode_enabled: "The site is in read only mode. Interactions are disabled."
   invalid_grant_badge_reason_link: "External or invalid discourse link is not allowed in badge reason"
+  email_template_cant_be_modified: "This email template can't be modified"
 
   reading_time: "Reading time"
   likes: "Likes"
diff --git a/spec/requests/admin/site_texts_controller_spec.rb b/spec/requests/admin/site_texts_controller_spec.rb
index a66e64ac3b6..a706588ea9c 100644
--- a/spec/requests/admin/site_texts_controller_spec.rb
+++ b/spec/requests/admin/site_texts_controller_spec.rb
@@ -141,10 +141,12 @@ RSpec.describe Admin::SiteTextsController do
           site_text: { value: 'foo' }
         }
 
-        expect(response.status).to eq(404)
+        expect(response.status).to eq(403)
 
         json = ::JSON.parse(response.body)
-        expect(json['error_type']).to eq('not_found')
+        expect(json['error_type']).to eq('invalid_access')
+        expect(json['errors'].size).to eq(1)
+        expect(json['errors'].first).to eq(I18n.t('email_template_cant_be_modified'))
       end
 
       it "returns the right error message" do