some safety

2024-11-26 11:13:38 +08:00 · 2013-04-18 10:04:42 +10:00 · 2013-04-18 10:04:42 +10:00 · 2a65dd41d4
commit 2a65dd41d4
parent 723df0b964
1 changed files with 7 additions and 1 deletions
--- a/lib/oneboxer/discourse_local_onebox.rb
+++ b/lib/oneboxer/discourse_local_onebox.rb
@ -19,6 +19,8 @@ module Oneboxer
      case route[:controller]
      when 'users'
        user = User.where(username_lower: route[:username].downcase).first
+        return nil unless user  
+
        Guardian.new.ensure_can_see!(user)

        args.merge! avatar: PrettyText.avatar_img(user.username, 'tiny'), username: user.username
@ -29,6 +31,8 @@ module Oneboxer
        if route[:post_number].present? && route[:post_number].to_i > 1
          # Post Link
          post = Post.where(topic_id: route[:topic_id], post_number: route[:post_number].to_i).first
+          return nil unless post
+
          Guardian.new.ensure_can_see!(post)

          topic = post.topic
@ -46,8 +50,10 @@ module Oneboxer
        else
          # Topic Link
          topic = Topic.where(id: route[:topic_id].to_i).includes(:user).first
+          return nil unless topic
+
+          Guardian.new.ensure_can_see!(topic)
          post = topic.posts.first
-          Guardian.new(nil).ensure_can_see!(topic)

          posters = topic.posters_summary.map do |p|
            {username: p[:user][:username],