DEV: Only allow expanding hidden posts for author and staff (#21052)

2025-05-31 12:27:16 +08:00 · 2023-04-25 13:37:29 +08:00
parent 9cc1b6a959
commit 02625d1edd
4 changed files with 46 additions and 3 deletions
--- a/spec/requests/posts_controller_spec.rb
+++ b/spec/requests/posts_controller_spec.rb
@ -1992,7 +1992,7 @@ RSpec.describe PostsController do
      it "throws an exception for users" do
        sign_in(user)
        get "/posts/#{post.id}/revisions/#{post_revision.number}.json"
-        expect(response.status).to eq(404)
+        expect(response.status).to eq(403)
      end

      it "works for admins" do