From 3ad5cb0cbcda50ee42f97665d456061a400b03f0 Mon Sep 17 00:00:00 2001 From: Mark VanLandingham Date: Mon, 9 Mar 2020 11:41:07 -0500 Subject: [PATCH] FIX: Error message for 403 when featuring topic on profile (#9149) --- app/controllers/users_controller.rb | 5 ++++- config/locales/server.en.yml | 4 ++++ lib/guardian/user_guardian.rb | 1 + 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 9af8c2aa7e7..4d0adc5116c 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1362,7 +1362,10 @@ class UsersController < ApplicationController user = fetch_user_from_params topic = Topic.find(params[:topic_id].to_i) - raise Discourse::InvalidAccess.new unless topic && guardian.can_feature_topic?(user, topic) + if !guardian.can_feature_topic?(user, topic) + return render_json_error(I18n.t('activerecord.errors.models.user_profile.attributes.featured_topic_id.invalid'), 403) + end + user.user_profile.update(featured_topic_id: topic.id) render json: success_json end diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml index 2b94222d741..f4f234f8ecb 100644 --- a/config/locales/server.en.yml +++ b/config/locales/server.en.yml @@ -546,6 +546,10 @@ en: same_as_password: "is the same as your password." ip_address: signup_not_allowed: "Signup is not allowed from this account." + user_profile: + attributes: + featured_topic_id: + invalid: "This topic cannot be featured on your profile." user_email: attributes: user_id: diff --git a/lib/guardian/user_guardian.rb b/lib/guardian/user_guardian.rb index 35dccb8481f..26e726437b9 100644 --- a/lib/guardian/user_guardian.rb +++ b/lib/guardian/user_guardian.rb @@ -129,6 +129,7 @@ module UserGuardian end def can_feature_topic?(user, topic) + return false if topic.nil? return false if !SiteSetting.allow_featured_topic_on_user_profiles? return false if !is_me?(user) && !is_staff? return false if !topic.visible