security fix, anon should not be treated as though they can create anything

2025-06-06 11:54:41 +08:00 · 2013-10-13 09:54:48 +11:00
parent e5fbdde56f
commit 7df4e4afb9
2 changed files with 15 additions and 6 deletions
--- a/spec/models/category_spec.rb
+++ b/spec/models/category_spec.rb
@ -67,14 +67,15 @@ describe Category do
      can_post_category.save

      Category.post_create_allowed(guardian).count.should == 3
+
+      # anonymous has permission to create no topics
+      guardian = Guardian.new(nil)
+      Category.post_create_allowed(guardian).count.should == 0
+
    end

  end

-  describe "post_create_allowed" do
-
-  end
-
  describe "security" do
    let(:category) { Fabricate(:category) }
    let(:category_2) { Fabricate(:category) }