return 403 when trying drafts of another user

2025-05-21 18:12:32 +08:00 · 2018-09-12 13:08:02 -04:00
parent b8c0a29bec
commit aa614e393c
3 changed files with 4 additions and 11 deletions
--- a/app/controllers/drafts_controller.rb
+++ b/app/controllers/drafts_controller.rb
@ -16,8 +16,6 @@ class DraftsController < ApplicationController
      limit: params[:limit]
    }

-    help_key = "user_activity.no_drafts"
-
    if user == current_user
      stream = Draft.stream(opts)
      stream.each do |d|
@ -31,15 +29,13 @@ class DraftsController < ApplicationController
          end
        end
      end
-
-      help_key += ".self"
    else
-      help_key += ".others"
+      raise Discourse::InvalidAccess
    end

    render json: {
      drafts: stream ? serialize_data(stream, DraftSerializer) : [],
-      no_results_help: I18n.t(help_key)
+      no_results_help: I18n.t("user_activity.no_drafts.self")
    }

  end