diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb index 4d473c855..e48a67449 100644 --- a/app/controllers/posts_controller.rb +++ b/app/controllers/posts_controller.rb @@ -119,7 +119,9 @@ class PostsController < ApplicationController end def by_number - @post = Post.where(topic_id: params[:topic_id], post_number: params[:post_number]).first + finder = Post.where(topic_id: params[:topic_id], post_number: params[:post_number]) + finder = finder.with_deleted if current_user.try(:staff?) + @post = finder.first guardian.ensure_can_see!(@post) @post.revert_to(params[:version].to_i) if params[:version].present? render_post_json(@post) diff --git a/spec/controllers/posts_controller_spec.rb b/spec/controllers/posts_controller_spec.rb index ff3665bb0..60614b5d3 100644 --- a/spec/controllers/posts_controller_spec.rb +++ b/spec/controllers/posts_controller_spec.rb @@ -1,5 +1,46 @@ require 'spec_helper' +shared_examples 'finding and showing post' do + let(:user) { log_in } + let(:post) { Fabricate(:post, user: user) } + + it 'ensures the user can see the post' do + Guardian.any_instance.expects(:can_see?).with(post).returns(false) + xhr :get, action, params + response.should be_forbidden + end + + it 'succeeds' do + xhr :get, action, params + response.should be_success + end + + context "deleted post" do + + before do + post.trash!(user) + end + + it "can't find deleted posts as an anonymous user" do + xhr :get, action, params + response.should be_forbidden + end + + it "can't find deleted posts as a regular user" do + log_in(:user) + xhr :get, action, params + response.should be_forbidden + end + + it "can find posts as a moderator" do + log_in(:moderator) + xhr :get, action, params + response.should be_success + end + + end +end + describe PostsController do describe 'short_link' do @@ -12,43 +53,16 @@ describe PostsController do end describe 'show' do - let(:user) { log_in } - let(:post) { Fabricate(:post, user: user) } - - it 'ensures the user can see the post' do - Guardian.any_instance.expects(:can_see?).with(post).returns(false) - xhr :get, :show, id: post.id - response.should be_forbidden + include_examples 'finding and showing post' do + let(:action) { :show } + let(:params) { {id: post.id} } end + end - it 'succeeds' do - xhr :get, :show, id: post.id - response.should be_success - end - - context "deleted post" do - - before do - post.trash!(user) - end - - it "can't find deleted posts as an anonymous user" do - xhr :get, :show, id: post.id - response.should be_forbidden - end - - it "can't find deleted posts as a regular user" do - log_in(:user) - xhr :get, :show, id: post.id - response.should be_forbidden - end - - it "can find posts as a moderator" do - log_in(:moderator) - xhr :get, :show, id: post.id - response.should be_success - end - + describe 'by_number' do + include_examples 'finding and showing post' do + let(:action) { :by_number } + let(:params) { {topic_id: post.topic_id, post_number: post.post_number} } end end