From aff16f372bebd917a3c383dee5c32e524206147a Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Wed, 5 Feb 2014 15:33:52 -0500
Subject: [PATCH] FIX: Show a nicer error when a user tries to access a
 category they can't see.

---
 app/controllers/list_controller.rb       | 1 +
 spec/controllers/list_controller_spec.rb | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/app/controllers/list_controller.rb b/app/controllers/list_controller.rb
index 89344bb75..f930c55e8 100644
--- a/app/controllers/list_controller.rb
+++ b/app/controllers/list_controller.rb
@@ -217,6 +217,7 @@ class ListController < ApplicationController
 
     @category = Category.where(slug: slug_or_id, parent_category_id: parent_category_id).includes(:featured_users).first ||
                 Category.where(id: slug_or_id.to_i, parent_category_id: parent_category_id).includes(:featured_users).first
+    guardian.ensure_can_see!(@category)
 
     raise Discourse::NotFound.new if @category.blank?
   end
diff --git a/spec/controllers/list_controller_spec.rb b/spec/controllers/list_controller_spec.rb
index 41dd68ef7..6adb4ce95 100644
--- a/spec/controllers/list_controller_spec.rb
+++ b/spec/controllers/list_controller_spec.rb
@@ -56,6 +56,15 @@ describe ListController do
     context 'in a category' do
       let(:category) { Fabricate(:category) }
 
+      context 'without access to see the category' do
+        before do
+          Guardian.any_instance.expects(:can_see?).with(category).returns(false)
+          xhr :get, :category_latest, category: category.slug
+        end
+
+        it { should_not respond_with(:success) }
+      end
+
       context 'with access to see the category' do
         before do
           xhr :get, :category_latest, category: category.slug