FIX: Return error if new topic category not found

If creating a topic via the api as an admin and the category you specify cannot be found an error will now be returned instead of just creating the topic with no category. This will prevent accidental public topic creation originally intended for a private category.
2024-11-22 17:06:31 -06:00 · 2019-05-08 14:59:05 -06:00 · 2019-05-08 14:59:05 -06:00 · 9c606dd99a
commit 9c606dd99a
parent a92c925378
2 changed files with 17 additions and 0 deletions
--- a/lib/topic_creator.rb
+++ b/lib/topic_creator.rb
@ -122,6 +122,9 @@ class TopicCreator

    @guardian.ensure_can_create!(Topic, category) unless (@opts[:skip_validations] || @opts[:archetype] == Archetype.private_message)

+    if @opts[:category] && category.nil?
+      raise Discourse::NotFound
+    end
    topic_params[:category_id] = category.id if category.present?

    topic_params[:created_at] = Time.zone.parse(@opts[:created_at].to_s) if @opts[:created_at].present?
--- a/spec/requests/posts_controller_spec.rb
+++ b/spec/requests/posts_controller_spec.rb
@ -775,6 +775,20 @@ describe PostsController do
        }
        expect(response.status).to eq(403)
      end
+
+      it 'will raise an error if specified category cannot be found' do
+        user = Fabricate(:admin)
+        master_key = ApiKey.create_master_key.key
+
+        post "/posts.json", params: {
+          api_username: user.username,
+          api_key: master_key,
+          title: 'this is a test title',
+          raw: 'this is test body',
+          category: 'invalid'
+        }
+        expect(response.status).to eq(404)
+      end
    end

    describe "when logged in" do