From a054a35863e68015b54f8f029866e5e753592e6e Mon Sep 17 00:00:00 2001
From: theworldbright <kent@kentshikama.com>
Date: Wed, 4 Nov 2015 02:41:20 -0800
Subject: [PATCH] Catch Diaspora::NotMine on post controller

closes #6533
---
 app/controllers/posts_controller.rb       |  4 ++++
 spec/controllers/posts_controller_spec.rb | 10 ++++++++++
 2 files changed, 14 insertions(+)

diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
index db89cda2a..ba338fe79 100644
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -20,6 +20,10 @@ class PostsController < ApplicationController
     end
   end
 
+  rescue_from Diaspora::NotMine do
+    render text: "You are not allowed to do that", status: 403
+  end
+
   def show
     post_service = PostService.new(id: params[:id], user: current_user)
     post_service.mark_user_notifications
diff --git a/spec/controllers/posts_controller_spec.rb b/spec/controllers/posts_controller_spec.rb
index e59b8e339..8da4502f3 100644
--- a/spec/controllers/posts_controller_spec.rb
+++ b/spec/controllers/posts_controller_spec.rb
@@ -135,5 +135,15 @@ describe PostsController, type: :controller do
       message = alice.post(:status_message, text: "hey", to: alice.aspects.first.id)
       delete :destroy, format: :js, id: message.id
     end
+
+    context "when Diaspora::NotMine is raised by retract post" do
+      it "will respond with a 403" do
+        expect(post_service_double).to receive(:retract_post).and_raise(Diaspora::NotMine)
+        message = alice.post(:status_message, text: "hey", to: alice.aspects.first.id)
+        delete :destroy, format: :js, id: message.id
+        expect(response.body).to eq("You are not allowed to do that")
+        expect(response.status).to eq(403)
+      end
+    end
   end
 end