From f9d46c666bfbc258c483f9d41e52484d5aae05af Mon Sep 17 00:00:00 2001
From: Carl Chenet <chaica@ohmytux.com>
Date: Tue, 23 May 2017 10:50:37 +0200
Subject: [PATCH] stories: if the user can't see the story, just return a 404

---
 app/controllers/stories_controller.rb | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/app/controllers/stories_controller.rb b/app/controllers/stories_controller.rb
index 9c509f2..204ff7c 100644
--- a/app/controllers/stories_controller.rb
+++ b/app/controllers/stories_controller.rb
@@ -126,12 +126,11 @@ class StoriesController < ApplicationController
       return redirect_to @story.merged_into_story.comments_path
     end
 
-    if @story.can_be_seen_by_user?(@user)
-      @title = @story.title
-    else
-      @title = "[Story removed]"
+    if !@story.can_be_seen_by_user?(@user)
+      raise ActionController::RoutingError.new("story gone")
     end
 
+    @title = @story.title
     @short_url = @story.short_id_url
 
     @comments = @story.merged_comments.includes(:user, :story, :hat,