From ea395db5c60beff3457f0333b5437a64b8916531 Mon Sep 17 00:00:00 2001
From: Mantas Masalskis <mm@zammad.com>
Date: Tue, 26 May 2020 16:35:54 +0200
Subject: [PATCH] Fixes #3065 - Updating KB answers throws error 500 for agents
 without edit rights

---
 .../categories_controller_policy.rb           |  2 +-
 .../categories_controller_policy_spec.rb      | 28 +++++++++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 spec/policies/controllers/knowledge_base/categories_controller_policy_spec.rb

diff --git a/app/policies/controllers/knowledge_base/categories_controller_policy.rb b/app/policies/controllers/knowledge_base/categories_controller_policy.rb
index f329b4bea..9e98ae131 100644
--- a/app/policies/controllers/knowledge_base/categories_controller_policy.rb
+++ b/app/policies/controllers/knowledge_base/categories_controller_policy.rb
@@ -2,6 +2,6 @@ class Controllers::KnowledgeBase::CategoriesControllerPolicy < Controllers::Know
   def show?
     return if user.permissions?('knowledge_base.editor')
 
-    record.klass.find(params[:id]).internal_content?
+    record.klass.find(record.params[:id]).internal_content?
   end
 end
diff --git a/spec/policies/controllers/knowledge_base/categories_controller_policy_spec.rb b/spec/policies/controllers/knowledge_base/categories_controller_policy_spec.rb
new file mode 100644
index 000000000..4fefda951
--- /dev/null
+++ b/spec/policies/controllers/knowledge_base/categories_controller_policy_spec.rb
@@ -0,0 +1,28 @@
+require 'rails_helper'
+
+describe Controllers::KnowledgeBase::CategoriesControllerPolicy do
+  include_context 'basic Knowledge Base'
+
+  subject { described_class.new(user, record) }
+
+  let(:record_class) { KnowledgeBase::CategoriesController }
+
+  let(:record) do
+    rec             = record_class.new
+    rec.action_name = action_name
+    rec.params      = params
+
+    rec
+  end
+
+  describe '#show?' do
+    let(:action_name) { :show }
+    let(:params)      { { id: internal_answer.category.id  } }
+
+    context 'with knowledge_base.reader permissions' do
+      let(:user) { create(:agent) }
+
+      it { is_expected.to permit_action(action_name) }
+    end
+  end
+end