From 61493ce627d29ac490da1d9261e0770df0423ab4 Mon Sep 17 00:00:00 2001
From: srosse <none@none>
Date: Thu, 16 Mar 2017 09:51:00 +0100
Subject: [PATCH] OO-2618: check permission only if message exists

---
 .../course/FOCourseNodeIndexer.java           | 22 ++++++++++---------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/src/main/java/org/olat/search/service/indexer/repository/course/FOCourseNodeIndexer.java b/src/main/java/org/olat/search/service/indexer/repository/course/FOCourseNodeIndexer.java
index a033e559dd9..cf73e575a9d 100644
--- a/src/main/java/org/olat/search/service/indexer/repository/course/FOCourseNodeIndexer.java
+++ b/src/main/java/org/olat/search/service/indexer/repository/course/FOCourseNodeIndexer.java
@@ -86,17 +86,19 @@ public class FOCourseNodeIndexer extends ForumIndexer implements CourseNodeIndex
 		ContextEntry ce = businessControl.popLauncherContextEntry();
 		Long resourceableId = ce.getOLATResourceable().getResourceableId();
 		Message message = ForumManager.getInstance().loadMessage(resourceableId);
-		Message threadtop = message.getThreadtop();
-		if(threadtop==null) {
-			threadtop = message;
+		if(message != null) {
+			Message threadtop = message.getThreadtop();
+			if(threadtop == null) {
+				threadtop = message;
+			}
+			boolean isMessageHidden = Status.getStatus(threadtop.getStatusCode()).isHidden(); 
+			//assumes that if is owner then is moderator so it is allowed to see the hidden forum threads
+			 //TODO: (LD) fix this!!! - the contextEntry is not the right context for this check
+			boolean isOwner = BaseSecurityManager.getInstance().isIdentityPermittedOnResourceable(identity, Constants.PERMISSION_ACCESS,  contextEntry.getOLATResourceable());
+			if(isMessageHidden && !isOwner) {
+				return false;
+			}
 		}
-		boolean isMessageHidden = Status.getStatus(threadtop.getStatusCode()).isHidden(); 
-		//assumes that if is owner then is moderator so it is allowed to see the hidden forum threads
-		 //TODO: (LD) fix this!!! - the contextEntry is not the right context for this check
-		boolean isOwner = BaseSecurityManager.getInstance().isIdentityPermittedOnResourceable(identity, Constants.PERMISSION_ACCESS,  contextEntry.getOLATResourceable());
-		if(isMessageHidden && !isOwner) {
-			return false;
-		}		
 		return super.checkAccess(contextEntry, businessControl, identity, roles);	
 	}
 
-- 
GitLab