OO-2618: check permission only if message exists

61493ce6 · srosse · f0f30163 · 61493ce6
Commit 61493ce6 authored 8 years ago by srosse
--- a/src/main/java/org/olat/search/service/indexer/repository/course/FOCourseNodeIndexer.java
+++ b/src/main/java/org/olat/search/service/indexer/repository/course/FOCourseNodeIndexer.java
@@ -86,17 +86,19 @@ public class FOCourseNodeIndexer extends ForumIndexer implements CourseNodeIndex
 		ContextEntry ce = businessControl.popLauncherContextEntry();
 		Long resourceableId = ce.getOLATResourceable().getResourceableId();
 		Message message = ForumManager.getInstance().loadMessage(resourceableId);
-		Message threadtop = message.getThreadtop();
+		if(message != null) {
-		if(threadtop==null) {
+			Message threadtop = message.getThreadtop();
-			threadtop = message;
+			if(threadtop == null) {
+				threadtop = message;
+			}
+			boolean isMessageHidden = Status.getStatus(threadtop.getStatusCode()).isHidden(); 
+			//assumes that if is owner then is moderator so it is allowed to see the hidden forum threads
+			 //TODO: (LD) fix this!!! - the contextEntry is not the right context for this check
+			boolean isOwner = BaseSecurityManager.getInstance().isIdentityPermittedOnResourceable(identity, Constants.PERMISSION_ACCESS,  contextEntry.getOLATResourceable());
+			if(isMessageHidden && !isOwner) {
+				return false;
+			}
 		}
-		boolean isMessageHidden = Status.getStatus(threadtop.getStatusCode()).isHidden(); 
-		//assumes that if is owner then is moderator so it is allowed to see the hidden forum threads
-		 //TODO: (LD) fix this!!! - the contextEntry is not the right context for this check
-		boolean isOwner = BaseSecurityManager.getInstance().isIdentityPermittedOnResourceable(identity, Constants.PERMISSION_ACCESS,  contextEntry.getOLATResourceable());
-		if(isMessageHidden && !isOwner) {
-			return false;
-		}		
 		return super.checkAccess(contextEntry, businessControl, identity, roles);	
 	}