From d6691e62998cb7f8bef32f975a13c22fe9094509 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Thu, 22 Oct 2015 21:52:15 +1030
Subject: [PATCH] Don't let users view discussions without permission

closes #599
---
 framework/core/src/Core/Access/DiscussionPolicy.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/framework/core/src/Core/Access/DiscussionPolicy.php b/framework/core/src/Core/Access/DiscussionPolicy.php
index fc2c7ec21..ac257496c 100644
--- a/framework/core/src/Core/Access/DiscussionPolicy.php
+++ b/framework/core/src/Core/Access/DiscussionPolicy.php
@@ -69,7 +69,9 @@ class DiscussionPolicy extends AbstractPolicy
      */
     public function find(User $actor, Builder $query)
     {
-        if (! $actor->hasPermission('discussion.hide')) {
+        if (! $actor->hasPermission('viewDiscussions')) {
+            $query->whereRaw('FALSE');
+        } elseif (! $actor->hasPermission('discussion.hide')) {
             $query->where(function ($query) use ($actor) {
                 $query->whereNull('discussions.hide_time')
                     ->where('comments_count', '>', 0)