From 07fa69585734f810cb65c40b4412989dc2ce7fd2 Mon Sep 17 00:00:00 2001
From: Keith Mitchell <kemitche@reddit.com>
Date: Fri, 10 Aug 2012 13:01:24 -0700
Subject: [PATCH] Abort with 403 for toolbar links to private SRs

---
 r2/r2/controllers/toolbar.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/r2/r2/controllers/toolbar.py b/r2/r2/controllers/toolbar.py
index d0e02400f..49c2333af 100644
--- a/r2/r2/controllers/toolbar.py
+++ b/r2/r2/controllers/toolbar.py
@@ -100,12 +100,15 @@ class ToolbarController(RedditController):
         "/tb/$id36, show a given link with the toolbar"
         if not link:
             return self.abort404()
-        elif link.is_self or not link.subreddit_slow.can_view(c.user):
+        elif link.is_self:
             return self.redirect(link.url)
-
+        
         # if the domain is shame-banned, bail out.
         if is_shamed_domain(link.url, request.ip)[0]:
             self.abort404()
+        
+        if not link.subreddit_slow.can_view(c.user):
+            self.abort403()
 
         if link.has_thumbnail:
             thumbnail = thumbnail_url(link)