FIX: Invalid access error should be populated to user (#1303)

Invalid access error should be populated to user when trying to search for something they do not have permissions for (i.e. anons searching `in:messages`

Author: keegangeorge

app/controllers/discourse_ai/embeddings/embeddings_controller.rb

@@ -46,11 +46,19 @@ def search
         end
 
         hijack do
-          semantic_search
-            .search_for_topics(query, _page = 1, hyde: !skip_hyde)
-            .each { |topic_post| grouped_results.add(topic_post) }
-
-          render_serialized(grouped_results, GroupedSearchResultSerializer, result: grouped_results)
+          begin
+            semantic_search
+              .search_for_topics(query, _page = 1, hyde: !skip_hyde)
+              .each { |topic_post| grouped_results.add(topic_post) }
+
+            render_serialized(
+              grouped_results,
+              GroupedSearchResultSerializer,
+              result: grouped_results,
+            )
+          rescue Discourse::InvalidAccess
+            render_json_error(I18n.t("invalid_access"), status: 403)
+          end
         end
       end
 

assets/javascripts/discourse/components/ai-full-page-search.gjs

@@ -9,6 +9,7 @@ import { SEARCH_TYPE_DEFAULT } from "discourse/controllers/full-page-search";
 import concatClass from "discourse/helpers/concat-class";
 import icon from "discourse/helpers/d-icon";
 import { ajax } from "discourse/lib/ajax";
+import { popupAjaxError } from "discourse/lib/ajax-error";
 import { isValidSearchTerm, translateResults } from "discourse/lib/search";
 import { i18n } from "discourse-i18n";
 import DTooltip from "float-kit/components/d-tooltip";
@@ -193,6 +194,7 @@ export default class AiFullPageSearch extends Component {
 
         this.AiResults = model.posts;
       })
+      .catch(popupAjaxError)
       .finally(() => {
         this.searching = false;
       });