[#57664] Fix error when viewing inactive user activity.

`#determine_author` can raise `ActiveRecord::RecordNotFound` if user does not
exist or is inactive. Use `rescue_from` to catch it and send appropriate
response.

Fixes https://community.openproject.org/wp/57664
Fixes https://appsignal.com/openproject-gmbh/sites/66b224a4d30d867bed8a1772/exceptions/incidents/461

Co-authored-by: Christophe Bliard <[email protected]>

app/controllers/activities_controller.rb

@@ -45,20 +45,18 @@ class ActivitiesController < ApplicationController
 
   accept_key_auth :index
 
+  rescue_from ActiveRecord::RecordNotFound do |exception|
+    op_handle_warning "Failed to find all resources in activities: #{exception.message}"
+    render_404(message: I18n.t(:error_can_not_find_all_resources))
+  end
+
   def index
     @events = @activity.events(from: @date_from.to_datetime, to: @date_to.to_datetime)
 
     respond_to do |format|
-      format.html do
-        respond_html
-      end
-      format.atom do
-        respond_atom
-      end
+      format.html { respond_html }
+      format.atom { respond_atom }
     end
-  rescue ActiveRecord::RecordNotFound => e
-    op_handle_warning "Failed to find all resources in activities: #{e.message}"
-    render_404 I18n.t(:error_can_not_find_all_resources)
   end
 
   def menu

spec/controllers/activities_controller_spec.rb

@@ -88,6 +88,16 @@
           expect(response).to have_http_status(:not_found)
         end
       end
+
+      describe "inactive user activity" do
+        let!(:inactive_user) { create(:user, status: User.statuses[:locked]) }
+
+        it "renders 404" do
+          get "index", params: { user_id: inactive_user.id }
+          expect(response).to have_http_status(:not_found)
+          expect(response).to render_template "common/error"
+        end
+      end
     end
 
     describe "with activated activity module" do