UX: displays a descriptive error when theme is not allowed (#12763)

UX: displays a descriptive error when theme is not allowed (#12763)

diff --git a/app/controllers/admin/themes_controller.rb b/app/controllers/admin/themes_controller.rb
index 82d00fa..eec5659 100644
--- a/app/controllers/admin/themes_controller.rb
+++ b/app/controllers/admin/themes_controller.rb
@@ -92,8 +92,12 @@ class Admin::ThemesController < Admin::AdminController
         render json: @theme.errors, status: :unprocessable_entity
       end
     elsif remote = params[:remote]
-
-      guardian.ensure_allowed_theme_repo_import!(remote.strip)
+      begin
+        guardian.ensure_allowed_theme_repo_import!(remote.strip)
+      rescue Discourse::InvalidAccess
+        render_json_error I18n.t("themes.import_error.not_allowed_theme", { repo: remote.strip }), status: :forbidden
+        return
+      end
 
       begin
         branch = params[:branch] ? params[:branch] : nil
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 86a3490..ad261ea 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -78,6 +78,7 @@ en:
       unpack_failed: "Failed to unpack file"
       file_too_big: "The uncompressed file is too big."
       unknown_file_type: "The file you uploaded does not appear to be a valid Discourse theme."
+      not_allowed_theme: "`%{repo}` is not in the list of allowed themes (check `allowed_theme_repos` global setting)."
     errors:
       component_no_user_selectable: "Theme components can't be user-selectable"
       component_no_default: "Theme components can't be default theme"
diff --git a/spec/requests/admin/themes_controller_spec.rb b/spec/requests/admin/themes_controller_spec.rb
index 89aa3ea..472bc03 100644
--- a/spec/requests/admin/themes_controller_spec.rb
+++ b/spec/requests/admin/themes_controller_spec.rb
@@ -119,13 +119,14 @@ describe Admin::ThemesController do
         expect(response.status).to eq(201)
       end
 
-      it "bans non whtielisted imports" do
+      it "prevents adding disallowed themes" do
         RemoteTheme.stubs(:import_theme)
-        post "/admin/themes/import.json", params: {
-          remote: '    https://bad.com/discourse/discourse-brand-header       '
-        }
+        remote = '    https://bad.com/discourse/discourse-brand-header       '
+
+        post "/admin/themes/import.json", params: { remote: remote }
 
         expect(response.status).to eq(403)
+        expect(response.parsed_body['errors']).to include(I18n.t("themes.import_error.not_allowed_theme", { repo: remote.strip }))
       end
 
       it "bans json file import" do

GitHub sha: 69f8c3b3

This commit appears in #12763 which was approved by CvX. It was merged by jjaffeux.