From b1a10adc618a4db39e5a20d30f479c2783392501 Mon Sep 17 00:00:00 2001
From: Sam Curry <108143081+SpicySam@users.noreply.github.com>
Date: Thu, 11 Dec 2025 21:38:46 +0000
Subject: [PATCH 1/2] rspec test for viewing drafts page when banned or
 suspended

---
 spec/controllers/works/drafts_spec.rb | 28 +++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/spec/controllers/works/drafts_spec.rb b/spec/controllers/works/drafts_spec.rb
index 81a9a514735..46eb5038074 100644
--- a/spec/controllers/works/drafts_spec.rb
+++ b/spec/controllers/works/drafts_spec.rb
@@ -67,6 +67,34 @@
       end
     end
 
+    context "when logged in as a suspended user" do
+      before do
+        drafts_user.update!(suspended: true, suspended_until: 1.week.from_now)
+        fake_login_known_user(drafts_user)
+      end
+
+      it "allows them to view their drafts index" do
+        get :drafts, params: { user_id: drafts_user.login }
+        expect(response).to have_http_status(:ok)
+        expect(flash[:error]).to be_nil
+        expect(assigns(:works)).to contain_exactly(default_pseud_work, other_pseud_work)
+      end
+    end
+
+    context "when logged in as a banned user" do
+      before do
+        drafts_user.update!(banned: true)
+        fake_login_known_user(drafts_user)
+      end
+
+      it "allows them to view their drafts index" do
+        get :drafts, params: { user_id: drafts_user.login }
+        expect(response).to have_http_status(:ok)
+        expect(flash[:error]).to be_nil
+        expect(assigns(:works)).to contain_exactly(default_pseud_work, other_pseud_work)
+      end
+    end
+
     context "when logged in as another user" do
       before { fake_login }
 

From 1a3a41aa6311cffec6eb57d5fbf51b7aefd48a68 Mon Sep 17 00:00:00 2001
From: Sam Curry <108143081+SpicySam@users.noreply.github.com>
Date: Thu, 11 Dec 2025 23:30:38 +0000
Subject: [PATCH 2/2] update drafts to be viewable by banned/suspended users

---
 app/controllers/works_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/works_controller.rb b/app/controllers/works_controller.rb
index b42c7470c4e..5491264cb92 100755
--- a/app/controllers/works_controller.rb
+++ b/app/controllers/works_controller.rb
@@ -7,7 +7,7 @@ class WorksController < ApplicationController
   before_action :load_collection
   before_action :load_owner, only: [:index]
   before_action :users_only, except: [:index, :show, :navigate, :search, :collected, :edit_tags, :update_tags, :drafts, :share]
-  before_action :check_user_status, except: [:index, :edit, :edit_multiple, :confirm_delete_multiple, :delete_multiple, :confirm_delete, :destroy, :show, :show_multiple, :navigate, :search, :collected, :share]
+  before_action :check_user_status, except: [:index, :edit, :edit_multiple, :confirm_delete_multiple, :delete_multiple, :confirm_delete, :destroy, :show, :show_multiple, :navigate, :search, :collected, :share, :drafts]
   before_action :check_user_not_suspended, only: [:edit, :confirm_delete, :destroy, :show_multiple, :edit_multiple, :confirm_delete_multiple, :delete_multiple]
   before_action :load_work, except: [:new, :create, :import, :index, :show_multiple, :edit_multiple, :update_multiple, :delete_multiple, :search, :drafts, :collected]
   # this only works to check ownership of a SINGLE item and only if load_work has happened beforehand