Fixed thread visibility test

misago/threads/permissions.py

@@ -335,6 +335,8 @@ ACL tests
 """
 def allow_see_thread(user, target):
     forum_acl = user.acl['forums'].get(target.forum_id, {})
+    if not forum_acl.get('can_browse'):
+        raise Http404()
     if not forum_acl.get('can_see_all_threads'):
         if user.is_anonymous() or user.pk != target.starter_id:
             raise Http404()

misago/threads/tests/test_replythread_view.py

@@ -65,7 +65,7 @@ class ReplyThreadTests(AuthenticatedUserTestCase):
         override_acl(self.user, forums_acl)
 
         response = self.client.get(self.link, **self.ajax_header)
-        self.assertEqual(response.status_code, 403)
+        self.assertEqual(response.status_code, 404)
 
     def test_cant_reply_thread_in_locked_forum(self):
         """can't post in closed forum"""