Disallow `author` and `anonymous` inbox filter combination

app/models/inbox_filter.rb

@@ -10,6 +10,10 @@ class InboxFilter
     anonymous
   ].freeze
 
+  FORBIDDEN_PARAM_GROUPS = [
+    %i[author anonymous]
+  ].freeze
+
   attr_reader :params, :user
 
   def initialize(user, params)
@@ -18,6 +22,8 @@ class InboxFilter
   end
 
   def results
+    return Inbox.none unless valid_params?
+
     scope = @user.inboxes
                  .includes(:question, user: :profile)
                  .order(:created_at)
@@ -32,6 +38,10 @@ class InboxFilter
 
   private
 
+  def valid_params?
+    FORBIDDEN_PARAM_GROUPS.none? { |combination| combination.all? { |key| params.key?(key) } }
+  end
+
   def scope_for(key, value)
     case key.to_s
     when "author"