X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/a9824dbc2e8763e6fff6f71db7a31cc4761cd245..fc7ac5d086bb29acbe2b7341994e614445f99eb2:/app/controllers/diary_entry_controller.rb

diff --git a/app/controllers/diary_entry_controller.rb b/app/controllers/diary_entry_controller.rb
index 6666d6017..68d3a81ee 100644
--- a/app/controllers/diary_entry_controller.rb
+++ b/app/controllers/diary_entry_controller.rb
@@ -4,6 +4,7 @@ class DiaryEntryController < ApplicationController
   before_filter :authorize_web
   before_filter :set_locale
   before_filter :require_user, :only => [:new, :edit, :comment, :hide, :hidecomment]
+  before_filter :lookup_this_user, :only => [:view, :comments]
   before_filter :check_database_readable
   before_filter :check_database_writable, :only => [:new, :edit]
   before_filter :require_administrator, :only => [:hide, :hidecomment]
@@ -164,45 +165,36 @@ class DiaryEntryController < ApplicationController
   end
 
   def view
-    user = User.active.find_by_display_name(params[:display_name])
-
-    if user
-      @entry = user.diary_entries.visible.where(:id => params[:id]).first
-      if @entry
-        @title = t 'diary_entry.view.title', :user => params[:display_name], :title => @entry.title
-      else
-        @title = t 'diary_entry.no_such_entry.title', :id => params[:id]
-        render :action => 'no_such_entry', :status => :not_found
-      end
+    @entry = @this_user.diary_entries.visible.where(:id => params[:id]).first
+    if @entry
+      @title = t 'diary_entry.view.title', :user => params[:display_name], :title => @entry.title
     else
-      render_unknown_user params[:display_name]
+      @title = t 'diary_entry.no_such_entry.title', :id => params[:id]
+      render :action => 'no_such_entry', :status => :not_found
     end
   end
 
   def hide
     entry = DiaryEntry.find(params[:id])
-    entry.update_attributes(:visible => false)
+    entry.update_attributes({:visible => false}, :without_protection => true)
     redirect_to :action => "list", :display_name => entry.user.display_name
   end
 
   def hidecomment
     comment = DiaryComment.find(params[:comment])
-    comment.update_attributes(:visible => false)
+    comment.update_attributes({:visible => false}, :without_protection => true)
     redirect_to :action => "view", :display_name => comment.diary_entry.user.display_name, :id => comment.diary_entry.id
   end
 
   def comments
-    @this_user = User.active.find_by_display_name(params[:display_name])
-
-    if @this_user
-      @comment_pages, @comments = paginate(:diary_comments,
-                                           :conditions => { :user_id => @this_user },
-                                           :order => 'created_at DESC',
-                                           :per_page => 20)
-      @page = (params[:page] || 1).to_i
-    else
-      render_unknown_user params[:display_name]
-    end						
+    @comment_pages, @comments = paginate(:diary_comments,
+                                         :conditions => { 
+                                           :user_id => @this_user,
+                                           :visible => true
+                                         },
+                                         :order => 'created_at DESC',
+                                         :per_page => 20)
+    @page = (params[:page] || 1).to_i
   end  
 private
   ##