Show deleted diary entries to administrators, if the user isn't also deleted
authorAndy Allan <git@gravitystorm.co.uk>
Wed, 5 Jun 2019 13:30:08 +0000 (15:30 +0200)
committerAndy Allan <git@gravitystorm.co.uk>
Thu, 6 Jun 2019 13:59:47 +0000 (15:59 +0200)
This will allow administrators to review diary entry deletions from non-spam users.

app/controllers/diary_entries_controller.rb
app/views/diary_entries/_diary_entry.html.erb
test/system/diary_entry_test.rb

index 41be0f7..5867165 100644 (file)
@@ -157,7 +157,7 @@ class DiaryEntriesController < ApplicationController
     @page = (params[:page] || 1).to_i
     @page_size = 20
 
-    @entries = @entries.visible
+    @entries = @entries.visible unless current_user&.administrator?
     @entries = @entries.order("created_at DESC")
     @entries = @entries.offset((@page - 1) * @page_size)
     @entries = @entries.limit(@page_size)
index 50b49c3..026ccee 100644 (file)
@@ -1,4 +1,4 @@
-<div class='diary_post'>
+<div class='diary_post<%= ' deemphasize' unless diary_entry.visible %>'>
   <div class='post_heading clearfix'>
     <% if !@user %>
       <%= user_thumbnail diary_entry.user %>
index 6b6a51d..e890bba 100644 (file)
@@ -15,4 +15,32 @@ class DiaryEntrySystemTest < ApplicationSystemTestCase
     assert page.has_content? "Send a new message"
     assert_equal "Re: #{@diary_entry.title}", page.find_field("Subject").value
   end
+
+  test "deleted diary entries should be hidden for regular users" do
+    @deleted_entry = create(:diary_entry, :visible => false)
+
+    sign_in_as(create(:user))
+    visit diary_entries_path
+
+    assert_not page.has_content? @deleted_entry.title
+  end
+
+  test "deleted diary entries should be shown to administrators for review" do
+    @deleted_entry = create(:diary_entry, :visible => false)
+
+    sign_in_as(create(:administrator_user))
+    visit diary_entries_path
+
+    assert page.has_content? @deleted_entry.title
+  end
+
+  test "deleted diary entries should not be shown to admins when the user is also deleted" do
+    @deleted_user = create(:user, :status => :deleted)
+    @deleted_entry = create(:diary_entry, :visible => false, :user => @deleted_user)
+
+    sign_in_as(create(:administrator_user))
+    visit diary_entries_path
+
+    assert_not page.has_content? @deleted_entry.title
+  end
 end