Merge pull request #4107 from tomhughes/diary-visibility

Allow administrators to see deleted diary entries

diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb
index 5d196fa98774cf5eeb03cb05464f69f1626522a3..cdf28bd4fb234e1e1801b5d569fbdc982963a608 100644 (file)
--- a/app/abilities/ability.rb
+++ b/app/abilities/ability.rb
@@ -56,7 +56,7 @@ class Ability
         can [:account, :go_public], User
 
         if user.moderator?
-          can [:hide, :hidecomment], DiaryEntry
+          can [:hide, :unhide, :hidecomment, :unhidecomment], DiaryEntry
           can [:index, :show, :resolve, :ignore, :reopen], Issue
           can :create, IssueComment
           can [:new, :create, :edit, :update, :destroy], Redaction

diff --git a/app/controllers/diary_entries_controller.rb b/app/controllers/diary_entries_controller.rb
index 4cdc1b55a817cb740b83d8920f7f0698327e9d05..6e7378bf32cf08020cd0ae9a71a0227bdc216cd6 100644 (file)
--- a/app/controllers/diary_entries_controller.rb
+++ b/app/controllers/diary_entries_controller.rb
@@ -62,7 +62,9 @@ class DiaryEntriesController < ApplicationController
   end
 
   def show
-    @entry = @user.diary_entries.visible.where(:id => params[:id]).first
+    entries = @user.diary_entries
+    entries = entries.visible unless can? :unhide, DiaryEntry
+    @entry = entries.where(:id => params[:id]).first
     if @entry
       @title = t ".title", :user => params[:display_name], :title => @entry.title
       @comments = can?(:unhidecomment, DiaryEntry) ? @entry.comments : @entry.visible_comments

diff --git a/test/controllers/diary_entries_controller_test.rb b/test/controllers/diary_entries_controller_test.rb
index 42d0426455262048d047748d51641c14a13f82c6..8d646c4262f87a94e00173e45aa3b3c0bca8aa70 100644 (file)
--- a/test/controllers/diary_entries_controller_test.rb
+++ b/test/controllers/diary_entries_controller_test.rb
@@ -680,14 +680,26 @@ class DiaryEntriesControllerTest < ActionDispatch::IntegrationTest
     assert_response :not_found
 
     # Try an entry by a suspended user
-    diary_entry_suspended = create(:diary_entry, :user => suspended_user)
-    get diary_entry_path(:display_name => suspended_user.display_name, :id => diary_entry_suspended)
+    diary_entry_suspended_user = create(:diary_entry, :user => suspended_user)
+    get diary_entry_path(:display_name => suspended_user.display_name, :id => diary_entry_suspended_user)
     assert_response :not_found
 
     # Try an entry by a deleted user
-    diary_entry_deleted = create(:diary_entry, :user => deleted_user)
-    get diary_entry_path(:display_name => deleted_user.display_name, :id => diary_entry_deleted)
+    diary_entry_deleted_user = create(:diary_entry, :user => deleted_user)
+    get diary_entry_path(:display_name => deleted_user.display_name, :id => diary_entry_deleted_user)
     assert_response :not_found
+
+    # Now try as a moderator
+    session_for(create(:moderator_user))
+    get diary_entry_path(:display_name => user.display_name, :id => diary_entry_deleted)
+    assert_response :success
+    assert_template :show
+
+    # Finally try as an administrator
+    session_for(create(:administrator_user))
+    get diary_entry_path(:display_name => user.display_name, :id => diary_entry_deleted)
+    assert_response :success
+    assert_template :show
   end
 
   def test_show_hidden_comments
@@ -764,8 +776,11 @@ class DiaryEntriesControllerTest < ActionDispatch::IntegrationTest
     session_for(create(:moderator_user))
     post unhide_diary_entry_path(:display_name => user.display_name, :id => diary_entry)
     assert_response :redirect
-    assert_redirected_to :controller => :errors, :action => :forbidden
-    assert_not DiaryEntry.find(diary_entry.id).visible
+    assert_redirected_to :action => :index, :display_name => user.display_name
+    assert DiaryEntry.find(diary_entry.id).visible
+
+    # Reset
+    diary_entry.reload.update(:visible => true)
 
     # Finally try as an administrator
     session_for(create(:administrator_user))
@@ -831,8 +846,11 @@ class DiaryEntriesControllerTest < ActionDispatch::IntegrationTest
     session_for(create(:moderator_user))
     post unhide_diary_comment_path(:display_name => user.display_name, :id => diary_entry, :comment => diary_comment)
     assert_response :redirect
-    assert_redirected_to :controller => :errors, :action => :forbidden
-    assert_not DiaryComment.find(diary_comment.id).visible
+    assert_redirected_to :action => :show, :display_name => user.display_name, :id => diary_entry.id
+    assert DiaryComment.find(diary_comment.id).visible
+
+    # Reset
+    diary_comment.reload.update(:visible => true)
 
     # Finally try as an administrator
     session_for(create(:administrator_user))