From 49fc17c6b6f60eba8737fcde85bd679d1b6de8c1 Mon Sep 17 00:00:00 2001
From: Andy Allan <git@gravitystorm.co.uk>
Date: Wed, 5 Jun 2019 15:30:08 +0200
Subject: [PATCH] Show deleted diary entries to administrators, if the user
 isn't also deleted

This will allow administrators to review diary entry deletions from non-spam users.
---
 app/controllers/diary_entries_controller.rb   |  2 +-
 app/views/diary_entries/_diary_entry.html.erb |  2 +-
 test/system/diary_entry_test.rb               | 28 +++++++++++++++++++
 3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/app/controllers/diary_entries_controller.rb b/app/controllers/diary_entries_controller.rb
index 41be0f7ea..58671652f 100644
--- a/app/controllers/diary_entries_controller.rb
+++ b/app/controllers/diary_entries_controller.rb
@@ -157,7 +157,7 @@ class DiaryEntriesController < ApplicationController
     @page = (params[:page] || 1).to_i
     @page_size = 20
 
-    @entries = @entries.visible
+    @entries = @entries.visible unless current_user&.administrator?
     @entries = @entries.order("created_at DESC")
     @entries = @entries.offset((@page - 1) * @page_size)
     @entries = @entries.limit(@page_size)
diff --git a/app/views/diary_entries/_diary_entry.html.erb b/app/views/diary_entries/_diary_entry.html.erb
index 50b49c37f..026ccee0e 100644
--- a/app/views/diary_entries/_diary_entry.html.erb
+++ b/app/views/diary_entries/_diary_entry.html.erb
@@ -1,4 +1,4 @@
-<div class='diary_post'>
+<div class='diary_post<%= ' deemphasize' unless diary_entry.visible %>'>
   <div class='post_heading clearfix'>
     <% if !@user %>
       <%= user_thumbnail diary_entry.user %>
diff --git a/test/system/diary_entry_test.rb b/test/system/diary_entry_test.rb
index 6b6a51de5..e890bba73 100644
--- a/test/system/diary_entry_test.rb
+++ b/test/system/diary_entry_test.rb
@@ -15,4 +15,32 @@ class DiaryEntrySystemTest < ApplicationSystemTestCase
     assert page.has_content? "Send a new message"
     assert_equal "Re: #{@diary_entry.title}", page.find_field("Subject").value
   end
+
+  test "deleted diary entries should be hidden for regular users" do
+    @deleted_entry = create(:diary_entry, :visible => false)
+
+    sign_in_as(create(:user))
+    visit diary_entries_path
+
+    assert_not page.has_content? @deleted_entry.title
+  end
+
+  test "deleted diary entries should be shown to administrators for review" do
+    @deleted_entry = create(:diary_entry, :visible => false)
+
+    sign_in_as(create(:administrator_user))
+    visit diary_entries_path
+
+    assert page.has_content? @deleted_entry.title
+  end
+
+  test "deleted diary entries should not be shown to admins when the user is also deleted" do
+    @deleted_user = create(:user, :status => :deleted)
+    @deleted_entry = create(:diary_entry, :visible => false, :user => @deleted_user)
+
+    sign_in_as(create(:administrator_user))
+    visit diary_entries_path
+
+    assert_not page.has_content? @deleted_entry.title
+  end
 end
-- 
2.43.2