From 9e158a5d393bf9da73473f54353420937baf992f Mon Sep 17 00:00:00 2001
From: Andy Allan <git@gravitystorm.co.uk>
Date: Wed, 5 Jun 2019 15:52:51 +0200
Subject: [PATCH 1/1] Show all diary comments to administrators

---
 app/controllers/diary_entries_controller.rb    |  2 ++
 .../diary_entries/_diary_comment.html.erb      |  2 +-
 app/views/diary_entries/show.html.erb          |  2 +-
 test/system/diary_entry_test.rb                | 18 ++++++++++++++++++
 4 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/app/controllers/diary_entries_controller.rb b/app/controllers/diary_entries_controller.rb
index 464e9e971..f827bac3f 100644
--- a/app/controllers/diary_entries_controller.rb
+++ b/app/controllers/diary_entries_controller.rb
@@ -74,6 +74,7 @@ class DiaryEntriesController < ApplicationController
 
   def comment
     @entry = DiaryEntry.find(params[:id])
+    @comments = @entry.visible_comments
     @diary_comment = @entry.comments.build(comment_params)
     @diary_comment.user = current_user
     if @diary_comment.save
@@ -202,6 +203,7 @@ class DiaryEntriesController < ApplicationController
     @entry = @user.diary_entries.visible.where(:id => params[:id]).first
     if @entry
       @title = t "diary_entries.show.title", :user => params[:display_name], :title => @entry.title
+      @comments = current_user&.administrator? ? @entry.comments : @entry.visible_comments
     else
       @title = t "diary_entries.no_such_entry.title", :id => params[:id]
       render :action => "no_such_entry", :status => :not_found
diff --git a/app/views/diary_entries/_diary_comment.html.erb b/app/views/diary_entries/_diary_comment.html.erb
index 25bdcd968..7742069a4 100644
--- a/app/views/diary_entries/_diary_comment.html.erb
+++ b/app/views/diary_entries/_diary_comment.html.erb
@@ -1,4 +1,4 @@
-<div class="clearfix diary-comment">
+<div class="clearfix diary-comment<%= ' deemphasize' unless diary_comment.visible? %>">
   <%= user_thumbnail diary_comment.user %>
   <p class="deemphasize comment-heading" id="comment<%= diary_comment.id %>"><%= raw(t(".comment_from", :link_user => (link_to h(diary_comment.user.display_name), user_path(diary_comment.user)), :comment_created_at => link_to(l(diary_comment.created_at, :format => :friendly), :anchor => "comment#{diary_comment.id}"))) %>
     <% if current_user and diary_comment.user.id != current_user.id %>
diff --git a/app/views/diary_entries/show.html.erb b/app/views/diary_entries/show.html.erb
index 0216aa447..a56613b49 100644
--- a/app/views/diary_entries/show.html.erb
+++ b/app/views/diary_entries/show.html.erb
@@ -10,7 +10,7 @@
 
 <a id="comments"></a>
 <div class='comments'>
-<%= render :partial => "diary_comment", :collection => @entry.visible_comments %>
+<%= render :partial => "diary_comment", :collection => @comments %>
 </div>
 
 <div>
diff --git a/test/system/diary_entry_test.rb b/test/system/diary_entry_test.rb
index e890bba73..38e2a1847 100644
--- a/test/system/diary_entry_test.rb
+++ b/test/system/diary_entry_test.rb
@@ -43,4 +43,22 @@ class DiaryEntrySystemTest < ApplicationSystemTestCase
 
     assert_not page.has_content? @deleted_entry.title
   end
+
+  test "deleted diary comments should be hidden for regular users" do
+    @deleted_comment = create(:diary_comment, :diary_entry => @diary_entry, :visible => false)
+
+    sign_in_as(create(:user))
+    visit diary_entry_path(@diary_entry.user, @diary_entry)
+
+    assert_not page.has_content? @deleted_comment.body
+  end
+
+  test "deleted diary comments should be shown to administrators" do
+    @deleted_comment = create(:diary_comment, :diary_entry => @diary_entry, :visible => false)
+
+    sign_in_as(create(:administrator_user))
+    visit diary_entry_path(@diary_entry.user, @diary_entry)
+
+    assert page.has_content? @deleted_comment.body
+  end
 end
-- 
2.43.2