From caa1a0128a057bf7358cf60926e0c243113b5a50 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Wed, 12 Aug 2015 17:20:30 +0100 Subject: [PATCH] Hide hidden notes and comments correctly in the data browser --- app/controllers/browse_controller.rb | 9 +++++++- app/views/browse/note.html.erb | 10 ++++----- test/controllers/browse_controller_test.rb | 26 ++++++++++++++++++++++ 3 files changed, 39 insertions(+), 6 deletions(-) diff --git a/app/controllers/browse_controller.rb b/app/controllers/browse_controller.rb index c7f8b0e81..0ac45b926 100644 --- a/app/controllers/browse_controller.rb +++ b/app/controllers/browse_controller.rb @@ -76,7 +76,14 @@ class BrowseController < ApplicationController def note @type = "note" - @note = Note.find(params[:id]) + + if @user && @user.moderator? + @note = Note.find(params[:id]) + @note_comments = @note.comments.unscope(:where => :visible) + else + @note = Note.visible.find(params[:id]) + @note_comments = @note.comments + end rescue ActiveRecord::RecordNotFound render :action => "not_found", :status => :not_found end diff --git a/app/views/browse/note.html.erb b/app/views/browse/note.html.erb index fa6f75ff9..1bacd27d6 100644 --- a/app/views/browse/note.html.erb +++ b/app/views/browse/note.html.erb @@ -8,25 +8,25 @@

<%= t('browse.note.description') %>

- <%= h(@note.comments.first.body.to_html) %> + <%= h(@note_comments.first.body.to_html) %>
<%= note_event('open', @note.created_at, @note.author) %> <% if @note.status == "closed" %>
- <%= note_event(@note.status, @note.closed_at, @note.comments.last.author) %> + <%= note_event(@note.status, @note.closed_at, @note_comments.last.author) %> <% end %>
- <% if @note.comments.find { |comment| comment.author.nil? } -%> + <% if @note_comments.find { |comment| comment.author.nil? } -%>

<%= t "javascripts.notes.show.anonymous_warning" %>

<% end -%> - <% if @note.comments.length > 1 %> + <% if @note_comments.length > 1 %>
    - <% @note.comments[1..-1].each do |comment| %> + <% @note_comments[1..-1].each do |comment| %>
  • <%= note_event(comment.event, comment.created_at, comment.author) %> <%= comment.body.to_html %> diff --git a/test/controllers/browse_controller_test.rb b/test/controllers/browse_controller_test.rb index a1c94b457..d0cbeb796 100644 --- a/test/controllers/browse_controller_test.rb +++ b/test/controllers/browse_controller_test.rb @@ -88,6 +88,32 @@ class BrowseControllerTest < ActionController::TestCase browse_check "note", notes(:open_note).id, "browse/note" end + def test_read_hidden_note + get :note, :id => notes(:hidden_note_with_comment).id + assert_response :not_found + assert_template "browse/not_found" + assert_template :layout => "map" + + xhr :get, :note, :id => notes(:hidden_note_with_comment).id + assert_response :not_found + assert_template "browse/not_found" + assert_template :layout => "xhr" + + session[:user] = users(:moderator_user).id + + browse_check "note", notes(:hidden_note_with_comment).id, "browse/note" + end + + def test_read_note_hidden_comments + browse_check "note", notes(:note_with_hidden_comment).id, "browse/note" + assert_select "div.note-comments ul li", :count => 1 + + session[:user] = users(:moderator_user).id + + browse_check "note", notes(:note_with_hidden_comment).id, "browse/note" + assert_select "div.note-comments ul li", :count => 2 + end + ## # Methods to check redaction. # -- 2.39.5