- if user
- @entry = DiaryEntry.find(:first, :conditions => ['user_id = ? AND id = ?', user.id, params[:id]])
+ def comments
+ @comment_pages, @comments = paginate(:diary_comments,
+ :conditions => {
+ :user_id => @user,
+ :visible => true
+ },
+ :order => "created_at DESC",
+ :per_page => 20)
+ @page = (params[:page] || 1).to_i
+ end
+
+ private
+
+ # This is required because, being a default-deny system, cancancan
+ # _cannot_ tell you the reason you were denied access; and so
+ # the "nice" feedback presenting next steps can't be gleaned from
+ # the exception
+ ##
+ # for the hide actions, require that the user is a administrator, or fill out
+ # a helpful error message and return them to the user page.
+ def deny_access(exception)
+ if current_user && exception.action.in?([:hide, :hidecomment])
+ flash[:error] = t("users.filter.not_an_administrator")
+ redirect_to :action => "show"