+ session_for(create(:administrator_user))
+ post hide_diary_comment_path(user, diary_entry, diary_comment)
+ assert_redirected_to :action => :show, :display_name => user.display_name, :id => diary_entry.id
+ assert_not DiaryComment.find(diary_comment.id).visible
+ end
+
+ def test_unhidecomment
+ user = create(:user)
+ diary_entry = create(:diary_entry, :user => user)
+ diary_comment = create(:diary_comment, :diary_entry => diary_entry, :visible => false)
+
+ # Try without logging in
+ post unhide_diary_comment_path(user, diary_entry, diary_comment)
+ assert_response :forbidden
+ assert_not DiaryComment.find(diary_comment.id).visible
+
+ # Now try as a normal user
+ session_for(user)
+ post unhide_diary_comment_path(user, diary_entry, diary_comment)
+ assert_redirected_to :controller => :errors, :action => :forbidden
+ assert_not DiaryComment.find(diary_comment.id).visible
+
+ # Now try as a moderator
+ session_for(create(:moderator_user))
+ post unhide_diary_comment_path(user, diary_entry, diary_comment)
+ assert_redirected_to :action => :show, :display_name => user.display_name, :id => diary_entry.id
+ assert DiaryComment.find(diary_comment.id).visible
+
+ # Reset
+ diary_comment.reload.update(:visible => true)
+
+ # Finally try as an administrator
+ session_for(create(:administrator_user))
+ post unhide_diary_comment_path(user, diary_entry, diary_comment)