+ assert_redirected_to :controller => :errors, :action => :forbidden
+ assert DiaryEntry.find(diary_entry.id).visible
+
+ # Now try as a moderator
+ session_for(create(:moderator_user))
+ post hide_diary_entry_path(:display_name => user.display_name, :id => diary_entry)
+ assert_response :redirect
+ assert_redirected_to :action => :index, :display_name => user.display_name
+ assert_not DiaryEntry.find(diary_entry.id).visible
+
+ # Reset
+ diary_entry.reload.update(:visible => true)
+
+ # Finally try as an administrator
+ session_for(create(:administrator_user))
+ post hide_diary_entry_path(:display_name => user.display_name, :id => diary_entry)
+ assert_response :redirect
+ assert_redirected_to :action => :index, :display_name => user.display_name
+ assert_not DiaryEntry.find(diary_entry.id).visible
+ end
+
+ def test_unhide
+ user = create(:user)
+
+ # Try without logging in
+ diary_entry = create(:diary_entry, :user => user, :visible => false)
+ post unhide_diary_entry_path(:display_name => user.display_name, :id => diary_entry)
+ assert_response :forbidden
+ assert_not DiaryEntry.find(diary_entry.id).visible
+
+ # Now try as a normal user
+ session_for(user)
+ post unhide_diary_entry_path(:display_name => user.display_name, :id => diary_entry)
+ assert_response :redirect
+ assert_redirected_to :controller => :errors, :action => :forbidden
+ assert_not DiaryEntry.find(diary_entry.id).visible
+
+ # Now try as a moderator
+ session_for(create(:moderator_user))
+ post unhide_diary_entry_path(:display_name => user.display_name, :id => diary_entry)
+ assert_response :redirect
+ assert_redirected_to :controller => :errors, :action => :forbidden
+ assert_not DiaryEntry.find(diary_entry.id).visible