- user = User.find_by_display_name(params[:display_name])
- @entry = DiaryEntry.find(:first, :conditions => ['user_id = ? AND id = ?', user.id, params[:id]])
+ user = User.find_by_display_name(params[:display_name], :conditions => { :visible => true })
+
+ if user
+ @entry = DiaryEntry.find(:first, :conditions => {
+ :id => params[:id],
+ :user_id => user.id,
+ :visible => true
+ })
+ if @entry
+ @title = t 'diary_entry.view.title', :user => params[:display_name], :title => @entry.title
+ else
+ @title = t 'diary_entry.no_such_entry.title', :id => params[:id]
+ render :action => 'no_such_entry', :status => :not_found
+ end
+ else
+ @not_found_user = params[:display_name]
+
+ render :action => 'no_such_user', :status => :not_found
+ end
+ end
+
+ def hide
+ entry = DiaryEntry.find(params[:id])
+ entry.update_attributes(:visible => false)
+ redirect_to :action => "list", :display_name => entry.user.display_name
+ end
+
+ def hidecomment
+ comment = DiaryComment.find(params[:comment])
+ comment.update_attributes(:visible => false)
+ redirect_to :action => "view", :display_name => comment.diary_entry.user.display_name, :id => comment.diary_entry.id
+ end
+private
+ ##
+ # require that the user is a administrator, or fill out a helpful error message
+ # and return them to the user page.
+ def require_administrator
+ unless @user.administrator?
+ flash[:error] = t('user.filter.not_an_administrator')
+ redirect_to :controller => 'diary_entry', :action => 'view', :display_name => params[:id]
+ end