]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/diary_entries_controller.rb
JSON: return HTTP 406 for unsupported formats
[rails.git] / app / controllers / diary_entries_controller.rb
index f827bac3f165a00d1f94313975c291fbcf329979..5f53e81b65ca05e89ef89f1319a89e2f85feb653 100644 (file)
@@ -129,7 +129,7 @@ class DiaryEntriesController < ApplicationController
     elsif params[:friends]
       if current_user
         @title = t "diary_entries.index.title_friends"
     elsif params[:friends]
       if current_user
         @title = t "diary_entries.index.title_friends"
-        @entries = DiaryEntry.where(:user_id => current_user.friend_users)
+        @entries = DiaryEntry.where(:user_id => current_user.friends)
       else
         require_user
         return
       else
         require_user
         return
@@ -158,7 +158,7 @@ class DiaryEntriesController < ApplicationController
     @page = (params[:page] || 1).to_i
     @page_size = 20
 
     @page = (params[:page] || 1).to_i
     @page_size = 20
 
-    @entries = @entries.visible unless current_user&.administrator?
+    @entries = @entries.visible unless can? :unhide, DiaryEntry
     @entries = @entries.order("created_at DESC")
     @entries = @entries.offset((@page - 1) * @page_size)
     @entries = @entries.limit(@page_size)
     @entries = @entries.order("created_at DESC")
     @entries = @entries.offset((@page - 1) * @page_size)
     @entries = @entries.limit(@page_size)
@@ -203,7 +203,7 @@ class DiaryEntriesController < ApplicationController
     @entry = @user.diary_entries.visible.where(:id => params[:id]).first
     if @entry
       @title = t "diary_entries.show.title", :user => params[:display_name], :title => @entry.title
     @entry = @user.diary_entries.visible.where(:id => params[:id]).first
     if @entry
       @title = t "diary_entries.show.title", :user => params[:display_name], :title => @entry.title
-      @comments = current_user&.administrator? ? @entry.comments : @entry.visible_comments
+      @comments = can?(:unhidecomment, DiaryEntry) ? @entry.comments : @entry.visible_comments
     else
       @title = t "diary_entries.no_such_entry.title", :id => params[:id]
       render :action => "no_such_entry", :status => :not_found
     else
       @title = t "diary_entries.no_such_entry.title", :id => params[:id]
       render :action => "no_such_entry", :status => :not_found
@@ -235,11 +235,12 @@ class DiaryEntriesController < ApplicationController
   end
 
   def comments
   end
 
   def comments
+    conditions = { :user_id => @user }
+
+    conditions[:visible] = true unless can? :unhidecomment, DiaryEntry
+
     @comment_pages, @comments = paginate(:diary_comments,
     @comment_pages, @comments = paginate(:diary_comments,
-                                         :conditions => {
-                                           :user_id => @user,
-                                           :visible => true
-                                         },
+                                         :conditions => conditions,
                                          :order => "created_at DESC",
                                          :per_page => 20)
     @page = (params[:page] || 1).to_i
                                          :order => "created_at DESC",
                                          :per_page => 20)
     @page = (params[:page] || 1).to_i