Show deleted diary entries to administrators, if the user isn't also deleted

author Andy Allan <git@gravitystorm.co.uk>

Wed, 5 Jun 2019 13:30:08 +0000 (15:30 +0200)

committer Andy Allan <git@gravitystorm.co.uk>

Thu, 6 Jun 2019 13:59:47 +0000 (15:59 +0200)
author Andy Allan <git@gravitystorm.co.uk>
Wed, 5 Jun 2019 13:30:08 +0000 (15:30 +0200)
committer Andy Allan <git@gravitystorm.co.uk>
Thu, 6 Jun 2019 13:59:47 +0000 (15:59 +0200)
diff --git a/app/controllers/diary_entries_controller.rb b/app/controllers/diary_entries_controller.rb

index 41be0f7ea7dd0c1babe89abfa6a6474c26b803c6..58671652f2c1e2e4c0aafcda866544e62f85fb4a 100644 (file)
--- a/app/controllers/diary_entries_controller.rb
+++ b/app/controllers/diary_entries_controller.rb
@@ -157,7 +157,7 @@ class DiaryEntriesController < ApplicationController
      @page = (params[:page] || 1).to_i
      @page_size = 20
  
-    @entries = @entries.visible
+    @entries = @entries.visible unless current_user&.administrator?
      @entries = @entries.order("created_at DESC")
      @entries = @entries.offset((@page - 1) * @page_size)
      @entries = @entries.limit(@page_size)
diff --git a/app/views/diary_entries/_diary_entry.html.erb b/app/views/diary_entries/_diary_entry.html.erb

index 50b49c37f90130ebabe10477476082ce896c81ef..026ccee0e2b5158d640446ca6732407143739af5 100644 (file)
--- a/app/views/diary_entries/_diary_entry.html.erb
+++ b/app/views/diary_entries/_diary_entry.html.erb
@@ -1,4 +1,4 @@
-<div class='diary_post'>
+<div class='diary_post<%= ' deemphasize' unless diary_entry.visible %>'>
    <div class='post_heading clearfix'>
      <% if !@user %>
        <%= user_thumbnail diary_entry.user %>
diff --git a/test/system/diary_entry_test.rb b/test/system/diary_entry_test.rb

index 6b6a51de553f554df76fc68ae305164ea504e084..e890bba737a306b325f69d036069d183fd31b564 100644 (file)
--- a/test/system/diary_entry_test.rb
+++ b/test/system/diary_entry_test.rb
@@ -15,4 +15,32 @@ class DiaryEntrySystemTest < ApplicationSystemTestCase
      assert page.has_content? "Send a new message"
      assert_equal "Re: #{@diary_entry.title}", page.find_field("Subject").value
    end
+
+  test "deleted diary entries should be hidden for regular users" do
+    @deleted_entry = create(:diary_entry, :visible => false)
+
+    sign_in_as(create(:user))
+    visit diary_entries_path
+
+    assert_not page.has_content? @deleted_entry.title
+  end
+
+  test "deleted diary entries should be shown to administrators for review" do
+    @deleted_entry = create(:diary_entry, :visible => false)
+
+    sign_in_as(create(:administrator_user))
+    visit diary_entries_path
+
+    assert page.has_content? @deleted_entry.title
+  end
+
+  test "deleted diary entries should not be shown to admins when the user is also deleted" do
+    @deleted_user = create(:user, :status => :deleted)
+    @deleted_entry = create(:diary_entry, :visible => false, :user => @deleted_user)
+
+    sign_in_as(create(:administrator_user))
+    visit diary_entries_path
+
+    assert_not page.has_content? @deleted_entry.title
+  end
  end
author	Andy Allan <git@gravitystorm.co.uk>
	Wed, 5 Jun 2019 13:30:08 +0000 (15:30 +0200)
committer	Andy Allan <git@gravitystorm.co.uk>
	Thu, 6 Jun 2019 13:59:47 +0000 (15:59 +0200)
app/controllers/diary_entries_controller.rb		patch \| blob \| history
app/views/diary_entries/_diary_entry.html.erb		patch \| blob \| history
test/system/diary_entry_test.rb		patch \| blob \| history