From: Tom Hughes Date: Tue, 18 Jun 2019 20:10:07 +0000 (+0100) Subject: Merge remote-tracking branch 'upstream/pull/2226' X-Git-Tag: live~3183 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/31edc7dff6f4305366d0f93d35ba3fb1956bb71f Merge remote-tracking branch 'upstream/pull/2226' --- 31edc7dff6f4305366d0f93d35ba3fb1956bb71f diff --cc app/abilities/ability.rb index 28380392d,897c3410c..c34f357a9 --- a/app/abilities/ability.rb +++ b/app/abilities/ability.rb @@@ -51,7 -52,7 +52,7 @@@ class Abilit end if user.administrator? - can [:hide, :unhide, :hidecomment, :unhidecomment], [DiaryEntry, DiaryComment] - can [:hide, :hidecomment], DiaryEntry ++ can [:hide, :unhide, :hidecomment, :unhidecomment], DiaryEntry can [:index, :show, :resolve, :ignore, :reopen], Issue can :create, IssueComment can [:set_status, :delete, :index], User diff --cc app/views/diary_entries/_diary_comment.html.erb index 301739eef,8679f5a08..639ac9a19 --- a/app/views/diary_entries/_diary_comment.html.erb +++ b/app/views/diary_entries/_diary_comment.html.erb @@@ -7,13 -7,9 +7,13 @@@

<%= diary_comment.body.to_html %>
- <% if current_user && current_user.administrator? %> + <% if can? :hidecomment, DiaryEntry %> - <%= link_to t(".hide_link"), hide_diary_comment_path(:display_name => diary_comment.diary_entry.user.display_name, :id => diary_comment.diary_entry.id, :comment => diary_comment.id), :method => :post, :data => { :confirm => t(".confirm") } %> + <% if diary_comment.visible? %> + <%= link_to t(".hide_link"), hide_diary_comment_path(:display_name => diary_comment.diary_entry.user.display_name, :id => diary_comment.diary_entry.id, :comment => diary_comment.id), :method => :post, :data => { :confirm => t(".confirm") } %> + <% else %> + <%= link_to t(".unhide_link"), unhide_diary_comment_path(:display_name => diary_comment.diary_entry.user.display_name, :id => diary_comment.diary_entry.id, :comment => diary_comment.id), :method => :post, :data => { :confirm => t(".confirm") } %> + <% end %> <% end %> diff --cc app/views/diary_entries/_diary_entry.html.erb index 5674a37b7,0aff1b113..c7dbec386 --- a/app/views/diary_entries/_diary_entry.html.erb +++ b/app/views/diary_entries/_diary_entry.html.erb @@@ -37,13 -37,9 +37,13 @@@ <% end %> - <% if current_user && current_user.administrator? %> + <% if can? :hide, DiaryEntry %>
  • - <%= link_to t(".hide_link"), hide_diary_entry_path(:display_name => diary_entry.user.display_name, :id => diary_entry.id), :method => :post, :data => { :confirm => t(".confirm") } %> + <% if diary_entry.visible %> + <%= link_to t(".hide_link"), hide_diary_entry_path(:display_name => diary_entry.user.display_name, :id => diary_entry.id), :method => :post, :data => { :confirm => t(".confirm") } %> + <% else %> + <%= link_to t(".unhide_link"), unhide_diary_entry_path(:display_name => diary_entry.user.display_name, :id => diary_entry.id), :method => :post, :data => { :confirm => t(".confirm") } %> + <% end %>
  • <% end %> diff --cc test/controllers/diary_entries_controller_test.rb index 2b4230db7,b17d974d1..fd0375823 --- a/test/controllers/diary_entries_controller_test.rb +++ b/test/controllers/diary_entries_controller_test.rb @@@ -758,38 -749,11 +769,38 @@@ class DiaryEntriesControllerTest < Acti assert_equal false, DiaryEntry.find(diary_entry.id).visible end + def test_unhide + user = create(:user) + + # Try without logging in + diary_entry = create(:diary_entry, :user => user, :visible => false) + post :unhide, + :params => { :display_name => user.display_name, :id => diary_entry.id } + assert_response :forbidden + assert_equal false, DiaryEntry.find(diary_entry.id).visible + + # Now try as a normal user + post :unhide, + :params => { :display_name => user.display_name, :id => diary_entry.id }, + :session => { :user => user } + assert_response :redirect + assert_redirected_to :controller => :errors, :action => :forbidden + assert_equal false, DiaryEntry.find(diary_entry.id).visible + + # Finally try as an administrator + post :unhide, + :params => { :display_name => user.display_name, :id => diary_entry.id }, + :session => { :user => create(:administrator_user) } + assert_response :redirect + assert_redirected_to :action => :index, :display_name => user.display_name + assert_equal true, DiaryEntry.find(diary_entry.id).visible + end + def test_hidecomment user = create(:user) - administrator_user = create(:administrator_user) diary_entry = create(:diary_entry, :user => user) diary_comment = create(:diary_comment, :diary_entry => diary_entry) + # Try without logging in post :hidecomment, :params => { :display_name => user.display_name, :id => diary_entry.id, :comment => diary_comment.id }