From: Tom Hughes
Date: Tue, 18 Jun 2019 20:10:07 +0000 (+0100)
Subject: Merge remote-tracking branch 'upstream/pull/2226'
X-Git-Tag: live~3183
X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/31edc7dff6f4305366d0f93d35ba3fb1956bb71f
Merge remote-tracking branch 'upstream/pull/2226'
---
31edc7dff6f4305366d0f93d35ba3fb1956bb71f
diff --cc app/abilities/ability.rb
index 28380392d,897c3410c..c34f357a9
--- a/app/abilities/ability.rb
+++ b/app/abilities/ability.rb
@@@ -51,7 -52,7 +52,7 @@@ class Abilit
end
if user.administrator?
- can [:hide, :unhide, :hidecomment, :unhidecomment], [DiaryEntry, DiaryComment]
- can [:hide, :hidecomment], DiaryEntry
++ can [:hide, :unhide, :hidecomment, :unhidecomment], DiaryEntry
can [:index, :show, :resolve, :ignore, :reopen], Issue
can :create, IssueComment
can [:set_status, :delete, :index], User
diff --cc app/views/diary_entries/_diary_comment.html.erb
index 301739eef,8679f5a08..639ac9a19
--- a/app/views/diary_entries/_diary_comment.html.erb
+++ b/app/views/diary_entries/_diary_comment.html.erb
@@@ -7,13 -7,9 +7,13 @@@
<%= diary_comment.body.to_html %>
- <% if current_user && current_user.administrator? %>
+ <% if can? :hidecomment, DiaryEntry %>
- <%= link_to t(".hide_link"), hide_diary_comment_path(:display_name => diary_comment.diary_entry.user.display_name, :id => diary_comment.diary_entry.id, :comment => diary_comment.id), :method => :post, :data => { :confirm => t(".confirm") } %>
+ <% if diary_comment.visible? %>
+ <%= link_to t(".hide_link"), hide_diary_comment_path(:display_name => diary_comment.diary_entry.user.display_name, :id => diary_comment.diary_entry.id, :comment => diary_comment.id), :method => :post, :data => { :confirm => t(".confirm") } %>
+ <% else %>
+ <%= link_to t(".unhide_link"), unhide_diary_comment_path(:display_name => diary_comment.diary_entry.user.display_name, :id => diary_comment.diary_entry.id, :comment => diary_comment.id), :method => :post, :data => { :confirm => t(".confirm") } %>
+ <% end %>
<% end %>
diff --cc app/views/diary_entries/_diary_entry.html.erb
index 5674a37b7,0aff1b113..c7dbec386
--- a/app/views/diary_entries/_diary_entry.html.erb
+++ b/app/views/diary_entries/_diary_entry.html.erb
@@@ -37,13 -37,9 +37,13 @@@
<% end %>
- <% if current_user && current_user.administrator? %>
+ <% if can? :hide, DiaryEntry %>
- <%= link_to t(".hide_link"), hide_diary_entry_path(:display_name => diary_entry.user.display_name, :id => diary_entry.id), :method => :post, :data => { :confirm => t(".confirm") } %>
+ <% if diary_entry.visible %>
+ <%= link_to t(".hide_link"), hide_diary_entry_path(:display_name => diary_entry.user.display_name, :id => diary_entry.id), :method => :post, :data => { :confirm => t(".confirm") } %>
+ <% else %>
+ <%= link_to t(".unhide_link"), unhide_diary_entry_path(:display_name => diary_entry.user.display_name, :id => diary_entry.id), :method => :post, :data => { :confirm => t(".confirm") } %>
+ <% end %>
<% end %>
diff --cc test/controllers/diary_entries_controller_test.rb
index 2b4230db7,b17d974d1..fd0375823
--- a/test/controllers/diary_entries_controller_test.rb
+++ b/test/controllers/diary_entries_controller_test.rb
@@@ -758,38 -749,11 +769,38 @@@ class DiaryEntriesControllerTest < Acti
assert_equal false, DiaryEntry.find(diary_entry.id).visible
end
+ def test_unhide
+ user = create(:user)
+
+ # Try without logging in
+ diary_entry = create(:diary_entry, :user => user, :visible => false)
+ post :unhide,
+ :params => { :display_name => user.display_name, :id => diary_entry.id }
+ assert_response :forbidden
+ assert_equal false, DiaryEntry.find(diary_entry.id).visible
+
+ # Now try as a normal user
+ post :unhide,
+ :params => { :display_name => user.display_name, :id => diary_entry.id },
+ :session => { :user => user }
+ assert_response :redirect
+ assert_redirected_to :controller => :errors, :action => :forbidden
+ assert_equal false, DiaryEntry.find(diary_entry.id).visible
+
+ # Finally try as an administrator
+ post :unhide,
+ :params => { :display_name => user.display_name, :id => diary_entry.id },
+ :session => { :user => create(:administrator_user) }
+ assert_response :redirect
+ assert_redirected_to :action => :index, :display_name => user.display_name
+ assert_equal true, DiaryEntry.find(diary_entry.id).visible
+ end
+
def test_hidecomment
user = create(:user)
- administrator_user = create(:administrator_user)
diary_entry = create(:diary_entry, :user => user)
diary_comment = create(:diary_comment, :diary_entry => diary_entry)
+
# Try without logging in
post :hidecomment,
:params => { :display_name => user.display_name, :id => diary_entry.id, :comment => diary_comment.id }