From 49fc17c6b6f60eba8737fcde85bd679d1b6de8c1 Mon Sep 17 00:00:00 2001 From: Andy Allan Date: Wed, 5 Jun 2019 15:30:08 +0200 Subject: [PATCH] Show deleted diary entries to administrators, if the user isn't also deleted This will allow administrators to review diary entry deletions from non-spam users. --- app/controllers/diary_entries_controller.rb | 2 +- app/views/diary_entries/_diary_entry.html.erb | 2 +- test/system/diary_entry_test.rb | 28 +++++++++++++++++++ 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/app/controllers/diary_entries_controller.rb b/app/controllers/diary_entries_controller.rb index 41be0f7ea..58671652f 100644 --- a/app/controllers/diary_entries_controller.rb +++ b/app/controllers/diary_entries_controller.rb @@ -157,7 +157,7 @@ class DiaryEntriesController < ApplicationController @page = (params[:page] || 1).to_i @page_size = 20 - @entries = @entries.visible + @entries = @entries.visible unless current_user&.administrator? @entries = @entries.order("created_at DESC") @entries = @entries.offset((@page - 1) * @page_size) @entries = @entries.limit(@page_size) diff --git a/app/views/diary_entries/_diary_entry.html.erb b/app/views/diary_entries/_diary_entry.html.erb index 50b49c37f..026ccee0e 100644 --- a/app/views/diary_entries/_diary_entry.html.erb +++ b/app/views/diary_entries/_diary_entry.html.erb @@ -1,4 +1,4 @@ -
+
'>
<% if !@user %> <%= user_thumbnail diary_entry.user %> diff --git a/test/system/diary_entry_test.rb b/test/system/diary_entry_test.rb index 6b6a51de5..e890bba73 100644 --- a/test/system/diary_entry_test.rb +++ b/test/system/diary_entry_test.rb @@ -15,4 +15,32 @@ class DiaryEntrySystemTest < ApplicationSystemTestCase assert page.has_content? "Send a new message" assert_equal "Re: #{@diary_entry.title}", page.find_field("Subject").value end + + test "deleted diary entries should be hidden for regular users" do + @deleted_entry = create(:diary_entry, :visible => false) + + sign_in_as(create(:user)) + visit diary_entries_path + + assert_not page.has_content? @deleted_entry.title + end + + test "deleted diary entries should be shown to administrators for review" do + @deleted_entry = create(:diary_entry, :visible => false) + + sign_in_as(create(:administrator_user)) + visit diary_entries_path + + assert page.has_content? @deleted_entry.title + end + + test "deleted diary entries should not be shown to admins when the user is also deleted" do + @deleted_user = create(:user, :status => :deleted) + @deleted_entry = create(:diary_entry, :visible => false, :user => @deleted_user) + + sign_in_as(create(:administrator_user)) + visit diary_entries_path + + assert_not page.has_content? @deleted_entry.title + end end -- 2.39.5