From a128b4f585cb2f75ad1057d0b7c5af6713ed4186 Mon Sep 17 00:00:00 2001
From: Anton Khorev
Date: Mon, 17 Jun 2024 18:10:32 +0300
Subject: [PATCH 1/1] Move diary comments hide/unhide actions to comments
controller
---
app/abilities/ability.rb | 4 +-
app/controllers/diary_comments_controller.rb | 15 +++-
app/controllers/diary_entries_controller.rb | 16 +----
.../diary_entries/_diary_comment.html.erb | 2 +-
config/routes.rb | 4 +-
test/abilities/abilities_test.rb | 16 +++--
.../diary_comments_controller_test.rb | 72 +++++++++++++++++++
.../diary_entries_controller_test.rb | 72 -------------------
8 files changed, 104 insertions(+), 97 deletions(-)
diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb
index 8de756ccd..c0b2f3982 100644
--- a/app/abilities/ability.rb
+++ b/app/abilities/ability.rb
@@ -54,7 +54,7 @@ class Ability
can [:index, :create, :destroy], UserMute
if user.moderator?
- can [:hide, :unhide, :hidecomment, :unhidecomment], DiaryEntry
+ can [:hide, :unhide], [DiaryEntry, DiaryComment]
can [:index, :show, :resolve, :ignore, :reopen], Issue
can :create, IssueComment
can [:new, :create, :edit, :update, :destroy], Redaction
@@ -62,7 +62,7 @@ class Ability
end
if user.administrator?
- can [:hide, :unhide, :hidecomment, :unhidecomment], DiaryEntry
+ can [:hide, :unhide], [DiaryEntry, DiaryComment]
can [:index, :show, :resolve, :ignore, :reopen], Issue
can :create, IssueComment
can [:set_status, :destroy, :index], User
diff --git a/app/controllers/diary_comments_controller.rb b/app/controllers/diary_comments_controller.rb
index f1add85f0..8abf2071b 100644
--- a/app/controllers/diary_comments_controller.rb
+++ b/app/controllers/diary_comments_controller.rb
@@ -11,6 +11,7 @@ class DiaryCommentsController < ApplicationController
authorize_resource
before_action :lookup_user, :only => :index
+ before_action :check_database_writable, :only => [:hide, :unhide]
allow_thirdparty_images :only => :index
@@ -18,10 +19,22 @@ class DiaryCommentsController < ApplicationController
@title = t ".title", :user => @user.display_name
comments = DiaryComment.where(:user => @user)
- comments = comments.visible unless can? :unhidecomment, DiaryEntry
+ comments = comments.visible unless can? :unhide, DiaryComment
@params = params.permit(:display_name, :before, :after)
@comments, @newer_comments_id, @older_comments_id = get_page_items(comments, :includes => [:user])
end
+
+ def hide
+ comment = DiaryComment.find(params[:comment])
+ comment.update(:visible => false)
+ redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry)
+ end
+
+ def unhide
+ comment = DiaryComment.find(params[:comment])
+ comment.update(:visible => true)
+ redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry)
+ end
end
diff --git a/app/controllers/diary_entries_controller.rb b/app/controllers/diary_entries_controller.rb
index d1b44acd0..bf6e8d0b1 100644
--- a/app/controllers/diary_entries_controller.rb
+++ b/app/controllers/diary_entries_controller.rb
@@ -11,7 +11,7 @@ class DiaryEntriesController < ApplicationController
authorize_resource
before_action :lookup_user, :only => :show
- before_action :check_database_writable, :only => [:new, :create, :edit, :update, :comment, :hide, :hidecomment, :subscribe, :unsubscribe]
+ before_action :check_database_writable, :only => [:new, :create, :edit, :update, :comment, :hide, :unhide, :subscribe, :unsubscribe]
allow_thirdparty_images :only => [:new, :create, :edit, :update, :index, :show]
@@ -69,7 +69,7 @@ class DiaryEntriesController < ApplicationController
if @entry
@title = t ".title", :user => params[:display_name], :title => @entry.title
@og_image = @entry.body.image
- @comments = can?(:unhidecomment, DiaryEntry) ? @entry.comments : @entry.visible_comments
+ @comments = can?(:unhide, DiaryComment) ? @entry.comments : @entry.visible_comments
else
@title = t "diary_entries.no_such_entry.title", :id => params[:id]
render :action => "no_such_entry", :status => :not_found
@@ -229,18 +229,6 @@ class DiaryEntriesController < ApplicationController
redirect_to :action => "index", :display_name => entry.user.display_name
end
- def hidecomment
- comment = DiaryComment.find(params[:comment])
- comment.update(:visible => false)
- redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry)
- end
-
- def unhidecomment
- comment = DiaryComment.find(params[:comment])
- comment.update(:visible => true)
- redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry)
- end
-
private
##
diff --git a/app/views/diary_entries/_diary_comment.html.erb b/app/views/diary_entries/_diary_comment.html.erb
index c3c68fbc9..dbf8a439e 100644
--- a/app/views/diary_entries/_diary_comment.html.erb
+++ b/app/views/diary_entries/_diary_comment.html.erb
@@ -10,7 +10,7 @@
<%= diary_comment.body.to_html %>
- <% if can? :hidecomment, DiaryEntry %>
+ <% if can? :hide, DiaryComment %>
<% if diary_comment.visible? %>
<%= link_to t(".hide_link"), hide_diary_comment_path(diary_comment.diary_entry.user, diary_comment.diary_entry, diary_comment), :method => :post, :data => { :confirm => t(".confirm") } %>
diff --git a/config/routes.rb b/config/routes.rb
index a8d2b1d7e..acf2256a3 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -246,8 +246,8 @@ OpenStreetMap::Application.routes.draw do
post "/user/:display_name/diary/:id/newcomment" => "diary_entries#comment", :id => /\d+/, :as => :comment_diary_entry
post "/user/:display_name/diary/:id/hide" => "diary_entries#hide", :id => /\d+/, :as => :hide_diary_entry
post "/user/:display_name/diary/:id/unhide" => "diary_entries#unhide", :id => /\d+/, :as => :unhide_diary_entry
- post "/user/:display_name/diary/:id/hidecomment/:comment" => "diary_entries#hidecomment", :id => /\d+/, :comment => /\d+/, :as => :hide_diary_comment
- post "/user/:display_name/diary/:id/unhidecomment/:comment" => "diary_entries#unhidecomment", :id => /\d+/, :comment => /\d+/, :as => :unhide_diary_comment
+ post "/user/:display_name/diary/:id/hidecomment/:comment" => "diary_comments#hide", :id => /\d+/, :comment => /\d+/, :as => :hide_diary_comment
+ post "/user/:display_name/diary/:id/unhidecomment/:comment" => "diary_comments#unhide", :id => /\d+/, :comment => /\d+/, :as => :unhide_diary_comment
match "/user/:display_name/diary/:id/subscribe" => "diary_entries#subscribe", :via => [:get, :post], :as => :diary_entry_subscribe, :id => /\d+/
match "/user/:display_name/diary/:id/unsubscribe" => "diary_entries#unsubscribe", :via => [:get, :post], :as => :diary_entry_unsubscribe, :id => /\d+/
diff --git a/test/abilities/abilities_test.rb b/test/abilities/abilities_test.rb
index 4947351b6..58ef2b514 100644
--- a/test/abilities/abilities_test.rb
+++ b/test/abilities/abilities_test.rb
@@ -25,9 +25,13 @@ class GuestAbilityTest < AbilityTest
assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComments"
end
- [:create, :edit, :comment, :subscribe, :unsubscribe, :hide, :hidecomment].each do |action|
+ [:create, :edit, :comment, :subscribe, :unsubscribe, :hide, :unhide].each do |action|
assert ability.cannot?(action, DiaryEntry), "should not be able to #{action} DiaryEntries"
end
+
+ [:hide, :unhide].each do |action|
+ assert ability.cannot?(action, DiaryComment), "should not be able to #{action} DiaryComments"
+ end
end
test "note permissions for a guest" do
@@ -59,8 +63,9 @@ class UserAbilityTest < AbilityTest
assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComments"
end
- [:hide, :hidecomment].each do |action|
+ [:hide, :unhide].each do |action|
assert ability.cannot?(action, DiaryEntry), "should not be able to #{action} DiaryEntries"
+ assert ability.cannot?(action, DiaryComment), "should not be able to #{action} DiaryComment"
end
[:index, :show, :resolve, :ignore, :reopen].each do |action|
@@ -85,8 +90,9 @@ class ModeratorAbilityTest < AbilityTest
assert ability.cannot?(action, UserRole), "should not be able to #{action} UserRoles"
end
- [:hide, :hidecomment].each do |action|
+ [:hide, :unhide].each do |action|
assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
+ assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComment"
end
end
end
@@ -94,11 +100,11 @@ end
class AdministratorAbilityTest < AbilityTest
test "Diary for an administrator" do
ability = Ability.new create(:administrator_user)
- [:index, :rss, :show, :create, :edit, :comment, :subscribe, :unsubscribe, :hide, :hidecomment].each do |action|
+ [:index, :rss, :show, :create, :edit, :comment, :subscribe, :unsubscribe, :hide, :unhide].each do |action|
assert ability.can?(action, DiaryEntry), "should be able to #{action} DiaryEntries"
end
- [:index].each do |action|
+ [:index, :hide, :unhide].each do |action|
assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComments"
end
end
diff --git a/test/controllers/diary_comments_controller_test.rb b/test/controllers/diary_comments_controller_test.rb
index adb96dccb..e2ad4c91b 100644
--- a/test/controllers/diary_comments_controller_test.rb
+++ b/test/controllers/diary_comments_controller_test.rb
@@ -12,6 +12,14 @@ class DiaryCommentsControllerTest < ActionDispatch::IntegrationTest
{ :path => "/user/username/diary/comments", :method => :get },
{ :controller => "diary_comments", :action => "index", :display_name => "username" }
)
+ assert_routing(
+ { :path => "/user/username/diary/1/hidecomment/2", :method => :post },
+ { :controller => "diary_comments", :action => "hide", :display_name => "username", :id => "1", :comment => "2" }
+ )
+ assert_routing(
+ { :path => "/user/username/diary/1/unhidecomment/2", :method => :post },
+ { :controller => "diary_comments", :action => "unhide", :display_name => "username", :id => "1", :comment => "2" }
+ )
get "/user/username/diary/comments/1"
assert_redirected_to "/user/username/diary/comments"
@@ -60,4 +68,68 @@ class DiaryCommentsControllerTest < ActionDispatch::IntegrationTest
assert_redirected_to :controller => :errors, :action => :bad_request
end
end
+
+ def test_hide
+ user = create(:user)
+ diary_entry = create(:diary_entry, :user => user)
+ diary_comment = create(:diary_comment, :diary_entry => diary_entry)
+
+ # Try without logging in
+ post hide_diary_comment_path(user, diary_entry, diary_comment)
+ assert_response :forbidden
+ assert DiaryComment.find(diary_comment.id).visible
+
+ # Now try as a normal user
+ session_for(user)
+ post hide_diary_comment_path(user, diary_entry, diary_comment)
+ assert_redirected_to :controller => :errors, :action => :forbidden
+ assert DiaryComment.find(diary_comment.id).visible
+
+ # Try as a moderator
+ session_for(create(:moderator_user))
+ post hide_diary_comment_path(user, diary_entry, diary_comment)
+ assert_redirected_to diary_entry_path(user, diary_entry)
+ assert_not DiaryComment.find(diary_comment.id).visible
+
+ # Reset
+ diary_comment.reload.update(:visible => true)
+
+ # Finally try as an administrator
+ session_for(create(:administrator_user))
+ post hide_diary_comment_path(user, diary_entry, diary_comment)
+ assert_redirected_to diary_entry_path(user, diary_entry)
+ assert_not DiaryComment.find(diary_comment.id).visible
+ end
+
+ def test_unhide
+ user = create(:user)
+ diary_entry = create(:diary_entry, :user => user)
+ diary_comment = create(:diary_comment, :diary_entry => diary_entry, :visible => false)
+
+ # Try without logging in
+ post unhide_diary_comment_path(user, diary_entry, diary_comment)
+ assert_response :forbidden
+ assert_not DiaryComment.find(diary_comment.id).visible
+
+ # Now try as a normal user
+ session_for(user)
+ post unhide_diary_comment_path(user, diary_entry, diary_comment)
+ assert_redirected_to :controller => :errors, :action => :forbidden
+ assert_not DiaryComment.find(diary_comment.id).visible
+
+ # Now try as a moderator
+ session_for(create(:moderator_user))
+ post unhide_diary_comment_path(user, diary_entry, diary_comment)
+ assert_redirected_to diary_entry_path(user, diary_entry)
+ assert DiaryComment.find(diary_comment.id).visible
+
+ # Reset
+ diary_comment.reload.update(:visible => true)
+
+ # Finally try as an administrator
+ session_for(create(:administrator_user))
+ post unhide_diary_comment_path(user, diary_entry, diary_comment)
+ assert_redirected_to diary_entry_path(user, diary_entry)
+ assert DiaryComment.find(diary_comment.id).visible
+ end
end
diff --git a/test/controllers/diary_entries_controller_test.rb b/test/controllers/diary_entries_controller_test.rb
index 1dfd5ec1a..4eeeb2742 100644
--- a/test/controllers/diary_entries_controller_test.rb
+++ b/test/controllers/diary_entries_controller_test.rb
@@ -81,14 +81,6 @@ class DiaryEntriesControllerTest < ActionDispatch::IntegrationTest
{ :path => "/user/username/diary/1/unhide", :method => :post },
{ :controller => "diary_entries", :action => "unhide", :display_name => "username", :id => "1" }
)
- assert_routing(
- { :path => "/user/username/diary/1/hidecomment/2", :method => :post },
- { :controller => "diary_entries", :action => "hidecomment", :display_name => "username", :id => "1", :comment => "2" }
- )
- assert_routing(
- { :path => "/user/username/diary/1/unhidecomment/2", :method => :post },
- { :controller => "diary_entries", :action => "unhidecomment", :display_name => "username", :id => "1", :comment => "2" }
- )
assert_routing(
{ :path => "/user/username/diary/1/subscribe", :method => :get },
{ :controller => "diary_entries", :action => "subscribe", :display_name => "username", :id => "1" }
@@ -828,70 +820,6 @@ class DiaryEntriesControllerTest < ActionDispatch::IntegrationTest
assert DiaryEntry.find(diary_entry.id).visible
end
- def test_hidecomment
- user = create(:user)
- diary_entry = create(:diary_entry, :user => user)
- diary_comment = create(:diary_comment, :diary_entry => diary_entry)
-
- # Try without logging in
- post hide_diary_comment_path(user, diary_entry, diary_comment)
- assert_response :forbidden
- assert DiaryComment.find(diary_comment.id).visible
-
- # Now try as a normal user
- session_for(user)
- post hide_diary_comment_path(user, diary_entry, diary_comment)
- assert_redirected_to :controller => :errors, :action => :forbidden
- assert DiaryComment.find(diary_comment.id).visible
-
- # Try as a moderator
- session_for(create(:moderator_user))
- post hide_diary_comment_path(user, diary_entry, diary_comment)
- assert_redirected_to :action => :show, :display_name => user.display_name, :id => diary_entry.id
- assert_not DiaryComment.find(diary_comment.id).visible
-
- # Reset
- diary_comment.reload.update(:visible => true)
-
- # Finally try as an administrator
- session_for(create(:administrator_user))
- post hide_diary_comment_path(user, diary_entry, diary_comment)
- assert_redirected_to :action => :show, :display_name => user.display_name, :id => diary_entry.id
- assert_not DiaryComment.find(diary_comment.id).visible
- end
-
- def test_unhidecomment
- user = create(:user)
- diary_entry = create(:diary_entry, :user => user)
- diary_comment = create(:diary_comment, :diary_entry => diary_entry, :visible => false)
-
- # Try without logging in
- post unhide_diary_comment_path(user, diary_entry, diary_comment)
- assert_response :forbidden
- assert_not DiaryComment.find(diary_comment.id).visible
-
- # Now try as a normal user
- session_for(user)
- post unhide_diary_comment_path(user, diary_entry, diary_comment)
- assert_redirected_to :controller => :errors, :action => :forbidden
- assert_not DiaryComment.find(diary_comment.id).visible
-
- # Now try as a moderator
- session_for(create(:moderator_user))
- post unhide_diary_comment_path(user, diary_entry, diary_comment)
- assert_redirected_to :action => :show, :display_name => user.display_name, :id => diary_entry.id
- assert DiaryComment.find(diary_comment.id).visible
-
- # Reset
- diary_comment.reload.update(:visible => true)
-
- # Finally try as an administrator
- session_for(create(:administrator_user))
- post unhide_diary_comment_path(user, diary_entry, diary_comment)
- assert_redirected_to :action => :show, :display_name => user.display_name, :id => diary_entry.id
- assert DiaryComment.find(diary_comment.id).visible
- end
-
def test_subscribe_page
user = create(:user)
other_user = create(:user)
--
2.39.5