cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'upstream/pull/2248'

Browse source
This commit is contained in:
Tom Hughes 2019-06-06 17:51:51 +01:00
commit 6499b2603d
9 changed files with 142 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/abilities/ability.rb
View file

@ -51,7 +51,7 @@ class Ability
end
if user.administrator?
can [:hide, :hidecomment], [DiaryEntry, DiaryComment]
can [:hide, :unhide, :hidecomment, :unhidecomment], [DiaryEntry, DiaryComment]
can [:index, :show, :resolve, :ignore, :reopen], Issue
can :create, IssueComment
can [:set_status, :delete, :index], User

16
app/controllers/diary_entries_controller.rb
View file

@ -74,6 +74,7 @@ class DiaryEntriesController < ApplicationController
def comment
@entry = DiaryEntry.find(params[:id])
@comments = @entry.visible_comments
@diary_comment = @entry.comments.build(comment_params)
@diary_comment.user = current_user
if @diary_comment.save
@ -157,7 +158,7 @@ class DiaryEntriesController < ApplicationController
@page = (params[:page] || 1).to_i
@page_size = 20
@entries = @entries.visible
@entries = @entries.visible unless current_user&.administrator?
@entries = @entries.order("created_at DESC")
@entries = @entries.offset((@page - 1) * @page_size)
@entries = @entries.limit(@page_size)
@ -202,6 +203,7 @@ class DiaryEntriesController < ApplicationController
@entry = @user.diary_entries.visible.where(:id => params[:id]).first
if @entry
@title = t "diary_entries.show.title", :user => params[:display_name], :title => @entry.title
@comments = current_user&.administrator? ? @entry.comments : @entry.visible_comments
else
@title = t "diary_entries.no_such_entry.title", :id => params[:id]
render :action => "no_such_entry", :status => :not_found
@ -214,12 +216,24 @@ class DiaryEntriesController < ApplicationController
redirect_to :action => "index", :display_name => entry.user.display_name
end
def unhide
entry = DiaryEntry.find(params[:id])
entry.update(:visible => true)
redirect_to :action => "index", :display_name => entry.user.display_name
end
def hidecomment
comment = DiaryComment.find(params[:comment])
comment.update(:visible => false)
redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry)
end
def unhidecomment
comment = DiaryComment.find(params[:comment])
comment.update(:visible => true)
redirect_to diary_entry_path(comment.diary_entry.user, comment.diary_entry)
end
def comments
@comment_pages, @comments = paginate(:diary_comments,
:conditions => {

8
app/views/diary_entries/_diary_comment.html.erb
View file

@ -1,4 +1,4 @@
<div class="clearfix diary-comment">
<div class="clearfix diary-comment<%= ' deemphasize' unless diary_comment.visible? %>">
<%= user_thumbnail diary_comment.user %>
<p class="deemphasize comment-heading" id="comment<%= diary_comment.id %>"><%= raw(t(".comment_from", :link_user => (link_to h(diary_comment.user.display_name), user_path(diary_comment.user)), :comment_created_at => link_to(l(diary_comment.created_at, :format => :friendly), :anchor => "comment#{diary_comment.id}"))) %>
<% if current_user and diary_comment.user.id != current_user.id %>
@ -9,7 +9,11 @@
<div class="richtext"><%= diary_comment.body.to_html %></div>
<% if current_user && current_user.administrator? %>
<span>
<%= link_to t(".hide_link"), hide_diary_comment_path(:display_name => diary_comment.diary_entry.user.display_name, :id => diary_comment.diary_entry.id, :comment => diary_comment.id), :method => :post, :data => { :confirm => t(".confirm") } %>
<% if diary_comment.visible? %>
<%= link_to t(".hide_link"), hide_diary_comment_path(:display_name => diary_comment.diary_entry.user.display_name, :id => diary_comment.diary_entry.id, :comment => diary_comment.id), :method => :post, :data => { :confirm => t(".confirm") } %>
<% else %>
<%= link_to t(".unhide_link"), unhide_diary_comment_path(:display_name => diary_comment.diary_entry.user.display_name, :id => diary_comment.diary_entry.id, :comment => diary_comment.id), :method => :post, :data => { :confirm => t(".confirm") } %>
<% end %>
</span>
<% end %>
</div>

8
app/views/diary_entries/_diary_entry.html.erb
View file

@ -1,4 +1,4 @@
<div class='diary_post'>
<div class='diary_post<%= ' deemphasize' unless diary_entry.visible %>'>
<div class='post_heading clearfix'>
<% if !@user %>
<%= user_thumbnail diary_entry.user %>
@ -39,7 +39,11 @@
<% if current_user && current_user.administrator? %>
<li>
<%= link_to t(".hide_link"), hide_diary_entry_path(:display_name => diary_entry.user.display_name, :id => diary_entry.id), :method => :post, :data => { :confirm => t(".confirm") } %>
<% if diary_entry.visible %>
<%= link_to t(".hide_link"), hide_diary_entry_path(:display_name => diary_entry.user.display_name, :id => diary_entry.id), :method => :post, :data => { :confirm => t(".confirm") } %>
<% else %>
<%= link_to t(".unhide_link"), unhide_diary_entry_path(:display_name => diary_entry.user.display_name, :id => diary_entry.id), :method => :post, :data => { :confirm => t(".confirm") } %>
<% end %>
</li>
<% end %>
</ul>

2
app/views/diary_entries/show.html.erb
View file

@ -10,7 +10,7 @@
<a id="comments"></a>
<div class='comments'>
<%= render :partial => "diary_comment", :collection => @entry.visible_comments %>
<%= render :partial => "diary_comment", :collection => @comments %>
</div>
<div>

2
config/locales/en.yml
View file

@ -331,11 +331,13 @@ en:
other: "%{count} comments"
edit_link: Edit this entry
hide_link: Hide this entry
unhide_link: Unhide this entry
confirm: Confirm
report: Report this entry
diary_comment:
comment_from: "Comment from %{link_user} on %{comment_created_at}"
hide_link: Hide this comment
unhide_link: Unhide this comment
confirm: Confirm
report: Report this comment
location:

2
config/routes.rb
View file

@ -234,7 +234,9 @@ OpenStreetMap::Application.routes.draw do
end
post "/user/:display_name/diary/:id/newcomment" => "diary_entries#comment", :id => /\d+/
post "/user/:display_name/diary/:id/hide" => "diary_entries#hide", :id => /\d+/, :as => :hide_diary_entry
post "/user/:display_name/diary/:id/unhide" => "diary_entries#unhide", :id => /\d+/, :as => :unhide_diary_entry
post "/user/:display_name/diary/:id/hidecomment/:comment" => "diary_entries#hidecomment", :id => /\d+/, :comment => /\d+/, :as => :hide_diary_comment
post "/user/:display_name/diary/:id/unhidecomment/:comment" => "diary_entries#unhidecomment", :id => /\d+/, :comment => /\d+/, :as => :unhide_diary_comment
post "/user/:display_name/diary/:id/subscribe" => "diary_entries#subscribe", :as => :diary_entry_subscribe, :id => /\d+/
post "/user/:display_name/diary/:id/unsubscribe" => "diary_entries#unsubscribe", :as => :diary_entry_unsubscribe, :id => /\d+/

63
test/controllers/diary_entries_controller_test.rb
View file

@ -85,10 +85,18 @@ class DiaryEntriesControllerTest < ActionController::TestCase
{ :path => "/user/username/diary/1/hide", :method => :post },
{ :controller => "diary_entries", :action => "hide", :display_name => "username", :id => "1" }
)
assert_routing(
{ :path => "/user/username/diary/1/unhide", :method => :post },
{ :controller => "diary_entries", :action => "unhide", :display_name => "username", :id => "1" }
)
assert_routing(
{ :path => "/user/username/diary/1/hidecomment/2", :method => :post },
{ :controller => "diary_entries", :action => "hidecomment", :display_name => "username", :id => "1", :comment => "2" }
)
assert_routing(
{ :path => "/user/username/diary/1/unhidecomment/2", :method => :post },
{ :controller => "diary_entries", :action => "unhidecomment", :display_name => "username", :id => "1", :comment => "2" }
)
assert_routing(
{ :path => "/user/username/diary/1/subscribe", :method => :post },
{ :controller => "diary_entries", :action => "subscribe", :display_name => "username", :id => "1" }
@ -750,6 +758,33 @@ class DiaryEntriesControllerTest < ActionController::TestCase
assert_equal false, DiaryEntry.find(diary_entry.id).visible
end
def test_unhide
user = create(:user)
# Try without logging in
diary_entry = create(:diary_entry, :user => user, :visible => false)
post :unhide,
:params => { :display_name => user.display_name, :id => diary_entry.id }
assert_response :forbidden
assert_equal false, DiaryEntry.find(diary_entry.id).visible
# Now try as a normal user
post :unhide,
:params => { :display_name => user.display_name, :id => diary_entry.id },
:session => { :user => user }
assert_response :redirect
assert_redirected_to :controller => :errors, :action => :forbidden
assert_equal false, DiaryEntry.find(diary_entry.id).visible
# Finally try as an administrator
post :unhide,
:params => { :display_name => user.display_name, :id => diary_entry.id },
:session => { :user => create(:administrator_user) }
assert_response :redirect
assert_redirected_to :action => :index, :display_name => user.display_name
assert_equal true, DiaryEntry.find(diary_entry.id).visible
end
def test_hidecomment
user = create(:user)
administrator_user = create(:administrator_user)
@ -778,6 +813,34 @@ class DiaryEntriesControllerTest < ActionController::TestCase
assert_equal false, DiaryComment.find(diary_comment.id).visible
end
def test_unhidecomment
user = create(:user)
administrator_user = create(:administrator_user)
diary_entry = create(:diary_entry, :user => user)
diary_comment = create(:diary_comment, :diary_entry => diary_entry, :visible => false)
# Try without logging in
post :unhidecomment,
:params => { :display_name => user.display_name, :id => diary_entry.id, :comment => diary_comment.id }
assert_response :forbidden
assert_equal false, DiaryComment.find(diary_comment.id).visible
# Now try as a normal user
post :unhidecomment,
:params => { :display_name => user.display_name, :id => diary_entry.id, :comment => diary_comment.id },
:session => { :user => user }
assert_response :redirect
assert_redirected_to :controller => :errors, :action => :forbidden
assert_equal false, DiaryComment.find(diary_comment.id).visible
# Finally try as an administrator
post :unhidecomment,
:params => { :display_name => user.display_name, :id => diary_entry.id, :comment => diary_comment.id },
:session => { :user => administrator_user }
assert_response :redirect
assert_redirected_to :action => :show, :display_name => user.display_name, :id => diary_entry.id
assert_equal true, DiaryComment.find(diary_comment.id).visible
end
def test_comments
user = create(:user)
other_user = create(:user)

46
test/system/diary_entry_test.rb
View file

@ -15,4 +15,50 @@ class DiaryEntrySystemTest < ApplicationSystemTestCase
assert page.has_content? "Send a new message"
assert_equal "Re: #{@diary_entry.title}", page.find_field("Subject").value
end
test "deleted diary entries should be hidden for regular users" do
@deleted_entry = create(:diary_entry, :visible => false)
sign_in_as(create(:user))
visit diary_entries_path
assert_not page.has_content? @deleted_entry.title
end
test "deleted diary entries should be shown to administrators for review" do
@deleted_entry = create(:diary_entry, :visible => false)
sign_in_as(create(:administrator_user))
visit diary_entries_path
assert page.has_content? @deleted_entry.title
end
test "deleted diary entries should not be shown to admins when the user is also deleted" do
@deleted_user = create(:user, :status => :deleted)
@deleted_entry = create(:diary_entry, :visible => false, :user => @deleted_user)
sign_in_as(create(:administrator_user))
visit diary_entries_path
assert_not page.has_content? @deleted_entry.title
end
test "deleted diary comments should be hidden for regular users" do
@deleted_comment = create(:diary_comment, :diary_entry => @diary_entry, :visible => false)
sign_in_as(create(:user))
visit diary_entry_path(@diary_entry.user, @diary_entry)
assert_not page.has_content? @deleted_comment.body
end
test "deleted diary comments should be shown to administrators" do
@deleted_comment = create(:diary_comment, :diary_entry => @diary_entry, :visible => false)
sign_in_as(create(:administrator_user))
visit diary_entry_path(@diary_entry.user, @diary_entry)
assert page.has_content? @deleted_comment.body
end
end