Show all diary comments to administrators

2019-06-05 15:52:51 +02:00 · 2019-06-05 15:52:51 +02:00 · 9e158a5d39
commit 9e158a5d39
parent fdffd22cca
4 changed files with 22 additions and 2 deletions
--- a/app/controllers/diary_entries_controller.rb
+++ b/app/controllers/diary_entries_controller.rb
@ -74,6 +74,7 @@ class DiaryEntriesController < ApplicationController

  def comment
    @entry = DiaryEntry.find(params[:id])
+    @comments = @entry.visible_comments
    @diary_comment = @entry.comments.build(comment_params)
    @diary_comment.user = current_user
    if @diary_comment.save
@ -202,6 +203,7 @@ class DiaryEntriesController < ApplicationController
    @entry = @user.diary_entries.visible.where(:id => params[:id]).first
    if @entry
      @title = t "diary_entries.show.title", :user => params[:display_name], :title => @entry.title
+      @comments = current_user&.administrator? ? @entry.comments : @entry.visible_comments
    else
      @title = t "diary_entries.no_such_entry.title", :id => params[:id]
      render :action => "no_such_entry", :status => :not_found
--- a/app/views/diary_entries/_diary_comment.html.erb
+++ b/app/views/diary_entries/_diary_comment.html.erb
@ -1,4 +1,4 @@
-<div class="clearfix diary-comment">
+<div class="clearfix diary-comment<%= ' deemphasize' unless diary_comment.visible? %>">
  <%= user_thumbnail diary_comment.user %>
  <p class="deemphasize comment-heading" id="comment<%= diary_comment.id %>"><%= raw(t(".comment_from", :link_user => (link_to h(diary_comment.user.display_name), user_path(diary_comment.user)), :comment_created_at => link_to(l(diary_comment.created_at, :format => :friendly), :anchor => "comment#{diary_comment.id}"))) %>
    <% if current_user and diary_comment.user.id != current_user.id %>
--- a/app/views/diary_entries/show.html.erb
+++ b/app/views/diary_entries/show.html.erb
@ -10,7 +10,7 @@

 <a id="comments"></a>
 <div class='comments'>
-<%= render :partial => "diary_comment", :collection => @entry.visible_comments %>
+<%= render :partial => "diary_comment", :collection => @comments %>
 </div>

 <div>
--- a/test/system/diary_entry_test.rb
+++ b/test/system/diary_entry_test.rb
@ -43,4 +43,22 @@ class DiaryEntrySystemTest < ApplicationSystemTestCase

    assert_not page.has_content? @deleted_entry.title
  end
+
+  test "deleted diary comments should be hidden for regular users" do
+    @deleted_comment = create(:diary_comment, :diary_entry => @diary_entry, :visible => false)
+
+    sign_in_as(create(:user))
+    visit diary_entry_path(@diary_entry.user, @diary_entry)
+
+    assert_not page.has_content? @deleted_comment.body
+  end
+
+  test "deleted diary comments should be shown to administrators" do
+    @deleted_comment = create(:diary_comment, :diary_entry => @diary_entry, :visible => false)
+
+    sign_in_as(create(:administrator_user))
+    visit diary_entry_path(@diary_entry.user, @diary_entry)
+
+    assert page.has_content? @deleted_comment.body
+  end
 end