From 7c11c3fe0f45fa97c013400072ab8a48fc38da93 Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Fri, 8 Feb 2013 17:49:15 -0500
Subject: [PATCH] Can edit deleted posts.
---
app/controllers/posts_controller.rb | 23 +++++++++++++++------
spec/controllers/posts_controller_spec.rb | 25 +++++++++++++++++++++++
2 files changed, 42 insertions(+), 6 deletions(-)
diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
index ce4d2e9ba..6af0c180d 100644
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -64,7 +64,7 @@ class PostsController < ApplicationController
end
def show
- @post = Post.where(id: params[:id]).first
+ @post = find_post_from_params
guardian.ensure_can_see!(@post)
@post.revert_to(params[:version].to_i) if params[:version].present?
@@ -74,14 +74,14 @@ class PostsController < ApplicationController
end
def destroy
- post = Post.where(id: params[:id]).first
+ post = find_post_from_params
guardian.ensure_can_delete!(post)
post.delete_by(current_user)
render nothing: true
end
def recover
- post = Post.with_deleted.where(id: params[:post_id]).first
+ post = find_post_from_params
guardian.ensure_can_recover_post!(post)
post.recover
render nothing: true
@@ -108,7 +108,7 @@ class PostsController < ApplicationController
# Retrieves a list of versions and who made them for a post
def versions
- post = Post.where(id: params[:post_id]).first
+ post = find_post_from_params
guardian.ensure_can_see!(post)
render_serialized(post.all_versions, VersionSerializer)
@@ -116,14 +116,14 @@ class PostsController < ApplicationController
# Direct replies to this post
def replies
- post = Post.where(id: params[:post_id]).first
+ post = find_post_from_params
guardian.ensure_can_see!(post)
render_serialized(post.replies, PostSerializer)
end
def bookmark
- post = Post.where(id: params[:post_id]).first
+ post = find_post_from_params
guardian.ensure_can_see!(post)
if current_user
if params[:bookmarked] == "true"
@@ -135,4 +135,15 @@ class PostsController < ApplicationController
render :nothing => true
end
+
+ protected
+
+ def find_post_from_params
+ finder = Post.where(id: params[:id] || params[:post_id])
+
+ # Include deleted posts if the user is a moderator
+ finder = finder.with_deleted if current_user.try(:has_trust_level?, :moderator)
+
+ finder.first
+ end
end
diff --git a/spec/controllers/posts_controller_spec.rb b/spec/controllers/posts_controller_spec.rb
index 302da485e..73929f8b1 100644
--- a/spec/controllers/posts_controller_spec.rb
+++ b/spec/controllers/posts_controller_spec.rb
@@ -18,6 +18,31 @@ describe PostsController do
response.should be_success
end
+ context "deleted post" do
+
+ before do
+ post.destroy
+ end
+
+ it "can't find deleted posts as an anonymous user" do
+ xhr :get, :show, id: post.id
+ response.should be_forbidden
+ end
+
+ it "can't find deleted posts as a regular user" do
+ log_in(:user)
+ xhr :get, :show, id: post.id
+ response.should be_forbidden
+ end
+
+ it "can find posts as a moderator" do
+ log_in(:moderator)
+ xhr :get, :show, id: post.id
+ response.should be_success
+ end
+
+ end
+
end
describe 'versions' do