2 files changed, 32 insertions, 11 deletions

diff --git a/perllib/FixMyStreet/App/Controller/Reports.pm b/perllib/FixMyStreet/App/Controller/Reports.pm
index 2508b822f..42f5ea288 100644
--- a/perllib/FixMyStreet/App/Controller/Reports.pm
+++ b/perllib/FixMyStreet/App/Controller/Reports.pm
@@ -654,16 +654,24 @@ sub check_non_public_reports_permission : Private {
     my ($self, $c, $where) = @_;
 
     if ( $c->user_exists ) {
-        return if $c->user->is_super_user;
+        my $user_has_permission;
 
-        my $body = $c->stash->{body};
+        if ( $c->user->is_super_user ) {
+            $user_has_permission = 1;
+        } else {
+            my $body = $c->stash->{body};
 
-        my $user_has_permission = $body && (
-            $c->user->has_permission_to('report_inspect', $body->id) ||
-            $c->user->has_permission_to('report_mark_private', $body->id)
-        );
+            $user_has_permission = $body && (
+                $c->user->has_permission_to('report_inspect', $body->id) ||
+                $c->user->has_permission_to('report_mark_private', $body->id)
+            );
+        }
 
-        $where->{non_public} = 0 unless $user_has_permission;
+        if ( $user_has_permission ) {
+            $where->{non_public} = 1 if $c->stash->{only_non_public};
+        } else {
+            $where->{non_public} = 0;
+        }
     } else {
         $where->{non_public} = 0;
     }
@@ -741,6 +749,10 @@ sub stash_report_filter_status : Private {
         }
     }
 
+    if ($status{non_public}) {
+        $c->stash->{only_non_public} = 1;
+    }
+
     if (keys %filter_problem_states == 0) {
       my $s = FixMyStreet::DB::Result::Problem->open_states();
       %filter_problem_states = (%filter_problem_states, %$s);
diff --git a/perllib/FixMyStreet/DB/ResultSet/Problem.pm b/perllib/FixMyStreet/DB/ResultSet/Problem.pm
index 0a180f8e3..ce64f7ee9 100644
--- a/perllib/FixMyStreet/DB/ResultSet/Problem.pm
+++ b/perllib/FixMyStreet/DB/ResultSet/Problem.pm
@@ -28,14 +28,23 @@ sub body_query {
 sub non_public_if_possible {
     my ($rs, $params, $c) = @_;
     if ($c->user_exists) {
+        my $only_non_public = $c->stash->{only_non_public} ? 1 : 0;
         if ($c->user->is_superuser) {
             # See all reports, no restriction
+            $params->{non_public} = 1 if $only_non_public;
         } elsif ($c->user->has_body_permission_to('report_inspect') ||
                  $c->user->has_body_permission_to('report_mark_private')) {
-            $params->{'-or'} = [
-                non_public => 0,
-                $rs->body_query($c->user->from_body->id),
-            ];
+            if ($only_non_public) {
+                $params->{'-and'} = [
+                    non_public => 1,
+                    $rs->body_query($c->user->from_body->id),
+                ];
+            } else {
+                $params->{'-or'} = [
+                    non_public => 0,
+                    $rs->body_query($c->user->from_body->id),
+                ];
+            }
         } else {
             $params->{non_public} = 0;
         }