Use caching that allows pre-authentication.

Add test code for hidden requests. Make super users able to view hidden requests.
author: francis <francis> 2009-06-30 14:28:25 +0000
committer: francis <francis> 2009-06-30 14:28:25 +0000
commit: a12d270667df81d81f641c88fd924cd5fd99edfd (patch)
tree: 9e3262a968252530b880e8c95cd983d3a827af59 /app/models/info_request.rb
parent: 36141ae5c6fc922f0e45ce8803765031cdb9fbbb (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/app/models/info_request.rb b/app/models/info_request.rb
index 9d14e70d2..aa9b49c83 100644
--- a/app/models/info_request.rb
+++ b/app/models/info_request.rb
@@ -24,7 +24,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: info_request.rb,v 1.196 2009-06-27 02:25:31 francis Exp $
+# $Id: info_request.rb,v 1.197 2009-06-30 14:28:26 francis Exp $
 
 require 'digest/sha1'
 require File.join(File.dirname(__FILE__),'../../vendor/plugins/acts_as_xapian/lib/acts_as_xapian')
@@ -819,10 +819,10 @@ public
     end
 
     def user_can_view?(user)
-        return self.prominence != 'hidden'
-        # || self.is_owning_user?(user) # XXX this doesn't work, as have to
-        # mess with caching of HTML versions - need to change from using
-        # caches_pages in the request controller first.
+        if self.prominence == 'hidden' 
+            return User.view_hidden_requests?(user)
+        end
+        return true
     end
 
     # This is called from cron regularly.
author	francis <francis>	2009-06-30 14:28:25 +0000
committer	francis <francis>	2009-06-30 14:28:25 +0000
commit	a12d270667df81d81f641c88fd924cd5fd99edfd (patch)
tree	9e3262a968252530b880e8c95cd983d3a827af59 /app/models/info_request.rb
parent	36141ae5c6fc922f0e45ce8803765031cdb9fbbb (diff)