Don’t reveal private report lat/lon in ‘report another’ link

5 files changed, 11 insertions, 3 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2bf209262..e92d541bf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,6 +28,8 @@
         - Hide duplicate suggestions when signing in during reporting.
         - Retain extra data if signing in during reporting.
         - Have duplicate suggestion and assets coexist better.
+        - Don't include lat/lon of private reports in ‘Report another problem
+          here’ link.
     - Front end improvements:
         - Set report title autocomplete to off to prevent email autocompleting
     - Development improvements:
diff --git a/t/app/controller/report_display.t b/t/app/controller/report_display.t
index bb5b0a72d..ddd69f18c 100644
--- a/t/app/controller/report_display.t
+++ b/t/app/controller/report_display.t
@@ -79,6 +79,9 @@ subtest "change report to non_public and check for 403 status" => sub {
     is $mech->res->code, 403, "access denied";
     is $mech->uri->path, "/report/$report_id", "at /report/$report_id";
     $mech->content_contains('permission to do that. If you are the problem reporter');
+    $mech->content_lacks('Report another problem here');
+    $mech->content_lacks($report->latitude);
+    $mech->content_lacks($report->longitude);
     ok $report->update( { non_public => 0 } ), 'make report public';
 };
 
@@ -95,6 +98,9 @@ subtest "check owner of report can view non public reports" => sub {
     is $mech->res->code, 403, "access denied to user who is not report creator";
     is $mech->uri->path, "/report/$report_id", "at /report/$report_id";
     $mech->content_contains('permission to do that. If you are the problem reporter');
+    $mech->content_lacks('Report another problem here');
+    $mech->content_lacks($report->latitude);
+    $mech->content_lacks($report->longitude);
     $mech->log_out_ok;
     ok $report->update( { non_public => 0 } ), 'make report public';
 };
diff --git a/templates/web/base/main_nav_items.html b/templates/web/base/main_nav_items.html
index 4b031cbaa..3e7852ea8 100644
--- a/templates/web/base/main_nav_items.html
+++ b/templates/web/base/main_nav_items.html
@@ -1,4 +1,4 @@
-[%~ IF problem ~%]
+[%~ IF problem AND NOT problem.non_public ~%]
     [%~ INCLUDE navitem uri='/report/new?longitude=' _ problem.longitude _ '&latitude=' _ problem.latitude label=loc('Report another problem here') attrs='class="report-a-problem-btn"' ~%]
 [%~ ELSIF latitude AND longitude ~%]
     [%~ INCLUDE navitem uri='/report/new?longitude=' _ longitude _ '&latitude=' _ latitude label=loc('Report a problem here') attrs='class="report-a-problem-btn"' ~%]
diff --git a/templates/web/bexley/main_nav_items.html b/templates/web/bexley/main_nav_items.html
index 9522238f4..3b948d043 100644
--- a/templates/web/bexley/main_nav_items.html
+++ b/templates/web/bexley/main_nav_items.html
@@ -1,4 +1,4 @@
-[%~ IF problem ~%]
+[%~ IF problem AND NOT problem.non_public ~%]
     [%~ INCLUDE navitem uri='/report/new?longitude=' _ problem.longitude _ '&latitude=' _ problem.latitude label=loc('Report another problem here') attrs='class="report-a-problem-btn"' ~%]
 [%~ ELSIF latitude AND longitude ~%]
     [%~ INCLUDE navitem uri='/report/new?longitude=' _ longitude _ '&latitude=' _ latitude label=loc('Report a problem here') attrs='class="report-a-problem-btn"' ~%]
diff --git a/templates/web/hounslow/main_nav_items.html b/templates/web/hounslow/main_nav_items.html
index 053ca39e6..b5c04c4c7 100644
--- a/templates/web/hounslow/main_nav_items.html
+++ b/templates/web/hounslow/main_nav_items.html
@@ -1,4 +1,4 @@
-[%~ IF problem ~%]
+[%~ IF problem AND NOT problem.non_public ~%]
     [%~ INCLUDE navitem uri='/report/new?longitude=' _ problem.longitude _ '&latitude=' _ problem.latitude label=loc('Report another problem here') attrs='class="report-a-problem-btn"' ~%]
 [%~ ELSIF latitude AND longitude ~%]
     [%~ INCLUDE navitem uri='/report/new?longitude=' _ longitude _ '&latitude=' _ latitude label=loc('Report a problem here') attrs='class="report-a-problem-btn"' ~%]