diff options
| author | Dave Arter <davea@mysociety.org> | 2019-11-01 12:58:26 +0000 |
|---|---|---|
| committer | Dave Arter <davea@mysociety.org> | 2019-12-09 12:48:12 +0000 |
| commit | 7e64cdff0a328550e529427665de6fddcf1d1e5d (patch) | |
| tree | 0495c2e9f0c15d848014e2d5e6fcacb089d9246f | |
| parent | 4c7f66b2884c629c9f42250cdd878035990f88cb (diff) | |
[UK Councils] Ensure response templates owned by other bodies aren’t visible
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report.pm | 12 | ||||
| -rw-r--r-- | perllib/FixMyStreet/Roles/ContactExtra.pm | 11 | ||||
| -rw-r--r-- | t/app/controller/admin/templates.t | 65 | ||||
| -rw-r--r-- | t/app/model/defecttype.t | 4 | ||||
| -rw-r--r-- | t/app/model/responsepriority.t | 6 | ||||
| -rw-r--r-- | t/app/model/responsetemplate.t | 2 |
6 files changed, 89 insertions, 11 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Report.pm b/perllib/FixMyStreet/App/Controller/Report.pm index 190687d41..fde28dcbe 100644 --- a/perllib/FixMyStreet/App/Controller/Report.pm +++ b/perllib/FixMyStreet/App/Controller/Report.pm @@ -375,10 +375,16 @@ sub inspect : Private { $c->forward('/admin/reports/categories_for_point'); $c->stash->{report_meta} = { map { 'x' . $_->{name} => $_ } @{ $c->stash->{problem}->get_extra_fields() } }; - if ($c->cobrand->can('council_area_id')) { - my $priorities_by_category = FixMyStreet::App->model('DB::ResponsePriority')->by_categories($c->cobrand->council_area_id, @{$c->stash->{contacts}}); + if ($c->cobrand->can('body')) { + my $priorities_by_category = FixMyStreet::App->model('DB::ResponsePriority')->by_categories( + $c->stash->{contacts}, + body_id => $c->cobrand->body->id + ); $c->stash->{priorities_by_category} = $priorities_by_category; - my $templates_by_category = FixMyStreet::App->model('DB::ResponseTemplate')->by_categories($c->cobrand->council_area_id, @{$c->stash->{contacts}}); + my $templates_by_category = FixMyStreet::App->model('DB::ResponseTemplate')->by_categories( + $c->stash->{contacts}, + body_id => $c->cobrand->body->id + ); $c->stash->{templates_by_category} = $templates_by_category; } diff --git a/perllib/FixMyStreet/Roles/ContactExtra.pm b/perllib/FixMyStreet/Roles/ContactExtra.pm index 55c055d99..e78d9b53f 100644 --- a/perllib/FixMyStreet/Roles/ContactExtra.pm +++ b/perllib/FixMyStreet/Roles/ContactExtra.pm @@ -25,8 +25,15 @@ sub for_bodies { } sub by_categories { - my ($rs, $area_id, @contacts) = @_; - my %body_ids = map { $_->body_id => 1 } FixMyStreet::DB->resultset('BodyArea')->search({ area_id => $area_id }); + my ($rs, $contacts, %params) = @_; + + my %body_ids = (); + if ( $params{body_id} ) { + %body_ids = ( $params{body_id} => 1 ); + } else { + %body_ids = map { $_->body_id => 1 } FixMyStreet::DB->resultset('BodyArea')->search({ area_id => $params{area_id} }); + } + my @contacts = @$contacts; my @body_ids = keys %body_ids; my %extras = (); my @results = $rs->for_bodies(\@body_ids, undef); diff --git a/t/app/controller/admin/templates.t b/t/app/controller/admin/templates.t index e9fefbdd7..ca1cba46d 100644 --- a/t/app/controller/admin/templates.t +++ b/t/app/controller/admin/templates.t @@ -10,6 +10,30 @@ my $oxfordshire = $mech->create_body_ok(2237, 'Oxfordshire County Council'); my $oxfordshirecontact = $mech->create_contact_ok( body_id => $oxfordshire->id, category => 'Potholes', email => 'potholes@example.com' ); my $oxfordshireuser = $mech->create_user_ok('counciluser@example.com', name => 'Council User', from_body => $oxfordshire); +my $bromley = $mech->create_body_ok(2482, 'Bromley Borough Council'); +my $bromleycontact = $mech->create_contact_ok( body_id => $bromley->id, category => 'Potholes', email => 'potholes@example.com' ); +my $bromleyuser = $mech->create_user_ok('bromleyuser@example.com', name => 'Council User', from_body => $bromley); +$bromleyuser->user_body_permissions->find_or_create({ + body => $bromley, + permission_type => 'report_inspect', +}); +my $bromleytemplate = $bromley->response_templates->create({ + title => "Bromley-specific response template.", + text => "This template will only appear on the Bromley cobrand.", +}); + +my $tfl = $mech->create_body_ok(2482, 'TfL'); +my $tflcontact = $mech->create_contact_ok( body_id => $tfl->id, category => 'Potholes', email => 'potholes@example.com' ); +my $tfluser = $mech->create_user_ok('tfluser@example.com', name => 'Council User', from_body => $tfl); +$tfluser->user_body_permissions->find_or_create({ + body => $tfl, + permission_type => 'report_inspect', +}); +my $tfltemplate = $tfl->response_templates->create({ + title => "TfL-specific response template.", + text => "This template will only appear on the TfL cobrand.", +}); + my $dt = DateTime->new( year => 2011, month => 04, @@ -258,4 +282,45 @@ subtest "templates that set state and external_status_code can't be added" => su is $oxfordshire->response_templates->count, 0, "Invalid response template wasn't added"; }; +subtest "TfL cobrand only shows TfL templates" => sub { + FixMyStreet::override_config { + ALLOWED_COBRANDS => [ 'tfl' ], + }, sub { + $report->update({ + category => $tflcontact->category, + bodies_str => $tfl->id, + latitude => 51.402096, + longitude => 0.015784, + state => 'confirmed', + areas => ',2482,', + }); + $mech->log_in_ok( $tfluser->email ); + + $mech->get_ok("/report/" . $report->id); + $mech->content_contains( $tfltemplate->text ); + $mech->content_contains( $tfltemplate->title ); + $mech->content_lacks( $bromleytemplate->text ); + $mech->content_lacks( $bromleytemplate->title ); + + $mech->log_out_ok; + }; +}; + +subtest "Bromley cobrand only shows Bromley templates" => sub { + FixMyStreet::override_config { + ALLOWED_COBRANDS => [ 'bromley' ], + }, sub { + $report->update({ category => $bromleycontact->category, bodies_str => $bromley->id }); + $mech->log_in_ok( $bromleyuser->email ); + + $mech->get_ok("/report/" . $report->id); + $mech->content_contains( $bromleytemplate->text ); + $mech->content_contains( $bromleytemplate->title ); + $mech->content_lacks( $tfltemplate->text ); + $mech->content_lacks( $tfltemplate->title ); + + $mech->log_out_ok; + }; +}; + done_testing(); diff --git a/t/app/model/defecttype.t b/t/app/model/defecttype.t index ec40f6dbc..3f1cc09b5 100644 --- a/t/app/model/defecttype.t +++ b/t/app/model/defecttype.t @@ -66,7 +66,7 @@ subtest 'Problem->defect_types behaves correctly' => sub { subtest 'by_categories returns all defect types grouped by category' => sub { my @contacts = FixMyStreet::DB->resultset('Contact')->not_deleted->search( { body_id => [ $oxfordshire->id ] } )->all; - my $defect_types = FixMyStreet::DB->resultset('DefectType')->by_categories($area_id, @contacts); + my $defect_types = FixMyStreet::DB->resultset('DefectType')->by_categories(\@contacts, body_id => $oxfordshire->id); my $potholes = decode_json($defect_types->{Potholes}); my $traffic_lights = decode_json($defect_types->{'Traffic lights'}); my $pavements = decode_json($defect_types->{Pavements}); @@ -88,7 +88,7 @@ subtest 'by_categories returns defect types for an area with multiple bodies' => ); my @contacts = FixMyStreet::DB->resultset('Contact')->not_deleted->search( { body_id => [ $oxfordshire->id ] } )->all; - my $defect_types = FixMyStreet::DB->resultset('DefectType')->by_categories($area_id, @contacts); + my $defect_types = FixMyStreet::DB->resultset('DefectType')->by_categories(\@contacts, area_id => $area_id); my $potholes = decode_json($defect_types->{Potholes}); my $traffic_lights = decode_json($defect_types->{'Traffic lights'}); my $pavements = decode_json($defect_types->{Pavements}); diff --git a/t/app/model/responsepriority.t b/t/app/model/responsepriority.t index c7a4fe210..bd09c2da0 100644 --- a/t/app/model/responsepriority.t +++ b/t/app/model/responsepriority.t @@ -49,9 +49,9 @@ subtest 'for_bodies returns correct results' => sub { is $priorities->first->name, $general_response_priority->name, 'Correct priority is returned for Traffic lights category'; }; -subtest 'by_categories returns allresponse priorities grouped by category' => sub { +subtest 'by_categories returns all response priorities grouped by category' => sub { my @contacts = FixMyStreet::DB->resultset('Contact')->not_deleted->search( { body_id => [ $oxfordshire->id ] } )->all; - my $priorities = FixMyStreet::DB->resultset('ResponsePriority')->by_categories($area_id, @contacts); + my $priorities = FixMyStreet::DB->resultset('ResponsePriority')->by_categories(\@contacts, body_id => $oxfordshire->id); my $potholes = decode_json($priorities->{Potholes}); my $traffic_lights = decode_json($priorities->{'Traffic lights'}); @@ -69,7 +69,7 @@ subtest 'by_categories returns all response priorities for an area with multiple ); my @contacts = FixMyStreet::DB->resultset('Contact')->not_deleted->search( { body_id => [ $oxfordshire->id ] } )->all; - my $priorities = FixMyStreet::DB->resultset('ResponsePriority')->by_categories($area_id, @contacts); + my $priorities = FixMyStreet::DB->resultset('ResponsePriority')->by_categories(\@contacts, area_id => $area_id); my $potholes = decode_json($priorities->{Potholes}); my $traffic_lights = decode_json($priorities->{'Traffic lights'}); diff --git a/t/app/model/responsetemplate.t b/t/app/model/responsetemplate.t index 631af9819..9efc7e3b4 100644 --- a/t/app/model/responsetemplate.t +++ b/t/app/model/responsetemplate.t @@ -16,7 +16,7 @@ $t2->add_to_contacts($c2); my @contacts = FixMyStreet::DB->resultset('Contact')->not_deleted->search( { body_id => [ $body->id ] } )->all; subtest 'by_categories returns allresponse templates grouped by category' => sub { - my $templates = FixMyStreet::DB->resultset('ResponseTemplate')->by_categories($area_id, @contacts); + my $templates = FixMyStreet::DB->resultset('ResponseTemplate')->by_categories(\@contacts, body_id => $body->id); my $potholes = decode_json($templates->{Potholes}); my $graffiti = decode_json($templates->{Graffiti}); |