diff options
| author | Struan Donald <struan@exo.org.uk> | 2018-12-21 16:23:16 +0000 |
|---|---|---|
| committer | Struan Donald <struan@exo.org.uk> | 2019-01-04 10:48:19 +0000 |
| commit | bf87405adafa89e5df7de3141ef08fb1ec85ff32 (patch) | |
| tree | 56cd622f5b454ddaa125615d13100b1b847e13ac | |
| parent | 2da0a37f3c72dae02044b184a8d9c73202947cc1 (diff) | |
add private only report filter
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | docs/_includes/admin-tasks-content.md | 3 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Reports.pm | 26 | ||||
| -rw-r--r-- | perllib/FixMyStreet/DB/ResultSet/Problem.pm | 17 | ||||
| -rw-r--r-- | t/app/controller/around.t | 26 | ||||
| -rw-r--r-- | t/app/controller/reports.t | 54 | ||||
| -rw-r--r-- | templates/web/base/reports/_list-filters.html | 3 |
7 files changed, 115 insertions, 15 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 349d0880f..08d2050e6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ - Allow moderation to work without JavaScript. #2339 - More prominent display of "state" on report page #2350 - Improved report/update display on contact form. #2351 + - Can limit /reports to non-public reports. #2363 - Admin improvements: - Allow moderation to potentially change category. #2320 - Add Mark/View private reports permission #2306 diff --git a/docs/_includes/admin-tasks-content.md b/docs/_includes/admin-tasks-content.md index cc1a0691e..3a6b60ab9 100644 --- a/docs/_includes/admin-tasks-content.md +++ b/docs/_includes/admin-tasks-content.md @@ -276,6 +276,9 @@ In such cases, staff should make a new report just as a member of the public wou citizen’s experience](/pro-manual/citizens-experience/)'. Those with the appropriate permissions will see a "Private" checkbox underneath the user details which they should select. +On the reports page you can select "Private only" from the status filter +to display only the reports that have been marked private. + </div> <div class="admin-task" markdown="1" id="correct-reporter-errors"> diff --git a/perllib/FixMyStreet/App/Controller/Reports.pm b/perllib/FixMyStreet/App/Controller/Reports.pm index 2508b822f..42f5ea288 100644 --- a/perllib/FixMyStreet/App/Controller/Reports.pm +++ b/perllib/FixMyStreet/App/Controller/Reports.pm @@ -654,16 +654,24 @@ sub check_non_public_reports_permission : Private { my ($self, $c, $where) = @_; if ( $c->user_exists ) { - return if $c->user->is_super_user; + my $user_has_permission; - my $body = $c->stash->{body}; + if ( $c->user->is_super_user ) { + $user_has_permission = 1; + } else { + my $body = $c->stash->{body}; - my $user_has_permission = $body && ( - $c->user->has_permission_to('report_inspect', $body->id) || - $c->user->has_permission_to('report_mark_private', $body->id) - ); + $user_has_permission = $body && ( + $c->user->has_permission_to('report_inspect', $body->id) || + $c->user->has_permission_to('report_mark_private', $body->id) + ); + } - $where->{non_public} = 0 unless $user_has_permission; + if ( $user_has_permission ) { + $where->{non_public} = 1 if $c->stash->{only_non_public}; + } else { + $where->{non_public} = 0; + } } else { $where->{non_public} = 0; } @@ -741,6 +749,10 @@ sub stash_report_filter_status : Private { } } + if ($status{non_public}) { + $c->stash->{only_non_public} = 1; + } + if (keys %filter_problem_states == 0) { my $s = FixMyStreet::DB::Result::Problem->open_states(); %filter_problem_states = (%filter_problem_states, %$s); diff --git a/perllib/FixMyStreet/DB/ResultSet/Problem.pm b/perllib/FixMyStreet/DB/ResultSet/Problem.pm index 0a180f8e3..ce64f7ee9 100644 --- a/perllib/FixMyStreet/DB/ResultSet/Problem.pm +++ b/perllib/FixMyStreet/DB/ResultSet/Problem.pm @@ -28,14 +28,23 @@ sub body_query { sub non_public_if_possible { my ($rs, $params, $c) = @_; if ($c->user_exists) { + my $only_non_public = $c->stash->{only_non_public} ? 1 : 0; if ($c->user->is_superuser) { # See all reports, no restriction + $params->{non_public} = 1 if $only_non_public; } elsif ($c->user->has_body_permission_to('report_inspect') || $c->user->has_body_permission_to('report_mark_private')) { - $params->{'-or'} = [ - non_public => 0, - $rs->body_query($c->user->from_body->id), - ]; + if ($only_non_public) { + $params->{'-and'} = [ + non_public => 1, + $rs->body_query($c->user->from_body->id), + ]; + } else { + $params->{'-or'} = [ + non_public => 0, + $rs->body_query($c->user->from_body->id), + ]; + } } else { $params->{non_public} = 0; } diff --git a/t/app/controller/around.t b/t/app/controller/around.t index 18281396a..cb36833ad 100644 --- a/t/app/controller/around.t +++ b/t/app/controller/around.t @@ -171,6 +171,19 @@ for my $permission ( qw/ report_inspect report_mark_private/ ) { }; $mech->content_contains( "Around page Test 3 for $body_edin_id", 'problem marked non public is visible' ); + $mech->content_contains( "Around page Test 2 for $body_edin_id", + 'problem marked public is visible' ); + + FixMyStreet::override_config { + ALLOWED_COBRANDS => [ { 'fixmystreet' => '.' } ], + MAPIT_URL => 'http://mapit.uk/', + }, sub { + $mech->get_ok('/around?pc=EH1+1BB&status=non_public'); + }; + $mech->content_contains( "Around page Test 3 for $body_edin_id", + 'problem marked non public is visible' ); + $mech->content_lacks( "Around page Test 2 for $body_edin_id", + 'problem marked public is not visible' ); $user->user_body_permissions->delete(); $user->update({ from_body => $body2 }); @@ -189,6 +202,19 @@ for my $permission ( qw/ report_inspect report_mark_private/ ) { }; $mech->content_lacks( "Around page Test 3 for $body_edin_id", 'problem marked non public is not visible' ); + $mech->content_contains( "Around page Test 2 for $body_edin_id", + 'problem marked public is visible' ); + + FixMyStreet::override_config { + ALLOWED_COBRANDS => [ { 'fixmystreet' => '.' } ], + MAPIT_URL => 'http://mapit.uk/', + }, sub { + $mech->get_ok('/around?pc=EH1+1BB&status=non_public'); + }; + $mech->content_lacks( "Around page Test 3 for $body_edin_id", + 'problem marked non public is not visible' ); + $mech->content_lacks( "Around page Test 2 for $body_edin_id", + 'problem marked public is visible' ); }; } diff --git a/t/app/controller/reports.t b/t/app/controller/reports.t index 3ba90c062..ac230ef95 100644 --- a/t/app/controller/reports.t +++ b/t/app/controller/reports.t @@ -220,8 +220,32 @@ for my $permission( qw/ report_inspect report_mark_private / ) { my $body = FixMyStreet::DB->resultset('Body')->find( $body_west_id ); my $body2 = FixMyStreet::DB->resultset('Body')->find( $body_edin_id ); my $user = $mech->log_in_ok( 'test@example.com' ); + + # from body, no permission $user->user_body_permissions->delete(); $user->update({ from_body => $body }); + + FixMyStreet::override_config { + MAPIT_URL => 'http://mapit.uk/', + }, sub { + $mech->get_ok('/reports/Westminster'); + }; + $problems = $mech->extract_problem_list; + is scalar @$problems, 4, 'only public problems are displayed if no permission'; + $mech->content_lacks('All reports Test 3 for ' . $body_west_id, 'non public problem is not visible if no permission'); + $mech->content_lacks('<option value="non_public">Private only</option>'); + + # from body, no permission, limited to private in url + FixMyStreet::override_config { + MAPIT_URL => 'http://mapit.uk/', + }, sub { + $mech->get_ok('/reports/Westminster?status=non_public'); + }; + $problems = $mech->extract_problem_list; + is scalar @$problems, 4, 'only public problems are displayed if no permission, despite override'; + $mech->content_lacks('All reports Test 3 for ' . $body_west_id, 'non public problem is not visible despite override'); + + # from body, has permission $user->user_body_permissions->find_or_create({ body => $body, permission_type => $permission, @@ -233,10 +257,22 @@ for my $permission( qw/ report_inspect report_mark_private / ) { $mech->get_ok('/reports/Westminster'); }; $problems = $mech->extract_problem_list; - is scalar @$problems, 5, 'only public problems are displayed'; + is scalar @$problems, 5, 'public and non-public problems are displayed if permission'; + $mech->content_contains('All reports Test 3 for ' . $body_west_id, 'non public problem is visible if permission'); + $mech->content_contains('<option value="non_public">Private only</option>'); - $mech->content_contains('All reports Test 3 for ' . $body_west_id, 'non public problem is visible'); + # From body, limited to private only + FixMyStreet::override_config { + MAPIT_URL => 'http://mapit.uk/', + }, sub { + $mech->get_ok('/reports/Westminster?status=non_public'); + }; + $problems = $mech->extract_problem_list; + is scalar @$problems, 1, 'only non-public problems are displayed with non_public filter'; + $mech->content_contains('All reports Test 3 for ' . $body_west_id, 'non public problem is visible with non_public filter'); + $mech->content_lacks('All reports Test 4 for ' . $body_west_id, 'public problem is not visible with non_public filter'); + # from other body, has permission $user->user_body_permissions->delete(); $user->update({ from_body => $body2 }); $user->user_body_permissions->find_or_create({ @@ -250,9 +286,19 @@ for my $permission( qw/ report_inspect report_mark_private / ) { $mech->get_ok('/reports/Westminster'); }; $problems = $mech->extract_problem_list; - is scalar @$problems, 4, 'only public problems are displayed'; + is scalar @$problems, 4, 'only public problems are displayed for other body user'; + $mech->content_contains('<option value="non_public">Private only</option>'); + $mech->content_lacks('All reports Test 3 for ' . $body_west_id, 'non public problem is not visible for other body user'); - $mech->content_lacks('All reports Test 3 for ' . $body_west_id, 'non public problem is not visible'); + # From other body, limited to private only + FixMyStreet::override_config { + MAPIT_URL => 'http://mapit.uk/', + }, sub { + $mech->get_ok('/reports/Westminster?status=non_public'); + }; + $problems = $mech->extract_problem_list; + is scalar @$problems, 4, 'non-public problems are not displayed for other body with override'; + $mech->content_lacks('All reports Test 3 for ' . $body_west_id, 'non public problem is not visible for other body with override'); }; } diff --git a/templates/web/base/reports/_list-filters.html b/templates/web/base/reports/_list-filters.html index 002bfc6c2..2c2bee6bc 100644 --- a/templates/web/base/reports/_list-filters.html +++ b/templates/web/base/reports/_list-filters.html @@ -24,6 +24,9 @@ <option value="shortlisted"[% ' selected' IF filter_status.shortlisted %]>[% loc('Shortlisted') %]</option> <option value="unshortlisted"[% ' selected' IF filter_status.unshortlisted %]>[% loc('Unshortlisted') %]</option> [% END %] + [% IF c.user_exists AND ( c.user.has_body_permission_to('report_inspect') OR c.user.has_body_permission_to('report_mark_private') ) %] + <option value="non_public"[% ' selected' IF filter_status.non_public %]>[% loc('Private only') %]</option> + [% END %] [% IF show_all_states %] [% FOR group IN filter_states %] [% FOR state IN group.1 %] |