diff options
| author | Matthew Somerville <matthew-github@dracos.co.uk> | 2018-08-22 14:25:41 +0100 |
|---|---|---|
| committer | Matthew Somerville <matthew-github@dracos.co.uk> | 2018-08-29 13:50:27 +0100 |
| commit | c90b7fdc9b46e4aa444346e2c4ba0be0838f1506 (patch) | |
| tree | 1d8a24081b6c1813a4f8e47ef9cea60e6fbc2014 | |
| parent | 71e86b456f99418cc646dac3f8bffe87ec4fc7f6 (diff) | |
Allow cobrand to add extra ability to moderate.
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Moderate.pm | 17 | ||||
| -rw-r--r-- | perllib/FixMyStreet/DB/Result/User.pm | 18 | ||||
| -rw-r--r-- | templates/web/base/report/_main.html | 16 | ||||
| -rw-r--r-- | templates/web/base/report/update.html | 7 |
5 files changed, 38 insertions, 21 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index cee2291e5..c4a570d99 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -42,6 +42,7 @@ - Add ability for client to set bodies not to be sent to. - Make it easier to prevent a form_detail_placeholder being printed. - Include user agent in contact form emails. #2206 + - Allow cobrand to add extra ability to moderate. * v2.3.4 (7th June 2018) diff --git a/perllib/FixMyStreet/App/Controller/Moderate.pm b/perllib/FixMyStreet/App/Controller/Moderate.pm index 17e4c6dd2..45a303309 100644 --- a/perllib/FixMyStreet/App/Controller/Moderate.pm +++ b/perllib/FixMyStreet/App/Controller/Moderate.pm @@ -42,6 +42,7 @@ sub moderate : Chained('/') : PathPart('moderate') : CaptureArgs(0) { } sub report : Chained('moderate') : PathPart('report') : CaptureArgs(1) { my ($self, $c, $id) = @_; my $problem = $c->model('DB::Problem')->find($id); + $c->detach unless $problem; my $cobrand_base = $c->cobrand->base_url_for_report( $problem ); my $report_uri = $cobrand_base . $problem->url; @@ -49,9 +50,8 @@ sub report : Chained('moderate') : PathPart('report') : CaptureArgs(1) { $c->stash->{report_uri} = $report_uri; $c->res->redirect( $report_uri ); # this will be the final endpoint after all processing... - # ... and immediately, if the user isn't authorized + # ... and immediately, if the user isn't logged in $c->detach unless $c->user_exists; - $c->detach unless $c->user->can_moderate($problem); $c->forward('/auth/check_csrf_token'); @@ -69,6 +69,9 @@ sub report : Chained('moderate') : PathPart('report') : CaptureArgs(1) { sub moderate_report : Chained('report') : PathPart('') : Args(0) { my ($self, $c) = @_; + # Make sure user can moderate this report + $c->detach unless $c->user->can_moderate($c->stash->{problem}); + $c->forward('report_moderate_hide'); my @types = grep $_, @@ -208,6 +211,9 @@ sub update : Chained('report') : PathPart('update') : CaptureArgs(1) { my ($self, $c, $id) = @_; my $comment = $c->stash->{problem}->comments->find($id); + # Make sure user can moderate this update + $c->detach unless $comment && $c->user->can_moderate($comment); + my $original = $comment->find_or_new_related( moderation_original_data => { detail => $comment->text, photo => $comment->photo, @@ -263,13 +269,6 @@ sub update_moderate_hide : Private { return; } -sub return_text : Private { - my ($self, $c, $text) = @_; - - $c->res->content_type('text/plain; charset=utf-8'); - $c->res->body( $text // '' ); -} - __PACKAGE__->meta->make_immutable; 1; diff --git a/perllib/FixMyStreet/DB/Result/User.pm b/perllib/FixMyStreet/DB/Result/User.pm index 625092740..5afd9d89c 100644 --- a/perllib/FixMyStreet/DB/Result/User.pm +++ b/perllib/FixMyStreet/DB/Result/User.pm @@ -331,9 +331,23 @@ sub split_name { } sub can_moderate { - my ($self, $problem) = @_; + my ($self, $object, %perms) = @_; + + my ($type, $ids); + if ($object->isa("FixMyStreet::DB::Result::Comment")) { + $type = 'update'; + $ids = $object->problem->bodies_str_ids; + } else { + $type = 'problem'; + $ids = $object->bodies_str_ids; + } - return 1 if $self->has_permission_to(moderate => $problem->bodies_str_ids); + my $staff_perm = exists($perms{staff}) ? $perms{staff} : $self->has_permission_to(moderate => $ids); + return 1 if $staff_perm; + + # See if the cobrand wants to allow it in some circumstance + my $cobrand = $self->result_source->schema->cobrand; + return $cobrand->call_hook('moderate_permission', $self, $type => $object); } has body_permissions => ( diff --git a/templates/web/base/report/_main.html b/templates/web/base/report/_main.html index 1c63cb53c..1e427fd86 100644 --- a/templates/web/base/report/_main.html +++ b/templates/web/base/report/_main.html @@ -1,3 +1,5 @@ +[% can_moderate = permissions.moderate OR c.user.can_moderate(problem, staff = permissions.moderate) %] + <a href="[% c.uri_for( '/around', { lat => latitude, lon => longitude } ) %]" class="problem-back js-back-to-report-list">[% loc('Back to all reports') %]</a> @@ -30,7 +32,7 @@ </form> [% END %] - [% IF permissions.moderate %] + [% IF can_moderate %] [% original = problem_original %] <form method="post" action="/moderate/report/[% problem.id %]"> <input type="hidden" name="token" value="[% csrf_token %]"> @@ -38,7 +40,7 @@ <h1 class="moderate-display">[% problem.title | html %]</h1> - [% IF permissions.moderate %] + [% IF can_moderate %] <div class="moderate-edit"> [% IF problem.title != original.title %] <label> @@ -71,7 +73,7 @@ [% INCLUDE 'report/_support.html' %] - [% IF permissions.moderate %] + [% IF can_moderate %] [% IF problem.photo or original.photo %] <p class="moderate-edit"> <label> @@ -87,7 +89,7 @@ [% problem.detail | add_links | html_para %] </div> - [% IF permissions.moderate %] + [% IF can_moderate %] <p class="moderate-edit"> [% IF problem.detail != original.detail %] <label> @@ -116,13 +118,13 @@ </div> [% END %] - [% IF permissions.moderate %] + [% IF can_moderate %] </form> [% END %] - [% IF permissions.moderate OR permissions.planned_reports %] + [% IF can_moderate OR permissions.planned_reports %] <div class="moderate-display segmented-control" role="menu"> - [% IF permissions.moderate %] + [% IF can_moderate %] <a class="js-moderate btn" role="menuitem" aria-label="[% loc('Moderate this report') %]">[% loc('Moderate') %]</a> [% END %] [% IF permissions.planned_reports %] diff --git a/templates/web/base/report/update.html b/templates/web/base/report/update.html index 1d6fb9c01..122dbfe3b 100644 --- a/templates/web/base/report/update.html +++ b/templates/web/base/report/update.html @@ -1,3 +1,4 @@ +[% can_moderate = permissions.moderate OR c.user.can_moderate(update, staff = permissions.moderate) %] [% IF loop.first %] <section class="full-width"> <h4 class="static-with-rule">[% loc('Updates') %]</h4> @@ -5,7 +6,7 @@ [% END %] <li class="item-list__item item-list__item--updates"> <a name="update_[% update.id %]" class="internal-link-fixed-header"></a> - [% IF permissions.moderate; original_update = update.moderation_original_data %] + [% IF can_moderate; original_update = update.moderation_original_data %] <form method="post" action="/moderate/report/[% problem.id %]/update/[% update.id %]"> <input type="hidden" name="token" value="[% csrf_token %]"> <input type="button" class="btn js-moderate moderate-display" value="[% loc('Moderate this update') %]"> @@ -31,7 +32,7 @@ <div class="moderate-display"> [% update.text | add_links | markup(update.user) | html_para %] </div> - [% IF permissions.moderate %] + [% IF can_moderate %] <div class="moderate-edit"> [% IF update.text != original.detail %] <label><input type="checkbox" name="update_revert_text" class="revert-textarea"> @@ -45,7 +46,7 @@ </div> [% END %] </div> - [% IF permissions.moderate %] + [% IF can_moderate %] <div class="moderate-edit"> <label for="moderation_reason">[% loc('Describe why you are moderating this') %]</label> <input type="text" class="form-control" name="moderation_reason"> |