diff options
| author | Matthew Somerville <matthew-github@dracos.co.uk> | 2019-03-29 12:00:35 +0000 |
|---|---|---|
| committer | Matthew Somerville <matthew-github@dracos.co.uk> | 2019-04-05 12:30:28 +0100 |
| commit | 3a02f5e91bca03cbe9cbc29bcea5a1df7499eadb (patch) | |
| tree | c025a9091fac8b4c6a8ae42b4ff7ab1aa0fb1542 | |
| parent | 8ca5583e62b1c24128b8d691a8b5f5236ce99eef (diff) | |
Fix superusers creating anonymous reports.
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Admin.pm | 3 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Moderate.pm | 7 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report/New.pm | 5 | ||||
| -rw-r--r-- | perllib/FixMyStreet/DB/Result/User.pm | 5 | ||||
| -rw-r--r-- | t/app/controller/report_as_other.t | 17 |
6 files changed, 22 insertions, 16 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 0b4c58073..4cc3d990b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -38,6 +38,7 @@ - Allow things to reset if "Pick a category" picked. - Stop category_change firing more than it should. - Fix extra question display when only one category. + - Fix superusers creating anonymous reports. #2435 - Development improvements: - Make front page cache time configurable. - Better working of /fakemapit/ under https. diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm index 0c37eeb27..2f4669456 100644 --- a/perllib/FixMyStreet/App/Controller/Admin.pm +++ b/perllib/FixMyStreet/App/Controller/Admin.pm @@ -549,10 +549,9 @@ sub report_edit : Path('report_edit') : Args(1) { if ( $problem->state ne $old_state ) { $c->forward( 'log_edit', [ $id, 'problem', 'state_change' ] ); - my $name = _('an administrator'); + my $name = $c->user->moderating_user_name; my $extra = { is_superuser => 1 }; if ($c->user->from_body) { - $name = $c->user->from_body->name; delete $extra->{is_superuser}; $extra->{is_body_user} = $c->user->from_body->id; } diff --git a/perllib/FixMyStreet/App/Controller/Moderate.pm b/perllib/FixMyStreet/App/Controller/Moderate.pm index 0ec6cbb63..22869d531 100644 --- a/perllib/FixMyStreet/App/Controller/Moderate.pm +++ b/perllib/FixMyStreet/App/Controller/Moderate.pm @@ -146,11 +146,6 @@ sub check_edited_elsewhere : Private { } } -sub moderating_user_name { - my $user = shift; - return $user->from_body ? $user->from_body->name : _('an administrator'); -} - sub moderate_log_entry : Private { my ($self, $c, $object_type, @types) = @_; @@ -167,7 +162,7 @@ sub moderate_log_entry : Private { $c->model('DB::AdminLog')->create({ action => 'moderation', user => $user, - admin_user => moderating_user_name($user), + admin_user => $user->moderating_user_name, object_id => $c->stash->{history}->id || $object->id, object_type => $c->stash->{history}->id ? 'moderation' : $object_type, reason => $log_reason, diff --git a/perllib/FixMyStreet/App/Controller/Report/New.pm b/perllib/FixMyStreet/App/Controller/Report/New.pm index b6292facb..063226f18 100644 --- a/perllib/FixMyStreet/App/Controller/Report/New.pm +++ b/perllib/FixMyStreet/App/Controller/Report/New.pm @@ -818,8 +818,9 @@ sub process_user : Private { $c->stash->{email} = $report->user->email; if ($c->stash->{contributing_as_body} or $c->stash->{contributing_as_anonymous_user}) { - $report->name($user->from_body->name); - $user->name($user->from_body->name) unless $user->name; + my $name = $user->moderating_user_name; + $report->name($name); + $user->name($name) unless $user->name; $c->stash->{no_reporter_alert} = 1; } diff --git a/perllib/FixMyStreet/DB/Result/User.pm b/perllib/FixMyStreet/DB/Result/User.pm index bf74e6934..546867c34 100644 --- a/perllib/FixMyStreet/DB/Result/User.pm +++ b/perllib/FixMyStreet/DB/Result/User.pm @@ -292,6 +292,11 @@ sub body { return $self->from_body->name; } +sub moderating_user_name { + my $self = shift; + return $self->body || _('an administrator'); +} + =head2 belongs_to_body $belongs_to_body = $user->belongs_to_body( $bodies ); diff --git a/t/app/controller/report_as_other.t b/t/app/controller/report_as_other.t index 9ed46190b..0c8b7d995 100644 --- a/t/app/controller/report_as_other.t +++ b/t/app/controller/report_as_other.t @@ -16,6 +16,8 @@ my $test_email = 'body-user@example.net'; my $user = $mech->log_in_ok($test_email); $user->update({ from_body => $body->id, name => 'Body User' }); +my $superuser = $mech->create_user_ok('superuser@example.net', name => "Super", is_superuser => 1); + my ($report_to_update) = $mech->create_problems_for_body(1, $body->id, 'Title', { category => 'Potholes' }); subtest "Body user, no permissions, no special reporting tools shown" => sub { @@ -150,10 +152,11 @@ subtest "Body user, has permission to add report as another (existing) user with push @users, $report->user; }; -subtest "Body user, has permission to add report as anonymous user" => sub { +subtest "Superuser, can add report as anonymous user" => sub { FixMyStreet::Script::Reports::send(); $mech->clear_emails_ok; + my $user = $mech->log_in_ok($superuser->email); my $report = add_report( 'contribute_as_anonymous_user', form_as => 'anonymous_user', @@ -161,8 +164,8 @@ subtest "Body user, has permission to add report as anonymous user" => sub { detail => 'Test report details.', category => 'Street lighting', ); - is $report->name, 'Oxfordshire County Council', 'report name is body'; - is $report->user->name, 'Body User', 'user name unchanged'; + is $report->name, 'an administrator', 'report name is admin'; + is $report->user->name, 'Super', 'user name unchanged'; is $report->user->id, $user->id, 'user matches'; is $report->anonymous, 1, 'report anonymous'; @@ -172,12 +175,12 @@ subtest "Body user, has permission to add report as anonymous user" => sub { ); FixMyStreet::Script::Reports::send(); - # No report sent email is sent - $mech->email_count_is(1); my $email = $mech->get_email; like $email->header('Subject'), qr/Problem Report: Test Report/, 'report email title correct'; $mech->clear_emails_ok; $send_confirmation_mail_override->restore(); + + $mech->log_in_ok($test_email); }; subtest "Body user, has permission to add update as council" => sub { @@ -329,7 +332,9 @@ sub add_report { with_fields => \%fields, }, "submit details"); }; - $mech->content_contains('Thank you for reporting this issue'); + # Anonymous test done as superuser, which redirects + $mech->content_contains('Thank you for reporting this issue') + unless $permission eq 'contribute_as_anonymous_user'; my $report = FixMyStreet::DB->resultset("Problem")->search(undef, { order_by => { -desc => 'id' } })->first; ok $report, "Found the report"; is $report->state, 'confirmed', "report is now confirmed"; |