diff options
| author | Struan Donald <struan@exo.org.uk> | 2011-05-27 15:21:52 +0100 |
|---|---|---|
| committer | Struan Donald <struan@exo.org.uk> | 2011-05-27 15:21:52 +0100 |
| commit | c1d452268803870478c568f1611a7dc7d211a7be (patch) | |
| tree | 82af4898832d220f51f42861edef4a6fe09b88c3 | |
| parent | d0c08d710c23eed672c2c88834820c7bcf25eb91 (diff) | |
make sure you are allowed to answer the questionnaire asked when a problem reporter marks the problem as fixed.
| -rwxr-xr-x | perllib/FixMyStreet/App/Controller/Questionnaire.pm | 32 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Tokens.pm | 4 | ||||
| -rw-r--r-- | t/app/controller/report_updates.t | 173 |
3 files changed, 173 insertions, 36 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Questionnaire.pm b/perllib/FixMyStreet/App/Controller/Questionnaire.pm index c6d7e7634..addbfb826 100755 --- a/perllib/FixMyStreet/App/Controller/Questionnaire.pm +++ b/perllib/FixMyStreet/App/Controller/Questionnaire.pm @@ -46,9 +46,7 @@ sub load_questionnaire : Private { } unless ( $questionnaire->problem->state eq 'confirmed' || $questionnaire->problem->state eq 'fixed' ) { - $c->stash->{message} = _("I'm afraid we couldn't locate your problem in the database.\n"); - $c->stash->{template} = 'questionnaire/error.html'; - $c->detach; + $c->detach('missing_problem'); } $c->stash->{problem} = $questionnaire->problem; @@ -76,6 +74,19 @@ sub submit : Path('submit') { return 1; } +=head2 missing_problem + +Display couldn't locate problem error message + +=cut + +sub missing_problem : Private { + my ( $self, $c ) = @_; + + $c->stash->{message} = _("I'm afraid we couldn't locate your problem in the database.\n"); + $c->stash->{template} = 'questionnaire/error.html'; +} + sub submit_creator_fixed : Private { my ( $self, $c ) = @_; @@ -83,6 +94,21 @@ sub submit_creator_fixed : Private { map { $c->stash->{$_} = $c->req->params->{$_} || '' } qw(reported problem); + # should only be able to get to here if we are logged and we have a + # problem + unless ( $c->user && $c->stash->{problem} ) { + $c->detach('missing_problem'); + } + + my $problem = $c->model('DB::Problem')->find( { id => + $c->stash->{problem} } ); + + # you should not be able to answer questionnaires about problems + # that you've not submitted + if ( $c->user->id != $problem->user->id ) { + $c->detach('missing_problem'); + } + push @errors, _('Please say whether you\'ve ever reported a problem to your council before') unless $c->stash->{reported}; $c->stash->{problem_id} = $c->stash->{problem}; diff --git a/perllib/FixMyStreet/App/Controller/Tokens.pm b/perllib/FixMyStreet/App/Controller/Tokens.pm index 7053edc95..5d1d9eafb 100644 --- a/perllib/FixMyStreet/App/Controller/Tokens.pm +++ b/perllib/FixMyStreet/App/Controller/Tokens.pm @@ -149,10 +149,10 @@ sub confirm_update : Path('/C') { return; } - $c->forward('/report/update/confirm'); - $c->authenticate( { email => $comment->user->email }, 'no_password' ); + $c->forward('/report/update/confirm'); + return 1; } diff --git a/t/app/controller/report_updates.t b/t/app/controller/report_updates.t index a1c630716..72a120b0e 100644 --- a/t/app/controller/report_updates.t +++ b/t/app/controller/report_updates.t @@ -271,6 +271,7 @@ for my $test ( } subtest "submit an update for a non registered user" => sub { + $mech->log_out_ok(); $mech->clear_emails_ok(); $mech->get_ok("/report/$report_id"); @@ -473,6 +474,8 @@ for my $test ( }, ) { subtest $test->{desc} => sub { + $mech->log_out_ok(); + # clear out comments for this problem to make # checking details easier later ok( $_->delete, 'deleted comment ' . $_->id ) @@ -579,20 +582,104 @@ foreach my $test ( path => '/report/' . $report->id, content => $report->title, }, + ) +{ + subtest $test->{desc} => sub { + + # double check + $mech->log_out_ok(); + + # clear out comments for this problem to make + # checking details easier later + ok( $_->delete, 'deleted comment ' . $_->id ) for $report->comments; + + $report->discard_changes; + $report->state('confirmed'); + $report->update; + + my $questionnaire; + if ( $test->{answered} ) { + $questionnaire = + FixMyStreet::App->model('DB::Questionnaire')->create( + { + problem_id => $report_id, + ever_reported => 'y', + whensent => \'ms_current_timestamp()', + } + ); + + ok $questionnaire, 'added questionnaire'; + } + + $report->discard_changes; + + $mech->clear_emails_ok(); + + $mech->log_in_ok( $test->{fields}->{rznvy} ); + $mech->get_ok("/report/$report_id"); + + my $values = $mech->visible_form_values('updateForm'); + + is_deeply $values, $test->{initial_values}, 'initial form values'; + + is $mech->extract_problem_banner->{text}, $test->{initial_banner}, + 'initial banner'; + + $mech->submit_form_ok( { with_fields => $test->{fields}, }, + 'submit update' ); + + is $mech->uri->path, $test->{path}, "page after submission"; + + $mech->content_contains( $test->{content} ); + + $mech->email_count_is(0); + + my $results = { %{ $test->{fields} }, %{ $test->{changed} }, }; + + my $update = $report->comments->first; + ok $update, 'found update'; + is $update->text, $results->{update}, 'update text'; + is $update->user->email, $test->{fields}->{rznvy}, 'update user'; + is $update->state, 'confirmed', 'update confirmed'; + is $update->anonymous, $test->{anonymous}, 'user anonymous'; + + SKIP: { + skip( 'not answering questionnaire', 5 ) if $questionnaire; + + $mech->submit_form_ok( ); + + my @errors = @{ $mech->page_errors }; + ok scalar @errors, 'displayed error messages'; + is $errors[0], "Please say whether you've ever reported a problem to your council before", 'error message'; + + $mech->submit_form_ok( { with_fields => { reported => 'Yes' } } ); + + $mech->content_contains( 'Thank you — you can' ); + + $questionnaire = FixMyStreet::App->model( 'DB::Questionnaire' )->find( + { problem_id => $report_id } + ); + + ok $questionnaire, 'questionnaire exists'; + ok $questionnaire->ever_reported, 'ever reported is yes'; + }; + + if ($questionnaire) { + $questionnaire->delete; + ok !$questionnaire->in_storage, 'questionnaire deleted'; + } + }; +} + + +for my $test ( { desc => 'reporter submits update and marks problem fixed', - initial_values => { - name => 'Test User', - rznvy => 'test@example.com', - may_show_name => 1, - add_alert => 1, - photo => '', - update => '', - fixed => undef, - }, fields => { submit_update => 1, + name => 'Test User', rznvy => 'test@example.com', + may_show_name => 1, update => 'update from owner', add_alert => undef, fixed => 1, @@ -602,7 +689,6 @@ foreach my $test ( alert => 1, # we signed up for alerts before, do not unsign us anonymous => 0, answered => 0, - login => 0, path => '/report/update', content => "Thanks, glad to hear it's been fixed! Could we just ask if you have ever reported a problem to a council before?", @@ -610,17 +696,10 @@ foreach my $test ( { desc => 'reporter submits update and marks problem fixed and has answered questionnaire', - initial_values => { - name => 'Test User', - rznvy => 'test@example.com', - may_show_name => 1, - add_alert => 1, - photo => '', - update => '', - fixed => undef, - }, fields => { submit_update => 1, + name => 'Test User', + may_show_name => 1, rznvy => 'test@example.com', update => 'update from owner', add_alert => undef, @@ -631,14 +710,16 @@ foreach my $test ( alert => 1, # we signed up for alerts before, do not unsign us anonymous => 0, answered => 1, - login => 0, - path => '/report/' . $report->id, - content => $report->title, + path => '/report/update', + content => "You have successfully confirmed your update", }, ) { subtest $test->{desc} => sub { + # double check + $mech->log_out_ok(); + # clear out comments for this problem to make # checking details easier later ok( $_->delete, 'deleted comment ' . $_->id ) for $report->comments; @@ -665,16 +746,10 @@ foreach my $test ( $mech->clear_emails_ok(); - SKIP: { - skip 'not logging user in', 1 unless $test->{login}; - $mech->log_in_ok( $test->{fields}->{rznvy} ); - }; $mech->get_ok("/report/$report_id"); my $values = $mech->visible_form_values('updateForm'); - is_deeply $values, $test->{initial_values}, 'initial form values'; - is $mech->extract_problem_banner->{text}, $test->{initial_banner}, 'initial banner'; @@ -683,9 +758,9 @@ foreach my $test ( is $mech->uri->path, $test->{path}, "page after submission"; - $mech->content_contains( $test->{content} ); + $mech->content_contains( 'Now check your email' ); - $mech->email_count_is(0); + $mech->email_count_is(1); my $results = { %{ $test->{fields} }, %{ $test->{changed} }, }; @@ -693,9 +768,28 @@ foreach my $test ( ok $update, 'found update'; is $update->text, $results->{update}, 'update text'; is $update->user->email, $test->{fields}->{rznvy}, 'update user'; - is $update->state, 'confirmed', 'update confirmed'; + is $update->state, 'unconfirmed', 'update confirmed'; is $update->anonymous, $test->{anonymous}, 'user anonymous'; + my $email = $mech->get_email; + ok $email, "got an email"; + like $email->body, qr/confirm the update you/i, "Correct email text"; + + my ( $url, $url_token ) = $email->body =~ m{(http://\S+/C/)(\S+)}; + ok $url, "extracted confirm url '$url'"; + + my $token = FixMyStreet::App->model('DB::Token')->find( + { + token => $url_token, + scope => 'comment' + } + ); + ok $token, 'Token found in database'; + + $mech->get_ok( '/C/' . $url_token ); + + $mech->content_contains( $test->{content} ); + SKIP: { skip( 'not answering questionnaire', 5 ) if $questionnaire; @@ -724,6 +818,23 @@ foreach my $test ( }; } +subtest 'check have to be logged in for creator fixed questionnaire' => sub { + $mech->log_out_ok(); + + $mech->get_ok( "/questionnaire/submit?problem=$report_id&reported=Yes" ); + + $mech->content_contains( "I'm afraid we couldn't locate your problem in the database." ) +}; + +subtest 'check cannot answer other user\'s creator fixed questionnaire' => sub { + $mech->log_out_ok(); + $mech->log_in_ok( $user2->email ); + + $mech->get_ok( "/questionnaire/submit?problem=$report_id&reported=Yes" ); + + $mech->content_contains( "I'm afraid we couldn't locate your problem in the database." ) +}; + ok $comment->delete, 'deleted comment'; $mech->delete_user('commenter@example.com'); $mech->delete_user('test@example.com'); |