[Zurich] Let SDM view awaiting reports.

4 files changed, 21 insertions, 10 deletions

diff --git a/perllib/FixMyStreet/Cobrand/Zurich.pm b/perllib/FixMyStreet/Cobrand/Zurich.pm
index bc8e41f42..c495cf941 100644
--- a/perllib/FixMyStreet/Cobrand/Zurich.pm
+++ b/perllib/FixMyStreet/Cobrand/Zurich.pm
@@ -547,6 +547,8 @@ sub admin_report_edit {
 
     if ($type ne 'super') {
         my %allowed_bodies = map { $_->id => 1 } ( $body->bodies->all, $body );
+        # SDMs can see parent reports but not edit them
+        $allowed_bodies{$body->parent->id} = 1 if $type eq 'sdm';
         $c->detach( '/page_error_404_not_found' )
           unless $allowed_bodies{$problem->bodies_str};
     }
@@ -847,10 +849,13 @@ sub admin_report_edit {
 
     if ($type eq 'sdm') {
 
+        my $editable = $type eq 'sdm' && $body->id eq $problem->bodies_str;
+        $c->stash->{sdm_disabled} = $editable ? '' : 'disabled';
+
         # Has cut-down edit template for adding update and sending back up only
         $c->stash->{template} = 'admin/report_edit-sdm.html';
 
-        if ($c->get_param('send_back') or $c->get_param('not_contactable')) {
+        if ($editable && $c->get_param('send_back') or $c->get_param('not_contactable')) {
             # SDM can send back a report either to be assigned to a different
             # subdivision, or because the customer was not contactable.
             # We handle these in the same way but with different statuses.
@@ -876,7 +881,7 @@ sub admin_report_edit {
             # Make sure the problem's time_spent is updated
             $self->update_admin_log($c, $problem);
             $c->res->redirect( '/admin/summary' );
-        } elsif ($c->get_param('submit')) {
+        } elsif ($editable && $c->get_param('submit')) {
             $c->forward('/auth/check_csrf_token');
 
             my $db_update = 0;
diff --git a/t/cobrand/zurich.t b/t/cobrand/zurich.t
index b2ad4a7a0..3ad107b04 100644
--- a/t/cobrand/zurich.t
+++ b/t/cobrand/zurich.t
@@ -411,6 +411,12 @@ subtest 'SDM' => sub {
         $mech->submit_form_ok( { button => 'no_more_updates' } );
         is $mech->uri->path, '/admin/summary', "redirected now finished with report.";
 
+        # Can still view the edit page but can't change anything
+        $mech->get_ok( '/admin/report_edit/' . $report->id );
+        $mech->content_contains('<input disabled');
+        $mech->submit_form_ok( { with_fields => { status_update => 'This is a disallowed update.' } } );
+        $mech->content_lacks('This is a disallowed update');
+
         $mech->get_ok( '/report/' . $report->id );
         $mech->content_contains('In Bearbeitung');
         $mech->content_contains('Test Test');
diff --git a/templates/web/zurich/admin/index-sdm.html b/templates/web/zurich/admin/index-sdm.html
index 707bb2d9d..68a2fcf62 100644
--- a/templates/web/zurich/admin/index-sdm.html
+++ b/templates/web/zurich/admin/index-sdm.html
@@ -5,7 +5,7 @@
 [% INCLUDE list, problems = reports_new.all, hash = 'new' %]
 
 <h2 id="wait">[% loc('Reports awaiting approval') %]</h2>
-[% INCLUDE list, problems = reports_unpublished.all, no_edit = 1, hash = 'wait' %]
+[% INCLUDE list, problems = reports_unpublished.all, hash = 'wait' %]
 
 <h2 id="alle">[% loc('Reports published') %]</h2>
 [% INCLUDE list, problems = reports_published.all, no_edit = 1, hash = 'alle' %]
diff --git a/templates/web/zurich/admin/report_edit-sdm.html b/templates/web/zurich/admin/report_edit-sdm.html
index 0319fc565..2cbc262ae 100644
--- a/templates/web/zurich/admin/report_edit-sdm.html
+++ b/templates/web/zurich/admin/report_edit-sdm.html
@@ -101,28 +101,28 @@
 
 <div class="admin-report-edit admin-report-edit--interact">
 
-<p align="right" class="screen-only"><input type="submit" class="btn" name="send_back" value="[% loc('Not for my subdivision') %]"></p>
-<p align="right" class="screen-only"><input type="submit" class="btn" name="not_contactable" value="[% loc('Customer not contactable') %]"></p>
+<p align="right" class="screen-only"><input [% sdm_disabled %] type="submit" class="btn" name="send_back" value="[% loc('Not for my subdivision') %]"></p>
+<p align="right" class="screen-only"><input [% sdm_disabled %] type="submit" class="btn" name="not_contactable" value="[% loc('Customer not contactable') %]"></p>
 
 <ul class="no-bullets screen-only">
     <li>
         <label for="new_internal_note">[% loc('New internal note:') %]</label>
-        <textarea class="form-control" name='new_internal_note' id='new_internal_note' cols=60 rows=4></textarea>
+        <textarea [% sdm_disabled %] class="form-control" name='new_internal_note' id='new_internal_note' cols=60 rows=4></textarea>
     </li>
     <li>
         <label for="status_update">[% loc('New note to DM:') %]</label>
-        <textarea class="form-control" name='status_update' id='status_update' cols=60 rows=4></textarea>
+        <textarea [% sdm_disabled %] class="form-control" name='status_update' id='status_update' cols=60 rows=4></textarea>
     </li>
 </ul>
 
 <p class="screen-only">
     <label for="time_spent">[% loc('Time spent (in minutes):') %]</label>
-    <input type="text" class="form-control" name="time_spent" id="form_time_spent" style="width: 4em" value="0">
+    <input [% sdm_disabled %] type="text" class="form-control" name="time_spent" id="form_time_spent" style="width: 4em" value="0">
 </p>
 
 <p class="clearfix screen-only">
-    <input style="float:left" type="submit" class="btn" name="Submit changes" value="[% loc('Submit changes') %]" >
-    <input style="float:right" type="submit" class="btn" name="no_more_updates" value="[% loc('No further updates') %]">
+    <input [% sdm_disabled %] style="float:left" type="submit" class="btn" name="Submit changes" value="[% loc('Submit changes') %]" >
+    <input [% sdm_disabled %] style="float:right" type="submit" class="btn" name="no_more_updates" value="[% loc('No further updates') %]">
 </p>
 
 [% INCLUDE 'admin/list_updates.html' %]