diff options
| author | Dave Arter <davea@mysociety.org> | 2019-08-19 17:25:25 +0100 |
|---|---|---|
| committer | Dave Arter <davea@mysociety.org> | 2019-08-29 14:35:50 +0100 |
| commit | 60ade4cc7c4981bc05ab5959ef5d3fc1ca41851c (patch) | |
| tree | 0041ed6d16395e4b401d1406064bd7592147c720 | |
| parent | a5336887af2d62ad0accdb39da3d22192a312c07 (diff) | |
Make sure anonymous reports are marked anon irrespective of permissions
There was a small bug where the 'default_to_body' permission would
override the 'report anonymously' button when staff users were adding
reports to the site. The result of this was that the name of the
anonymous user record would be shown. No harm done, as that user's name
would likely be set to "Anonymous user" in config, but it resulted in
reports pages showing the slightly odd wording along the lines of:
Reported in the Bin bags category by Anonymous user at 14:57 today
This commit ensures the contributing_as_body flag is mutually exclusive
with the 'report_anonymously' request parameter.
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report/New.pm | 2 | ||||
| -rw-r--r-- | t/app/controller/report_new_anon.t | 55 |
2 files changed, 57 insertions, 0 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Report/New.pm b/perllib/FixMyStreet/App/Controller/Report/New.pm index be812c040..8f1f08d2e 100644 --- a/perllib/FixMyStreet/App/Controller/Report/New.pm +++ b/perllib/FixMyStreet/App/Controller/Report/New.pm @@ -949,6 +949,8 @@ sub process_report : Private { my $anon_button = $c->cobrand->allow_anonymous_reports eq 'button' && $c->get_param('report_anonymously'); if ($anon_button) { $c->stash->{contributing_as_anonymous_user} = 1; + $c->stash->{contributing_as_body} = undef; + $c->stash->{contributing_as_another_user} = undef; } # set some simple bool values (note they get inverted) diff --git a/t/app/controller/report_new_anon.t b/t/app/controller/report_new_anon.t index e9ce23c44..e1acb202c 100644 --- a/t/app/controller/report_new_anon.t +++ b/t/app/controller/report_new_anon.t @@ -20,6 +20,17 @@ END { FixMyStreet::App->log->enable('info'); } my $mech = FixMyStreet::TestMech->new; my $body = $mech->create_body_ok(2651, 'Edinburgh'); +my $staffuser = $mech->create_user_ok('counciluser@example.com', name => 'Council User', from_body => $body); +$staffuser->user_body_permissions->create({ + body => $body, + permission_type => 'contribute_as_body', +}); +$staffuser->user_body_permissions->create({ + body => $body, + permission_type => 'default_to_body', +}); + + my $contact1 = $mech->create_contact_ok( body_id => $body->id, category => 'Street lighting', @@ -148,6 +159,7 @@ subtest "test report creation anonymously by button" => sub { is $report->bodies_str, $body->id; is $report->name, 'Anonymous Button'; is $report->anonymous, 1; # Doesn't change behaviour here, but uses anon account's name always + is $report->get_extra_metadata('contributed_as'), 'anonymous_user'; my $alert = FixMyStreet::App->model('DB::Alert')->find( { user => $report->user, @@ -159,6 +171,49 @@ subtest "test report creation anonymously by button" => sub { $mech->not_logged_in_ok; }; +subtest "test report creation anonymously by staff user" => sub { + FixMyStreet::DB->resultset("Problem")->delete_all; + + $mech->log_in_ok( $staffuser->email ); + $mech->get_ok('/around'); + $mech->submit_form_ok( { with_fields => { pc => 'EH1 1BB', } }, "submit location" ); + $mech->follow_link_ok( { text_regex => qr/skip this step/i, }, "follow 'skip this step' link" ); + $mech->submit_form_ok( + { + button => 'report_anonymously', + with_fields => { + title => 'Test Report', + detail => 'Test report details.', + category => 'Street lighting', + } + }, + "submit good details" + ); + $mech->content_contains('Thank you'); + + is_deeply $mech->page_errors, [], "check there were no errors"; + + my $report = FixMyStreet::DB->resultset("Problem")->first; + ok $report, "Found the report"; + + is $report->state, 'confirmed', "report confirmed"; + $mech->get_ok( '/report/' . $report->id ); + + is $report->bodies_str, $body->id; + is $report->name, 'Anonymous Button'; + is $report->anonymous, 1; + is $report->get_extra_metadata('contributed_as'), 'anonymous_user'; + + my $alert = FixMyStreet::App->model('DB::Alert')->find( { + user => $report->user, + alert_type => 'new_updates', + parameter => $report->id, + } ); + is $alert, undef, "no alert created"; + + $mech->log_out_ok; +}; + }; done_testing(); |