Extend assigned_*_only to report lists.

Shortlist buttons and extended print information
will not appear where not allowed.

6 files changed, 64 insertions, 7 deletions

diff --git a/perllib/FixMyStreet/App/Controller/Around.pm b/perllib/FixMyStreet/App/Controller/Around.pm
index af50f1883..0e87d1e70 100644
--- a/perllib/FixMyStreet/App/Controller/Around.pm
+++ b/perllib/FixMyStreet/App/Controller/Around.pm
@@ -262,6 +262,8 @@ sub check_and_stash_category : Private {
     my %valid_categories = map { $_ => 1 } grep { $_ && $categories_mapped{$_} } @$categories;
     $c->stash->{filter_category} = \%valid_categories;
     $c->cobrand->call_hook('munge_around_filter_category_list');
+
+    $c->forward('/report/assigned_users_only', [ \@categories ]);
 }
 
 sub map_features : Private {
diff --git a/perllib/FixMyStreet/App/Controller/Dashboard.pm b/perllib/FixMyStreet/App/Controller/Dashboard.pm
index 833d6d6b2..52af45940 100644
--- a/perllib/FixMyStreet/App/Controller/Dashboard.pm
+++ b/perllib/FixMyStreet/App/Controller/Dashboard.pm
@@ -564,7 +564,8 @@ sub heatmap : Local : Args(0) {
     $c->stash->{children} = $children;
     $c->stash->{ward_hash} = { map { $_->{id} => 1 } @{$c->stash->{wards}} } if $c->stash->{wards};
 
-    $c->forward('/reports/setup_categories_and_map');
+    $c->forward('/reports/setup_categories');
+    $c->forward('/reports/setup_map');
 }
 
 sub heatmap_filters :Private {
diff --git a/perllib/FixMyStreet/App/Controller/Report.pm b/perllib/FixMyStreet/App/Controller/Report.pm
index 3052b1015..8a6047194 100644
--- a/perllib/FixMyStreet/App/Controller/Report.pm
+++ b/perllib/FixMyStreet/App/Controller/Report.pm
@@ -724,6 +724,19 @@ sub stash_category_groups : Private {
     $c->stash->{category_groups}  = \@category_groups;
 }
 
+sub assigned_users_only : Private {
+    my ($self, $c, $categories) = @_;
+
+    # Assigned only category checking
+    if ($c->user_exists && $c->user->from_body) {
+        my @assigned_users_only = grep { $_->get_extra_metadata('assigned_users_only') } @$categories;
+        $c->stash->{assigned_users_only} = { map { $_->category => 1 } @assigned_users_only };
+        $c->stash->{assigned_categories_only} = $c->user->get_extra_metadata('assigned_categories_only');
+
+        $c->stash->{user_categories} = { map { $_ => 1 } @{$c->user->categories} };
+    }
+}
+
 __PACKAGE__->meta->make_immutable;
 
 1;
diff --git a/perllib/FixMyStreet/App/Controller/Reports.pm b/perllib/FixMyStreet/App/Controller/Reports.pm
index 53f27eb62..10902eab9 100644
--- a/perllib/FixMyStreet/App/Controller/Reports.pm
+++ b/perllib/FixMyStreet/App/Controller/Reports.pm
@@ -154,6 +154,8 @@ sub ward : Path : Args(2) {
     $c->forward('stash_report_sort', [ $c->cobrand->reports_ordering ]);
     $c->forward( 'load_and_group_problems' );
 
+    $c->forward('setup_categories');
+
     if ($c->get_param('ajax')) {
         my $ajax_template = $c->stash->{ajax_template} || 'reports/_problem-list.html';
         $c->detach('ajax', [ $ajax_template ]);
@@ -165,7 +167,7 @@ sub ward : Path : Args(2) {
 
     $c->stash->{stats} = $c->cobrand->get_report_stats();
 
-    $c->forward('setup_categories_and_map');
+    $c->forward('setup_map');
 
     # List of wards
     if ( !$c->stash->{wards} && $c->stash->{body}->id && $c->stash->{body}->body_areas->first ) {
@@ -181,7 +183,7 @@ sub ward : Path : Args(2) {
     }
 }
 
-sub setup_categories_and_map :Private {
+sub setup_categories :Private {
     my ($self, $c) = @_;
 
     my @categories = $c->stash->{body}->contacts->not_deleted->search( undef, {
@@ -191,9 +193,15 @@ sub setup_categories_and_map :Private {
 
     $c->cobrand->call_hook('munge_reports_category_list', \@categories);
 
+    $c->forward('/report/assigned_users_only', [ \@categories ]);
+
     $c->stash->{filter_categories} = \@categories;
     $c->stash->{filter_category} = { map { $_ => 1 } $c->get_param_list('filter_category', 1) };
     $c->forward('/report/stash_category_groups', [ \@categories ]) if $c->cobrand->enable_category_groups;
+}
+
+sub setup_map :Private {
+    my ($self, $c) = @_;
 
     my $pins = $c->stash->{pins} || [];
 
diff --git a/t/app/controller/around.t b/t/app/controller/around.t
index 186b833fd..6e49c6f29 100644
--- a/t/app/controller/around.t
+++ b/t/app/controller/around.t
@@ -150,7 +150,7 @@ subtest 'check missing body message not shown when it does not need to be' => su
 };
 
 for my $permission ( qw/ report_inspect report_mark_private/ ) {
-    subtest 'check non public reports are displayed on around page with $permission permission' => sub {
+    subtest "check non public reports are displayed on around page with $permission permission" => sub {
         my $body = FixMyStreet::DB->resultset('Body')->find( $body_edin_id );
         my $body2 = FixMyStreet::DB->resultset('Body')->find( $body_west_id );
         my $user = $mech->log_in_ok( 'test@example.com' );
@@ -218,6 +218,29 @@ for my $permission ( qw/ report_inspect report_mark_private/ ) {
     };
 }
 
+subtest 'check assigned-only list items do not display shortlist buttons' => sub {
+    my $body = FixMyStreet::DB->resultset('Body')->find( $body_edin_id );
+    my $contact = $mech->create_contact_ok( category => 'Horses', body_id => $body->id, email => "horses\@example.org" );
+    $edinburgh_problems[4]->update({ category => 'Horses' });
+
+    my $user = $mech->log_in_ok( 'test@example.com' );
+    $user->set_extra_metadata(assigned_categories_only => 1);
+    $user->user_body_permissions->delete();
+    $user->set_extra_metadata(categories => [ $contact->id ]);
+    $user->update({ from_body => $body });
+    $user->user_body_permissions->find_or_create({ body => $body, permission_type => 'planned_reports' });
+
+    FixMyStreet::override_config {
+        ALLOWED_COBRANDS => 'fixmystreet',
+        MAPIT_URL => 'http://mapit.uk/',
+    }, sub {
+        $mech->get_ok('/around?pc=EH1+1BB');
+    };
+    $mech->content_contains('shortlist-add-' . $edinburgh_problems[4]->id);
+    $mech->content_lacks('shortlist-add-' . $edinburgh_problems[3]->id);
+    $mech->content_lacks('shortlist-add-' . $edinburgh_problems[1]->id);
+};
+
 my $body = $mech->create_body_ok(2237, "Oxfordshire");
 
 subtest 'check category, status and extra filtering works on /around' => sub {
diff --git a/templates/web/base/report/_item.html b/templates/web/base/report/_item.html
index 4d74b3be9..baba04d3e 100644
--- a/templates/web/base/report/_item.html
+++ b/templates/web/base/report/_item.html
@@ -2,7 +2,17 @@
 [% PROCESS 'admin/report_blocks.html' ~%]
 [% END ~%]
 
-[% IF c.user.has_permission_to('planned_reports', problem.bodies_str_ids) OR c.user.is_planned_report(problem) ~%]
+[%
+
+SET relevant_staff = 1;
+SET is_user_category = user_categories.${problem.category};
+IF (assigned_users_only.${problem.category} OR assigned_categories_only) AND NOT is_user_category;
+    SET relevant_staff = 0;
+END;
+
+~%]
+
+[% IF relevant_staff AND (c.user.has_permission_to('planned_reports', problem.bodies_str_ids) OR c.user.is_planned_report(problem)) ~%]
     [% item_extra_class = "item-list__item--indented" ~%]
     [% item_action = BLOCK ~%]
       <input type="submit" value="1"
@@ -49,12 +59,12 @@
       [% END %]
   [% END ~%]
 
-    [% IF c.user.has_permission_to('report_inspect', problem.bodies_str_ids) %]
+    [% IF relevant_staff AND c.user.has_permission_to('report_inspect', problem.bodies_str_ids) %]
         <div class="item-list__description">[% problem.detail | html %]</div>
     [% END %]
         <small>[% PROCESS 'report/_item_small.html' %]</small>
 
-    [% IF c.user.has_permission_to('report_inspect', problem.bodies_str_ids) %]
+    [% IF relevant_staff AND c.user.has_permission_to('report_inspect', problem.bodies_str_ids) %]
         <div class="item-list__item__metadata">
             <div>
                 <h4>[% loc('Report ID:') %]</h4>