diff options
| author | Matthew Somerville <matthew@mysociety.org> | 2019-11-10 19:27:06 +0000 |
|---|---|---|
| committer | Matthew Somerville <matthew@mysociety.org> | 2019-11-10 19:27:06 +0000 |
| commit | d8dd060a4c2f75e89a24f99634d91a6d8ef0e2bc (patch) | |
| tree | abb543c32c9e5f239cc66cff1bafa697f322ebd3 /perllib/FixMyStreet/App/Controller/Admin | |
| parent | db61249c59a96a2fad80523288b7d13881c10965 (diff) | |
| parent | b886792181eb77206054e73315a9d14cdb17e936 (diff) | |
Merge branch 'admin-auditing'
Diffstat (limited to 'perllib/FixMyStreet/App/Controller/Admin')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Admin/Bodies.pm | 7 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Admin/Reports.pm | 516 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Admin/Roles.pm | 3 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Admin/Templates.pm | 179 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Admin/Triage.pm | 2 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Admin/Users.pm | 76 |
6 files changed, 757 insertions, 26 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin/Bodies.pm b/perllib/FixMyStreet/App/Controller/Admin/Bodies.pm index 098c29ad4..ea03b146f 100644 --- a/perllib/FixMyStreet/App/Controller/Admin/Bodies.pm +++ b/perllib/FixMyStreet/App/Controller/Admin/Bodies.pm @@ -280,7 +280,6 @@ sub update_contact : Private { $contact->unset_extra_metadata( 'group' ); } - $c->forward('/admin/update_extra_fields', [ $contact ]); $c->forward('contact_cobrand_extra_fields', [ $contact, \%errors ]); @@ -306,12 +305,13 @@ sub update_contact : Private { $c->stash->{errors} = \%errors; } elsif ( $contact->in_storage ) { $c->stash->{updated} = _('Values updated'); - + $c->forward('/admin/log_edit', [ $contact->id, 'category', 'edit' ]); # NB: History is automatically stored by a trigger in the database $contact->update; } else { $c->stash->{updated} = _('New category contact added'); $contact->insert; + $c->forward('/admin/log_edit', [ $contact->id, 'category', 'add' ]); } unless ( %errors ) { @@ -346,6 +346,7 @@ sub confirm_contacts : Private { } ); + $c->forward('/admin/log_edit', [ $c->stash->{body_id}, 'body', 'edit' ]); $c->stash->{updated} = _('Values updated'); } @@ -360,8 +361,10 @@ sub update_body : Private { if ($body) { $body->update( $values->{params} ); + $c->forward('/admin/log_edit', [ $body->id, 'body', 'edit' ]); } else { $body = $c->model('DB::Body')->create( $values->{params} ); + $c->forward('/admin/log_edit', [ $body->id, 'body', 'add' ]); } if ($values->{extras}) { diff --git a/perllib/FixMyStreet/App/Controller/Admin/Reports.pm b/perllib/FixMyStreet/App/Controller/Admin/Reports.pm new file mode 100644 index 000000000..bee2ed498 --- /dev/null +++ b/perllib/FixMyStreet/App/Controller/Admin/Reports.pm @@ -0,0 +1,516 @@ +package FixMyStreet::App::Controller::Admin::Reports; +use Moose; +use namespace::autoclean; + +BEGIN { extends 'Catalyst::Controller'; } + +use List::MoreUtils 'uniq'; +use FixMyStreet::SMS; +use Utils; + +=head1 NAME + +FixMyStreet::App::Controller::Admin::Reports - Catalyst Controller + +=head1 DESCRIPTION + +Admin pages + +=head1 METHODS + +=cut + +sub index : Path { + my ( $self, $c ) = @_; + + $c->stash->{edit_body_contacts} = 1 + if grep { $_ eq 'body' } keys %{$c->stash->{allowed_pages}}; + + my $query = {}; + if ( $c->cobrand->moniker eq 'zurich' ) { + my $type = $c->stash->{admin_type}; + my $body = $c->stash->{body}; + if ( $type eq 'dm' ) { + my @children = map { $_->id } $body->bodies->all; + my @all = (@children, $body->id); + $query = { bodies_str => \@all }; + } elsif ( $type eq 'sdm' ) { + $query = { bodies_str => $body->id }; + } + } + + my $order = $c->get_param('o') || 'id'; + my $dir = defined $c->get_param('d') ? $c->get_param('d') : 1; + $c->stash->{order} = $order; + $c->stash->{dir} = $dir; + $order = $dir ? { -desc => "me.$order" } : "me.$order"; + + my $p_page = $c->get_param('p') || 1; + my $u_page = $c->get_param('u') || 1; + + return if $c->cobrand->call_hook(report_search_query => $query, $p_page, $u_page, $order); + + if (my $search = $c->get_param('search')) { + $search = $self->trim($search); + + # In case an email address, wrapped in <...> + if ($search =~ /^<(.*)>$/) { + my $possible_email = $1; + my $parsed = FixMyStreet::SMS->parse_username($possible_email); + $search = $possible_email if $parsed->{email}; + } + + $c->stash->{searched} = $search; + + my $search_n = 0; + $search_n = int($search) if $search =~ /^\d+$/; + + my $like_search = "%$search%"; + + my $parsed = FixMyStreet::SMS->parse_username($search); + my $valid_phone = $parsed->{phone}; + my $valid_email = $parsed->{email}; + + if ($valid_email) { + $query->{'-or'} = [ + 'user.email' => { ilike => $like_search }, + ]; + } elsif ($valid_phone) { + $query->{'-or'} = [ + 'user.phone' => { ilike => $like_search }, + ]; + } elsif ($search =~ /^id:(\d+)$/) { + $query->{'-or'} = [ + 'me.id' => int($1), + ]; + } elsif ($search =~ /^area:(\d+)$/) { + $query->{'-or'} = [ + 'me.areas' => { like => "%,$1,%" } + ]; + } elsif ($search =~ /^ref:(\d+)$/) { + $query->{'-or'} = [ + 'me.external_id' => { like => "%$1%" } + ]; + } else { + $query->{'-or'} = [ + 'me.id' => $search_n, + 'user.email' => { ilike => $like_search }, + 'user.phone' => { ilike => $like_search }, + 'me.external_id' => { ilike => $like_search }, + 'me.name' => { ilike => $like_search }, + 'me.title' => { ilike => $like_search }, + detail => { ilike => $like_search }, + bodies_str => { like => $like_search }, + cobrand_data => { like => $like_search }, + ]; + } + + my $problems = $c->cobrand->problems->search( + $query, + { + prefetch => 'user', + rows => 50, + order_by => $order, + } + )->page( $p_page ); + + $c->stash->{problems} = [ $problems->all ]; + $c->stash->{problems_pager} = $problems->pager; + + if ($valid_email) { + $query = [ + 'user.email' => { ilike => $like_search }, + ]; + } elsif ($valid_phone) { + $query = [ + 'user.phone' => { ilike => $like_search }, + ]; + } elsif ($search =~ /^id:(\d+)$/) { + $query = [ + 'me.id' => int($1), + 'me.problem_id' => int($1), + ]; + } elsif ($search =~ /^area:(\d+)$/) { + $query = []; + } else { + $query = [ + 'me.id' => $search_n, + 'problem.id' => $search_n, + 'user.email' => { ilike => $like_search }, + 'user.phone' => { ilike => $like_search }, + 'me.name' => { ilike => $like_search }, + text => { ilike => $like_search }, + 'me.cobrand_data' => { ilike => $like_search }, + ]; + } + + if (@$query) { + my $updates = $c->cobrand->updates->search( + { + -or => $query, + }, + { + -select => [ 'me.*', qw/problem.bodies_str problem.state/ ], + prefetch => [qw/user problem/], + rows => 50, + order_by => { -desc => 'me.id' } + } + )->page( $u_page ); + $c->stash->{updates} = [ $updates->all ]; + $c->stash->{updates_pager} = $updates->pager; + } + + } else { + + my $problems = $c->cobrand->problems->search( + $query, + { order_by => $order, rows => 50 } + )->page( $p_page ); + $c->stash->{problems} = [ $problems->all ]; + $c->stash->{problems_pager} = $problems->pager; + } +} + +sub edit_display : Private { + my ( $self, $c ) = @_; + + my $problem = $c->stash->{problem}; + + $c->stash->{page} = 'admin'; + FixMyStreet::Map::display_map( + $c, + latitude => $problem->latitude, + longitude => $problem->longitude, + pins => $problem->used_map + ? [ { + latitude => $problem->latitude, + longitude => $problem->longitude, + colour => $c->cobrand->pin_colour($problem, 'admin'), + type => 'big', + draggable => 1, + } ] + : [], + print_report => 1, + ); +} + +sub edit : Path('/admin/report_edit') : Args(1) { + my ( $self, $c, $id ) = @_; + + my $problem = $c->cobrand->problems->search( { id => $id } )->first; + + $c->detach( '/page_error_404_not_found', [] ) + unless $problem; + + unless ( + $c->cobrand->moniker eq 'zurich' + || $c->user->has_permission_to(report_edit => $problem->bodies_str_ids) + ) { + $c->detach( '/page_error_403_access_denied', [] ); + } + + $c->stash->{problem} = $problem; + if ( $problem->extra ) { + my @fields; + if ( my $fields = $problem->get_extra_fields ) { + for my $field ( @{$fields} ) { + my $name = $field->{description} ? + "$field->{description} ($field->{name})" : + "$field->{name}"; + push @fields, { name => $name, val => $field->{value} }; + } + } + my $extra = $problem->get_extra_metadata; + if ( $extra->{duplicates} ) { + push @fields, { name => 'Duplicates', val => join( ',', @{ $problem->get_extra_metadata('duplicates') } ) }; + delete $extra->{duplicates}; + } + for my $key ( keys %$extra ) { + push @fields, { name => $key, val => $extra->{$key} }; + } + + $c->stash->{extra_fields} = \@fields; + } + + $c->forward('/auth/get_csrf_token'); + + $c->forward('categories_for_point'); + + $c->forward('alerts_for_report'); + + $c->forward('/admin/check_username_for_abuse', [ $problem->user ] ); + + $c->stash->{updates} = + [ $c->model('DB::Comment') + ->search( { problem_id => $problem->id }, { order_by => [ 'created', 'id' ] } ) + ->all ]; + + if (my $rotate_photo_param = $c->forward('/admin/_get_rotate_photo_param')) { + $c->forward('/admin/rotate_photo', [$problem, @$rotate_photo_param]); + $c->detach('edit_display'); + } + + if ( $c->cobrand->moniker eq 'zurich' ) { + my $done = $c->cobrand->admin_report_edit(); + $c->detach('edit_display') if $done; + } + + if ( $c->get_param('resend') && !$c->cobrand->call_hook('disable_resend') ) { + $c->forward('/auth/check_csrf_token'); + + $problem->resend; + $problem->update(); + $c->stash->{status_message} = _('That problem will now be resent.'); + + $c->forward( '/admin/log_edit', [ $id, 'problem', 'resend' ] ); + } + elsif ( $c->get_param('mark_sent') ) { + $c->forward('/auth/check_csrf_token'); + $problem->update({ whensent => \'current_timestamp' })->discard_changes; + $c->stash->{status_message} = _('That problem has been marked as sent.'); + $c->forward( '/admin/log_edit', [ $id, 'problem', 'marked sent' ] ); + } + elsif ( $c->get_param('flaguser') ) { + $c->forward('/admin/users/flag'); + $c->stash->{problem}->discard_changes; + } + elsif ( $c->get_param('removeuserflag') ) { + $c->forward('/admin/users/flag_remove'); + $c->stash->{problem}->discard_changes; + } + elsif ( $c->get_param('banuser') ) { + $c->forward('/admin/users/ban'); + } + elsif ( $c->get_param('submit') ) { + $c->forward('/auth/check_csrf_token'); + + my $old_state = $problem->state; + + my %columns = ( + flagged => $c->get_param('flagged') ? 1 : 0, + non_public => $c->get_param('non_public') ? 1 : 0, + ); + foreach (qw/state anonymous title detail name external_id external_body external_team/) { + $columns{$_} = $c->get_param($_); + } + + # Look this up here for moderation line to use + my $remove_photo_param = $c->forward('/admin/_get_remove_photo_param'); + + if ($columns{title} ne $problem->title || $columns{detail} ne $problem->detail || + $columns{anonymous} ne $problem->anonymous || $remove_photo_param) { + $problem->create_related( moderation_original_data => { + title => $problem->title, + detail => $problem->detail, + photo => $problem->photo, + anonymous => $problem->anonymous, + category => $problem->category, + $problem->extra ? (extra => $problem->extra) : (), + }); + } + + $problem->set_inflated_columns(\%columns); + + if ($c->get_param('closed_updates')) { + $problem->set_extra_metadata(closed_updates => 1); + } else { + $problem->unset_extra_metadata('closed_updates'); + } + + $c->forward( '/admin/reports/edit_category', [ $problem, $problem->state ne $old_state ] ); + $c->forward('/admin/update_user', [ $problem ]); + + # Deal with photos + if ($remove_photo_param) { + $c->forward('/admin/remove_photo', [ $problem, $remove_photo_param ]); + } + + if ($problem->state eq 'hidden' || $problem->non_public) { + $problem->get_photoset->delete_cached(plus_updates => 1); + } + + if ( $problem->is_visible() and $old_state eq 'unconfirmed' ) { + $problem->confirmed( \'current_timestamp' ); + } + + $problem->lastupdate( \'current_timestamp' ); + $problem->update; + + if ( $problem->state ne $old_state ) { + $c->forward( '/admin/log_edit', [ $id, 'problem', 'state_change' ] ); + + my $name = $c->user->moderating_user_name; + my $extra = { is_superuser => 1 }; + if ($c->user->from_body) { + delete $extra->{is_superuser}; + $extra->{is_body_user} = $c->user->from_body->id; + } + my $timestamp = \'current_timestamp'; + $problem->add_to_comments( { + text => $c->stash->{update_text} || '', + created => $timestamp, + confirmed => $timestamp, + user_id => $c->user->id, + name => $name, + mark_fixed => 0, + anonymous => 0, + state => 'confirmed', + problem_state => $problem->state, + extra => $extra + } ); + } + $c->forward( '/admin/log_edit', [ $id, 'problem', 'edit' ] ); + + $c->stash->{status_message} = _('Updated!'); + + # do this here otherwise lastupdate and confirmed times + # do not display correctly + $problem->discard_changes; + } + + $c->detach('edit_display'); +} + +=head2 edit_category + +Handles changing a problem's category and the complexity that comes with it. +Returns 1 if category changed, 0 if no change. + +=cut + +sub edit_category : Private { + my ($self, $c, $problem, $no_comment) = @_; + + if ((my $category = $c->get_param('category')) ne $problem->category) { + my $disable_resend = $c->cobrand->call_hook('disable_resend'); + my $category_old = $problem->category; + $problem->category($category); + my @contacts = grep { $_->category eq $problem->category } @{$c->stash->{contacts}}; + my @new_body_ids = map { $_->body_id } @contacts; + # If the report has changed bodies (and not to a subset!) we need to resend it + my %old_map = map { $_ => 1 } @{$problem->bodies_str_ids}; + if (!$disable_resend && grep !$old_map{$_}, @new_body_ids) { + $problem->resend; + } + # If the send methods of the old/new contacts differ we need to resend the report + my @new_send_methods = uniq map { + ( $_->body->can_be_devolved && $_->send_method ) ? + $_->send_method : $_->body->send_method + ? $_->body->send_method + : $c->cobrand->_fallback_body_sender()->{method}; + } @contacts; + my %old_send_methods = map { $_ => 1 } split /,/, ($problem->send_method_used || "Email"); + if (!$disable_resend && grep !$old_send_methods{$_}, @new_send_methods) { + $problem->resend; + } + + $problem->bodies_str(join( ',', @new_body_ids )); + my $update_text = '*' . sprintf(_('Category changed from ‘%s’ to ‘%s’'), $category_old, $category) . '*'; + if ($no_comment) { + $c->stash->{update_text} = $update_text; + } else { + $problem->add_to_comments({ + text => $update_text, + created => \'current_timestamp', + confirmed => \'current_timestamp', + user_id => $c->user->id, + name => $c->user->from_body ? $c->user->from_body->name : $c->user->name, + state => 'confirmed', + mark_fixed => 0, + anonymous => 0, + }); + } + $c->forward( '/admin/log_edit', [ $problem->id, 'problem', 'category_change' ] ); + return 1; + } + return 0; +} + +=head2 edit_location + +Handles changing a problem's location and the complexity that comes with it. +For now, we reject the new location if the new location and old locations aren't +covered by the same body. + +Returns 2 if the new position (if any) is acceptable and changed, +1 if acceptable and unchanged, undef otherwise. + +NB: This must be called before edit_category, as that might modify +$problem->bodies_str. + +=cut + +sub edit_location : Private { + my ($self, $c, $problem) = @_; + + return 1 unless $c->forward('/location/determine_location_from_coords'); + + my ($lat, $lon) = map { Utils::truncate_coordinate($_) } $problem->latitude, $problem->longitude; + if ( $c->stash->{latitude} != $lat || $c->stash->{longitude} != $lon ) { + # The two actions below change the stash, setting things up for e.g. a + # new report. But here we're only doing it in order to check the found + # bodies match; we don't want to overwrite the existing report data if + # this lookup is bad. So let's save the stash and restore it after the + # comparison. + my $safe_stash = { %{$c->stash} }; + $c->stash->{fetch_all_areas} = 1; + $c->stash->{area_check_action} = 'admin'; + $c->forward('/council/load_and_check_areas', []); + $c->forward('/report/new/setup_categories_and_bodies'); + my %allowed_bodies = map { $_ => 1 } @{$problem->bodies_str_ids}; + my @new_bodies = keys %{$c->stash->{bodies_to_list}}; + my $bodies_match = grep { exists( $allowed_bodies{$_} ) } @new_bodies; + $c->stash($safe_stash); + return unless $bodies_match; + $problem->latitude($c->stash->{latitude}); + $problem->longitude($c->stash->{longitude}); + my $areas = $c->stash->{all_areas_mapit}; + $problem->areas( ',' . join( ',', sort keys %$areas ) . ',' ); + return 2; + } + return 1; +} + +sub categories_for_point : Private { + my ($self, $c) = @_; + + $c->stash->{report} = $c->stash->{problem}; + # We have a report, stash its location + $c->forward('/report/new/determine_location_from_report'); + # Look up the areas for this location + my $prefetched_all_areas = [ grep { $_ } split ',', $c->stash->{report}->areas ]; + $c->forward('/around/check_location_is_acceptable', [ $prefetched_all_areas ]); + # As with a new report, fetch the bodies/categories + $c->forward('/report/new/setup_categories_and_bodies'); + + # Remove the "Pick a category" option + shift @{$c->stash->{category_options}} if @{$c->stash->{category_options}}; + + $c->stash->{categories_hash} = { map { $_->category => 1 } @{$c->stash->{category_options}} }; + + $c->forward('/admin/triage/setup_categories'); + +} + +sub alerts_for_report : Private { + my ($self, $c) = @_; + + $c->stash->{alert_count} = $c->model('DB::Alert')->search({ + alert_type => 'new_updates', + parameter => $c->stash->{report}->id, + confirmed => 1, + whendisabled => undef, + })->count(); +} + +sub trim { + my $self = shift; + my $e = shift; + $e =~ s/^\s+//; + $e =~ s/\s+$//; + return $e; +} + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/perllib/FixMyStreet/App/Controller/Admin/Roles.pm b/perllib/FixMyStreet/App/Controller/Admin/Roles.pm index 902ed6255..279ee695c 100644 --- a/perllib/FixMyStreet/App/Controller/Admin/Roles.pm +++ b/perllib/FixMyStreet/App/Controller/Admin/Roles.pm @@ -63,6 +63,7 @@ sub form { if ($c->get_param('delete_role')) { $role->delete; + $c->forward('/admin/log_edit', [ $role->id, 'role', 'delete' ]); $c->response->redirect($c->uri_for($self->action_for('index'))); $c->detach; } @@ -88,11 +89,13 @@ sub form { $opts->{body_id} = $c->user->from_body->id; } + my $action = $role->in_storage ? 'edit' : 'add'; my $form = FixMyStreet::App::Form::Role->new(%$opts); $c->stash(template => 'admin/roles/form.html', form => $form); $form->process(item => $role, params => $c->req->params); return unless $form->validated; + $c->forward('/admin/log_edit', [ $role->id, 'role', $action ]); $c->response->redirect($c->uri_for($self->action_for('index'))); } diff --git a/perllib/FixMyStreet/App/Controller/Admin/Templates.pm b/perllib/FixMyStreet/App/Controller/Admin/Templates.pm new file mode 100644 index 000000000..97a62c2b8 --- /dev/null +++ b/perllib/FixMyStreet/App/Controller/Admin/Templates.pm @@ -0,0 +1,179 @@ +package FixMyStreet::App::Controller::Admin::Templates; +use Moose; +use namespace::autoclean; + +BEGIN { extends 'Catalyst::Controller'; } + +=head1 NAME + +FixMyStreet::App::Controller::Admin::Templates - Catalyst Controller + +=head1 DESCRIPTION + +Admin pages for response templates + +=head1 METHODS + +=cut + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + + my $user = $c->user; + + if ($user->is_superuser) { + $c->forward('/admin/fetch_all_bodies'); + } elsif ( $user->from_body ) { + $c->forward('load_template_body', [ $user->from_body->id ]); + $c->res->redirect( $c->uri_for_action( '/admin/templates/view', $c->stash->{body}->id ) ); + } else { + $c->detach( '/page_error_404_not_found', [] ); + } +} + +sub view : Path : Args(1) { + my ($self, $c, $body_id) = @_; + + $c->forward('load_template_body', [ $body_id ]); + + my @templates = $c->stash->{body}->response_templates->search( + undef, + { + order_by => 'title' + } + ); + + $c->stash->{response_templates} = \@templates; +} + +sub edit : Path : Args(2) { + my ( $self, $c, $body_id, $template_id ) = @_; + + $c->forward('load_template_body', [ $body_id ]); + + my $template; + if ($template_id eq 'new') { + $template = $c->stash->{body}->response_templates->new({}); + } + else { + $template = $c->stash->{body}->response_templates->find( $template_id ) + or $c->detach( '/page_error_404_not_found', [] ); + } + + $c->forward('/admin/fetch_contacts'); + my @contacts = $template->contacts->all; + my @live_contacts = $c->stash->{live_contacts}->all; + my %active_contacts = map { $_->id => 1 } @contacts; + my @all_contacts = map { { + id => $_->id, + category => $_->category_display, + active => $active_contacts{$_->id}, + email => $_->email, + } } @live_contacts; + $c->stash->{contacts} = \@all_contacts; + + # bare block to use 'last' if form is invalid. + if ($c->req->method eq 'POST') { { + if ($c->get_param('delete_template') && $c->get_param('delete_template') eq _("Delete template")) { + $template->contact_response_templates->delete_all; + $template->delete; + $c->forward('/admin/log_edit', [ $template->id, 'template', 'delete' ]); + } else { + my @live_contact_ids = map { $_->id } @live_contacts; + my @new_contact_ids = grep { $c->get_param("contacts[$_]") } @live_contact_ids; + my %new_contacts = map { $_ => 1 } @new_contact_ids; + for my $contact (@all_contacts) { + $contact->{active} = $new_contacts{$contact->{id}}; + } + + $template->title( $c->get_param('title') ); + my $query = { title => $template->title }; + if ($template->in_storage) { + $query->{id} = { '!=', $template->id }; + } + if ($c->stash->{body}->response_templates->search($query)->count) { + $c->stash->{errors} ||= {}; + $c->stash->{errors}->{title} = _("There is already a template with that title."); + } + + $template->text( $c->get_param('text') ); + $template->state( $c->get_param('state') ); + $template->external_status_code( $c->get_param('external_status_code') ); + + if ( $template->state && $template->external_status_code ) { + $c->stash->{errors} ||= {}; + $c->stash->{errors}->{state} = _("State and external status code cannot be used simultaneously."); + $c->stash->{errors}->{external_status_code} = _("State and external status code cannot be used simultaneously."); + } + + $template->auto_response( $c->get_param('auto_response') && ( $template->state || $template->external_status_code ) ? 1 : 0 ); + if ($template->auto_response) { + my @check_contact_ids = @new_contact_ids; + # If the new template has not specific categories (i.e. it + # applies to all categories) then we need to check each of those + # category ids for existing auto-response templates. + if (!scalar @check_contact_ids) { + @check_contact_ids = @live_contact_ids; + } + my $query = { + 'auto_response' => 1, + 'contact.id' => [ @check_contact_ids, undef ], + -or => { + $template->state ? ('me.state' => $template->state) : (), + $template->external_status_code ? ('me.external_status_code' => $template->external_status_code) : (), + }, + }; + if ($template->in_storage) { + $query->{'me.id'} = { '!=', $template->id }; + } + if ($c->stash->{body}->response_templates->search($query, { + join => { 'contact_response_templates' => 'contact' }, + })->count) { + $c->stash->{errors} ||= {}; + $c->stash->{errors}->{auto_response} = _("There is already an auto-response template for this category/state."); + } + } + + last if $c->stash->{errors}; + + $template->update_or_insert; + $template->contact_response_templates->search({ + contact_id => { -not_in => \@new_contact_ids }, + })->delete; + foreach my $contact_id (@new_contact_ids) { + $template->contact_response_templates->find_or_create({ + contact_id => $contact_id, + }); + } + my $action = $template_id eq 'new' ? 'add' : 'edit'; + $c->forward('/admin/log_edit', [ $template->id, 'template', $action ]); + } + + $c->res->redirect( $c->uri_for_action( '/admin/templates/view', $c->stash->{body}->id ) ); + } } + + $c->stash->{response_template} = $template; +} + +sub load_template_body : Private { + my ($self, $c, $body_id) = @_; + + my $zurich_user = $c->user->from_body && $c->cobrand->moniker eq 'zurich'; + my $has_permission = $c->user->has_body_permission_to('template_edit', $body_id); + + unless ( $zurich_user || $has_permission ) { + $c->detach( '/page_error_404_not_found', [] ); + } + + # Regular users can only view their own body's templates + if ( !$c->user->is_superuser && $body_id ne $c->user->from_body->id ) { + $c->res->redirect( $c->uri_for_action( '/admin/templates/view', $c->user->from_body->id ) ); + } + + $c->stash->{body} = $c->model('DB::Body')->find($body_id) + or $c->detach( '/page_error_404_not_found', [] ); +} + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/perllib/FixMyStreet/App/Controller/Admin/Triage.pm b/perllib/FixMyStreet/App/Controller/Admin/Triage.pm index 0eabd340d..428c35073 100644 --- a/perllib/FixMyStreet/App/Controller/Admin/Triage.pm +++ b/perllib/FixMyStreet/App/Controller/Admin/Triage.pm @@ -113,7 +113,7 @@ sub update : Private { my $current_category = $problem->category; my $new_category = $c->get_param('category'); - my $changed = $c->forward('/admin/report_edit_category', [ $problem, 1 ] ); + my $changed = $c->forward('/admin/reports/edit_category', [ $problem, 1 ] ); if ( $changed ) { $c->stash->{problem}->update( { state => 'confirmed' } ); diff --git a/perllib/FixMyStreet/App/Controller/Admin/Users.pm b/perllib/FixMyStreet/App/Controller/Admin/Users.pm index 0d7c23fff..802fbb9f5 100644 --- a/perllib/FixMyStreet/App/Controller/Admin/Users.pm +++ b/perllib/FixMyStreet/App/Controller/Admin/Users.pm @@ -171,7 +171,7 @@ sub add : Local : Args(0) { $c->forward('user_cobrand_extra_fields'); $user->insert; - $c->forward( '/admin/log_edit', [ $user->id, 'user', 'edit' ] ); + $c->forward( '/admin/log_edit', [ $user->id, 'user', 'add' ] ); $c->flash->{status_message} = _("Updated!"); $c->detach('post_edit_redirect', [ $user ]); @@ -189,19 +189,24 @@ sub fetch_body_roles : Private { $c->stash->{roles} = [ $roles->all ]; } -sub edit : Path : Args(1) { +sub user : Chained('/') PathPart('admin/users') : CaptureArgs(1) { my ( $self, $c, $id ) = @_; - $c->forward('/auth/get_csrf_token'); - my $user = $c->cobrand->users->find( { id => $id } ); $c->detach( '/page_error_404_not_found', [] ) unless $user; + $c->stash->{user} = $user; unless ( $c->user->has_body_permission_to('user_edit') || $c->cobrand->moniker eq 'zurich' ) { $c->detach('/page_error_403_access_denied', []); } +} - $c->stash->{user} = $user; +sub edit : Chained('user') : PathPart('') : Args(0) { + my ( $self, $c ) = @_; + + $c->forward('/auth/get_csrf_token'); + + my $user = $c->stash->{user}; $c->forward( '/admin/check_username_for_abuse', [ $user ] ); if ( $user->from_body && $c->user->has_permission_to('user_manage_permissions', $user->from_body->id) ) { @@ -232,14 +237,12 @@ sub edit : Path : Args(1) { } elsif ( $c->get_param('submit') and $c->get_param('send_login_email') ) { my $email = lc $c->get_param('email'); my %args = ( email => $email ); - $args{user_id} = $id if $user->email ne $email || !$user->email_verified; + $args{user_id} = $user->id if $user->email ne $email || !$user->email_verified; $c->forward('send_login_email', [ \%args ]); } elsif ( $c->get_param('update_alerts') ) { $c->forward('update_alerts'); } elsif ( $c->get_param('submit') ) { - my $edited = 0; - my $name = $c->get_param('name'); my $email = lc $c->get_param('email'); my $phone = $c->get_param('phone'); @@ -281,19 +284,10 @@ sub edit : Path : Args(1) { return if %{$c->stash->{field_errors}}; - if ( ($user->email || "") ne $email || - $user->name ne $name || - ($user->phone || "") ne $phone || - ($user->from_body && $c->get_param('body') && $user->from_body->id ne $c->get_param('body')) || - (!$user->from_body && $c->get_param('body')) - ) { - $edited = 1; - } - if ($existing_user_cobrand) { $existing_user->adopt($user); - $c->forward( '/admin/log_edit', [ $id, 'user', 'merge' ] ); - return $c->res->redirect( $c->uri_for_action( 'admin/users/edit', $existing_user->id ) ); + $c->forward( '/admin/log_edit', [ $user->id, 'user', 'merge' ] ); + return $c->res->redirect( $c->uri_for_action( 'admin/users/edit', [ $existing_user->id ] ) ); } $user->email($email) if !$existing_email; @@ -382,9 +376,7 @@ sub edit : Path : Args(1) { } $user->update; - if ($edited) { - $c->forward( '/admin/log_edit', [ $id, 'user', 'edit' ] ); - } + $c->forward( '/admin/log_edit', [ $user->id, 'user', 'edit' ] ); $c->flash->{status_message} = _("Updated!"); $c->detach('post_edit_redirect', [ $user ]); @@ -414,13 +406,45 @@ sub edit : Path : Args(1) { return 1; } +sub log : Chained('user') : PathPart('log') : Args(0) { + my ($self, $c) = @_; + + my $user = $c->stash->{user}; + + my $after = $c->get_param('after'); + + my %time; + foreach ($user->admin_logs->all) { + push @{$time{$_->whenedited->epoch}}, { type => 'log', date => $_->whenedited, log => $_ }; + } + foreach ($c->cobrand->problems->search({ extra => { like => '%contributed_by%' . $user->id . '%' } })->all) { + next unless $_->get_extra_metadata('contributed_by') == $user->id; + push @{$time{$_->created->epoch}}, { type => 'problemContributedBy', date => $_->created, obj => $_ }; + } + + foreach ($user->user_planned_reports->all) { + push @{$time{$_->added->epoch}}, { type => 'shortlistAdded', date => $_->added, obj => $_->report }; + push @{$time{$_->removed->epoch}}, { type => 'shortlistRemoved', date => $_->removed, obj => $_->report } if $_->removed; + } + + foreach ($user->problems->all) { + push @{$time{$_->created->epoch}}, { type => 'problem', date => $_->created, obj => $_ }; + } + + foreach ($user->comments->all) { + push @{$time{$_->created->epoch}}, { type => 'update', date => $_->created, obj => $_}; + } + + $c->stash->{time} = \%time; +} + sub post_edit_redirect : Private { my ( $self, $c, $user ) = @_; # User may not be visible on this cobrand, e.g. if their from_body # wasn't set. if ( $c->cobrand->users->find( { id => $user->id } ) ) { - return $c->res->redirect( $c->uri_for_action( 'admin/users/edit', $user->id ) ); + return $c->res->redirect( $c->uri_for_action( 'admin/users/edit', [ $user->id ] ) ); } else { return $c->res->redirect( $c->uri_for_action( 'admin/users/index' ) ); } @@ -605,6 +629,7 @@ sub user_remove_account : Private { my ( $self, $c, $user ) = @_; $c->forward('user_logout_everywhere', [ $user ]); $user->anonymize_account; + $c->forward( '/admin/log_edit', [ $user->id, 'user', 'edit' ] ); $c->stash->{status_message} = _('That user’s personal details have been removed.'); } @@ -632,6 +657,7 @@ sub ban : Private { $c->stash->{status_message} = _('User already in abuse list'); } else { $abuse->insert; + $c->forward( '/admin/log_edit', [ $user->id, 'user', 'edit' ] ); $c->stash->{status_message} = _('User added to abuse list'); } $c->stash->{username_in_abuse} = 1; @@ -642,6 +668,7 @@ sub ban : Private { $c->stash->{status_message} = _('User already in abuse list'); } else { $abuse->insert; + $c->forward( '/admin/log_edit', [ $user->id, 'user', 'edit' ] ); $c->stash->{status_message} = _('User added to abuse list'); } $c->stash->{username_in_abuse} = 1; @@ -663,6 +690,7 @@ sub unban : Private { my $abuse = $c->model('DB::Abuse')->search({ email => \@username }); if ( $abuse ) { $abuse->delete; + $c->forward( '/admin/log_edit', [ $user->id, 'user', 'edit' ] ); $c->stash->{status_message} = _('user removed from abuse list'); } else { $c->stash->{status_message} = _('user not in abuse list'); @@ -692,6 +720,7 @@ sub flag : Private { } else { $user->flagged(1); $user->update; + $c->forward( '/admin/log_edit', [ $user->id, 'user', 'edit' ] ); $c->stash->{status_message} = _('User flagged'); } @@ -721,6 +750,7 @@ sub flag_remove : Private { } else { $user->flagged(0); $user->update; + $c->forward( '/admin/log_edit', [ $user->id, 'user', 'edit' ] ); $c->stash->{status_message} = _('User flag removed'); } |