add report_mark_private permission

Allows user's to see the inspector panel to mark reports as Private, and
also to view those non-public reports. Useful for call centre staff who
want to record private reports but don't need to other permissions.

Fixes mysociety/fixmystreet-commercial#1213

1 files changed, 22 insertions, 6 deletions

diff --git a/perllib/FixMyStreet/App/Controller/Reports.pm b/perllib/FixMyStreet/App/Controller/Reports.pm
index 1ca4cbb09..2508b822f 100644
--- a/perllib/FixMyStreet/App/Controller/Reports.pm
+++ b/perllib/FixMyStreet/App/Controller/Reports.pm
@@ -556,13 +556,9 @@ sub load_and_group_problems : Private {
         state      => [ keys %$states ]
     };
 
-    my $body = $c->stash->{body}; # Might be undef
+    $c->forward('check_non_public_reports_permission', [ $where ] );
 
-    if ($c->user_exists && ($c->user->is_superuser || ($body && $c->user->has_permission_to('report_inspect', $body->id)))) {
-        # See all reports, no restriction
-    } else {
-        $where->{non_public} = 0;
-    }
+    my $body = $c->stash->{body}; # Might be undef
 
     my $filter = {
         order_by => $c->stash->{sort_order},
@@ -653,6 +649,26 @@ sub load_and_group_problems : Private {
     return 1;
 }
 
+
+sub check_non_public_reports_permission : Private {
+    my ($self, $c, $where) = @_;
+
+    if ( $c->user_exists ) {
+        return if $c->user->is_super_user;
+
+        my $body = $c->stash->{body};
+
+        my $user_has_permission = $body && (
+            $c->user->has_permission_to('report_inspect', $body->id) ||
+            $c->user->has_permission_to('report_mark_private', $body->id)
+        );
+
+        $where->{non_public} = 0 unless $user_has_permission;
+    } else {
+        $where->{non_public} = 0;
+    }
+}
+
 sub redirect_index : Private {
     my ( $self, $c ) = @_;
     my $url = '/reports';