Feature to create report as body/other user.

This allows users who have the correct permissions to add reports on
behalf of the body or another user.

We enable editing of the email box by default, so that if JavaScript
isn't available, someone can still change the email for the 'another
user' option.

For mysociety/fixmystreetforcouncils#10 and
mysociety/fixmystreetforcouncils#11

2 files changed, 74 insertions, 11 deletions

diff --git a/perllib/FixMyStreet/App/Controller/Report/New.pm b/perllib/FixMyStreet/App/Controller/Report/New.pm
index bbd27c666..8eabf64c1 100644
--- a/perllib/FixMyStreet/App/Controller/Report/New.pm
+++ b/perllib/FixMyStreet/App/Controller/Report/New.pm
@@ -718,16 +718,31 @@ sub process_user : Private {
         }
     }
 
-    # The user is already signed in
-    if ( $c->user_exists ) {
+    # The user is already signed in. Extra bare block for 'last'.
+    if ( $c->user_exists ) { {
         my $user = $c->user->obj;
+
+        if ($c->stash->{contributing_as_another_user} = $user->contributing_as('another_user', $c, $c->stash->{bodies})) {
+            # Act as if not logged in (and it will be auto-confirmed later on)
+            $report->user(undef);
+            last;
+        }
+
         $user->name( Utils::trim_text( $params{name} ) ) if $params{name};
         $user->phone( Utils::trim_text( $params{phone} ) );
         $user->title( $user_title ) if $user_title;
         $report->user( $user );
-        $report->name( $user->name );
+
+        if ($c->stash->{contributing_as_body} = $user->contributing_as('body', $c, $c->stash->{bodies})) {
+            $report->name($user->from_body->name);
+            $user->name($user->from_body->name) unless $user->name;
+            $c->stash->{no_reporter_alert} = 1;
+        } else {
+            $report->name($user->name);
+        }
+
         return 1;
-    }
+    } }
 
     # cleanup the email address
     my $email = $params{email} ? lc $params{email} : '';
@@ -796,7 +811,11 @@ sub process_report : Private {
     $report->send_questionnaire( $c->cobrand->send_questionnaires() );
 
     # set some simple bool values (note they get inverted)
-    $report->anonymous( $params{may_show_name} ? 0 : 1 );
+    if ($c->stash->{contributing_as_body}) {
+        $report->anonymous(0);
+    } else {
+        $report->anonymous( $params{may_show_name} ? 0 : 1 );
+    }
 
     # clean up text before setting
     $report->title( Utils::cleanup_text( $params{title} ) );
@@ -1075,7 +1094,10 @@ sub save_user_and_report : Private {
             $report->user->insert();
         }
         $report->confirm();
-
+    } elsif ( $c->forward('created_as_someone_else', [ $c->stash->{bodies} ]) ) {
+        # If created on behalf of someone else, we automatically confirm it,
+        # but we don't want to update the user account
+        $report->confirm();
     } elsif ( !$report->user->in_storage ) {
         # User does not exist.
         $c->forward('tokenize_user', [ $report ]);
@@ -1111,6 +1133,11 @@ sub save_user_and_report : Private {
     return 1;
 }
 
+sub created_as_someone_else : Private {
+    my ($self, $c, $bodies) = @_;
+    return $c->stash->{contributing_as_another_user} || $c->stash->{contributing_as_body};
+}
+
 =head2 generate_map
 
 Add the html needed to for the map to the stash.
@@ -1166,6 +1193,11 @@ sub redirect_or_confirm_creation : Private {
     if ( $report->confirmed ) {
         # Subscribe problem reporter to email updates
         $c->forward( 'create_reporter_alert' );
+        if ($c->stash->{contributing_as_another_user}) {
+            $c->send_email( 'other-reported.txt', {
+                to => [ [ $report->user->email, $report->name ] ],
+            } );
+        }
         $c->log->info($report->user->id . ' was logged in, showing confirmation page for ' . $report->id);
         $c->stash->{created_report} = 'loggedin';
         $c->stash->{template} = 'tokens/confirm_problem.html';
@@ -1184,6 +1216,8 @@ sub redirect_or_confirm_creation : Private {
 sub create_reporter_alert : Private {
     my ( $self, $c ) = @_;
 
+    return if $c->stash->{no_reporter_alert};
+
     my $problem = $c->stash->{report};
     my $alert = $c->model('DB::Alert')->find_or_create( {
         user         => $problem->user,
diff --git a/perllib/FixMyStreet/App/Controller/Report/Update.pm b/perllib/FixMyStreet/App/Controller/Report/Update.pm
index d03797f56..705e6ee99 100644
--- a/perllib/FixMyStreet/App/Controller/Report/Update.pm
+++ b/perllib/FixMyStreet/App/Controller/Report/Update.pm
@@ -109,8 +109,15 @@ sub process_user : Private {
 
     my $update = $c->stash->{update};
 
-    if ( $c->user_exists ) {
+    # Extra block to use 'last'
+    if ( $c->user_exists ) { {
         my $user = $c->user->obj;
+
+        if ($c->stash->{contributing_as_another_user} = $user->contributing_as('another_user', $c, $update->problem->bodies_str)) {
+            # Act as if not logged in (and it will be auto-confirmed later on)
+            last;
+        }
+
         my $name = $c->get_param('name');
         $user->name( Utils::trim_text( $name ) ) if $name;
         my $title = $c->get_param('fms_extra_title');
@@ -119,8 +126,14 @@ sub process_user : Private {
             $user->title( Utils::trim_text( $title ) );
         }
         $update->user( $user );
+
+        # Just in case, make sure the user will have a name
+        if ($c->stash->{contributing_as_body}) {
+            $user->name($user->from_body->name) unless $user->name;
+        }
+
         return 1;
-    }
+    } }
 
     # Extract all the params to a hash to make them easier to work with
     my %params = map { $_ => $c->get_param($_) }
@@ -254,16 +267,23 @@ sub process_update : Private {
       Utils::cleanup_text( $params{update}, { allow_multiline => 1 } );
 
     my $name = Utils::trim_text( $params{name} );
-    my $anonymous = $c->get_param('may_show_name') ? 0 : 1;
 
     $params{reopen} = 0 unless $c->user && $c->user->id == $c->stash->{problem}->user->id;
 
     my $update = $c->stash->{update};
     $update->text($params{update});
-    $update->name($name);
+
     $update->mark_fixed($params{fixed} ? 1 : 0);
     $update->mark_open($params{reopen} ? 1 : 0);
-    $update->anonymous($anonymous);
+
+    $c->stash->{contributing_as_body} = $c->user_exists && $c->user->contributing_as('body', $c, $update->problem->bodies_str);
+    if ($c->stash->{contributing_as_body}) {
+        $update->name($c->user->from_body->name);
+        $update->anonymous(0);
+    } else {
+        $update->name($name);
+        $update->anonymous($c->get_param('may_show_name') ? 0 : 1);
+    }
 
     if ( $params{state} ) {
         $params{state} = 'fixed - council' 
@@ -431,6 +451,10 @@ sub save_update : Private {
             $update->user->insert();
         }
         $update->confirm();
+    } elsif ( $c->forward('/report/new/created_as_someone_else', [ $update->problem->bodies_str ]) ) {
+        # If created on behalf of someone else, we automatically confirm it,
+        # but we don't want to update the user account
+        $update->confirm();
     } elsif ( !$update->user->in_storage ) {
         # User does not exist.
         $c->forward('tokenize_user', [ $update ]);
@@ -474,6 +498,11 @@ sub redirect_or_confirm_creation : Private {
     if ( $update->confirmed ) {
         $c->forward( 'update_problem' );
         $c->forward( 'signup_for_alerts' );
+        if ($c->stash->{contributing_as_another_user}) {
+            $c->send_email( 'other-updated.txt', {
+                to => [ [ $update->user->email, $update->name ] ],
+            } );
+        }
         $c->stash->{template} = 'tokens/confirm_update.html';
         return 1;
     }