diff options
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report.pm | 10 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report/New.pm | 3 | ||||
| -rw-r--r-- | t/app/controller/report_inspect.t | 26 | ||||
| -rw-r--r-- | t/app/controller/report_new.t | 16 | ||||
| -rw-r--r-- | templates/web/base/report/_inspect.html | 6 | ||||
| -rw-r--r-- | templates/web/base/report/new/form_user_loggedin.html | 7 |
7 files changed, 63 insertions, 6 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 51dcc36c4..a4f540f13 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ - Admin can log a user out. #1975 - Admin can remove a user's account details. #1944 - Superusers can have optional two-factor authentication. #1973 + - Inspectors can set non_public status of reports. #1992 - UK: - Lazy load images in the footer. diff --git a/perllib/FixMyStreet/App/Controller/Report.pm b/perllib/FixMyStreet/App/Controller/Report.pm index 814fc9e62..b9d773f5e 100644 --- a/perllib/FixMyStreet/App/Controller/Report.pm +++ b/perllib/FixMyStreet/App/Controller/Report.pm @@ -76,7 +76,7 @@ sub _display : Private { $c->forward( 'load_updates' ); $c->forward( 'format_problem_for_display' ); - my $permissions = $c->stash->{_permissions} = $c->forward( 'check_has_permission_to', + my $permissions = $c->stash->{_permissions} ||= $c->forward( 'check_has_permission_to', [ qw/report_inspect report_edit_category report_edit_priority/ ] ); if (any { $_ } values %$permissions) { $c->stash->{template} = 'report/inspect.html'; @@ -128,7 +128,11 @@ sub load_problem_or_display_error : Private { [ _('That report has been removed from FixMyStreet.') ] # ); } elsif ( $problem->non_public ) { - if ( !$c->user || $c->user->id != $problem->user->id ) { + # Creator, and inspection users can see non_public reports + $c->stash->{problem} = $problem; + my $permissions = $c->stash->{_permissions} = $c->forward( 'check_has_permission_to', + [ qw/report_inspect report_edit_category report_edit_priority/ ] ); + if ( !$c->user || ($c->user->id != $problem->user->id && !$permissions->{report_inspect}) ) { $c->detach( '/page_error_403_access_denied', [ sprintf(_('That report cannot be viewed on %s.'), $c->stash->{site_name}) ] @@ -337,6 +341,8 @@ sub inspect : Private { my %update_params = (); if ($permissions->{report_inspect}) { + $problem->non_public($c->get_param('non_public') ? 1 : 0); + $problem->set_extra_metadata( traffic_information => $c->get_param('traffic_information') ); if ( my $info = $c->get_param('detailed_information') ) { diff --git a/perllib/FixMyStreet/App/Controller/Report/New.pm b/perllib/FixMyStreet/App/Controller/Report/New.pm index eff45013f..94f20a9ae 100644 --- a/perllib/FixMyStreet/App/Controller/Report/New.pm +++ b/perllib/FixMyStreet/App/Controller/Report/New.pm @@ -870,6 +870,7 @@ sub process_report : Private { 'subcategory', # 'partial', # 'service', # + 'non_public', ); # load the report @@ -897,6 +898,8 @@ sub process_report : Private { $report->anonymous( $params{may_show_name} ? 0 : 1 ); } + $report->non_public($params{non_public} ? 1 : 0); + # clean up text before setting $report->title( Utils::cleanup_text( $params{title} ) ); diff --git a/t/app/controller/report_inspect.t b/t/app/controller/report_inspect.t index 239cc408b..39dd57444 100644 --- a/t/app/controller/report_inspect.t +++ b/t/app/controller/report_inspect.t @@ -559,6 +559,7 @@ FixMyStreet::override_config { my $expected_fields = { state => 'action scheduled', category => 'Cows', + non_public => undef, public_update => '', priority => $rp->id, include_update => '1', @@ -594,6 +595,31 @@ FixMyStreet::override_config { is $report->comments->count, 1, "Only leaves one update"; like $report->comments->first->text, qr/Category changed.*Badgers/, 'update text included category change'; }; + + subtest "test non-public changing" => sub { + $report->comments->delete; + is $report->non_public, 0, 'Not set to non-public'; + $mech->get_ok("/report/$report_id"); + $mech->submit_form(button => 'save', with_fields => { include_update => 0, non_public => 1 }); + is $report->comments->count, 0, "No updates left"; + $report->discard_changes; + is $report->non_public, 1, 'Now set to non-public'; + $mech->submit_form(button => 'save', with_fields => { include_update => 0, non_public => 0 }); + is $report->comments->count, 0, "No updates left"; + $report->discard_changes; + is $report->non_public, 0, 'Not set to non-public'; + }; + + subtest "test saved-at setting" => sub { + $report->comments->delete; + $mech->get_ok("/report/$report_id"); + my $now = DateTime->now->subtract(days => 1); + $mech->submit_form(button => 'save', form_id => 'report_inspect_form', + fields => { include_update => 1, public_update => 'An update', saved_at => $now->epoch }); + $report->discard_changes; + is $report->comments->count, 1, "One update"; + is $report->comments->first->confirmed, $now; + }; }; FixMyStreet::override_config { diff --git a/t/app/controller/report_new.t b/t/app/controller/report_new.t index 3c120b0b0..32d86d803 100644 --- a/t/app/controller/report_new.t +++ b/t/app/controller/report_new.t @@ -1733,7 +1733,11 @@ subtest "extra google analytics code displayed on email confirmation problem cre }; }; -subtest "inspectors get redirected directly to the report page" => sub { +foreach my $test ( + { non_public => 0 }, + { non_public => 1 }, +) { + subtest "inspectors get redirected directly to the report page, non_public=$test->{non_public}" => sub { FixMyStreet::override_config { ALLOWED_COBRANDS => [ { fixmystreet => '.' } ], BASE_URL => 'https://www.fixmystreet.com', @@ -1746,10 +1750,14 @@ subtest "inspectors get redirected directly to the report page" => sub { body => $bodies[0], permission_type => 'planned_reports', }); + $user->user_body_permissions->find_or_create({ + body => $bodies[0], + permission_type => 'report_inspect', + }); $mech->log_in_ok('inspector@example.org'); $mech->get_ok('/'); - $mech->submit_form_ok( { with_fields => { pc => 'GL50 2PR' } }, + $mech->submit_form_ok( { with_fields => { pc => 'EH1 1BB' } }, "submit location" ); $mech->follow_link_ok( { text_regex => qr/skip this step/i, }, @@ -1766,6 +1774,7 @@ subtest "inspectors get redirected directly to the report page" => sub { may_show_name => '1', phone => '07903 123 456', category => 'Trees', + non_public => $test->{non_public}, } }, "submit good details" @@ -1773,6 +1782,7 @@ subtest "inspectors get redirected directly to the report page" => sub { like $mech->uri->path, qr/\/report\/[0-9]+/, 'Redirects directly to report'; } -}; + }; +} done_testing(); diff --git a/templates/web/base/report/_inspect.html b/templates/web/base/report/_inspect.html index eb2564157..bfcc0d228 100644 --- a/templates/web/base/report/_inspect.html +++ b/templates/web/base/report/_inspect.html @@ -7,9 +7,12 @@ [% INCLUDE 'errors.html' %] <form name="report_inspect_form" id="report_inspect_form" method="post" action="[% c.uri_for( '/report', problem.id ) %]" class="validate"> - <input type="hidden" name="js" value=""> <div class="inspect-section"> + <p style="float: right"> + <label for="non_public">[% loc('Private') %]</label> + <input type="checkbox" id="non_public" name="non_public" value="1"[% ' checked' IF problem.non_public %]> + </p> <p> <strong>[% loc('Report ID:') %]</strong> <span class="js-report-id">[% problem.id %]</span> @@ -190,6 +193,7 @@ </p> </div> + <input type="hidden" name="js" value=""> </form> </div> [%- END %] diff --git a/templates/web/base/report/new/form_user_loggedin.html b/templates/web/base/report/new/form_user_loggedin.html index ad74a5654..6257a8346 100644 --- a/templates/web/base/report/new/form_user_loggedin.html +++ b/templates/web/base/report/new/form_user_loggedin.html @@ -72,6 +72,13 @@ <input class="form-control" type="text" value="[% report.user.email | html %]" name="email" id="form_email"> [% END %] +[% IF c.user.has_permission_to("report_inspect", bodies.keys) %] + <div class="checkbox-group"> + <input type="checkbox" name="non_public" id="form_non_public" value="1"[% ' checked' IF report.non_public %]> + <label class="inline" for="form_non_public">[% loc('Private') %] </label> + </div> +[% END %] + <div class="form-txt-submit-box"> <input class="green-btn js-submit_register" type="submit" name="submit_register" value="[% loc('Submit') %]"> </div> |