aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGELOG.md2
-rw-r--r--perllib/FixMyStreet/App/Controller/Report.pm42
-rw-r--r--perllib/FixMyStreet/App/Controller/Report/New.pm3
-rw-r--r--perllib/FixMyStreet/App/Controller/Reports.pm27
-rw-r--r--perllib/FixMyStreet/DB/ResultSet/Nearby.pm3
-rw-r--r--perllib/FixMyStreet/DB/ResultSet/Problem.pm37
-rw-r--r--t/app/controller/report_inspect.t26
-rw-r--r--t/app/controller/report_new.t16
-rw-r--r--templates/web/base/report/_inspect.html6
-rw-r--r--templates/web/base/report/new/form_user_loggedin.html7
10 files changed, 132 insertions, 37 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 018d69fcf..82e79cc35 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,8 @@
## Releases
* Unreleased
+ - Admin improvements:
+ - Inspectors can set non_public status of reports. #1992
* v2.3.1 (12th February 2018)
- Front end improvements:
diff --git a/perllib/FixMyStreet/App/Controller/Report.pm b/perllib/FixMyStreet/App/Controller/Report.pm
index b1cc5885a..b9d773f5e 100644
--- a/perllib/FixMyStreet/App/Controller/Report.pm
+++ b/perllib/FixMyStreet/App/Controller/Report.pm
@@ -76,7 +76,7 @@ sub _display : Private {
$c->forward( 'load_updates' );
$c->forward( 'format_problem_for_display' );
- my $permissions = $c->stash->{_permissions} = $c->forward( 'check_has_permission_to',
+ my $permissions = $c->stash->{_permissions} ||= $c->forward( 'check_has_permission_to',
[ qw/report_inspect report_edit_category report_edit_priority/ ] );
if (any { $_ } values %$permissions) {
$c->stash->{template} = 'report/inspect.html';
@@ -128,7 +128,11 @@ sub load_problem_or_display_error : Private {
[ _('That report has been removed from FixMyStreet.') ] #
);
} elsif ( $problem->non_public ) {
- if ( !$c->user || $c->user->id != $problem->user->id ) {
+ # Creator, and inspection users can see non_public reports
+ $c->stash->{problem} = $problem;
+ my $permissions = $c->stash->{_permissions} = $c->forward( 'check_has_permission_to',
+ [ qw/report_inspect report_edit_category report_edit_priority/ ] );
+ if ( !$c->user || ($c->user->id != $problem->user->id && !$permissions->{report_inspect}) ) {
$c->detach(
'/page_error_403_access_denied',
[ sprintf(_('That report cannot be viewed on %s.'), $c->stash->{site_name}) ]
@@ -337,6 +341,8 @@ sub inspect : Private {
my %update_params = ();
if ($permissions->{report_inspect}) {
+ $problem->non_public($c->get_param('non_public') ? 1 : 0);
+
$problem->set_extra_metadata( traffic_information => $c->get_param('traffic_information') );
if ( my $info = $c->get_param('detailed_information') ) {
@@ -450,22 +456,24 @@ sub inspect : Private {
}
$problem->lastupdate( \'current_timestamp' );
$problem->update;
- my $timestamp = \'current_timestamp';
- if (my $saved_at = $c->get_param('saved_at')) {
- $timestamp = DateTime->from_epoch( epoch => $saved_at );
+ if ($update_text || %update_params) {
+ my $timestamp = \'current_timestamp';
+ if (my $saved_at = $c->get_param('saved_at')) {
+ $timestamp = DateTime->from_epoch( epoch => $saved_at );
+ }
+ my $name = $c->user->from_body ? $c->user->from_body->name : $c->user->name;
+ $problem->add_to_comments( {
+ text => $update_text,
+ created => $timestamp,
+ confirmed => $timestamp,
+ user_id => $c->user->id,
+ name => $name,
+ state => 'confirmed',
+ mark_fixed => 0,
+ anonymous => 0,
+ %update_params,
+ } );
}
- my $name = $c->user->from_body ? $c->user->from_body->name : $c->user->name;
- $problem->add_to_comments( {
- text => $update_text,
- created => $timestamp,
- confirmed => $timestamp,
- user_id => $c->user->id,
- name => $name,
- state => 'confirmed',
- mark_fixed => 0,
- anonymous => 0,
- %update_params,
- } );
my $redirect_uri;
$problem->discard_changes;
diff --git a/perllib/FixMyStreet/App/Controller/Report/New.pm b/perllib/FixMyStreet/App/Controller/Report/New.pm
index f9e07dd41..888110429 100644
--- a/perllib/FixMyStreet/App/Controller/Report/New.pm
+++ b/perllib/FixMyStreet/App/Controller/Report/New.pm
@@ -870,6 +870,7 @@ sub process_report : Private {
'subcategory', #
'partial', #
'service', #
+ 'non_public',
);
# load the report
@@ -897,6 +898,8 @@ sub process_report : Private {
$report->anonymous( $params{may_show_name} ? 0 : 1 );
}
+ $report->non_public($params{non_public} ? 1 : 0);
+
# clean up text before setting
$report->title( Utils::cleanup_text( $params{title} ) );
diff --git a/perllib/FixMyStreet/App/Controller/Reports.pm b/perllib/FixMyStreet/App/Controller/Reports.pm
index 7c3796c42..15a220644 100644
--- a/perllib/FixMyStreet/App/Controller/Reports.pm
+++ b/perllib/FixMyStreet/App/Controller/Reports.pm
@@ -544,20 +544,27 @@ sub load_and_group_problems : Private {
my $states = $c->stash->{filter_problem_states};
my $where = {
- non_public => 0,
state => [ keys %$states ]
};
+
+ my $body = $c->stash->{body}; # Might be undef
+
+ if ($c->user_exists && ($c->user->is_superuser || ($body && $c->user->has_permission_to('report_inspect', $body->id)))) {
+ # See all reports, no restriction
+ } else {
+ $where->{non_public} = 0;
+ }
+
my $filter = {
order_by => $c->stash->{sort_order},
rows => $c->cobrand->reports_per_page,
};
- if ($c->user_exists && $c->stash->{body}) {
- my $bid = $c->stash->{body}->id;
+ if ($c->user_exists && $body) {
my $prefetch = [];
- if ($c->user->has_permission_to('planned_reports', $bid)) {
+ if ($c->user->has_permission_to('planned_reports', $body->id)) {
push @$prefetch, 'user_planned_reports';
}
- if ($c->user->has_permission_to('report_edit_priority', $bid) || $c->user->has_permission_to('report_inspect', $bid)) {
+ if ($c->user->has_permission_to('report_edit_priority', $body->id) || $c->user->has_permission_to('report_inspect', $body->id)) {
push @$prefetch, 'response_priority';
}
$prefetch = $prefetch->[0] if @$prefetch == 1;
@@ -589,9 +596,9 @@ sub load_and_group_problems : Private {
$where->{areas} = [
map { { 'like', '%,' . $_->{id} . ',%' } } @{$c->stash->{wards}}
];
- $problems = $problems->to_body($c->stash->{body});
- } elsif ($c->stash->{body}) {
- $problems = $problems->to_body($c->stash->{body});
+ $problems = $problems->to_body($body);
+ } elsif ($body) {
+ $problems = $problems->to_body($body);
}
if (my $bbox = $c->get_param('bbox')) {
@@ -609,7 +616,7 @@ sub load_and_group_problems : Private {
my ( %problems, @pins );
while ( my $problem = $problems->next ) {
- if ( !$c->stash->{body} ) {
+ if ( !$body ) {
add_row( $c, $problem, 0, \%problems, \@pins );
next;
}
@@ -623,7 +630,7 @@ sub load_and_group_problems : Private {
# Add to bodies it was sent to
my $bodies = $problem->bodies_str_ids;
foreach ( @$bodies ) {
- next if $_ != $c->stash->{body}->id;
+ next if $_ != $body->id;
add_row( $c, $problem, $_, \%problems, \@pins );
}
}
diff --git a/perllib/FixMyStreet/DB/ResultSet/Nearby.pm b/perllib/FixMyStreet/DB/ResultSet/Nearby.pm
index 6e5e0220f..ab554eb9d 100644
--- a/perllib/FixMyStreet/DB/ResultSet/Nearby.pm
+++ b/perllib/FixMyStreet/DB/ResultSet/Nearby.pm
@@ -17,13 +17,14 @@ sub nearby {
}
my $params = {
- non_public => 0,
state => [ keys %$states ],
};
$params->{id} = { -not_in => $ids }
if $ids;
$params->{category} = $categories if $categories && @$categories;
+ FixMyStreet::DB::ResultSet::Problem->non_public_if_possible($params, $c);
+
$rs = $c->cobrand->problems_restriction($rs);
my $attrs = {
diff --git a/perllib/FixMyStreet/DB/ResultSet/Problem.pm b/perllib/FixMyStreet/DB/ResultSet/Problem.pm
index 3f083c073..458efa179 100644
--- a/perllib/FixMyStreet/DB/ResultSet/Problem.pm
+++ b/perllib/FixMyStreet/DB/ResultSet/Problem.pm
@@ -15,15 +15,41 @@ sub set_restriction {
$site_key = $key;
}
-sub to_body {
- my ($rs, $bodies, $join) = @_;
- return $rs unless $bodies;
+sub body_query {
+ my ($rs, $bodies) = @_;
unless (ref $bodies eq 'ARRAY') {
$bodies = [ map { ref $_ ? $_->id : $_ } $bodies ];
}
+ \[ "regexp_split_to_array(bodies_str, ',') && ?", [ {} => $bodies ] ]
+}
+
+# Edits PARAMS in place to either hide non_public reports, or show them
+# if user is superuser (all) or inspector (correct body)
+sub non_public_if_possible {
+ my ($rs, $params, $c) = @_;
+ if ($c->user_exists) {
+ if ($c->user->is_superuser) {
+ # See all reports, no restriction
+ } elsif ($c->user->has_body_permission_to('report_inspect')) {
+ $params->{'-or'} = [
+ non_public => 0,
+ $rs->body_query($c->user->from_body->id),
+ ];
+ } else {
+ $params->{non_public} = 0;
+ }
+ } else {
+ $params->{non_public} = 0;
+ }
+}
+
+sub to_body {
+ my ($rs, $bodies, $join) = @_;
+ return $rs unless $bodies;
$join = { join => 'problem' } if $join;
$rs = $rs->search(
- \[ "regexp_split_to_array(bodies_str, ',') && ?", [ {} => $bodies ] ],
+ # This isn't using $rs->body_query because $rs might be Problem, Comment, or Nearby
+ FixMyStreet::DB::ResultSet::Problem->body_query($bodies),
$join
);
return $rs;
@@ -151,13 +177,14 @@ sub around_map {
}
my $q = {
- non_public => 0,
state => [ keys %{$p{states}} ],
latitude => { '>=', $p{min_lat}, '<', $p{max_lat} },
longitude => { '>=', $p{min_lon}, '<', $p{max_lon} },
};
$q->{category} = $p{categories} if $p{categories} && @{$p{categories}};
+ $rs->non_public_if_possible($q, $c);
+
my $problems = mySociety::Locale::in_gb_locale {
$rs->search( $q, $attr )->include_comment_counts->page($p{page});
};
diff --git a/t/app/controller/report_inspect.t b/t/app/controller/report_inspect.t
index 239cc408b..39dd57444 100644
--- a/t/app/controller/report_inspect.t
+++ b/t/app/controller/report_inspect.t
@@ -559,6 +559,7 @@ FixMyStreet::override_config {
my $expected_fields = {
state => 'action scheduled',
category => 'Cows',
+ non_public => undef,
public_update => '',
priority => $rp->id,
include_update => '1',
@@ -594,6 +595,31 @@ FixMyStreet::override_config {
is $report->comments->count, 1, "Only leaves one update";
like $report->comments->first->text, qr/Category changed.*Badgers/, 'update text included category change';
};
+
+ subtest "test non-public changing" => sub {
+ $report->comments->delete;
+ is $report->non_public, 0, 'Not set to non-public';
+ $mech->get_ok("/report/$report_id");
+ $mech->submit_form(button => 'save', with_fields => { include_update => 0, non_public => 1 });
+ is $report->comments->count, 0, "No updates left";
+ $report->discard_changes;
+ is $report->non_public, 1, 'Now set to non-public';
+ $mech->submit_form(button => 'save', with_fields => { include_update => 0, non_public => 0 });
+ is $report->comments->count, 0, "No updates left";
+ $report->discard_changes;
+ is $report->non_public, 0, 'Not set to non-public';
+ };
+
+ subtest "test saved-at setting" => sub {
+ $report->comments->delete;
+ $mech->get_ok("/report/$report_id");
+ my $now = DateTime->now->subtract(days => 1);
+ $mech->submit_form(button => 'save', form_id => 'report_inspect_form',
+ fields => { include_update => 1, public_update => 'An update', saved_at => $now->epoch });
+ $report->discard_changes;
+ is $report->comments->count, 1, "One update";
+ is $report->comments->first->confirmed, $now;
+ };
};
FixMyStreet::override_config {
diff --git a/t/app/controller/report_new.t b/t/app/controller/report_new.t
index 3c120b0b0..32d86d803 100644
--- a/t/app/controller/report_new.t
+++ b/t/app/controller/report_new.t
@@ -1733,7 +1733,11 @@ subtest "extra google analytics code displayed on email confirmation problem cre
};
};
-subtest "inspectors get redirected directly to the report page" => sub {
+foreach my $test (
+ { non_public => 0 },
+ { non_public => 1 },
+) {
+ subtest "inspectors get redirected directly to the report page, non_public=$test->{non_public}" => sub {
FixMyStreet::override_config {
ALLOWED_COBRANDS => [ { fixmystreet => '.' } ],
BASE_URL => 'https://www.fixmystreet.com',
@@ -1746,10 +1750,14 @@ subtest "inspectors get redirected directly to the report page" => sub {
body => $bodies[0],
permission_type => 'planned_reports',
});
+ $user->user_body_permissions->find_or_create({
+ body => $bodies[0],
+ permission_type => 'report_inspect',
+ });
$mech->log_in_ok('inspector@example.org');
$mech->get_ok('/');
- $mech->submit_form_ok( { with_fields => { pc => 'GL50 2PR' } },
+ $mech->submit_form_ok( { with_fields => { pc => 'EH1 1BB' } },
"submit location" );
$mech->follow_link_ok(
{ text_regex => qr/skip this step/i, },
@@ -1766,6 +1774,7 @@ subtest "inspectors get redirected directly to the report page" => sub {
may_show_name => '1',
phone => '07903 123 456',
category => 'Trees',
+ non_public => $test->{non_public},
}
},
"submit good details"
@@ -1773,6 +1782,7 @@ subtest "inspectors get redirected directly to the report page" => sub {
like $mech->uri->path, qr/\/report\/[0-9]+/, 'Redirects directly to report';
}
-};
+ };
+}
done_testing();
diff --git a/templates/web/base/report/_inspect.html b/templates/web/base/report/_inspect.html
index 1893826de..eef85c06e 100644
--- a/templates/web/base/report/_inspect.html
+++ b/templates/web/base/report/_inspect.html
@@ -7,9 +7,12 @@
[% INCLUDE 'errors.html' %]
<form name="report_inspect_form" id="report_inspect_form" method="post" action="[% c.uri_for( '/report', problem.id ) %]" class="validate">
- <input type="hidden" name="js" value="">
<div class="inspect-section">
+ <p style="float: right">
+ <label for="non_public">[% loc('Private') %]</label>
+ <input type="checkbox" id="non_public" name="non_public" value="1"[% ' checked' IF problem.non_public %]>
+ </p>
<p>
<strong>[% loc('Report ID:') %]</strong>
<span class="js-report-id">[% problem.id %]</span>
@@ -190,6 +193,7 @@
</p>
</div>
+ <input type="hidden" name="js" value="">
</form>
</div>
[%- END %]
diff --git a/templates/web/base/report/new/form_user_loggedin.html b/templates/web/base/report/new/form_user_loggedin.html
index ad74a5654..6257a8346 100644
--- a/templates/web/base/report/new/form_user_loggedin.html
+++ b/templates/web/base/report/new/form_user_loggedin.html
@@ -72,6 +72,13 @@
<input class="form-control" type="text" value="[% report.user.email | html %]" name="email" id="form_email">
[% END %]
+[% IF c.user.has_permission_to("report_inspect", bodies.keys) %]
+ <div class="checkbox-group">
+ <input type="checkbox" name="non_public" id="form_non_public" value="1"[% ' checked' IF report.non_public %]>
+ <label class="inline" for="form_non_public">[% loc('Private') %] </label>
+ </div>
+[% END %]
+
<div class="form-txt-submit-box">
<input class="green-btn js-submit_register" type="submit" name="submit_register" value="[% loc('Submit') %]">
</div>
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 18:21:04 +0000