diff options
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Moderate.pm | 201 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report.pm | 2 | ||||
| -rw-r--r-- | perllib/FixMyStreet/DB/Result/User.pm | 27 | ||||
| -rw-r--r-- | t/app/controller/moderate.t | 20 | ||||
| -rw-r--r-- | templates/web/base/report/_inspect.html | 2 | ||||
| -rw-r--r-- | templates/web/base/report/_main.html | 18 | ||||
| -rw-r--r-- | templates/web/base/report/display.html | 2 | ||||
| -rw-r--r-- | templates/web/base/report/update.html | 13 |
9 files changed, 121 insertions, 165 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 3a14fc601..1892c5bec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -45,6 +45,7 @@ - Include user agent in contact form emails. #2206 - Use site name in contact email subject line. - Add /_dev endpoints for previewing confirmation/submission pages. + - Allow cobrand to add extra ability to moderate. * v2.3.4 (7th June 2018) diff --git a/perllib/FixMyStreet/App/Controller/Moderate.pm b/perllib/FixMyStreet/App/Controller/Moderate.pm index 86143b5ea..45a303309 100644 --- a/perllib/FixMyStreet/App/Controller/Moderate.pm +++ b/perllib/FixMyStreet/App/Controller/Moderate.pm @@ -42,6 +42,7 @@ sub moderate : Chained('/') : PathPart('moderate') : CaptureArgs(0) { } sub report : Chained('moderate') : PathPart('report') : CaptureArgs(1) { my ($self, $c, $id) = @_; my $problem = $c->model('DB::Problem')->find($id); + $c->detach unless $problem; my $cobrand_base = $c->cobrand->base_url_for_report( $problem ); my $report_uri = $cobrand_base . $problem->url; @@ -49,9 +50,8 @@ sub report : Chained('moderate') : PathPart('report') : CaptureArgs(1) { $c->stash->{report_uri} = $report_uri; $c->res->redirect( $report_uri ); # this will be the final endpoint after all processing... - # ... and immediately, if the user isn't authorized + # ... and immediately, if the user isn't logged in $c->detach unless $c->user_exists; - $c->detach unless $c->user->has_permission_to(moderate => $problem->bodies_str_ids); $c->forward('/auth/check_csrf_token'); @@ -69,13 +69,16 @@ sub report : Chained('moderate') : PathPart('report') : CaptureArgs(1) { sub moderate_report : Chained('report') : PathPart('') : Args(0) { my ($self, $c) = @_; + # Make sure user can moderate this report + $c->detach unless $c->user->can_moderate($c->stash->{problem}); + $c->forward('report_moderate_hide'); my @types = grep $_, - $c->forward('report_moderate_title'), - $c->forward('report_moderate_detail'), - $c->forward('report_moderate_anon'), - $c->forward('report_moderate_photo'); + $c->forward('moderate_text', [ 'title' ]), + $c->forward('moderate_text', [ 'detail' ]), + $c->forward('moderate_boolean', [ 'anonymous', 'show_name' ]), + $c->forward('moderate_boolean', [ 'photo' ]); $c->detach( 'report_moderate_audit', \@types ) } @@ -135,82 +138,71 @@ sub report_moderate_hide : Private { } } -sub report_moderate_title : Private { - my ( $self, $c ) = @_; - - my $problem = $c->stash->{problem} or die; - my $original = $c->stash->{problem_original}; +sub moderate_text : Private { + my ($self, $c, $thing) = @_; + + my ($object, $original, $param); + my $thing_for_original_table = $thing; + if (my $comment = $c->stash->{comment}) { + $object = $comment; + $original = $c->stash->{comment_original}; + $param = 'update_'; + # Update 'text' field is stored in original table's 'detail' field + $thing_for_original_table = 'detail' if $thing eq 'text'; + } else { + $object = $c->stash->{problem}; + $original = $c->stash->{problem_original}; + $param = 'problem_'; + } - my $old_title = $problem->title; - my $original_title = $original->title; + my $old = $object->$thing; + my $original_thing = $original->$thing_for_original_table; - my $title = $c->get_param('problem_revert_title') ? - $original_title - : $c->get_param('problem_title'); + my $new = $c->get_param($param . 'revert_' . $thing) ? + $original_thing + : $c->get_param($param . $thing); - if ($title ne $old_title) { + if ($new ne $old) { $original->insert unless $original->in_storage; - $problem->update({ title => $title }); - return 'title'; + $object->update({ $thing => $new }); + return $thing_for_original_table; } return; } -sub report_moderate_detail : Private { - my ( $self, $c ) = @_; - - my $problem = $c->stash->{problem} or die; - my $original = $c->stash->{problem_original}; - - my $old_detail = $problem->detail; - my $original_detail = $original->detail; - my $detail = $c->get_param('problem_revert_detail') ? - $original_detail - : $c->get_param('problem_detail'); - - if ($detail ne $old_detail) { - $original->insert unless $original->in_storage; - $problem->update({ detail => $detail }); - return 'detail'; +sub moderate_boolean : Private { + my ( $self, $c, $thing, $reverse ) = @_; + + my ($object, $original, $param); + if (my $comment = $c->stash->{comment}) { + $object = $comment; + $original = $c->stash->{comment_original}; + $param = 'update_'; + } else { + $object = $c->stash->{problem}; + $original = $c->stash->{problem_original}; + $param = 'problem_'; } - return; -} - -sub report_moderate_anon : Private { - my ( $self, $c ) = @_; - - my $problem = $c->stash->{problem} or die; - my $original = $c->stash->{problem_original}; - - my $show_user = $c->get_param('problem_show_name') ? 1 : 0; - my $anonymous = $show_user ? 0 : 1; - my $old_anonymous = $problem->anonymous ? 1 : 0; - if ($anonymous != $old_anonymous) { + return if $thing eq 'photo' && !$original->photo; - $original->insert unless $original->in_storage; - $problem->update({ anonymous => $anonymous }); - return 'anonymous'; + my $new; + if ($reverse) { + $new = $c->get_param($param . $reverse) ? 0 : 1; + } else { + $new = $c->get_param($param . $thing) ? 1 : 0; } - return; -} - -sub report_moderate_photo : Private { - my ( $self, $c ) = @_; - - my $problem = $c->stash->{problem} or die; - my $original = $c->stash->{problem_original}; - - return unless $original->photo; + my $old = $object->$thing ? 1 : 0; - my $show_photo = $c->get_param('problem_show_photo') ? 1 : 0; - my $old_show_photo = $problem->photo ? 1 : 0; - - if ($show_photo != $old_show_photo) { + if ($new != $old) { $original->insert unless $original->in_storage; - $problem->update({ photo => $show_photo ? $original->photo : undef }); - return 'photo'; + if ($thing eq 'photo') { + $object->update({ $thing => $new ? $original->photo : undef }); + } else { + $object->update({ $thing => $new }); + } + return $thing; } return; } @@ -219,6 +211,9 @@ sub update : Chained('report') : PathPart('update') : CaptureArgs(1) { my ($self, $c, $id) = @_; my $comment = $c->stash->{problem}->comments->find($id); + # Make sure user can moderate this update + $c->detach unless $comment && $c->user->can_moderate($comment); + my $original = $comment->find_or_new_related( moderation_original_data => { detail => $comment->text, photo => $comment->photo, @@ -234,9 +229,9 @@ sub moderate_update : Chained('update') : PathPart('') : Args(0) { $c->forward('update_moderate_hide'); my @types = grep $_, - $c->forward('update_moderate_detail'), - $c->forward('update_moderate_anon'), - $c->forward('update_moderate_photo'); + $c->forward('moderate_text', [ 'text' ]), + $c->forward('moderate_boolean', [ 'anonymous', 'show_name' ]), + $c->forward('moderate_boolean', [ 'photo' ]); $c->detach( 'update_moderate_audit', \@types ) } @@ -274,72 +269,6 @@ sub update_moderate_hide : Private { return; } -sub update_moderate_detail : Private { - my ( $self, $c ) = @_; - - my $problem = $c->stash->{problem} or die; - my $comment = $c->stash->{comment} or die; - my $original = $c->stash->{comment_original}; - - my $old_detail = $comment->text; - my $original_detail = $original->detail; - my $detail = $c->get_param('update_revert_detail') ? - $original_detail - : $c->get_param('update_detail'); - - if ($detail ne $old_detail) { - $original->insert unless $original->in_storage; - $comment->update({ text => $detail }); - return 'detail'; - } - return; -} - -sub update_moderate_anon : Private { - my ( $self, $c ) = @_; - - my $problem = $c->stash->{problem} or die; - my $comment = $c->stash->{comment} or die; - my $original = $c->stash->{comment_original}; - - my $show_user = $c->get_param('update_show_name') ? 1 : 0; - my $anonymous = $show_user ? 0 : 1; - my $old_anonymous = $comment->anonymous ? 1 : 0; - - if ($anonymous != $old_anonymous) { - $original->insert unless $original->in_storage; - $comment->update({ anonymous => $anonymous }); - return 'anonymous'; - } - return; -} - -sub update_moderate_photo : Private { - my ( $self, $c ) = @_; - - my $problem = $c->stash->{problem} or die; - my $comment = $c->stash->{comment} or die; - my $original = $c->stash->{comment_original}; - - return unless $original->photo; - - my $show_photo = $c->get_param('update_show_photo') ? 1 : 0; - my $old_show_photo = $comment->photo ? 1 : 0; - - if ($show_photo != $old_show_photo) { - $original->insert unless $original->in_storage; - $comment->update({ photo => $show_photo ? $original->photo : undef }); - return 'photo'; - } -} - -sub return_text : Private { - my ($self, $c, $text) = @_; - - $c->res->content_type('text/plain; charset=utf-8'); - $c->res->body( $text // '' ); -} - __PACKAGE__->meta->make_immutable; 1; diff --git a/perllib/FixMyStreet/App/Controller/Report.pm b/perllib/FixMyStreet/App/Controller/Report.pm index e285687bc..854dbf3ea 100644 --- a/perllib/FixMyStreet/App/Controller/Report.pm +++ b/perllib/FixMyStreet/App/Controller/Report.pm @@ -140,7 +140,7 @@ sub load_problem_or_display_error : Private { } $c->stash->{problem} = $problem; - if ( $c->user_exists && $c->user->has_permission_to(moderate => $problem->bodies_str_ids) ) { + if ( $c->user_exists && $c->user->can_moderate($problem) ) { $c->stash->{problem_original} = $problem->find_or_new_related( moderation_original_data => { title => $problem->title, diff --git a/perllib/FixMyStreet/DB/Result/User.pm b/perllib/FixMyStreet/DB/Result/User.pm index 5ba597f74..5afd9d89c 100644 --- a/perllib/FixMyStreet/DB/Result/User.pm +++ b/perllib/FixMyStreet/DB/Result/User.pm @@ -330,6 +330,26 @@ sub split_name { return { first => $first || '', last => $last || '' }; } +sub can_moderate { + my ($self, $object, %perms) = @_; + + my ($type, $ids); + if ($object->isa("FixMyStreet::DB::Result::Comment")) { + $type = 'update'; + $ids = $object->problem->bodies_str_ids; + } else { + $type = 'problem'; + $ids = $object->bodies_str_ids; + } + + my $staff_perm = exists($perms{staff}) ? $perms{staff} : $self->has_permission_to(moderate => $ids); + return 1 if $staff_perm; + + # See if the cobrand wants to allow it in some circumstance + my $cobrand = $self->result_source->schema->cobrand; + return $cobrand->call_hook('moderate_permission', $self, $type => $object); +} + has body_permissions => ( is => 'ro', lazy => 1, @@ -340,13 +360,16 @@ has body_permissions => ( ); sub permissions { - my ($self, $c, $body_id) = @_; + my ($self, $problem) = @_; + my $cobrand = $self->result_source->schema->cobrand; if ($self->is_superuser) { - my $perms = $c->cobrand->available_permissions; + my $perms = $cobrand->available_permissions; return { map { %$_ } values %$perms }; } + my $body_id = $problem->bodies_str; + return unless $self->belongs_to_body($body_id); my @permissions = grep { $_->body_id == $self->from_body->id } @{$self->body_permissions}; diff --git a/t/app/controller/moderate.t b/t/app/controller/moderate.t index 4b2f0cfe3..c2ac3ad5a 100644 --- a/t/app/controller/moderate.t +++ b/t/app/controller/moderate.t @@ -86,7 +86,7 @@ subtest 'Auth' => sub { my %problem_prepopulated = ( problem_show_name => 1, - problem_show_photo => 1, + problem_photo => 1, problem_title => 'Good bad good', problem_detail => 'Good bad bad bad good bad', ); @@ -146,7 +146,7 @@ subtest 'Problem moderation' => sub { $mech->submit_form_ok({ with_fields => { %problem_prepopulated, - problem_show_photo => 0, + problem_photo => 0, }}); $mech->base_like( qr{\Q$REPORT_URL\E} ); @@ -154,7 +154,7 @@ subtest 'Problem moderation' => sub { $mech->submit_form_ok({ with_fields => { %problem_prepopulated, - problem_show_photo => 1, + problem_photo => 1, }}); $mech->base_like( qr{\Q$REPORT_URL\E} ); @@ -251,8 +251,8 @@ sub create_update { } my %update_prepopulated = ( update_show_name => 1, - update_show_photo => 1, - update_detail => 'update good good bad good', + update_photo => 1, + update_text => 'update good good bad good', ); my $update = create_update(); @@ -263,7 +263,7 @@ subtest 'updates' => sub { $mech->get_ok($REPORT_URL); $mech->submit_form_ok({ with_fields => { %update_prepopulated, - update_detail => 'update good good good', + update_text => 'update good good good', }}) or die $mech->content; $mech->base_like( qr{\Q$REPORT_URL\E} ); @@ -274,7 +274,7 @@ subtest 'updates' => sub { subtest 'Revert text' => sub { $mech->submit_form_ok({ with_fields => { %update_prepopulated, - update_revert_detail => 1, + update_revert_text => 1, }}); $mech->base_like( qr{\Q$REPORT_URL\E} ); @@ -314,7 +314,7 @@ subtest 'updates' => sub { $mech->submit_form_ok({ with_fields => { %update_prepopulated, - update_show_photo => 0, + update_photo => 0, }}); $mech->base_like( qr{\Q$REPORT_URL\E} ); @@ -322,7 +322,7 @@ subtest 'updates' => sub { $mech->submit_form_ok({ with_fields => { %update_prepopulated, - update_show_photo => 1, + update_photo => 1, }}); $mech->base_like( qr{\Q$REPORT_URL\E} ); @@ -348,7 +348,7 @@ subtest 'Update 2' => sub { $mech->get_ok($REPORT_URL); $mech->submit_form_ok({ with_fields => { %update_prepopulated, - update_detail => 'update good good good', + update_text => 'update good good good', }}) or die $mech->content; $update2->discard_changes; diff --git a/templates/web/base/report/_inspect.html b/templates/web/base/report/_inspect.html index adb56190d..e5094d02e 100644 --- a/templates/web/base/report/_inspect.html +++ b/templates/web/base/report/_inspect.html @@ -1,4 +1,4 @@ -[% permissions = c.user.permissions(c, problem.bodies_str) %] +[% permissions = c.user.permissions(problem) %] [% second_column = BLOCK -%] <div id="side-inspect"> diff --git a/templates/web/base/report/_main.html b/templates/web/base/report/_main.html index fe0fe74d5..1e427fd86 100644 --- a/templates/web/base/report/_main.html +++ b/templates/web/base/report/_main.html @@ -1,3 +1,5 @@ +[% can_moderate = permissions.moderate OR c.user.can_moderate(problem, staff = permissions.moderate) %] + <a href="[% c.uri_for( '/around', { lat => latitude, lon => longitude } ) %]" class="problem-back js-back-to-report-list">[% loc('Back to all reports') %]</a> @@ -30,7 +32,7 @@ </form> [% END %] - [% IF permissions.moderate %] + [% IF can_moderate %] [% original = problem_original %] <form method="post" action="/moderate/report/[% problem.id %]"> <input type="hidden" name="token" value="[% csrf_token %]"> @@ -38,7 +40,7 @@ <h1 class="moderate-display">[% problem.title | html %]</h1> - [% IF permissions.moderate %] + [% IF can_moderate %] <div class="moderate-edit"> [% IF problem.title != original.title %] <label> @@ -71,11 +73,11 @@ [% INCLUDE 'report/_support.html' %] - [% IF permissions.moderate %] + [% IF can_moderate %] [% IF problem.photo or original.photo %] <p class="moderate-edit"> <label> - <input type="checkbox" name="problem_show_photo" [% problem.photo ? 'checked' : '' %]> + <input type="checkbox" name="problem_photo" [% problem.photo ? 'checked' : '' %]> [% loc('Show photo') %] </label> </p> @@ -87,7 +89,7 @@ [% problem.detail | add_links | html_para %] </div> - [% IF permissions.moderate %] + [% IF can_moderate %] <p class="moderate-edit"> [% IF problem.detail != original.detail %] <label> @@ -116,13 +118,13 @@ </div> [% END %] - [% IF permissions.moderate %] + [% IF can_moderate %] </form> [% END %] - [% IF permissions.moderate OR permissions.planned_reports %] + [% IF can_moderate OR permissions.planned_reports %] <div class="moderate-display segmented-control" role="menu"> - [% IF permissions.moderate %] + [% IF can_moderate %] <a class="js-moderate btn" role="menuitem" aria-label="[% loc('Moderate this report') %]">[% loc('Moderate') %]</a> [% END %] [% IF permissions.planned_reports %] diff --git a/templates/web/base/report/display.html b/templates/web/base/report/display.html index ebe969994..eedbc4f85 100644 --- a/templates/web/base/report/display.html +++ b/templates/web/base/report/display.html @@ -40,7 +40,7 @@ [% INCLUDE 'report/banner.html' %] [% IF c.user_exists %] - [% DEFAULT permissions = c.user.permissions(c, problem.bodies_str) %] + [% DEFAULT permissions = c.user.permissions(problem) %] [%- END %] [% INCLUDE 'report/_main.html' %] diff --git a/templates/web/base/report/update.html b/templates/web/base/report/update.html index 4a2642c9a..122dbfe3b 100644 --- a/templates/web/base/report/update.html +++ b/templates/web/base/report/update.html @@ -1,3 +1,4 @@ +[% can_moderate = permissions.moderate OR c.user.can_moderate(update, staff = permissions.moderate) %] [% IF loop.first %] <section class="full-width"> <h4 class="static-with-rule">[% loc('Updates') %]</h4> @@ -5,7 +6,7 @@ [% END %] <li class="item-list__item item-list__item--updates"> <a name="update_[% update.id %]" class="internal-link-fixed-header"></a> - [% IF permissions.moderate; original_update = update.moderation_original_data %] + [% IF can_moderate; original_update = update.moderation_original_data %] <form method="post" action="/moderate/report/[% problem.id %]/update/[% update.id %]"> <input type="hidden" name="token" value="[% csrf_token %]"> <input type="button" class="btn js-moderate moderate-display" value="[% loc('Moderate this update') %]"> @@ -15,7 +16,7 @@ <label><input type="checkbox" name="update_show_name" [% update.anonymous ? '' : 'checked' %]> [% loc('Show name publicly?') %]</label> [% IF update.photo or original_update.photo %] - <label><input type="checkbox" name="update_show_photo" [% update.photo ? 'checked' : '' %]> + <label><input type="checkbox" name="update_photo" [% update.photo ? 'checked' : '' %]> [% loc('Show Photo?') %]</label> [% END %] </div> @@ -31,13 +32,13 @@ <div class="moderate-display"> [% update.text | add_links | markup(update.user) | html_para %] </div> - [% IF permissions.moderate %] + [% IF can_moderate %] <div class="moderate-edit"> [% IF update.text != original.detail %] - <label><input type="checkbox" name="update_revert_detail" class="revert-textarea"> + <label><input type="checkbox" name="update_revert_text" class="revert-textarea"> [% loc('Revert to original') %]</label> [% END %] - <textarea class="form-control" name="update_detail">[% update.text | add_links %]</textarea> + <textarea class="form-control" name="update_text">[% update.text | add_links %]</textarea> </div> [% END %] @@ -45,7 +46,7 @@ </div> [% END %] </div> - [% IF permissions.moderate %] + [% IF can_moderate %] <div class="moderate-edit"> <label for="moderation_reason">[% loc('Describe why you are moderating this') %]</label> <input type="text" class="form-control" name="moderation_reason"> |