diff options
| -rw-r--r-- | perllib/FixMyStreet/Cobrand/Zurich.pm | 9 | ||||
| -rw-r--r-- | t/cobrand/zurich.t | 6 | ||||
| -rw-r--r-- | templates/web/zurich/admin/index-sdm.html | 2 | ||||
| -rw-r--r-- | templates/web/zurich/admin/report_edit-sdm.html | 14 |
4 files changed, 21 insertions, 10 deletions
diff --git a/perllib/FixMyStreet/Cobrand/Zurich.pm b/perllib/FixMyStreet/Cobrand/Zurich.pm index bc8e41f42..c495cf941 100644 --- a/perllib/FixMyStreet/Cobrand/Zurich.pm +++ b/perllib/FixMyStreet/Cobrand/Zurich.pm @@ -547,6 +547,8 @@ sub admin_report_edit { if ($type ne 'super') { my %allowed_bodies = map { $_->id => 1 } ( $body->bodies->all, $body ); + # SDMs can see parent reports but not edit them + $allowed_bodies{$body->parent->id} = 1 if $type eq 'sdm'; $c->detach( '/page_error_404_not_found' ) unless $allowed_bodies{$problem->bodies_str}; } @@ -847,10 +849,13 @@ sub admin_report_edit { if ($type eq 'sdm') { + my $editable = $type eq 'sdm' && $body->id eq $problem->bodies_str; + $c->stash->{sdm_disabled} = $editable ? '' : 'disabled'; + # Has cut-down edit template for adding update and sending back up only $c->stash->{template} = 'admin/report_edit-sdm.html'; - if ($c->get_param('send_back') or $c->get_param('not_contactable')) { + if ($editable && $c->get_param('send_back') or $c->get_param('not_contactable')) { # SDM can send back a report either to be assigned to a different # subdivision, or because the customer was not contactable. # We handle these in the same way but with different statuses. @@ -876,7 +881,7 @@ sub admin_report_edit { # Make sure the problem's time_spent is updated $self->update_admin_log($c, $problem); $c->res->redirect( '/admin/summary' ); - } elsif ($c->get_param('submit')) { + } elsif ($editable && $c->get_param('submit')) { $c->forward('/auth/check_csrf_token'); my $db_update = 0; diff --git a/t/cobrand/zurich.t b/t/cobrand/zurich.t index b2ad4a7a0..3ad107b04 100644 --- a/t/cobrand/zurich.t +++ b/t/cobrand/zurich.t @@ -411,6 +411,12 @@ subtest 'SDM' => sub { $mech->submit_form_ok( { button => 'no_more_updates' } ); is $mech->uri->path, '/admin/summary', "redirected now finished with report."; + # Can still view the edit page but can't change anything + $mech->get_ok( '/admin/report_edit/' . $report->id ); + $mech->content_contains('<input disabled'); + $mech->submit_form_ok( { with_fields => { status_update => 'This is a disallowed update.' } } ); + $mech->content_lacks('This is a disallowed update'); + $mech->get_ok( '/report/' . $report->id ); $mech->content_contains('In Bearbeitung'); $mech->content_contains('Test Test'); diff --git a/templates/web/zurich/admin/index-sdm.html b/templates/web/zurich/admin/index-sdm.html index 707bb2d9d..68a2fcf62 100644 --- a/templates/web/zurich/admin/index-sdm.html +++ b/templates/web/zurich/admin/index-sdm.html @@ -5,7 +5,7 @@ [% INCLUDE list, problems = reports_new.all, hash = 'new' %] <h2 id="wait">[% loc('Reports awaiting approval') %]</h2> -[% INCLUDE list, problems = reports_unpublished.all, no_edit = 1, hash = 'wait' %] +[% INCLUDE list, problems = reports_unpublished.all, hash = 'wait' %] <h2 id="alle">[% loc('Reports published') %]</h2> [% INCLUDE list, problems = reports_published.all, no_edit = 1, hash = 'alle' %] diff --git a/templates/web/zurich/admin/report_edit-sdm.html b/templates/web/zurich/admin/report_edit-sdm.html index 0319fc565..2cbc262ae 100644 --- a/templates/web/zurich/admin/report_edit-sdm.html +++ b/templates/web/zurich/admin/report_edit-sdm.html @@ -101,28 +101,28 @@ <div class="admin-report-edit admin-report-edit--interact"> -<p align="right" class="screen-only"><input type="submit" class="btn" name="send_back" value="[% loc('Not for my subdivision') %]"></p> -<p align="right" class="screen-only"><input type="submit" class="btn" name="not_contactable" value="[% loc('Customer not contactable') %]"></p> +<p align="right" class="screen-only"><input [% sdm_disabled %] type="submit" class="btn" name="send_back" value="[% loc('Not for my subdivision') %]"></p> +<p align="right" class="screen-only"><input [% sdm_disabled %] type="submit" class="btn" name="not_contactable" value="[% loc('Customer not contactable') %]"></p> <ul class="no-bullets screen-only"> <li> <label for="new_internal_note">[% loc('New internal note:') %]</label> - <textarea class="form-control" name='new_internal_note' id='new_internal_note' cols=60 rows=4></textarea> + <textarea [% sdm_disabled %] class="form-control" name='new_internal_note' id='new_internal_note' cols=60 rows=4></textarea> </li> <li> <label for="status_update">[% loc('New note to DM:') %]</label> - <textarea class="form-control" name='status_update' id='status_update' cols=60 rows=4></textarea> + <textarea [% sdm_disabled %] class="form-control" name='status_update' id='status_update' cols=60 rows=4></textarea> </li> </ul> <p class="screen-only"> <label for="time_spent">[% loc('Time spent (in minutes):') %]</label> - <input type="text" class="form-control" name="time_spent" id="form_time_spent" style="width: 4em" value="0"> + <input [% sdm_disabled %] type="text" class="form-control" name="time_spent" id="form_time_spent" style="width: 4em" value="0"> </p> <p class="clearfix screen-only"> - <input style="float:left" type="submit" class="btn" name="Submit changes" value="[% loc('Submit changes') %]" > - <input style="float:right" type="submit" class="btn" name="no_more_updates" value="[% loc('No further updates') %]"> + <input [% sdm_disabled %] style="float:left" type="submit" class="btn" name="Submit changes" value="[% loc('Submit changes') %]" > + <input [% sdm_disabled %] style="float:right" type="submit" class="btn" name="no_more_updates" value="[% loc('No further updates') %]"> </p> [% INCLUDE 'admin/list_updates.html' %] |