diff options
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Alert.pm | 43 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report.pm | 4 | ||||
| -rw-r--r-- | t/app/controller/alert_new.t | 66 | ||||
| -rw-r--r-- | templates/web/base/alert/updates.html | 16 | ||||
| -rw-r--r-- | templates/web/base/report/display_tools.html | 10 | ||||
| -rw-r--r-- | templates/web/base/report/new/duplicate_suggestions.html | 10 |
7 files changed, 109 insertions, 41 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index f9bb0b2e0..01c7a46b9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -32,6 +32,7 @@ - Store a moderation history on admin report edit. - Add user admin log page. - Allow report as another user with only name. + - Allow staff users to sign other people up for alerts. - New features: - Categories can be listed under more than one group #2475 - OpenID Connect login support. #2523 diff --git a/perllib/FixMyStreet/App/Controller/Alert.pm b/perllib/FixMyStreet/App/Controller/Alert.pm index 755602562..a42e7203a 100644 --- a/perllib/FixMyStreet/App/Controller/Alert.pm +++ b/perllib/FixMyStreet/App/Controller/Alert.pm @@ -58,12 +58,15 @@ sub subscribe : Path('subscribe') : Args(0) { $c->detach('rss') if $c->get_param('rss'); + my $id = $c->get_param('id'); + $c->forward('/report/load_problem_or_display_error', [ $id ]) if $id; + # if it exists then it's been submitted so we should # go to subscribe email and let it work out the next step $c->detach('subscribe_email') if $c->get_param('rznvy') || $c->get_param('alert'); - $c->go('updates') if $c->get_param('id'); + $c->go('updates') if $id; # shouldn't get to here but if we have then do something sensible $c->go('index'); @@ -148,7 +151,7 @@ sub updates : Path('updates') : Args(0) { $c->forward('/auth/get_csrf_token'); $c->stash->{email} = $c->get_param('rznvy'); - $c->stash->{problem_id} = $c->get_param('id'); + $c->stash->{email} ||= $c->user->email if $c->user_exists; } =head2 confirm @@ -193,7 +196,7 @@ sub create_alert : Private { $alert->insert(); } - if ( $c->user && $c->user->id == $alert->user->id ) { + if ( $c->user_exists && ($c->user->id == $alert->user->id || $c->stash->{can_create_for_another})) { $alert->confirm(); } else { $alert->confirmed(0); @@ -211,13 +214,10 @@ Set up the options in the stash required to create a problem update alert sub set_update_alert_options : Private { my ( $self, $c ) = @_; - my $report_id = $c->get_param('id'); - return unless $report_id =~ /^[1-9]\d*$/; - my $options = { user => $c->stash->{alert_user}, alert_type => 'new_updates', - parameter => $report_id, + parameter => $c->stash->{problem}->id, }; $c->stash->{alert_options} = $options; @@ -340,16 +340,16 @@ sub process_user : Private { my ( $self, $c ) = @_; if ( $c->user_exists ) { - $c->stash->{alert_user} = $c->user->obj; - return; + $c->stash->{can_create_for_another} = $c->stash->{problem} + && $c->user->has_permission_to(contribute_as_another_user => $c->stash->{problem}->bodies_str_ids); + if (!$c->stash->{can_create_for_another}) { + $c->stash->{alert_user} = $c->user->obj; + return; + } } - # Extract all the params to a hash to make them easier to work with - my %params = map { $_ => $c->get_param($_) } - ( 'rznvy' ); # , 'password_register' ); - - # cleanup the email address - my $email = $params{rznvy} ? lc $params{rznvy} : ''; + my $email = $c->get_param('rznvy'); + $email = $email ? lc $email : ''; $email =~ s{\s+}{}g; push @{ $c->stash->{errors} }, _('Please enter a valid email address') @@ -357,19 +357,6 @@ sub process_user : Private { my $alert_user = $c->model('DB::User')->find_or_new( { email => $email } ); $c->stash->{alert_user} = $alert_user; - -# # The user is trying to sign in. We only care about email from the params. -# if ( $c->get_param('submit_sign_in') ) { -# unless ( $c->forward( '/auth/sign_in', [ $email ] ) ) { -# $c->stash->{field_errors}->{password} = _('There was a problem with your email/password combination. Please try again.'); -# return 1; -# } -# my $user = $c->user->obj; -# $c->stash->{alert_user} = $user; -# return 1; -# } -# -# $alert_user->password( $params{password_register} ); } =head2 setup_coordinate_rss_feeds diff --git a/perllib/FixMyStreet/App/Controller/Report.pm b/perllib/FixMyStreet/App/Controller/Report.pm index debf27cde..9cc810c16 100644 --- a/perllib/FixMyStreet/App/Controller/Report.pm +++ b/perllib/FixMyStreet/App/Controller/Report.pm @@ -91,6 +91,10 @@ sub display :PathPart('') :Chained('id') :Args(0) { $c->stash->{template} = 'report/inspect.html'; $c->forward('inspect'); } + + if ($c->user_exists && $c->user->has_permission_to(contribute_as_another_user => $c->stash->{problem}->bodies_str_ids)) { + $c->stash->{email} = $c->user->email; + } } sub moderate_report :PathPart('moderate') :Chained('id') :Args(0) { diff --git a/t/app/controller/alert_new.t b/t/app/controller/alert_new.t index ed2bc814c..7eba90530 100644 --- a/t/app/controller/alert_new.t +++ b/t/app/controller/alert_new.t @@ -6,6 +6,9 @@ my $mech = FixMyStreet::TestMech->new; my $user = FixMyStreet::App->model('DB::User') ->new( { email => 'test@example.com' } ); +my $body = $mech->create_body_ok(2651, 'Edinburgh Council'); +my ($report) = $mech->create_problems_for_body(1, $body->id, 'Existing'); + foreach my $test ( { email => $user->email, @@ -51,8 +54,8 @@ foreach my $test ( type => 'new_updates', content => 'Click the link in our confirmation email to activate your alert', email_text => "confirms that you'd like to receive an email", - uri => '/alert/subscribe?type=updates&rznvy=' . $user->email . '&id=1', - param1 => 1, + uri => '/alert/subscribe?type=updates&rznvy=' . $user->email . '&id=' . $report->id, + param1 => $report->id, } ) { @@ -61,7 +64,7 @@ foreach my $test ( my $type = $test->{type}; - $mech->get_ok('/alert/subscribe?id=1'); + $mech->get_ok('/alert/subscribe?id=' . $report->id); my ($csrf) = $mech->content =~ /name="token" value="([^"]*)"/; $mech->get_ok( $test->{uri} . "&token=$csrf" ); @@ -155,7 +158,7 @@ foreach my $test ( # clear existing data so we can be sure we're creating it ok $alert->delete() if $alert && !$test->{exist}; - $mech->get_ok('/alert/subscribe?id=1'); + $mech->get_ok('/alert/subscribe?id=' . $report->id); my ($csrf) = $mech->content =~ /name="token" value="([^"]*)"/; $mech->get_ok( '/alert/subscribe?type=local&rznvy=' . $user->email . '&feed=area:1000:A_Location&token=' . $csrf ); @@ -179,8 +182,6 @@ foreach my $test ( }; } -my $body = $mech->create_body_ok(2651, 'Edinburgh Council'); - foreach my $test ( { desc => 'logged in user signing up', @@ -231,8 +232,8 @@ for my $test ( type => 'new_updates', content => 'Click the link in our confirmation email to activate your alert', email_text => 'confirm the alert', - uri => '/alert/subscribe?type=updates&rznvy=' . $user->email . '&id=1', - param1 => 1, + uri => '/alert/subscribe?type=updates&rznvy=' . $user->email . '&id=' . $report->id, + param1 => $report->id, } ) { @@ -255,7 +256,7 @@ for my $test ( FixMyStreet::DB->resultset('Abuse') ->find_or_create( { email => $test->{email} } ); - $mech->get_ok('/alert/subscribe?id=1'); + $mech->get_ok('/alert/subscribe?id=' . $report->id); my ($csrf) = $mech->content =~ /name="token" value="([^"]*)"/; $mech->get_ok( $test->{uri} . "&token=$csrf" ); @@ -288,6 +289,53 @@ for my $test ( }; } +subtest 'Test body user signing someone else up for alerts' => sub { + my $staff_user = $mech->create_user_ok('astaffuser@example.com', name => 'A staff user', from_body => $body); + $mech->log_in_ok($staff_user->email); + + $mech->get_ok('/alert/subscribe?id=' . $report->id); + my ($csrf) = $mech->content =~ /name="token" value="([^"]*)"/; + $mech->post_ok('/alert/subscribe', { rznvy => 'someoneelse@example.org', id => $report->id, type => 'updates', token => $csrf }); + + my $user = FixMyStreet::DB->resultset('User')->find({ email => 'someoneelse@example.org' }); + is $user, undef, 'No user made by bad request'; + + my $alert = FixMyStreet::DB->resultset('Alert')->find({ + user => $staff_user, + alert_type => 'new_updates', + parameter => $report->id, + confirmed => 1, + }); + ok $alert, 'New alert created with logged in user'; + $alert->delete; + + $staff_user->user_body_permissions->create({ permission_type => 'contribute_as_another_user', body => $body }); + $mech->get_ok('/alert/subscribe?id=' . $report->id); + $mech->submit_form_ok({ with_fields => { rznvy => 'someoneelse@example.org' } }); + $mech->content_contains('Email alert created'); + + $user = FixMyStreet::DB->resultset('User')->find({ email => 'someoneelse@example.org' }); + ok $user, 'user created for alert'; + + $alert = FixMyStreet::DB->resultset('Alert')->find({ + user => $user, + alert_type => 'new_updates', + parameter => $report->id, + confirmed => 1, + }); + ok $alert, 'New alert created for another user'; + + $alert = FixMyStreet::DB->resultset('Alert')->find({ + user => $staff_user, + alert_type => 'new_updates', + parameter => $report->id, + confirmed => 1, + }); + is $alert, undef, 'No alert created for staff user'; +}; + +$report->delete; # Emails sent otherwise below + my $gloucester = $mech->create_body_ok(2226, 'Gloucestershire County Council'); $mech->create_body_ok(2326, 'Cheltenham Borough Council'); diff --git a/templates/web/base/alert/updates.html b/templates/web/base/alert/updates.html index a77f8d0f9..0fbed2254 100644 --- a/templates/web/base/alert/updates.html +++ b/templates/web/base/alert/updates.html @@ -5,7 +5,7 @@ [% INCLUDE 'errors.html' %] -<p><a href="[% c.uri_for( '/rss', problem_id ) %]"> +<p><a href="[% c.uri_for( '/rss', problem.id ) %]"> <img src="/i/feed.png" width="16" height="16" title="[% loc('RSS feed') %]" alt="[% loc('RSS feed of updates to this problem' ) %]" border="0" style="float:right"> </a> </p> @@ -16,15 +16,27 @@ <form action="/alert/subscribe" method="post"> <fieldset> + [% IF c.user_exists %] + [% IF c.user.has_permission_to("contribute_as_another_user", problem.bodies_str_ids) %] + <label class="hidden n" for="alert_rznvy">[% loc('Email') %]</label> + <div class="form-txt-submit-box"> + <input class="form-control" type="email" name="rznvy" id="alert_rznvy" value="[% email | html %]"> + <input class="green-btn" type="submit" value="[% loc('Subscribe') %]"> + </div> + [% ELSE %] + <input class="green-btn" type="submit" name="alert" value="[% loc('Subscribe') %]"> + [% END %] + [% ELSE %] <label class="hidden n" for="alert_rznvy">[% loc('Your email') %]</label> <div class="form-txt-submit-box"> <input class="form-control" type="email" name="rznvy" id="alert_rznvy" value="[% email | html %]"> <input class="green-btn" type="submit" value="[% loc('Subscribe') %]"> </div> + [% END %] <input type="hidden" name="token" value="[% csrf_token %]"> - <input type="hidden" name="id" value="[% problem_id | html %]"> + <input type="hidden" name="id" value="[% problem.id | html %]"> <input type="hidden" name="type" value="updates"> </fieldset> </form> diff --git a/templates/web/base/report/display_tools.html b/templates/web/base/report/display_tools.html index ea12ab707..4f6031ec5 100644 --- a/templates/web/base/report/display_tools.html +++ b/templates/web/base/report/display_tools.html @@ -44,7 +44,15 @@ [% loc('Receive email when updates are left on this problem.' ) %]</p> <fieldset> [% IF c.user_exists %] - <input class="green-btn" type="submit" name="alert" value="[% loc('Subscribe') %]"> + [% IF c.user.has_permission_to("contribute_as_another_user", problem.bodies_str_ids) %] + <label for="alert_rznvy">[% loc('Email') %]</label> + <div class="form-txt-submit-box"> + <input type="email" class="form-control" name="rznvy" id="alert_rznvy" value="[% email | html %]" size="30"> + <input class="green-btn" type="submit" name="alert" value="[% loc('Subscribe') %]"> + </div> + [% ELSE %] + <input class="green-btn" type="submit" name="alert" value="[% loc('Subscribe') %]"> + [% END %] [% ELSE %] <label for="alert_rznvy">[% loc('Your email') %]</label> <div class="form-txt-submit-box"> diff --git a/templates/web/base/report/new/duplicate_suggestions.html b/templates/web/base/report/new/duplicate_suggestions.html index 991c8d5e8..bd86eb883 100644 --- a/templates/web/base/report/new/duplicate_suggestions.html +++ b/templates/web/base/report/new/duplicate_suggestions.html @@ -29,7 +29,15 @@ <input type="hidden" name="token" value="[% csrf_token %]" disabled> <input type="hidden" name="type" value="updates" disabled> [% IF c.user_exists %] - <input type="submit" value="[% loc('Get updates') %]" class="btn btn--block" id="alert_email_button"> + [% IF c.user.has_permission_to('contribute_as_another_user', bodies_ids) %] + <label for="rznvy_input">[% loc('Email') %]</label> + <div class="form-txt-submit-box"> + <input type="email" class="form-control" name="rznvy" id="rznvy_input" aria-described-by="rznvy_hint" disabled> + <input type="submit" value="[% loc('Get updates') %]" class="btn" id="alert_email_button"> + </div> + [% ELSE %] + <input type="submit" value="[% loc('Get updates') %]" class="btn btn--block" id="alert_email_button"> + [% END %] [% ELSE %] <label for="rznvy_input">[% loc('Your email') %]</label> <div class="form-txt-submit-box"> |