aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--perllib/FixMyStreet/App/Controller/Admin.pm12
-rw-r--r--perllib/FixMyStreet/Cobrand/Default.pm7
-rw-r--r--t/app/controller/admin.t147
-rw-r--r--t/app/controller/admin_permissions.t4
4 files changed, 43 insertions, 127 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm
index 1f07aae82..b643c9633 100644
--- a/perllib/FixMyStreet/App/Controller/Admin.pm
+++ b/perllib/FixMyStreet/App/Controller/Admin.pm
@@ -219,8 +219,11 @@ sub bodies : Path('bodies') : Args(0) {
my ( $self, $c ) = @_;
if (my $body_id = $c->get_param('body')) {
- $c->res->redirect( $c->uri_for( 'body', $body_id ) );
- return;
+ return $c->res->redirect( $c->uri_for( 'body', $body_id ) );
+ }
+
+ if (!$c->user->is_superuser && $c->user->from_body && $c->cobrand->moniker ne 'zurich') {
+ return $c->res->redirect( $c->uri_for( 'body', $c->user->from_body->id ) );
}
$c->forward( '/auth/get_csrf_token' );
@@ -298,7 +301,10 @@ sub body : Path('body') : Args(1) {
$c->stash->{body_id} = $body_id;
- $c->forward( 'check_for_super_user' );
+ unless ($c->user->has_permission_to('category_edit', $body_id)) {
+ $c->forward('check_for_super_user');
+ }
+
$c->forward( '/auth/get_csrf_token' );
$c->forward( 'lookup_body' );
$c->forward( 'fetch_all_bodies' );
diff --git a/perllib/FixMyStreet/Cobrand/Default.pm b/perllib/FixMyStreet/Cobrand/Default.pm
index 8e170458a..47e577372 100644
--- a/perllib/FixMyStreet/Cobrand/Default.pm
+++ b/perllib/FixMyStreet/Cobrand/Default.pm
@@ -644,10 +644,8 @@ sub admin_pages {
my $pages = {
'summary' => [_('Summary'), 0],
- 'bodies' => [_('Bodies'), 1],
'timeline' => [_('Timeline'), 5],
'stats' => [_('Stats'), 8],
- 'body' => [undef, undef],
};
# There are some pages that only super users can see
@@ -656,6 +654,10 @@ sub admin_pages {
$pages->{config} = [ _('Configuration'), 9];
};
# And some that need special permissions
+ if ( $user->is_superuser || $user->has_body_permission_to('category_edit') ) {
+ $pages->{bodies} = [ _('Bodies'), 1 ];
+ $pages->{body} = [ undef, undef ];
+ }
if ( $user->is_superuser || $user->has_body_permission_to('report_edit') ) {
$pages->{reports} = [ _('Reports'), 2 ];
$pages->{report_edit} = [ undef, undef ];
@@ -726,6 +728,7 @@ sub available_permissions {
user_assign_areas => _("Assign users to areas"), # future use
},
_("Bodies") => {
+ category_edit => _("Add/edit problem categories"),
template_edit => _("Add/edit response templates"),
responsepriority_edit => _("Add/edit response priorities"),
},
diff --git a/t/app/controller/admin.t b/t/app/controller/admin.t
index 61e8b21e4..8c3cde4b7 100644
--- a/t/app/controller/admin.t
+++ b/t/app/controller/admin.t
@@ -1148,6 +1148,25 @@ $user->update;
my $southend = $mech->create_body_ok(2607, 'Southend-on-Sea Borough Council');
+my %default_perms = (
+ "permissions[moderate]" => undef,
+ "permissions[planned_reports]" => undef,
+ "permissions[report_edit]" => undef,
+ "permissions[report_edit_category]" => undef,
+ "permissions[report_edit_priority]" => undef,
+ "permissions[report_inspect]" => undef,
+ "permissions[report_instruct]" => undef,
+ "permissions[contribute_as_another_user]" => undef,
+ "permissions[contribute_as_body]" => undef,
+ "permissions[user_edit]" => undef,
+ "permissions[user_manage_permissions]" => undef,
+ "permissions[user_assign_body]" => undef,
+ "permissions[user_assign_areas]" => undef,
+ "permissions[template_edit]" => undef,
+ "permissions[responsepriority_edit]" => undef,
+ "permissions[category_edit]" => undef,
+);
+
FixMyStreet::override_config {
MAPIT_URL => 'http://mapit.uk/',
}, sub {
@@ -1163,21 +1182,7 @@ FixMyStreet::override_config {
flagged => undef,
is_superuser => undef,
area_id => '',
- "permissions[moderate]" => undef,
- "permissions[planned_reports]" => undef,
- "permissions[report_edit]" => undef,
- "permissions[report_edit_category]" => undef,
- "permissions[report_edit_priority]" => undef,
- "permissions[report_inspect]" => undef,
- "permissions[report_instruct]" => undef,
- "permissions[contribute_as_another_user]" => undef,
- "permissions[contribute_as_body]" => undef,
- "permissions[user_edit]" => undef,
- "permissions[user_manage_permissions]" => undef,
- "permissions[user_assign_body]" => undef,
- "permissions[user_assign_areas]" => undef,
- "permissions[template_edit]" => undef,
- "permissions[responsepriority_edit]" => undef,
+ %default_perms,
},
changes => {
name => 'Changed User',
@@ -1195,21 +1200,7 @@ FixMyStreet::override_config {
flagged => undef,
is_superuser => undef,
area_id => '',
- "permissions[moderate]" => undef,
- "permissions[planned_reports]" => undef,
- "permissions[report_edit]" => undef,
- "permissions[report_edit_category]" => undef,
- "permissions[report_edit_priority]" => undef,
- "permissions[report_inspect]" => undef,
- "permissions[report_instruct]" => undef,
- "permissions[contribute_as_another_user]" => undef,
- "permissions[contribute_as_body]" => undef,
- "permissions[user_edit]" => undef,
- "permissions[user_manage_permissions]" => undef,
- "permissions[user_assign_body]" => undef,
- "permissions[user_assign_areas]" => undef,
- "permissions[template_edit]" => undef,
- "permissions[responsepriority_edit]" => undef,
+ %default_perms,
},
changes => {
email => 'changed@example.com',
@@ -1227,21 +1218,7 @@ FixMyStreet::override_config {
flagged => undef,
is_superuser => undef,
area_id => '',
- "permissions[moderate]" => undef,
- "permissions[planned_reports]" => undef,
- "permissions[report_edit]" => undef,
- "permissions[report_edit_category]" => undef,
- "permissions[report_edit_priority]" => undef,
- "permissions[report_inspect]" => undef,
- "permissions[report_instruct]" => undef,
- "permissions[contribute_as_another_user]" => undef,
- "permissions[contribute_as_body]" => undef,
- "permissions[user_edit]" => undef,
- "permissions[user_manage_permissions]" => undef,
- "permissions[user_assign_body]" => undef,
- "permissions[user_assign_areas]" => undef,
- "permissions[template_edit]" => undef,
- "permissions[responsepriority_edit]" => undef,
+ %default_perms,
},
changes => {
body => $southend->id,
@@ -1259,21 +1236,7 @@ FixMyStreet::override_config {
flagged => undef,
is_superuser => undef,
area_id => '',
- "permissions[moderate]" => undef,
- "permissions[planned_reports]" => undef,
- "permissions[report_edit]" => undef,
- "permissions[report_edit_category]" => undef,
- "permissions[report_edit_priority]" => undef,
- "permissions[report_inspect]" => undef,
- "permissions[report_instruct]" => undef,
- "permissions[contribute_as_another_user]" => undef,
- "permissions[contribute_as_body]" => undef,
- "permissions[user_edit]" => undef,
- "permissions[user_manage_permissions]" => undef,
- "permissions[user_assign_body]" => undef,
- "permissions[user_assign_areas]" => undef,
- "permissions[template_edit]" => undef,
- "permissions[responsepriority_edit]" => undef,
+ %default_perms,
},
changes => {
flagged => 'on',
@@ -1291,21 +1254,7 @@ FixMyStreet::override_config {
flagged => 'on',
is_superuser => undef,
area_id => '',
- "permissions[moderate]" => undef,
- "permissions[planned_reports]" => undef,
- "permissions[report_edit]" => undef,
- "permissions[report_edit_category]" => undef,
- "permissions[report_edit_priority]" => undef,
- "permissions[report_inspect]" => undef,
- "permissions[report_instruct]" => undef,
- "permissions[contribute_as_another_user]" => undef,
- "permissions[contribute_as_body]" => undef,
- "permissions[user_edit]" => undef,
- "permissions[user_manage_permissions]" => undef,
- "permissions[user_assign_body]" => undef,
- "permissions[user_assign_areas]" => undef,
- "permissions[template_edit]" => undef,
- "permissions[responsepriority_edit]" => undef,
+ %default_perms,
},
changes => {
flagged => undef,
@@ -1323,41 +1272,13 @@ FixMyStreet::override_config {
flagged => undef,
is_superuser => undef,
area_id => '',
- "permissions[moderate]" => undef,
- "permissions[planned_reports]" => undef,
- "permissions[report_edit]" => undef,
- "permissions[report_edit_category]" => undef,
- "permissions[report_edit_priority]" => undef,
- "permissions[report_inspect]" => undef,
- "permissions[report_instruct]" => undef,
- "permissions[contribute_as_another_user]" => undef,
- "permissions[contribute_as_body]" => undef,
- "permissions[user_edit]" => undef,
- "permissions[user_manage_permissions]" => undef,
- "permissions[user_assign_body]" => undef,
- "permissions[user_assign_areas]" => undef,
- "permissions[template_edit]" => undef,
- "permissions[responsepriority_edit]" => undef,
+ %default_perms,
},
changes => {
is_superuser => 'on',
},
removed => [
- "permissions[moderate]",
- "permissions[planned_reports]",
- "permissions[report_edit]",
- "permissions[report_edit_category]",
- "permissions[report_edit_priority]",
- "permissions[report_inspect]",
- "permissions[report_instruct]",
- "permissions[contribute_as_another_user]",
- "permissions[contribute_as_body]",
- "permissions[user_edit]",
- "permissions[user_manage_permissions]",
- "permissions[user_assign_body]",
- "permissions[user_assign_areas]",
- "permissions[template_edit]",
- "permissions[responsepriority_edit]",
+ keys %default_perms,
],
log_count => 5,
log_entries => [qw/edit edit edit edit edit/],
@@ -1377,21 +1298,7 @@ FixMyStreet::override_config {
is_superuser => undef,
},
added => {
- "permissions[moderate]" => undef,
- "permissions[planned_reports]" => undef,
- "permissions[report_edit]" => undef,
- "permissions[report_edit_category]" => undef,
- "permissions[report_edit_priority]" => undef,
- "permissions[report_inspect]" => undef,
- "permissions[report_instruct]" => undef,
- "permissions[contribute_as_another_user]" => undef,
- "permissions[contribute_as_body]" => undef,
- "permissions[user_edit]" => undef,
- "permissions[user_manage_permissions]" => undef,
- "permissions[user_assign_body]" => undef,
- "permissions[user_assign_areas]" => undef,
- "permissions[template_edit]" => undef,
- "permissions[responsepriority_edit]" => undef,
+ %default_perms,
},
log_count => 5,
log_entries => [qw/edit edit edit edit edit/],
diff --git a/t/app/controller/admin_permissions.t b/t/app/controller/admin_permissions.t
index 2c271ba4c..4b05660cc 100644
--- a/t/app/controller/admin_permissions.t
+++ b/t/app/controller/admin_permissions.t
@@ -47,7 +47,7 @@ subtest "Users can't edit report without report_edit permission" => sub {
}, sub {
$mech->get("/admin/report_edit/$report_id");
ok !$mech->res->is_success(), "want a bad response";
- is $mech->res->code, 403, "got 403, can't edit report without report_edit permission";
+ is $mech->res->code, 404, "got 404, can't edit report without report_edit permission";
};
};
@@ -100,7 +100,7 @@ FixMyStreet::override_config {
$report->update({ user => $report_user });
foreach my $from_body (undef, $bromley, $oxfordshire) {
$user2->update({ from_body => $from_body });
- my $result = ($from_body || '') eq $oxfordshire || $report->user eq $user2 ? ($perm ? 200 : 403 ) : 404;
+ my $result = ($from_body || '') eq $oxfordshire || $report->user eq $user2 ? ($perm ? 200 : 404 ) : 404;
my $u = $result == 200 ? 'can' : 'cannot';
my $b = $from_body ? $from_body->name : 'no body';
my $p = $perm ? 'with' : 'without';
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 12:33:45 +0000