1 files changed, 67 insertions, 38 deletions

diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm
index 652113734..66b46877f 100644
--- a/perllib/FixMyStreet/App/Controller/Admin.pm
+++ b/perllib/FixMyStreet/App/Controller/Admin.pm
@@ -309,7 +309,7 @@ sub body : Path('body') : Args(1) {
         $c->forward('update_contacts');
     }
 
-    $c->forward('display_contacts');
+    $c->forward('fetch_contacts');
 
     return 1;
 }
@@ -457,14 +457,14 @@ sub check_body_params : Private {
     }
 }
 
-sub display_contacts : Private {
+sub fetch_contacts : Private {
     my ( $self, $c ) = @_;
 
     my $contacts = $c->stash->{body}->contacts->search(undef, { order_by => [ 'category' ] } );
     $c->stash->{contacts} = $contacts;
     $c->stash->{live_contacts} = $contacts->search({ deleted => 0 });
 
-    if ( $c->get_param('text') && $c->get_param('text') == 1 ) {
+    if ( $c->get_param('text') && $c->get_param('text') eq '1' ) {
         $c->stash->{template} = 'admin/council_contacts.txt';
         $c->res->content_type('text/plain; charset=utf-8');
         return 1;
@@ -893,57 +893,84 @@ sub categories_for_point : Private {
 sub templates : Path('templates') : Args(0) {
     my ( $self, $c ) = @_;
 
-    $c->detach( '/page_error_404_not_found' )
-        unless $c->cobrand->moniker eq 'zurich';
-
     my $user = $c->user;
 
-    $self->templates_for_body($c, $user->from_body );
+    if ($user->is_superuser) {
+        $c->forward('fetch_all_bodies');
+        $c->stash->{template} = 'admin/templates_index.html';
+    } elsif ( $user->from_body ) {
+        $c->forward('load_template_body', [ $user->from_body->id ]);
+        $c->res->redirect( $c->uri_for( 'templates', $c->stash->{body}->id ) );
+    } else {
+        $c->detach( '/page_error_404_not_found' );
+    }
 }
 
 sub templates_view : Path('templates') : Args(1) {
     my ($self, $c, $body_id) = @_;
 
-    $c->detach( '/page_error_404_not_found' )
-        unless $c->cobrand->moniker eq 'zurich';
+    $c->forward('load_template_body', [ $body_id ]);
 
-    # e.g. for admin
+    my @templates = $c->stash->{body}->response_templates->search(
+        undef,
+        {
+            order_by => 'title'
+        }
+    );
 
-    my $body = $c->model('DB::Body')->find($body_id)
-        or $c->detach( '/page_error_404_not_found' );
+    $c->stash->{response_templates} = \@templates;
 
-    $self->templates_for_body($c, $body);
+    $c->stash->{template} = 'admin/templates.html';
 }
 
 sub template_edit : Path('templates') : Args(2) {
     my ( $self, $c, $body_id, $template_id ) = @_;
 
-    $c->detach( '/page_error_404_not_found' )
-        unless $c->cobrand->moniker eq 'zurich';
-
-    my $body = $c->model('DB::Body')->find($body_id)
-        or $c->detach( '/page_error_404_not_found' );
-    $c->stash->{body} = $body;
+    $c->forward('load_template_body', [ $body_id ]);
 
     my $template;
     if ($template_id eq 'new') {
-        $template = $body->response_templates->new({});
+        $template = $c->stash->{body}->response_templates->new({});
     }
     else {
-        $template = $body->response_templates->find( $template_id )
+        $template = $c->stash->{body}->response_templates->find( $template_id )
             or $c->detach( '/page_error_404_not_found' );
     }
 
+    $c->forward('fetch_contacts');
+    my @contacts = $template->contacts->all;
+    my @live_contacts = $c->stash->{live_contacts}->all;
+    my %active_contacts = map { $_->id => 1 } @contacts;
+    my @all_contacts = map { {
+        id => $_->id,
+        category => $_->category,
+        active => $active_contacts{$_->id},
+    } } @live_contacts;
+    $c->stash->{contacts} = \@all_contacts;
+
     if ($c->req->method eq 'POST') {
-        if ($c->get_param('delete_template') eq _("Delete template")) {
+        if ($c->get_param('delete_template') && $c->get_param('delete_template') eq _("Delete template")) {
+            $template->contact_response_templates->delete_all;
             $template->delete;
         } else {
             $template->title( $c->get_param('title') );
-            $template->text ( $c->get_param('text') );
+            $template->text( $c->get_param('text') );
+            $template->auto_response( $c->get_param('auto_response') ? 1 : 0 );
             $template->update_or_insert;
+
+            my @live_contact_ids = map { $_->id } @live_contacts;
+            my @new_contact_ids = grep { $c->get_param("contacts[$_]") } @live_contact_ids;
+            $template->contact_response_templates->search({
+                contact_id => { '!=' => \@new_contact_ids },
+            })->delete;
+            foreach my $contact_id (@new_contact_ids) {
+                $template->contact_response_templates->find_or_create({
+                    contact_id => $contact_id,
+                });
+            }
         }
 
-        $c->res->redirect( $c->uri_for( 'templates', $body->id ) );
+        $c->res->redirect( $c->uri_for( 'templates', $c->stash->{body}->id ) );
     }
 
     $c->stash->{response_template} = $template;
@@ -951,22 +978,24 @@ sub template_edit : Path('templates') : Args(2) {
     $c->stash->{template} = 'admin/template_edit.html';
 }
 
+sub load_template_body : Private {
+    my ($self, $c, $body_id) = @_;
 
-sub templates_for_body {
-    my ( $self, $c, $body ) = @_;
-
-    $c->stash->{body} = $body;
+    my $zurich_user = $c->user->from_body && $c->cobrand->moniker eq 'zurich';
+    my $has_permission = $c->user->has_body_permission_to('template_edit') &&
+                         $c->user->from_body->id eq $body_id;
 
-    my @templates = $body->response_templates->search(
-        undef,
-        {
-            order_by => 'title'
-        }
-    );
+    unless ( $c->user->is_superuser || $zurich_user || $has_permission ) {
+        $c->detach( '/page_error_404_not_found' );
+    }
 
-    $c->stash->{response_templates} = \@templates;
+    # Regular users can only view their own body's templates
+    if ( !$c->user->is_superuser && $body_id ne $c->user->from_body->id ) {
+        $c->res->redirect( $c->uri_for( 'templates', $c->user->from_body->id ) );
+    }
 
-    $c->stash->{template} = 'admin/templates.html';
+    $c->stash->{body} = $c->model('DB::Body')->find($body_id)
+        or $c->detach( '/page_error_404_not_found' );
 }
 
 sub users: Path('users') : Args(0) {
@@ -1182,7 +1211,7 @@ sub user_edit : Path('user_edit') : Args(1) {
     my $user = $c->cobrand->users->find( { id => $id } );
     $c->detach( '/page_error_404_not_found' ) unless $user;
 
-    unless ( $c->user->is_superuser || ( $c->user->has_permission_to('user_edit', $c->user->from_body->id) ) ) {
+    unless ( $c->user->is_superuser || $c->user->has_body_permission_to('user_edit') ) {
         $c->detach('/page_error_403_access_denied', []);
     }
 
@@ -1219,7 +1248,7 @@ sub user_edit : Path('user_edit') : Args(1) {
         # set from_body to the same value as their own from_body.
         if ( $c->user->is_superuser ) {
             $user->from_body( $c->get_param('body') || undef );
-        } elsif ( $c->user->has_permission_to('user_assign_body', $c->user->from_body->id ) &&
+        } elsif ( $c->user->has_body_permission_to('user_assign_body') &&
                   $c->get_param('body') && $c->get_param('body') eq $c->user->from_body->id ) {
             $user->from_body( $c->user->from_body );
         } else {