diff options
Diffstat (limited to 'perllib/FixMyStreet/App/Controller/Admin.pm')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Admin.pm | 67 |
1 files changed, 51 insertions, 16 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm index b643c9633..46ac10d36 100644 --- a/perllib/FixMyStreet/App/Controller/Admin.pm +++ b/perllib/FixMyStreet/App/Controller/Admin.pm @@ -345,8 +345,6 @@ sub update_contacts : Private { my $category = $self->trim( $c->get_param('category') ); $errors{category} = _("Please choose a category") unless $category; - my $email = $self->trim( $c->get_param('email') ); - $errors{email} = _('Please enter a valid email') unless is_valid_email($email) || $email eq 'REFUSED'; $errors{note} = _('Please enter a message') unless $c->get_param('note'); my $contact = $c->model('DB::Contact')->find_or_new( @@ -356,6 +354,12 @@ sub update_contacts : Private { } ); + my $email = $self->trim( $c->get_param('email') ); + my $send_method = $c->get_param('send_method') || $contact->send_method || $contact->body->send_method || ""; + unless ( $send_method eq 'Open311' ) { + $errors{email} = _('Please enter a valid email') unless is_valid_email($email) || $email eq 'REFUSED'; + } + $contact->email( $email ); $contact->confirmed( $c->get_param('confirmed') ? 1 : 0 ); $contact->deleted( $c->get_param('deleted') ? 1 : 0 ); @@ -683,7 +687,7 @@ sub report_edit : Path('report_edit') : Args(1) { unless ( $c->cobrand->moniker eq 'zurich' - || $c->user->has_permission_to(report_edit => $problem->bodies_str) + || $c->user->has_permission_to(report_edit => $problem->bodies_str_ids) ) { $c->detach( '/page_error_403_access_denied', [] ); } @@ -1030,15 +1034,17 @@ sub users: Path('users') : Args(0) { my %email2user = map { $_->email => $_ } @users; $c->stash->{users} = [ @users ]; - my $emails = $c->model('DB::Abuse')->search( - { email => { ilike => $isearch } } - ) if $c->user->is_superuser; - foreach my $email ($emails->all) { - # Slight abuse of the boolean flagged value - if ($email2user{$email->email}) { - $email2user{$email->email}->flagged( 2 ); - } else { - push @{$c->stash->{users}}, { email => $email->email, flagged => 2 }; + if ( $c->user->is_superuser ) { + my $emails = $c->model('DB::Abuse')->search( + { email => { ilike => $isearch } } + ); + foreach my $email ($emails->all) { + # Slight abuse of the boolean flagged value + if ($email2user{$email->email}) { + $email2user{$email->email}->flagged( 2 ); + } else { + push @{$c->stash->{users}}, { email => $email->email, flagged => 2 }; + } } } @@ -1218,7 +1224,7 @@ sub user_edit : Path('user_edit') : Args(1) { my $user = $c->cobrand->users->find( { id => $id } ); $c->detach( '/page_error_404_not_found', [] ) unless $user; - unless ( $c->user->is_superuser || $c->user->has_body_permission_to('user_edit') ) { + unless ( $c->user->is_superuser || $c->user->has_body_permission_to('user_edit') || $c->cobrand->moniker eq 'zurich' ) { $c->detach('/page_error_403_access_denied', []); } @@ -1253,7 +1259,7 @@ sub user_edit : Path('user_edit') : Args(1) { $user->is_superuser( ( $c->user->is_superuser && $c->get_param('is_superuser') ) || 0 ); # Superusers can set from_body to any value, but other staff can only # set from_body to the same value as their own from_body. - if ( $c->user->is_superuser ) { + if ( $c->user->is_superuser || $c->cobrand->moniker eq 'zurich' ) { $user->from_body( $c->get_param('body') || undef ); } elsif ( $c->user->has_body_permission_to('user_assign_body') && $c->get_param('body') && $c->get_param('body') eq $c->user->from_body->id ) { @@ -1270,14 +1276,14 @@ sub user_edit : Path('user_edit') : Args(1) { if (!$user->from_body) { # Non-staff users aren't allowed any permissions or to be in an area - $user->user_body_permissions->delete_all; + $user->admin_user_body_permissions->delete; $user->area_id(undef); delete $c->stash->{areas}; delete $c->stash->{fetched_areas_body_id}; } elsif ($c->stash->{available_permissions}) { my @all_permissions = map { keys %$_ } values %{ $c->stash->{available_permissions} }; my @user_permissions = grep { $c->get_param("permissions[$_]") ? 1 : undef } @all_permissions; - $user->user_body_permissions->search({ + $user->admin_user_body_permissions->search({ body_id => $user->from_body->id, permission_type => { '!=' => \@user_permissions }, })->delete; @@ -1295,6 +1301,35 @@ sub user_edit : Path('user_edit') : Args(1) { $user->area_id( $valid_areas{$new_area} ? $new_area : undef ); } + # Handle 'trusted' flag(s) + my @trusted_bodies = $c->get_param_list('trusted_bodies'); + if ( $c->user->is_superuser ) { + $user->user_body_permissions->search({ + body_id => { '!=' => \@trusted_bodies }, + permission_type => 'trusted', + })->delete; + foreach my $body_id (@trusted_bodies) { + $user->user_body_permissions->find_or_create({ + body_id => $body_id, + permission_type => 'trusted', + }); + } + } elsif ( $c->user->from_body ) { + my %trusted = map { $_ => 1 } @trusted_bodies; + my $body_id = $c->user->from_body->id; + if ( $trusted{$body_id} ) { + $user->user_body_permissions->find_or_create({ + body_id => $body_id, + permission_type => 'trusted', + }); + } else { + $user->user_body_permissions->search({ + body_id => $body_id, + permission_type => 'trusted', + })->delete; + } + } + unless ($user->email) { $c->stash->{field_errors}->{email} = _('Please enter a valid email'); return; |