aboutsummaryrefslogtreecommitdiffstats
path: root/perllib/FixMyStreet
diff options
context:
space:
mode:
Diffstat (limited to 'perllib/FixMyStreet')
-rw-r--r--perllib/FixMyStreet/App/Controller/Admin.pm67
-rw-r--r--perllib/FixMyStreet/App/Controller/Contact.pm4
-rw-r--r--perllib/FixMyStreet/App/Controller/Moderate.pm2
-rw-r--r--perllib/FixMyStreet/App/Controller/Report.pm4
-rw-r--r--perllib/FixMyStreet/App/Controller/Report/New.pm6
-rw-r--r--perllib/FixMyStreet/App/Controller/Report/Update.pm6
-rw-r--r--perllib/FixMyStreet/Cobrand/Default.pm8
-rw-r--r--perllib/FixMyStreet/Cobrand/FiksGataMi.pm2
-rw-r--r--perllib/FixMyStreet/Cobrand/FixaMinGata.pm2
-rw-r--r--perllib/FixMyStreet/Cobrand/UKCouncils.pm4
-rw-r--r--perllib/FixMyStreet/DB/Result/User.pm30
-rw-r--r--perllib/FixMyStreet/Script/Reports.pm11
12 files changed, 109 insertions, 37 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm
index b643c9633..46ac10d36 100644
--- a/perllib/FixMyStreet/App/Controller/Admin.pm
+++ b/perllib/FixMyStreet/App/Controller/Admin.pm
@@ -345,8 +345,6 @@ sub update_contacts : Private {
my $category = $self->trim( $c->get_param('category') );
$errors{category} = _("Please choose a category") unless $category;
- my $email = $self->trim( $c->get_param('email') );
- $errors{email} = _('Please enter a valid email') unless is_valid_email($email) || $email eq 'REFUSED';
$errors{note} = _('Please enter a message') unless $c->get_param('note');
my $contact = $c->model('DB::Contact')->find_or_new(
@@ -356,6 +354,12 @@ sub update_contacts : Private {
}
);
+ my $email = $self->trim( $c->get_param('email') );
+ my $send_method = $c->get_param('send_method') || $contact->send_method || $contact->body->send_method || "";
+ unless ( $send_method eq 'Open311' ) {
+ $errors{email} = _('Please enter a valid email') unless is_valid_email($email) || $email eq 'REFUSED';
+ }
+
$contact->email( $email );
$contact->confirmed( $c->get_param('confirmed') ? 1 : 0 );
$contact->deleted( $c->get_param('deleted') ? 1 : 0 );
@@ -683,7 +687,7 @@ sub report_edit : Path('report_edit') : Args(1) {
unless (
$c->cobrand->moniker eq 'zurich'
- || $c->user->has_permission_to(report_edit => $problem->bodies_str)
+ || $c->user->has_permission_to(report_edit => $problem->bodies_str_ids)
) {
$c->detach( '/page_error_403_access_denied', [] );
}
@@ -1030,15 +1034,17 @@ sub users: Path('users') : Args(0) {
my %email2user = map { $_->email => $_ } @users;
$c->stash->{users} = [ @users ];
- my $emails = $c->model('DB::Abuse')->search(
- { email => { ilike => $isearch } }
- ) if $c->user->is_superuser;
- foreach my $email ($emails->all) {
- # Slight abuse of the boolean flagged value
- if ($email2user{$email->email}) {
- $email2user{$email->email}->flagged( 2 );
- } else {
- push @{$c->stash->{users}}, { email => $email->email, flagged => 2 };
+ if ( $c->user->is_superuser ) {
+ my $emails = $c->model('DB::Abuse')->search(
+ { email => { ilike => $isearch } }
+ );
+ foreach my $email ($emails->all) {
+ # Slight abuse of the boolean flagged value
+ if ($email2user{$email->email}) {
+ $email2user{$email->email}->flagged( 2 );
+ } else {
+ push @{$c->stash->{users}}, { email => $email->email, flagged => 2 };
+ }
}
}
@@ -1218,7 +1224,7 @@ sub user_edit : Path('user_edit') : Args(1) {
my $user = $c->cobrand->users->find( { id => $id } );
$c->detach( '/page_error_404_not_found', [] ) unless $user;
- unless ( $c->user->is_superuser || $c->user->has_body_permission_to('user_edit') ) {
+ unless ( $c->user->is_superuser || $c->user->has_body_permission_to('user_edit') || $c->cobrand->moniker eq 'zurich' ) {
$c->detach('/page_error_403_access_denied', []);
}
@@ -1253,7 +1259,7 @@ sub user_edit : Path('user_edit') : Args(1) {
$user->is_superuser( ( $c->user->is_superuser && $c->get_param('is_superuser') ) || 0 );
# Superusers can set from_body to any value, but other staff can only
# set from_body to the same value as their own from_body.
- if ( $c->user->is_superuser ) {
+ if ( $c->user->is_superuser || $c->cobrand->moniker eq 'zurich' ) {
$user->from_body( $c->get_param('body') || undef );
} elsif ( $c->user->has_body_permission_to('user_assign_body') &&
$c->get_param('body') && $c->get_param('body') eq $c->user->from_body->id ) {
@@ -1270,14 +1276,14 @@ sub user_edit : Path('user_edit') : Args(1) {
if (!$user->from_body) {
# Non-staff users aren't allowed any permissions or to be in an area
- $user->user_body_permissions->delete_all;
+ $user->admin_user_body_permissions->delete;
$user->area_id(undef);
delete $c->stash->{areas};
delete $c->stash->{fetched_areas_body_id};
} elsif ($c->stash->{available_permissions}) {
my @all_permissions = map { keys %$_ } values %{ $c->stash->{available_permissions} };
my @user_permissions = grep { $c->get_param("permissions[$_]") ? 1 : undef } @all_permissions;
- $user->user_body_permissions->search({
+ $user->admin_user_body_permissions->search({
body_id => $user->from_body->id,
permission_type => { '!=' => \@user_permissions },
})->delete;
@@ -1295,6 +1301,35 @@ sub user_edit : Path('user_edit') : Args(1) {
$user->area_id( $valid_areas{$new_area} ? $new_area : undef );
}
+ # Handle 'trusted' flag(s)
+ my @trusted_bodies = $c->get_param_list('trusted_bodies');
+ if ( $c->user->is_superuser ) {
+ $user->user_body_permissions->search({
+ body_id => { '!=' => \@trusted_bodies },
+ permission_type => 'trusted',
+ })->delete;
+ foreach my $body_id (@trusted_bodies) {
+ $user->user_body_permissions->find_or_create({
+ body_id => $body_id,
+ permission_type => 'trusted',
+ });
+ }
+ } elsif ( $c->user->from_body ) {
+ my %trusted = map { $_ => 1 } @trusted_bodies;
+ my $body_id = $c->user->from_body->id;
+ if ( $trusted{$body_id} ) {
+ $user->user_body_permissions->find_or_create({
+ body_id => $body_id,
+ permission_type => 'trusted',
+ });
+ } else {
+ $user->user_body_permissions->search({
+ body_id => $body_id,
+ permission_type => 'trusted',
+ })->delete;
+ }
+ }
+
unless ($user->email) {
$c->stash->{field_errors}->{email} = _('Please enter a valid email');
return;
diff --git a/perllib/FixMyStreet/App/Controller/Contact.pm b/perllib/FixMyStreet/App/Controller/Contact.pm
index c2cc54832..b98bdbcc7 100644
--- a/perllib/FixMyStreet/App/Controller/Contact.pm
+++ b/perllib/FixMyStreet/App/Controller/Contact.pm
@@ -236,6 +236,10 @@ sub send_email : Private {
my $recipient = $c->cobrand->contact_email;
my $recipient_name = $c->cobrand->contact_name();
+ if (my $localpart = $c->get_param('recipient')) {
+ $recipient = join('@', $localpart, FixMyStreet->config('EMAIL_DOMAIN'));
+ }
+
$c->stash->{host} = $c->req->header('HOST');
$c->stash->{ip} = $c->req->address;
$c->stash->{ip} .=
diff --git a/perllib/FixMyStreet/App/Controller/Moderate.pm b/perllib/FixMyStreet/App/Controller/Moderate.pm
index dadec5c53..94e6cd62a 100644
--- a/perllib/FixMyStreet/App/Controller/Moderate.pm
+++ b/perllib/FixMyStreet/App/Controller/Moderate.pm
@@ -54,7 +54,7 @@ sub report : Chained('moderate') : PathPart('report') : CaptureArgs(1) {
# ... and immediately, if the user isn't authorized
$c->detach unless $c->user_exists;
- $c->detach unless $c->user->has_permission_to(moderate => $problem->bodies_str);
+ $c->detach unless $c->user->has_permission_to(moderate => $problem->bodies_str_ids);
$c->forward('/auth/check_csrf_token');
diff --git a/perllib/FixMyStreet/App/Controller/Report.pm b/perllib/FixMyStreet/App/Controller/Report.pm
index 1d67afd0e..34392782b 100644
--- a/perllib/FixMyStreet/App/Controller/Report.pm
+++ b/perllib/FixMyStreet/App/Controller/Report.pm
@@ -133,7 +133,7 @@ sub load_problem_or_display_error : Private {
}
$c->stash->{problem} = $problem;
- if ( $c->user_exists && $c->user->has_permission_to(moderate => $problem->bodies_str) ) {
+ if ( $c->user_exists && $c->user->has_permission_to(moderate => $problem->bodies_str_ids) ) {
$c->stash->{problem_original} = $problem->find_or_new_related(
moderation_original_data => {
title => $problem->title,
@@ -401,7 +401,7 @@ to the current Problem in $c->stash->{problem}. Shows the 403 page if not.
sub check_has_permission_to : Private {
my ( $self, $c, @permissions ) = @_;
- my $bodies = $c->stash->{problem}->bodies_str;
+ my $bodies = $c->stash->{problem}->bodies_str_ids;
my %permissions = map { $_ => $c->user->has_permission_to($_, $bodies) } @permissions
if $c->user_exists;
diff --git a/perllib/FixMyStreet/App/Controller/Report/New.pm b/perllib/FixMyStreet/App/Controller/Report/New.pm
index cee72244f..f26120829 100644
--- a/perllib/FixMyStreet/App/Controller/Report/New.pm
+++ b/perllib/FixMyStreet/App/Controller/Report/New.pm
@@ -190,9 +190,9 @@ sub report_form_ajax : Path('ajax') : Args(0) {
my $contribute_as = {};
if ($c->user_exists) {
- my $bodies = join(',', keys %{$c->stash->{bodies}});
- my $ca_another_user = $c->user->has_permission_to('contribute_as_another_user', $bodies);
- my $ca_body = $c->user->has_permission_to('contribute_as_body', $bodies);
+ my @bodies = keys %{$c->stash->{bodies}};
+ my $ca_another_user = $c->user->has_permission_to('contribute_as_another_user', \@bodies);
+ my $ca_body = $c->user->has_permission_to('contribute_as_body', \@bodies);
$contribute_as->{another_user} = $ca_another_user if $ca_another_user;
$contribute_as->{body} = $ca_body if $ca_body;
}
diff --git a/perllib/FixMyStreet/App/Controller/Report/Update.pm b/perllib/FixMyStreet/App/Controller/Report/Update.pm
index 705e6ee99..4c2d92d5e 100644
--- a/perllib/FixMyStreet/App/Controller/Report/Update.pm
+++ b/perllib/FixMyStreet/App/Controller/Report/Update.pm
@@ -113,7 +113,7 @@ sub process_user : Private {
if ( $c->user_exists ) { {
my $user = $c->user->obj;
- if ($c->stash->{contributing_as_another_user} = $user->contributing_as('another_user', $c, $update->problem->bodies_str)) {
+ if ($c->stash->{contributing_as_another_user} = $user->contributing_as('another_user', $c, $update->problem->bodies_str_ids)) {
# Act as if not logged in (and it will be auto-confirmed later on)
last;
}
@@ -276,7 +276,7 @@ sub process_update : Private {
$update->mark_fixed($params{fixed} ? 1 : 0);
$update->mark_open($params{reopen} ? 1 : 0);
- $c->stash->{contributing_as_body} = $c->user_exists && $c->user->contributing_as('body', $c, $update->problem->bodies_str);
+ $c->stash->{contributing_as_body} = $c->user_exists && $c->user->contributing_as('body', $c, $update->problem->bodies_str_ids);
if ($c->stash->{contributing_as_body}) {
$update->name($c->user->from_body->name);
$update->anonymous(0);
@@ -286,7 +286,7 @@ sub process_update : Private {
}
if ( $params{state} ) {
- $params{state} = 'fixed - council'
+ $params{state} = 'fixed - council'
if $params{state} eq 'fixed' && $c->user && $c->user->belongs_to_body( $update->problem->bodies_str );
$update->problem_state( $params{state} );
} else {
diff --git a/perllib/FixMyStreet/Cobrand/Default.pm b/perllib/FixMyStreet/Cobrand/Default.pm
index 47e577372..c44842dea 100644
--- a/perllib/FixMyStreet/Cobrand/Default.pm
+++ b/perllib/FixMyStreet/Cobrand/Default.pm
@@ -717,9 +717,15 @@ sub available_permissions {
report_edit_priority => _("Edit report priority"), # future use
report_inspect => _("Markup problem details"),
report_instruct => _("Instruct contractors to fix problems"), # future use
- planned_reports => _("Manage planned reports list"),
+ planned_reports => _("Manage shortlist"),
contribute_as_another_user => _("Create reports/updates on a user's behalf"),
contribute_as_body => _("Create reports/updates as the council"),
+
+ # NB this permission is special in that it can be assigned to users
+ # without their from_body being set. It's included here for
+ # reference, but left commented out because it's not assigned in the
+ # same way as other permissions.
+ # trusted => _("Trusted to make reports that don't need to be inspected"),
},
_("Users") => {
user_edit => _("Edit other users' details"),
diff --git a/perllib/FixMyStreet/Cobrand/FiksGataMi.pm b/perllib/FixMyStreet/Cobrand/FiksGataMi.pm
index ba26b7a2c..242735073 100644
--- a/perllib/FixMyStreet/Cobrand/FiksGataMi.pm
+++ b/perllib/FixMyStreet/Cobrand/FiksGataMi.pm
@@ -29,6 +29,8 @@ sub disambiguate_location {
}
sub area_types {
+ my $self = shift;
+ return $self->next::method() if FixMyStreet->config('STAGING_SITE') && FixMyStreet->config('SKIP_CHECKS_ON_STAGING');
[ 'NKO', 'NFY', 'NRA' ];
}
diff --git a/perllib/FixMyStreet/Cobrand/FixaMinGata.pm b/perllib/FixMyStreet/Cobrand/FixaMinGata.pm
index 9ffbf00b8..a321d5c7c 100644
--- a/perllib/FixMyStreet/Cobrand/FixaMinGata.pm
+++ b/perllib/FixMyStreet/Cobrand/FixaMinGata.pm
@@ -30,6 +30,8 @@ sub disambiguate_location {
}
sub area_types {
+ my $self = shift;
+ return $self->next::method() if FixMyStreet->config('STAGING_SITE') && FixMyStreet->config('SKIP_CHECKS_ON_STAGING');
[ 'KOM' ];
}
diff --git a/perllib/FixMyStreet/Cobrand/UKCouncils.pm b/perllib/FixMyStreet/Cobrand/UKCouncils.pm
index 5d72c4962..42c9c5cbc 100644
--- a/perllib/FixMyStreet/Cobrand/UKCouncils.pm
+++ b/perllib/FixMyStreet/Cobrand/UKCouncils.pm
@@ -42,11 +42,13 @@ sub restriction {
sub problems_restriction {
my ($self, $rs) = @_;
+ return $rs if FixMyStreet->config('STAGING_SITE') && FixMyStreet->config('SKIP_CHECKS_ON_STAGING');
return $rs->to_body($self->council_id);
}
sub updates_restriction {
my ($self, $rs) = @_;
+ return $rs if FixMyStreet->config('STAGING_SITE') && FixMyStreet->config('SKIP_CHECKS_ON_STAGING');
return $rs->to_body($self->council_id);
}
@@ -96,6 +98,8 @@ sub enter_postcode_text {
sub area_check {
my ( $self, $params, $context ) = @_;
+ return 1 if FixMyStreet->config('STAGING_SITE') && FixMyStreet->config('SKIP_CHECKS_ON_STAGING');
+
my $councils = $params->{all_areas};
my $council_match = defined $councils->{$self->council_id};
if ($council_match) {
diff --git a/perllib/FixMyStreet/DB/Result/User.pm b/perllib/FixMyStreet/DB/Result/User.pm
index 0ba7e252c..2a2d0d5e3 100644
--- a/perllib/FixMyStreet/DB/Result/User.pm
+++ b/perllib/FixMyStreet/DB/Result/User.pm
@@ -257,15 +257,14 @@ sub permissions {
}
sub has_permission_to {
- my ($self, $permission_type, $body_id) = @_;
+ my ($self, $permission_type, $body_ids) = @_;
return 1 if $self->is_superuser;
+ return 0 unless $body_ids;
- return 0 unless $self->belongs_to_body($body_id);
-
- my $permission = $self->user_body_permissions->find({
+ my $permission = $self->user_body_permissions->find({
permission_type => $permission_type,
- body_id => $self->from_body->id,
+ body_id => $body_ids,
});
return $permission ? 1 : 0;
}
@@ -293,10 +292,25 @@ sub has_body_permission_to {
return $self->has_permission_to($permission_type, $self->from_body->id);
}
+=head2 admin_user_body_permissions
+
+Some permissions aren't managed in the normal way via the admin, e.g. the
+'trusted' permission. This method returns a query that excludes such exceptional
+permissions.
+
+=cut
+
+sub admin_user_body_permissions {
+ my $self = shift;
+
+ return $self->user_body_permissions->search({
+ permission_type => { '!=' => 'trusted' },
+ });
+}
+
sub contributing_as {
my ($self, $other, $c, $bodies) = @_;
- $bodies = join(',', keys %$bodies) if ref $bodies eq 'HASH';
- $c->log->error("Bad data $bodies passed to contributing_as") if ref $bodies;
+ $bodies = [ keys %$bodies ] if ref $bodies eq 'HASH';
my $form_as = $c->get_param('form_as') || '';
return 1 if $form_as eq $other && $self->has_permission_to("contribute_as_$other", $bodies);
}
@@ -327,7 +341,7 @@ sub adopt {
$other->delete;
}
-# Planned reports
+# Planned reports / shortlist
# Override the default auto-created function as we only want one live entry per user
around add_to_planned_reports => sub {
diff --git a/perllib/FixMyStreet/Script/Reports.pm b/perllib/FixMyStreet/Script/Reports.pm
index ab0d90ba8..8d3b2ddbc 100644
--- a/perllib/FixMyStreet/Script/Reports.pm
+++ b/perllib/FixMyStreet/Script/Reports.pm
@@ -144,9 +144,14 @@ sub send(;$) {
$reporters{ $sender } ||= $sender->new();
my $inspection_required = $sender_info->{contact}->get_extra_metadata('inspection_required') if $sender_info->{contact};
- if ( $inspection_required && !$row->get_extra_metadata('inspected') ) {
- $skip = 1;
- debug_print("skipped because not yet inspected", $row->id) if $debug_mode;
+ if ( $inspection_required ) {
+ unless (
+ $row->get_extra_metadata('inspected') ||
+ $row->user->has_permission_to( trusted => $row->bodies_str_ids )
+ ) {
+ $skip = 1;
+ debug_print("skipped because not yet inspected", $row->id) if $debug_mode;
+ }
}
if ( $reporters{ $sender }->should_skip( $row ) ) {
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 07:00:58 +0000