From 33e5f35059dd318560db41c9407367442d3c2f7f Mon Sep 17 00:00:00 2001
From: Dave Arter <davea@mysociety.org>
Date: Tue, 30 Jan 2018 12:16:59 +0000
Subject: Allow updates to be left as another user with phone number

---
 .../FixMyStreet/App/Controller/Report/Update.pm    | 12 +++-
 t/app/controller/report_as_other.t                 | 73 +++++++++++++++++++---
 2 files changed, 76 insertions(+), 9 deletions(-)

diff --git a/perllib/FixMyStreet/App/Controller/Report/Update.pm b/perllib/FixMyStreet/App/Controller/Report/Update.pm
index 24b54d7b5..99eae8659 100644
--- a/perllib/FixMyStreet/App/Controller/Report/Update.pm
+++ b/perllib/FixMyStreet/App/Controller/Report/Update.pm
@@ -125,10 +125,12 @@ sub process_user : Private {
 
     my $parsed = FixMyStreet::SMS->parse_username($params{username});
     my $type = $parsed->{type} || 'email';
-    $type = 'email' unless FixMyStreet->config('SMS_AUTHENTICATION');
+    $type = 'email' unless FixMyStreet->config('SMS_AUTHENTICATION') || $c->stash->{contributing_as_another_user};
     $update->user( $c->model('DB::User')->find_or_new( { $type => $parsed->{username} } ) )
         unless $update->user;
 
+    $c->stash->{phone_may_be_mobile} = $type eq 'phone' && $parsed->{may_be_mobile};
+
     # The user is trying to sign in. We only care about username from the params.
     if ( $c->get_param('submit_sign_in') || $c->get_param('password_sign_in') ) {
         $c->stash->{tfa_data} = {
@@ -364,6 +366,12 @@ sub check_for_errors : Private {
         delete $field_errors{username};
     }
 
+    # if we're contributing as someone else then allow landline numbers
+    if ( $field_errors{phone} && $c->stash->{contributing_as_another_user} && !$c->stash->{phone_may_be_mobile}) {
+        delete $field_errors{username};
+        delete $field_errors{phone};
+    }
+
     if ( my $photo_error  = delete $c->stash->{photo_error} ) {
         $field_errors{photo} = $photo_error;
     }
@@ -477,7 +485,7 @@ sub redirect_or_confirm_creation : Private {
     if ( $update->confirmed ) {
         $c->forward( 'update_problem' );
         $c->forward( 'signup_for_alerts' );
-        if ($c->stash->{contributing_as_another_user}) {
+        if ($c->stash->{contributing_as_another_user} && $update->user->email) {
             $c->send_email( 'other-updated.txt', {
                 to => [ [ $update->user->email, $update->name ] ],
             } );
diff --git a/t/app/controller/report_as_other.t b/t/app/controller/report_as_other.t
index 22bd5185e..e8f65eb7b 100644
--- a/t/app/controller/report_as_other.t
+++ b/t/app/controller/report_as_other.t
@@ -163,7 +163,7 @@ subtest "Body user, has permission to add update as council" => sub {
     is $update->anonymous, 0, 'update not anonymous';
 };
 
-subtest "Body user, has permission to add update as another user" => sub {
+subtest "Body user, has permission to add update as another user with email" => sub {
     my $update = add_update(
         'contribute_as_another_user',
         form_as => 'another_user',
@@ -179,7 +179,39 @@ subtest "Body user, has permission to add update as another user" => sub {
     push @users, $update->user;
 };
 
-subtest "Body user, has permission to add update as another (existing) user" => sub {
+subtest "Body user, has permission to add update as another user with mobile phone" => sub {
+    my $update = add_update(
+        'contribute_as_another_user',
+        form_as => 'another_user',
+        update => 'Test Update',
+        name => 'Another User',
+        username => '07906 444444',
+    );
+    is $update->name, 'Another User', 'update name is given name';
+    is $update->user->name, 'Another User', 'user name matches';
+    is $update->user->phone, '+447906444444', 'user phone correct';
+    isnt $update->user->id, $user->id, 'user does not match';
+    $mech->email_count_is(0);
+    push @users, $update->user;
+};
+
+subtest "Body user, has permission to add update as another user with landline phone" => sub {
+    my $update = add_update(
+        'contribute_as_another_user',
+        form_as => 'another_user',
+        update => 'Test Update',
+        name => 'Another User',
+        username => '01685 555555',
+    );
+    is $update->name, 'Another User', 'update name is given name';
+    is $update->user->name, 'Another User', 'user name matches';
+    is $update->user->phone, '+441685555555', 'user phone correct';
+    isnt $update->user->id, $user->id, 'user does not match';
+    $mech->email_count_is(0);
+    push @users, $update->user;
+};
+
+subtest "Body user, has permission to add update as another (existing) user with email" => sub {
     my $update = add_update(
         'contribute_as_another_user',
         form_as => 'another_user',
@@ -194,6 +226,21 @@ subtest "Body user, has permission to add update as another (existing) user" =>
     like $mech->get_text_body_from_email, qr/Your update has been logged/;
 };
 
+subtest "Body user, has permission to add update as another (existing) user with phone" => sub {
+    my $update = add_update(
+        'contribute_as_another_user',
+        form_as => 'another_user',
+        update => 'Test Update',
+        name => 'Existing Yooser',
+        username => '07906 333333',
+    );
+    is $update->name, 'Existing Yooser', 'update name is given name';
+    is $update->user->name, 'Existing User', 'user name remains same';
+    is $update->user->phone, '+447906333333', 'user phone correct';
+    isnt $update->user->id, $user->id, 'user does not match';
+    $mech->email_count_is(0);
+};
+
 subtest "Body user, has permission to add update as anonymous user" => sub {
     my $update = add_update(
         'contribute_as_anonymous_user',
@@ -247,16 +294,28 @@ sub start_update {
     $_->delete for $user->user_body_permissions;
     $user->user_body_permissions->create({ body => $body, permission_type => $permission })
         if $permission;
-    $mech->get_ok('/report/' . $report_to_update->id);
+    FixMyStreet::override_config {
+        ALLOWED_COBRANDS => [ 'fixmystreet' ],
+        MAPIT_URL => 'http://mapit.uk/',
+        PHONE_COUNTRY => 'GB',
+    }, sub {
+        $mech->get_ok('/report/' . $report_to_update->id);
+    };
 }
 
 sub add_update {
     my ($permission, %fields) = @_;
     start_update($permission);
-    dropdown_shown(1, 'updateForm');
-    $mech->submit_form_ok({
-        with_fields => \%fields,
-    }, "submit details");
+    FixMyStreet::override_config {
+        ALLOWED_COBRANDS => [ 'fixmystreet' ],
+        MAPIT_URL => 'http://mapit.uk/',
+        PHONE_COUNTRY => 'GB',
+    }, sub {
+        dropdown_shown(1, 'updateForm');
+        $mech->submit_form_ok({
+            with_fields => \%fields,
+        }, "submit details");
+    };
     $mech->content_contains('Thank you for updating this issue');
     my $update = FixMyStreet::DB->resultset("Comment")->search(undef, { order_by => { -desc => 'id' } })->first;
     ok $update, "Found the update";
-- 
cgit v1.2.3