Use routes to only allow post to RequestController#describe_state

author: Matthew Landauer <matthew@openaustralia.org> 2013-03-02 14:27:20 +1100
committer: Matthew Landauer <matthew@openaustralia.org> 2013-03-02 14:27:20 +1100
commit: fa624fc7f17b6b4b6710817ed63291386e525f9c (patch)
tree: 96e5c142193e754aac3260c14d1f6bf2dfe560da
parent: c6eb7777a8d467ab6befc0974e44beb4f47f737a (diff)
5 files changed, 6 insertions, 18 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index 6b8444f90..80df9b04d 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -377,12 +377,6 @@ class RequestController < ApplicationController
         @info_request = InfoRequest.find(params[:id].to_i)
         set_last_request(@info_request)
 
-        # If this isn't a form submit, go to the request page
-        if params[:submitted_describe_state].nil?
-            redirect_to request_url(@info_request)
-            return
-        end
-
         # If this is an external request, go to the request page - we don't allow
         # state change from the front end interface.
         if @info_request.is_external?
diff --git a/app/views/request/_describe_state.rhtml b/app/views/request/_describe_state.rhtml
index 5b6004e81..1550b318a 100644
--- a/app/views/request/_describe_state.rhtml
+++ b/app/views/request/_describe_state.rhtml
@@ -97,7 +97,6 @@
 
         <p>
         <%= hidden_field_tag 'last_info_request_event_id', @last_info_request_event_id, :id => 'last_info_request_event_id' + id_suffix %>
-        <%= hidden_field_tag 'submitted_describe_state', 1, :id => 'submitted_describe_state' + id_suffix %>
         <%= submit_tag _("Submit status") %> (<%= _('and we\'ll suggest <strong>what to do next</strong>') %>)
         </p>
     <% end %>
diff --git a/app/views/request/_other_describe_state.rhtml b/app/views/request/_other_describe_state.rhtml
index e274fe8c9..3a80823c6 100644
--- a/app/views/request/_other_describe_state.rhtml
+++ b/app/views/request/_other_describe_state.rhtml
@@ -75,7 +75,6 @@
 
     <p>
     <%= hidden_field_tag 'last_info_request_event_id', @last_info_request_event_id, :id => 'last_info_request_event_id' + id_suffix %>
-    <%= hidden_field_tag 'submitted_describe_state', 1, :id => 'submitted_describe_state' + id_suffix %>
     <%= submit_tag "Submit status" %>
     </p>
 <% end %>
diff --git a/config/routes.rb b/config/routes.rb
index 3512b4cd4..0a0736eaa 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -54,7 +54,7 @@ ActionController::Routing::Routes.draw do |map|
         request.details_request     '/details/request/:url_title', :action => 'details'
         request.similar_request     '/similar/request/:url_title', :action => 'similar'
 
-        request.describe_state   '/request/:id/describe', :action => 'describe_state'
+        request.describe_state   '/request/:id/describe', :action => 'describe_state', :conditions => {:method => :post}
         request.show_response_no_followup    '/request/:id/response', :action => 'show_response'
         request.show_response    '/request/:id/response/:incoming_message_id', :action => 'show_response'
         request.get_attachment_as_html   '/request/:id/response/:incoming_message_id/attach/html/:part/*file_name', :action => 'get_attachment_as_html'
diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb
index 788ea9785..fdde54eeb 100644
--- a/spec/controllers/request_controller_spec.rb
+++ b/spec/controllers/request_controller_spec.rb
@@ -1250,8 +1250,7 @@ describe RequestController, "when classifying an information request" do
         end
 
         it 'should redirect to the request page' do
-            post :describe_state, :id => @external_request.id,
-                                  :submitted_describe_state => 1
+            post :describe_state, :id => @external_request.id
             response.should redirect_to(:action => 'show',
                                         :controller => 'request',
                                         :url_title => @external_request.url_title)
@@ -1271,8 +1270,7 @@ describe RequestController, "when classifying an information request" do
         def post_status(status)
             post :describe_state, :incoming_message => { :described_state => status },
                                   :id => @dog_request.id,
-                                  :last_info_request_event_id => @dog_request.last_event_id_needing_description,
-                                  :submitted_describe_state => 1
+                                  :last_info_request_event_id => @dog_request.last_event_id_needing_description
         end
 
         it "should require login" do
@@ -1461,8 +1459,7 @@ describe RequestController, "when classifying an information request" do
 
             it "should let you know when you forget to select a status" do
                 post :describe_state, :id => @dog_request.id,
-                                      :last_info_request_event_id => @dog_request.last_event_id_needing_description,
-                                      :submitted_describe_state => 1
+                                      :last_info_request_event_id => @dog_request.last_event_id_needing_description
                 response.should redirect_to request_url(@dog_request)
                 flash[:error].should == _("Please choose whether or not you got some of the information that you wanted.")
             end
@@ -1471,8 +1468,7 @@ describe RequestController, "when classifying an information request" do
                 @dog_request.stub!(:last_event_id_needing_description).and_return(2)
 
                 post :describe_state, :incoming_message => { :described_state => "rejected" },
-                    :id => @dog_request.id, :last_info_request_event_id => 1,
-                    :submitted_describe_state => 1
+                    :id => @dog_request.id, :last_info_request_event_id => 1
                 response.should redirect_to request_url(@dog_request)
                 flash[:error].should =~ /The request has been updated since you originally loaded this page/
             end
@@ -1498,7 +1494,7 @@ describe RequestController, "when classifying an information request" do
             end
 
             it "should send email when classified as requires_admin" do
-                post :describe_state, :incoming_message => { :described_state => "requires_admin" }, :id => @dog_request.id, :incoming_message_id => incoming_messages(:useless_incoming_message), :last_info_request_event_id => @dog_request.last_event_id_needing_description, :submitted_describe_state => 1
+                post :describe_state, :incoming_message => { :described_state => "requires_admin" }, :id => @dog_request.id, :incoming_message_id => incoming_messages(:useless_incoming_message), :last_info_request_event_id => @dog_request.last_event_id_needing_description
                 response.should redirect_to(:controller => 'help', :action => 'contact')
 
                 @dog_request.reload
author	Matthew Landauer <matthew@openaustralia.org>	2013-03-02 14:27:20 +1100
committer	Matthew Landauer <matthew@openaustralia.org>	2013-03-02 14:27:20 +1100
commit	fa624fc7f17b6b4b6710817ed63291386e525f9c (patch)
tree	96e5c142193e754aac3260c14d1f6bf2dfe560da
parent	c6eb7777a8d467ab6befc0974e44beb4f47f737a (diff)