diff options
| author | Louise Crow <louise.crow@gmail.com> | 2013-08-14 11:29:55 +0100 |
|---|---|---|
| committer | Louise Crow <louise.crow@gmail.com> | 2013-09-16 12:41:44 +0100 |
| commit | 0bb0c97831d22a8ad29fd4c4a9217327c77dfcfd (patch) | |
| tree | d2296d42fe9693c29c0626e2947de1dca42bc7a5 /app/controllers/request_controller.rb | |
| parent | 5f256f104f98ac0aba1234d0dadac4a1f9602e11 (diff) | |
Add new code and specs for hiding attachments.
Diffstat (limited to 'app/controllers/request_controller.rb')
| -rw-r--r-- | app/controllers/request_controller.rb | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 0c1d9880c..6a927d327 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -683,9 +683,13 @@ class RequestController < ApplicationController @info_request = incoming_message.info_request # used by view return render_hidden end + if !incoming_message.user_can_view?(authenticated_user) + @incoming_message = incoming_message # used by view + return render_hidden_message + end # Is this a completely public request that we can cache attachments for # to be served up without authentication? - if incoming_message.info_request.all_can_view? + if incoming_message.info_request.all_can_view? && incoming_message.all_can_view? @files_can_be_cached = true end end @@ -945,5 +949,14 @@ class RequestController < ApplicationController false end + def render_hidden_message + respond_to do |format| + response_code = 410 # gone + format.html{ render :template => 'request/hidden_correspondence', :status => response_code } + format.any{ render :nothing => true, :status => response_code } + end + false + end + end |