diff options
| -rw-r--r-- | app/assets/stylesheets/responsive/_new_request_layout.scss | 5 | ||||
| -rw-r--r-- | app/assets/stylesheets/responsive/_user_layout.scss | 5 | ||||
| -rw-r--r-- | app/controllers/admin_controller.rb | 3 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 8 | ||||
| -rw-r--r-- | app/controllers/general_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/user_controller.rb | 6 | ||||
| -rw-r--r-- | app/models/info_request.rb | 13 | ||||
| -rwxr-xr-x | config/sysvinit-thin.ugly | 3 | ||||
| -rw-r--r-- | lib/tasks/config_files.rake | 3 | ||||
| -rw-r--r-- | spec/controllers/user_controller_spec.rb | 10 | ||||
| -rw-r--r-- | spec/integration/alaveteli_dsl.rb | 9 | ||||
| -rw-r--r-- | spec/integration/view_request_spec.rb | 22 | ||||
| -rw-r--r-- | spec/models/info_request_spec.rb | 17 |
13 files changed, 92 insertions, 14 deletions
diff --git a/app/assets/stylesheets/responsive/_new_request_layout.scss b/app/assets/stylesheets/responsive/_new_request_layout.scss index eec95ae77..aba4ffc29 100644 --- a/app/assets/stylesheets/responsive/_new_request_layout.scss +++ b/app/assets/stylesheets/responsive/_new_request_layout.scss @@ -29,6 +29,11 @@ @include lte-ie7 { width: 26.188em; } + /* Don't nest public body grid row in this context */ + #public_body_show { + @include grid-row(); + } + } /* Hide some elements of the public body that aren't appropriate in this diff --git a/app/assets/stylesheets/responsive/_user_layout.scss b/app/assets/stylesheets/responsive/_user_layout.scss index 8087f978c..a568a5fa3 100644 --- a/app/assets/stylesheets/responsive/_user_layout.scss +++ b/app/assets/stylesheets/responsive/_user_layout.scss @@ -1,2 +1,7 @@ /* Layout for user pages */ +#user_profile_search { + #search_form { + margin-top: 2rem; + } +} diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index 8b606ea85..3bf40b8f9 100644 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -25,8 +25,7 @@ class AdminController < ApplicationController def expire_for_request(info_request) # Clear out cached entries, by removing files from disk (the built in # Rails fragment cache made doing this and other things too hard) - cache_subpath = foi_fragment_cache_all_for_request(info_request) - FileUtils.rm_rf(cache_subpath) + info_request.foi_fragment_cache_directories.each{ |dir| FileUtils.rm_rf(dir) } # Remove any download zips FileUtils.rm_rf(info_request.download_zip_dir) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0c5f5bd02..4d3f40d40 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -189,14 +189,6 @@ class ApplicationController < ActionController::Base return File.join(File.split(path).map{|x| x[0...max_file_length]}) end - def foi_fragment_cache_all_for_request(info_request) - # return stub path so admin can expire it - first_three_digits = info_request.id.to_s()[0..2] - path = "views/request/#{first_three_digits}/#{info_request.id}" - foi_cache_path = File.expand_path(File.join(File.dirname(__FILE__), '../../cache')) - return File.join(foi_cache_path, path) - end - def foi_fragment_cache_exists?(key_path) return File.exists?(key_path) end diff --git a/app/controllers/general_controller.rb b/app/controllers/general_controller.rb index 158492eb2..2c8abbaf4 100644 --- a/app/controllers/general_controller.rb +++ b/app/controllers/general_controller.rb @@ -32,7 +32,7 @@ class GeneralController < ApplicationController if !content.empty? @data = XmlSimple.xml_in(content) @channel = @data['channel'][0] - @blog_items = @channel['item'] + @blog_items = @channel.fetch('item') { [] } @feed_autodetect = [{:url => @feed_url, :title => "#{site_name} blog"}] end end diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index fcc500e06..f23343ddb 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -199,7 +199,7 @@ class UserController < ApplicationController work_out_post_redirect @request_from_foreign_country = country_from_ip != AlaveteliConfiguration::iso_country_code # Make the user and try to save it - @user_signup = User.new(params[:user_signup]) + @user_signup = User.new(user_params(:user_signup)) error = false if @request_from_foreign_country && !verify_recaptcha flash.now[:error] = _("There was an error with the words you entered, please try again.") @@ -601,6 +601,10 @@ class UserController < ApplicationController private + def user_params(key = :user) + params[key].slice(:name, :email, :password, :password_confirmation) + end + def is_modal_dialog (params[:modal].to_i != 0) end diff --git a/app/models/info_request.rb b/app/models/info_request.rb index aed651ad3..d0052603a 100644 --- a/app/models/info_request.rb +++ b/app/models/info_request.rb @@ -1048,6 +1048,19 @@ public File.join(Rails.root, "cache", "zips", "#{Rails.env}") end + def foi_fragment_cache_directories + # return stub path so admin can expire it + directories = [] + path = File.join("request", request_dirs) + foi_cache_path = File.expand_path(File.join(Rails.root, 'cache', 'views')) + directories << File.join(foi_cache_path, path) + I18n.available_locales.each do |locale| + directories << File.join(foi_cache_path, locale.to_s, path) + end + + directories + end + def request_dirs first_three_digits = id.to_s()[0..2] File.join(first_three_digits.to_s, id.to_s) diff --git a/config/sysvinit-thin.ugly b/config/sysvinit-thin.ugly index cc604d994..b333f3738 100755 --- a/config/sysvinit-thin.ugly +++ b/config/sysvinit-thin.ugly @@ -17,6 +17,7 @@ NAME=!!(*= $site *)!! SITE_HOME=!!(*= $vhost_dir *)!!/!!(*= $vcspath *)!! DESC="Alaveteli app server" USER=!!(*= $user *)!! +RAILS_ENV=!!(*= $rails_env *)!! set -e @@ -26,7 +27,7 @@ su -l -c "cd $SITE_HOME && bundle exec thin --version &> /dev/null || exit 0" $U start_daemon() { echo -n "Starting $DESC: " cd "$SITE_HOME" && bundle exec thin \ - --environment=production \ + --environment=$RAILS_ENV \ --user="$USER" \ --group="$USER" \ --address=127.0.0.1 \ diff --git a/lib/tasks/config_files.rake b/lib/tasks/config_files.rake index 5dda64a04..1528d7324 100644 --- a/lib/tasks/config_files.rake +++ b/lib/tasks/config_files.rake @@ -32,7 +32,8 @@ namespace :config_files do :user => ENV['DEPLOY_USER'], :vhost_dir => ENV['VHOST_DIR'], :vcspath => ENV.fetch('VCSPATH') { 'alaveteli' }, - :site => ENV.fetch('SITE') { 'foi' } + :site => ENV.fetch('SITE') { 'foi' }, + :rails_env => ENV.fetch('RAILS_ENV') { 'development' } } # Use the filename for the $daemon_name ugly variable diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb index 6ecdf1ad4..e4854fe6b 100644 --- a/spec/controllers/user_controller_spec.rb +++ b/spec/controllers/user_controller_spec.rb @@ -327,6 +327,16 @@ describe UserController, "when signing up" do deliveries[0].body.should match(/when\s+you\s+already\s+have\s+an/) end + it 'accepts only whitelisted parameters' do + post :signup, { :user_signup => { :email => 'silly@localhost', + :name => 'New Person', + :password => 'sillypassword', + :password_confirmation => 'sillypassword', + :admin_level => 'super' } } + + expect(assigns(:user_signup).admin_level).to eq('none') + end + # TODO: need to do bob@localhost signup and check that sends different email end diff --git a/spec/integration/alaveteli_dsl.rb b/spec/integration/alaveteli_dsl.rb index 119bb05a0..1d56abbdf 100644 --- a/spec/integration/alaveteli_dsl.rb +++ b/spec/integration/alaveteli_dsl.rb @@ -64,5 +64,14 @@ def close_request(request) request.save! end +def cache_directories_exist?(request) + cache_path = File.join(Rails.root, 'cache', 'views') + paths = [File.join(cache_path, 'request', request.request_dirs)] + I18n.available_locales.each do |locale| + paths << File.join(cache_path, locale.to_s, 'request', request.request_dirs) + end + paths.any?{ |path| File.exist?(path) } +end + diff --git a/spec/integration/view_request_spec.rb b/spec/integration/view_request_spec.rb index 814e20fb3..eecb984f5 100644 --- a/spec/integration/view_request_spec.rb +++ b/spec/integration/view_request_spec.rb @@ -19,6 +19,28 @@ describe "When viewing requests" do @unregistered.browses_request("#{@info_request.url_title}?action=add") end + context "when a request is hidden by an admin" do + + it 'should not retain any cached attachments to be served up by the webserver' do + admin = login(FactoryGirl.create(:admin_user)) + non_owner = login(FactoryGirl.create(:user)) + info_request = FactoryGirl.create(:info_request_with_incoming_attachments) + incoming_message = info_request.incoming_messages.first + attachment_url = "/es/request/#{info_request.id}/response/#{incoming_message.id}/attach/2/interesting.pdf" + non_owner.get(attachment_url) + cache_directories_exist?(info_request).should be_true + + # Admin makes the incoming message requester only + post_data = {:incoming_message => {:prominence => 'hidden', + :prominence_reason => 'boring'}} + admin.post_via_redirect "/admin/incoming/update/#{info_request.incoming_messages.first.id}", post_data + admin.response.should be_success + + cache_directories_exist?(info_request).should be_false + end + + end + context 'when a response has prominence "normal"' do before do diff --git a/spec/models/info_request_spec.rb b/spec/models/info_request_spec.rb index 12499f50a..afb8e0949 100644 --- a/spec/models/info_request_spec.rb +++ b/spec/models/info_request_spec.rb @@ -147,6 +147,23 @@ describe InfoRequest do end + describe 'when managing the cache directories' do + before do + @info_request = info_requests(:fancy_dog_request) + end + + it 'should return the default locale cache path without locale parts' do + default_locale_path = File.join(Rails.root, 'cache', 'views', 'request', '101', '101') + @info_request.foi_fragment_cache_directories.include?(default_locale_path).should == true + end + + it 'should return the cache path for any other locales' do + other_locale_path = File.join(Rails.root, 'cache', 'views', 'es', 'request', '101', '101') + @info_request.foi_fragment_cache_directories.include?(other_locale_path).should == true + end + + end + describe " when emailing" do before do |