diff options
| -rw-r--r-- | app/controllers/admin_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 13 | ||||
| -rw-r--r-- | app/controllers/request_controller.rb | 31 | ||||
| -rw-r--r-- | app/views/request/_after_actions.rhtml | 2 | ||||
| -rw-r--r-- | spec/controllers/request_controller_spec.rb | 12 | ||||
| -rw-r--r-- | spec/views/request/_after_actions.rhtml_spec.rb | 18 |
6 files changed, 67 insertions, 13 deletions
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index d7933b212..d93e68dab 100644 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -28,6 +28,10 @@ class AdminController < ApplicationController cache_subpath = foi_fragment_cache_all_for_request(info_request) FileUtils.rm_rf(cache_subpath) + # Remove any download zips + download_dir = request_download_zip_dir(info_request) + FileUtils.rm_rf(download_dir) + # Remove the database caches of body / attachment text (the attachment text # one is after privacy rules are applied) info_request.clear_in_database_caches! diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 320d0cc50..a946526b8 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -231,6 +231,19 @@ class ApplicationController < ActionController::Base end end + def request_dirs(info_request) + first_three_digits = info_request.id.to_s()[0..2] + File.join(first_three_digits.to_s, info_request.id.to_s) + end + + def request_download_zip_dir(info_request) + File.join(download_zip_dir, "download", request_dirs(info_request)) + end + + def download_zip_dir() + File.join(Rails.root, '/cache/zips/') + end + # get the local locale def locale_from_params(*args) if params[:show_locale] diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 2c95114e6..d8c34c2dd 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -868,22 +868,32 @@ class RequestController < ApplicationController def download_entire_request @locale = self.locale_from_params() PublicBody.with_locale(@locale) do - info_request = InfoRequest.find_by_url_title!(params[:url_title]) + @info_request = InfoRequest.find_by_url_title!(params[:url_title]) + # Test for whole request being hidden or requester-only + if !@info_request.all_can_view? + render :template => 'request/hidden', :status => 410 # gone + return + end if authenticated?( :web => _("To download the zip file"), - :email => _("Then you can download a zip file of {{info_request_title}}.",:info_request_title=>info_request.title), - :email_subject => _("Log in to download a zip file of {{info_request_title}}",:info_request_title=>info_request.title) + :email => _("Then you can download a zip file of {{info_request_title}}.", + :info_request_title=>@info_request.title), + :email_subject => _("Log in to download a zip file of {{info_request_title}}", + :info_request_title=>@info_request.title) ) - updated = Digest::SHA1.hexdigest(info_request.get_last_event.created_at.to_i.to_s + info_request.updated_at.to_i.to_s) - @url_path = "/download/#{updated[0..1]}/#{updated}/#{params[:url_title]}.zip" - file_path = File.expand_path(File.join(File.dirname(__FILE__), '../../cache/zips', @url_path)) + updated = Digest::SHA1.hexdigest(@info_request.get_last_event.created_at.to_i.to_s + @info_request.updated_at.to_i.to_s) + @url_path = File.join("/download", + request_dirs(@info_request), + updated, + "#{params[:url_title]}.zip") + file_path = File.expand_path(File.join(download_zip_dir(), @url_path)) if !File.exists?(file_path) FileUtils.mkdir_p(File.dirname(file_path)) Zip::ZipFile.open(file_path, Zip::ZipFile::CREATE) { |zipfile| convert_command = Configuration::html_to_pdf_command done = false if !convert_command.blank? && File.exists?(convert_command) - url = "http://#{Configuration::domain}#{request_url(info_request)}?print_stylesheet=1" + url = "http://#{Configuration::domain}#{request_url(@info_request)}?print_stylesheet=1" tempfile = Tempfile.new('foihtml2pdf') output = AlaveteliExternalCommand.run(convert_command, url, tempfile.path) if !output.nil? @@ -892,22 +902,21 @@ class RequestController < ApplicationController } done = true else - logger.error("Could not convert info request #{info_request.id} to PDF with command '#{convert_command} #{url} #{tempfile.path}'") + logger.error("Could not convert info request #{@info_request.id} to PDF with command '#{convert_command} #{url} #{tempfile.path}'") end tempfile.close else logger.warn("No HTML -> PDF converter found at #{convert_command}") end if !done - @info_request = info_request - @info_request_events = info_request.info_request_events + @info_request_events = @info_request.info_request_events template = File.read(File.join(File.dirname(__FILE__), "..", "views", "request", "simple_correspondence.rhtml")) output = ERB.new(template).result(binding) zipfile.get_output_stream("correspondence.txt") { |f| f.puts(output) } end - for message in info_request.incoming_messages + for message in @info_request.incoming_messages attachments = message.get_attachments_for_display for attachment in attachments filename = "#{attachment.url_part_number}_#{attachment.display_filename}" diff --git a/app/views/request/_after_actions.rhtml b/app/views/request/_after_actions.rhtml index 580ff0e87..221634549 100644 --- a/app/views/request/_after_actions.rhtml +++ b/app/views/request/_after_actions.rhtml @@ -15,9 +15,11 @@ <%= link_to _('Update the status of this request'), '#describe_state_form_1' %> </li> <% end %> + <% if @info_request.all_can_view? %> <li> <%= link_to _("Download a zip file of all correspondence"), download_entire_request_url(:url_title => @info_request.url_title) %> </li> + <% end %> </ul> </div> <% if ! @info_request.is_external? %> diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb index 4e8a11d45..521ad7b5a 100644 --- a/spec/controllers/request_controller_spec.rb +++ b/spec/controllers/request_controller_spec.rb @@ -727,6 +727,16 @@ describe RequestController, "when showing one request" do describe 'when making a zipfile available' do + it 'should return a 410 for a request that is hidden' do + title = 'why_do_you_have_such_a_fancy_dog' + ir = info_requests(:fancy_dog_request) + ir.prominence = 'hidden' + ir.save! + get :download_entire_request, {:url_title => title}, { :user_id => ir.user.id } + response.should render_template('request/hidden') + response.code.should == '410' + end + it "should have a different zipfile URL when the request changes" do title = 'why_do_you_have_such_a_fancy_dog' ir = info_requests(:fancy_dog_request) @@ -765,7 +775,7 @@ describe RequestController, "when showing one request" do info_request = info_requests(:external_request) get :download_entire_request, { :url_title => info_request.url_title }, { :user_id => users(:bob_smith_user) } - response.location.should have_text(/#{assigns[:url_path]}/) + response.location.should have_text(/#{assigns[:url_path]}$/) end end end diff --git a/spec/views/request/_after_actions.rhtml_spec.rb b/spec/views/request/_after_actions.rhtml_spec.rb index 5b4734c52..548990c9f 100644 --- a/spec/views/request/_after_actions.rhtml_spec.rb +++ b/spec/views/request/_after_actions.rhtml_spec.rb @@ -13,7 +13,8 @@ describe 'when displaying actions that can be taken with regard to a request' do :is_external? => false, :public_body => @mock_body, :comments_allowed? => true, - :url_title => 'test_request') + :url_title => 'test_request', + :all_can_view? => true) assigns[:info_request] = @mock_request end @@ -83,4 +84,19 @@ describe 'when displaying actions that can be taken with regard to a request' do expect_owner_link('Request an internal review') end + describe 'if the request is viewable by all' do + + it 'should display the link to download the entire request' do + expect_anyone_link('Download a zip file of all correspondence') + end + end + + describe 'if the request is not viewable by all' do + + it 'should not display the link to download the entire request' do + @mock_request.stub!(:all_can_view?).and_return(false) + expect_no_anyone_link('Download a zip file of all correspondence') + end + end + end |