diff options
| -rw-r--r-- | app/models/info_request.rb | 15 | ||||
| -rw-r--r-- | app/models/info_request_event.rb | 8 | ||||
| -rw-r--r-- | app/models/user.rb | 3 | ||||
| -rw-r--r-- | app/views/admin_request/edit.rhtml | 4 | ||||
| -rw-r--r-- | app/views/request/hidden.rhtml | 8 | ||||
| -rw-r--r-- | app/views/request/show.rhtml | 7 | ||||
| -rw-r--r-- | spec/controllers/request_controller_spec.rb | 102 | ||||
| -rw-r--r-- | todo.txt | 11 |
8 files changed, 124 insertions, 34 deletions
diff --git a/app/models/info_request.rb b/app/models/info_request.rb index aa9b49c83..dfa66102e 100644 --- a/app/models/info_request.rb +++ b/app/models/info_request.rb @@ -24,7 +24,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: info_request.rb,v 1.197 2009-06-30 14:28:26 francis Exp $ +# $Id: info_request.rb,v 1.198 2009-07-03 11:43:37 francis Exp $ require 'digest/sha1' require File.join(File.dirname(__FILE__),'../../vendor/plugins/acts_as_xapian/lib/acts_as_xapian') @@ -68,7 +68,8 @@ class InfoRequest < ActiveRecord::Base validates_inclusion_of :prominence, :in => [ 'normal', 'backpage', - 'hidden' + 'hidden', + 'requester_only' ] validates_inclusion_of :law_used, :in => [ @@ -822,6 +823,16 @@ public if self.prominence == 'hidden' return User.view_hidden_requests?(user) end + if self.prominence == 'requester_only' + return self.is_owning_user?(user) + end + return true + end + + def indexed_by_search? + if self.prominence == 'backpage' || self.prominence == 'hidden' || self.prominence == 'requester_only' + return false + end return true end diff --git a/app/models/info_request_event.rb b/app/models/info_request_event.rb index 53f6d5f90..76f50c8d5 100644 --- a/app/models/info_request_event.rb +++ b/app/models/info_request_event.rb @@ -21,7 +21,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: info_request_event.rb,v 1.84 2009-06-26 14:28:38 francis Exp $ +# $Id: info_request_event.rb,v 1.85 2009-07-03 11:43:37 francis Exp $ class InfoRequestEvent < ActiveRecord::Base belongs_to :info_request @@ -84,7 +84,7 @@ class InfoRequestEvent < ActiveRecord::Base [ :variety, 'V', "variety" ], [ :filetype, 'T', "filetype" ] ], - :if => :indexed_by_search, + :if => :indexed_by_search?, :eager_load => [ :incoming_message, :outgoing_message, :comment, { :info_request => [ :user, :public_body, :censor_rules ] } ] def requested_by @@ -152,9 +152,9 @@ class InfoRequestEvent < ActiveRecord::Base end return '' end - def indexed_by_search + def indexed_by_search? if ['sent', 'followup_sent', 'response', 'comment'].include?(self.event_type) - if self.info_request.prominence == 'backpage' || self.info_request.prominence == 'hidden' + if !self.info_request.indexed_by_search? return false end if self.event_type == 'comment' && !self.comment.visible diff --git a/app/models/user.rb b/app/models/user.rb index 03a076c24..4853d633c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -23,7 +23,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: user.rb,v 1.96 2009-06-30 14:28:26 francis Exp $ +# $Id: user.rb,v 1.97 2009-07-03 11:43:37 francis Exp $ require 'digest/sha1' @@ -220,6 +220,7 @@ class User < ActiveRecord::Base !user.nil? && user.owns_every_request? end + # Can the user see every request, even hidden ones? def self.view_hidden_requests?(user) !user.nil? && user.admin_level == 'super' end diff --git a/app/views/admin_request/edit.rhtml b/app/views/admin_request/edit.rhtml index 2e9b5460c..1bfe4cb90 100644 --- a/app/views/admin_request/edit.rhtml +++ b/app/views/admin_request/edit.rhtml @@ -8,8 +8,8 @@ <%= text_field 'info_request', 'title', :size => 50 %></p> <p><label for="info_request_prominence"><strong>Prominence</strong></label> - <%= select( 'info_request', "prominence", [ "normal", "backpage", "hidden" ]) %> - (backpage means hidden from lists/search; hidden means completely hidden) + <%= select( 'info_request', "prominence", [ "normal", "backpage", "requester_only", "hidden" ]) %> + (backpage means hidden from lists/search; hidden means completely hidden; super users can see anything) </p> <p> diff --git a/app/views/request/hidden.rhtml b/app/views/request/hidden.rhtml index 781bc9184..0dcd66cb4 100644 --- a/app/views/request/hidden.rhtml +++ b/app/views/request/hidden.rhtml @@ -11,4 +11,12 @@ various reasons why we might have done this, sorry we can't be more specific here. Please <a href="/help/contact">contact us</a> if you have any questions. </p> +<% if @info_request.prominence == 'requester_only' %> + <p> + If you are the requester, then you may + <%= link_to "sign in", signin_url(:r => request.request_uri) %> + to view the request. + </p> +<% end %> + diff --git a/app/views/request/show.rhtml b/app/views/request/show.rhtml index 70ce5668f..a55e59bdf 100644 --- a/app/views/request/show.rhtml +++ b/app/views/request/show.rhtml @@ -6,6 +6,13 @@ in as a super user. </p> <% end %> +<% if @info_request.prominence == 'requester_only' %> + <p id="hidden_request"> + This request is hidden, so that only you the requester can see it. Please + <a href="/help/contact">contact us</a> if you are not sure why. + </p> +<% end %> + <% if @update_status || @info_request.awaiting_description %> <div class="describe_state_form" id="describe_state_form_1"> diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb index 153b0a954..939061ce8 100644 --- a/spec/controllers/request_controller_spec.rb +++ b/spec/controllers/request_controller_spec.rb @@ -50,15 +50,7 @@ describe RequestController, "when showing one request" do response.should redirect_to(:action => 'show', :url_title => info_requests(:naughty_chicken_request).url_title) end - it "should not show hidden requests" do - ir = info_requests(:fancy_dog_request) - ir.prominence = 'hidden' - ir.save! - - get :show, :url_title => 'why_do_you_have_such_a_fancy_dog' - response.should render_template('hidden') - end - + describe 'when handling an update_status parameter' do before do @@ -118,24 +110,86 @@ describe RequestController, "when showing one request" do response.should have_text(/First hello/) end - it "should not download attachments if hidden" do - ir = info_requests(:fancy_dog_request) - ir.prominence = 'hidden' - ir.save! - receive_incoming_mail('incoming-request-two-same-name.email', ir.incoming_email) - - get :get_attachment, :incoming_message_id => ir.incoming_messages[1].id, :id => ir.id, :part => 2 - response.content_type.should == "text/html" - response.should_not have_text(/Second hello/) - response.should render_template('request/hidden') - get :get_attachment, :incoming_message_id => ir.incoming_messages[1].id, :id => ir.id, :part => 3 - response.content_type.should == "text/html" - response.should_not have_text(/First hello/) - response.should render_template('request/hidden') - end end end +describe RequestController, "when changing prominence of a request" do + fixtures :info_requests, :info_request_events, :public_bodies, :users, :incoming_messages, :raw_emails, :outgoing_messages # all needed as integrating views + + it "should not show hidden requests" do + ir = info_requests(:fancy_dog_request) + ir.prominence = 'hidden' + ir.save! + + get :show, :url_title => 'why_do_you_have_such_a_fancy_dog' + response.should render_template('hidden') + end + + it "should not show hidden requests even if logged in as their owner" do + ir = info_requests(:fancy_dog_request) + ir.prominence = 'hidden' + ir.save! + + session[:user_id] = ir.user.id # bob_smith_user + get :show, :url_title => 'why_do_you_have_such_a_fancy_dog' + response.should render_template('hidden') + end + + it "should show hidden requests if logged in as super user" do + ir = info_requests(:fancy_dog_request) + ir.prominence = 'hidden' + ir.save! + + session[:user_id] = users(:admin_user) + get :show, :url_title => 'why_do_you_have_such_a_fancy_dog' + response.should render_template('show') + end + + it "should not show requester_only requests if you're not logged in" do + ir = info_requests(:fancy_dog_request) + ir.prominence = 'requester_only' + ir.save! + + get :show, :url_title => 'why_do_you_have_such_a_fancy_dog' + response.should render_template('hidden') + end + + it "should show requester_only requests to requester and admin if logged in" do + ir = info_requests(:fancy_dog_request) + ir.prominence = 'requester_only' + ir.save! + + session[:user_id] = users(:silly_name_user).id + get :show, :url_title => 'why_do_you_have_such_a_fancy_dog' + response.should render_template('hidden') + + session[:user_id] = ir.user.id # bob_smith_user + get :show, :url_title => 'why_do_you_have_such_a_fancy_dog' + response.should render_template('show') + + session[:user_id] = users(:admin_user).id + get :show, :url_title => 'why_do_you_have_such_a_fancy_dog' + response.should render_template('show') + + end + + it "should not download attachments if hidden" do + ir = info_requests(:fancy_dog_request) + ir.prominence = 'hidden' + ir.save! + receive_incoming_mail('incoming-request-two-same-name.email', ir.incoming_email) + + get :get_attachment, :incoming_message_id => ir.incoming_messages[1].id, :id => ir.id, :part => 2 + response.content_type.should == "text/html" + response.should_not have_text(/Second hello/) + response.should render_template('request/hidden') + get :get_attachment, :incoming_message_id => ir.incoming_messages[1].id, :id => ir.id, :part => 3 + response.content_type.should == "text/html" + response.should_not have_text(/First hello/) + response.should render_template('request/hidden') + end +end + # XXX do this for invalid ids # it "should render 404 file" do # response.should render_template("#{RAILS_ROOT}/public/404.html") @@ -7,8 +7,11 @@ Emails sent to stopped requests should follow RFC: http://tools.ietf.org/html/rf Should set In-Reply-To and References fields Reconsider message content given that section in RFC -Factor out "defunct/not_apply" from request_email into own field. +Factor out "defunct/not_apply" from request_email into own field so defunct +authorities can still have followups to existing requests. +Add help about not adding extraneous or possibly libelous content to +requests or followups. Explain how to write things to avoid libel law. Button for people to say "this status is really quite wrong please fix it"? @@ -193,6 +196,9 @@ Help page improvements: Add FAQ / unhappy page which explains what you can do if you get no response at all and that it might be spam. (err, or somehow reorganise FAQ for this in relation to existing mirror image FAQ for officers) + Some more traditional help such as: + * Information about how to track requests and RSS feeds + * Information about how to contacting other users Tell application developer if working days table not up to date, and needs updating @@ -271,6 +277,9 @@ Failed to detect attachments are emails and decode them: When indexing .docx do you need to index docProps/custom.xml and docProps/app.xml as well as word/document.xml ? (thread on xapian-discuss does so) +Mime type / extension wrong on these .docx's +http://www.whatdotheyknow.com/request/bridleway_classifications + VSD files vsdump - example in zip file http://www.whatdotheyknow.com/request/dog_control_orders#incoming-3510 doing file RESPONSE/Internal documents/Briefing with Contact Islington/Contact Islington Flowchart Jul 08.vsd content type |