5 files changed, 76 insertions, 5 deletions

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 01601bce6..33728b65e 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -107,7 +107,7 @@ class UserController < ApplicationController
 
         # Make the user and try to save it
         @user_signup = User.new(params[:user_signup])
-        if not @user_signup.valid?
+        if !@user_signup.valid?
             # Show the form
             render :action => 'sign'
         else
@@ -325,10 +325,41 @@ class UserController < ApplicationController
         render :action => 'confirm' # must be same as for send_confirmation_mail above to avoid leak of presence of email in db
     end
 
-    def set_profile_photo
-        @photo_user = User.find(params[:id])
-        new_profile_photo = ProfilePhoto.new(:data => data)
-        @photo_user.set_profile_photo(new_profile_photo)
+    def profile_photo
+        raise 'boo"
+        # check they are logged in (the upload photo option is anyway only available when logged in)
+        if authenticated_user.nil?
+            flash[:error] = "You need to be logged in to change your profile photo."
+            redirect_to frontpage_url
+            return
+        end
+        if params[:submitted_profile_photo].nil?
+            # default page
+            return
+        end
+
+        # check for uploaded image
+        file_name = nil
+        file_content = nil
+        if params[:file].class.to_s == "ActionController::UploadedTempfile"
+            file_name = params[:file].original_filename
+            file_content = params[:file].read
+        end
+        if file_name.nil?
+            flash[:error] = "Please type a message and/or choose a file containing your response."
+            return
+        end
+
+        # change user's photo
+        new_profile_photo = ProfilePhoto.new(:data => params[:data])
+        if !new_profile_photo.valid?
+            # error page
+            return
+        end
+        @user.set_profile_photo(new_profile_photo)
+
+        flash[:notice] = "Thank you for updating your profile photo"
+        redirect_to user_url(@user)
     end
 end
 
diff --git a/app/views/user/profile_photo.rhtml b/app/views/user/profile_photo.rhtml
new file mode 100644
index 000000000..5b0eb5b56
--- /dev/null
+++ b/app/views/user/profile_photo.rhtml
@@ -0,0 +1,28 @@
+<% @title = "Change profile photo" %>
+
+<pre><%= params.to_yaml %></pre>
+
+<% raise "internal error" if not @user %>
+
+<h2>Change your profile photo</h2>
+
+<div id="profile_photo">
+
+<% form_tag '', :html => { :id => 'profile_photo_form' }, :multipart => true do %>
+    <p>
+	    <label class="form_label" for="file_1">Photo of you:</label> 
+        <%= file_field_tag :file, :size => 35 %>
+    </p>
+
+    <p><strong>Privacy note:</strong> Your photo will be shown in public on the Internet, 
+    everywhere you do something on WhatDoTheyKnow.
+
+    <p>
+        <%= hidden_field_tag 'submitted_profile_photo', 1 %>
+        <%= submit_tag "Change profile photo" %>
+    </p>
+
+<% end %>
+
+
+</div>
diff --git a/app/views/user/show.rhtml b/app/views/user/show.rhtml
index 902de1004..59a9cfcd4 100644
--- a/app/views/user/show.rhtml
+++ b/app/views/user/show.rhtml
@@ -51,6 +51,7 @@
         <% if @is_you %>
             (just to see how it works)
             <br><%= link_to "Change your password", signchange_url() %>
+            <br><%= link_to "Set profile photo", profile_photo_url() %>
         <% end %>
     </p>
 
diff --git a/config/routes.rb b/config/routes.rb
index 8cb25a15a..a37227fc0 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -60,6 +60,7 @@ ActionController::Routing::Routes.draw do |map|
         user.show_user '/user/:url_name', :action => 'show'
         user.contact_user '/user/contact/:id', :action => 'contact'
         user.river '/river', :action => 'river'
+        user.profile_photo '/profile_photo', :action => 'profile_photo'
     end
 
     map.with_options :controller => 'public_body' do |body|
diff --git a/spec/controllers/user_controller_spec.rb b/spec/controllers/user_controller_spec.rb
index 700618f53..109a95cbc 100644
--- a/spec/controllers/user_controller_spec.rb
+++ b/spec/controllers/user_controller_spec.rb
@@ -297,6 +297,16 @@ describe UserController, "when changing password" do
 
 end
 
+describe UserController, "when using profile photos" do
+    integrate_views
+    fixtures :users
+    
+    it "should not let you change profile photo if you're not logged in as the user"
+        user = users(:bob_smith_user)
+        data = load_file_fixture("parrot.png")
+        post :profile_photo, { :id => user.id, :data => data } 
+    end
 
+end