diff options
| -rw-r--r-- | app/controllers/application.rb | 8 | ||||
| -rw-r--r-- | app/controllers/request_controller.rb | 5 | ||||
| -rw-r--r-- | app/views/request/_classify.rhtml | 6 | ||||
| -rw-r--r-- | todo.txt | 1 |
4 files changed, 15 insertions, 5 deletions
diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 2149c7b09..e01f264a2 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -6,7 +6,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: application.rb,v 1.25 2008-01-09 17:47:31 francis Exp $ +# $Id: application.rb,v 1.26 2008-01-09 19:56:01 francis Exp $ class ApplicationController < ActionController::Base @@ -50,7 +50,11 @@ class ApplicationController < ActionController::Base # Return logged in user def authenticated_user - return User.find(session[:user_id]) + if session[:user_id].nil? + return nil + else + return User.find(session[:user_id]) + end end # Do a POST redirect. This is a nasty hack - we store the posted values in diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index bfa21a6d2..2b14cee75 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -4,7 +4,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: request_controller.rb,v 1.33 2008-01-09 19:46:26 francis Exp $ +# $Id: request_controller.rb,v 1.34 2008-01-09 19:56:01 francis Exp $ class RequestController < ApplicationController @@ -78,6 +78,7 @@ class RequestController < ApplicationController @incoming_message = IncomingMessage.find(params[:incoming_message_id]) @info_request = @incoming_message.info_request @collapse_quotes = params[:unfold] ? false : true + @is_owning_user = !authenticated_user.nil? && authenticated_user.id == info_request.user_id if @incoming_message.info_request_id != params[:id].to_i raise sprintf("Incoming message %d does not belong to request %d", @incoming_message.info_request_id, params[:id]) @@ -85,7 +86,7 @@ class RequestController < ApplicationController if params[:incoming_message] if not authenticated_as_user?(@info_request.user, - :web => "To view and classify the response to this FOI request", + :web => "To classify the response to this FOI request", :email => "Then you can classify the FOI response you have got from " + @info_request.public_body.name + ".", :email_subject => "Classify a response from " + @info_request.public_body.name + " to your FOI request" ) diff --git a/app/views/request/_classify.rhtml b/app/views/request/_classify.rhtml index cf27d734c..167cb0d90 100644 --- a/app/views/request/_classify.rhtml +++ b/app/views/request/_classify.rhtml @@ -11,5 +11,11 @@ <%= submit_tag "Update" %> + <p> + <% if not @is_owning_user %> + (You will be asked to sign in as <%= user_link(@info_request.user) %>) + <% end %> + </p> + <% end %> @@ -21,7 +21,6 @@ Next Do something about /classify links - so if you send them to another user can still view e.g. http://foi.mysociety.org/classify/12?post_redirect=1 - Consider renaming them Let requester send follow-ups - but to which email address???!! aargh Alert somewhere if working days table not up to date |