diff options
| -rw-r--r-- | app/controllers/application.rb | 25 | ||||
| -rw-r--r-- | app/controllers/request_controller.rb | 25 | ||||
| -rw-r--r-- | app/controllers/user_controller.rb | 10 | ||||
| -rw-r--r-- | app/views/user/_signin.rhtml | 2 | ||||
| -rw-r--r-- | app/views/user/sign.rhtml | 45 | ||||
| -rw-r--r-- | app/views/user/wrong_user.rhtml | 8 | ||||
| -rw-r--r-- | todo.txt | 12 |
7 files changed, 98 insertions, 29 deletions
diff --git a/app/controllers/application.rb b/app/controllers/application.rb index cf5ca0db8..c997a356d 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -6,7 +6,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: application.rb,v 1.23 2007-11-05 16:46:10 francis Exp $ +# $Id: application.rb,v 1.24 2007-11-19 12:36:57 francis Exp $ class ApplicationController < ActionController::Base @@ -20,7 +20,7 @@ class ApplicationController < ActionController::Base # Check the user is logged in def authenticated?(reason_params) - unless session[:user] + unless session[:user_id] post_redirect = PostRedirect.new(:uri => request.request_uri, :post_params => params, :reason_params => reason_params) post_redirect.save! @@ -30,9 +30,26 @@ class ApplicationController < ActionController::Base return true end + def authenticated_as_user?(user, reason_params) + reason_params[:user_name] = user.name + reason_params[:user_url] = show_user_url(:simple_name => simplify_url_part(user.name)) + if session[:user_id] + if session[:user_id] == user.id + # They are logged in as the right user + return true + else + # They are already logged in, but as the wrong user + @reason_params = reason_params + render 'user/wrong_user' + end + end + # They are not logged in at all + return authenticated?(reason_params) + end + # Return logged in user def authenticated_user - return User.find(session[:user]) + return User.find(session[:user_id]) end # Do a POST redirect. This is a nasty hack - we store the posted values in @@ -61,7 +78,7 @@ class ApplicationController < ActionController::Base # Default layout shows user in corner, so needs access to it before_filter :authentication_check def authentication_check - if session[:user] + if session[:user_id] @user = authenticated_user end end diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 1a1b2be90..818545c05 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -4,7 +4,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: request_controller.rb,v 1.16 2007-11-14 01:01:38 francis Exp $ +# $Id: request_controller.rb,v 1.17 2007-11-19 12:36:57 francis Exp $ class RequestController < ApplicationController @@ -44,7 +44,7 @@ class RequestController < ApplicationController if not @info_request.valid? render :action => 'new' elsif authenticated?( - :web => "To send your FOI request, please sign in or make a new account.", + :web => "To send your FOI request", :email => "Then your FOI request to " + @info_request.public_body.name + " will be sent.", :email_subject => "Confirm that you want to send an FOI request to " + @info_request.public_body.name ) @@ -56,7 +56,26 @@ class RequestController < ApplicationController else # do nothing - as "authenticated?" has done the redirect to signin page for us end - end + end + + # Did the incoming message contain info? + def classify + @info_request = InfoRequest.find(params[:id]) + + if authenticated_as_user?(@info_request.user, + :web => "To view and classify the response to this FOI request", + :email => "Then you can classify the FOI response you have got from " + @info_request.public_body.name + ".", + :email_subject => "Classify a response from " + @info_request.public_body.name + " to your FOI request" + ) + @correspondences = @info_request.outgoing_messages + @info_request.incoming_messages + @correspondences.sort! { |a,b| a.sent_at <=> b.sent_at } + @status = @info_request.calculate_status + else + # do nothing - as "authenticated?" has done the redirect to signin page for us + end + + end + private diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 72693be1e..cf412c473 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -4,7 +4,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: user_controller.rb,v 1.18 2007-11-09 01:48:36 francis Exp $ +# $Id: user_controller.rb,v 1.19 2007-11-19 12:36:57 francis Exp $ class UserController < ApplicationController # XXX See controllers/application.rb simplify_url_part for reverse of expression in SQL below @@ -33,7 +33,7 @@ class UserController < ApplicationController else # Successful login if @user.email_confirmed - session[:user] = @user.id + session[:user_id] = @user.id do_post_redirect @post_redirect.uri, @post_redirect.post_params else send_confirmation_mail @@ -79,14 +79,14 @@ class UserController < ApplicationController @user.email_confirmed = true @user.save - session[:user] = @user.id + session[:user_id] = @user.id do_post_redirect post_redirect.uri, post_redirect.post_params end # Logout form def signout - session[:user] = nil + session[:user_id] = nil if params[:r] redirect_to params[:r] else @@ -107,7 +107,7 @@ class UserController < ApplicationController if params[:r] @post_redirect = PostRedirect.new(:uri => params[:r], :post_params => {}, :reason_params => { - :web => "Please sign in or make a new account.", + :web => "", :email => "Then your can sign in to GovernmentSpy.", :email_subject => "Confirm your account on GovernmentSpy" }) diff --git a/app/views/user/_signin.rhtml b/app/views/user/_signin.rhtml index 23eb9da4b..16d5b2ebd 100644 --- a/app/views/user/_signin.rhtml +++ b/app/views/user/_signin.rhtml @@ -3,7 +3,7 @@ <% form_tag({:action => "signin"}, {:id => "signin_form"}) do %> <%= foi_error_messages_for :user %> - <% if not flash[:error] %> + <% if not flash[:error] and not @post_redirect.reason_params[:user_name] %> <h2>If you've used GovernmentSpy before</h2> <% end %> diff --git a/app/views/user/sign.rhtml b/app/views/user/sign.rhtml index 97cb88a89..32d1bd5f5 100644 --- a/app/views/user/sign.rhtml +++ b/app/views/user/sign.rhtml @@ -1,14 +1,43 @@ -<% @title = "Sign in or make a new account" %> +<% if @post_redirect.reason_params[:user_name] %> + <% @title = "Sign in" %> -<div id="sign_together"> + <div id="sign_alone"> -<p id="sign_in_reason"> -<%= @post_redirect.reason_params[:web] %> -</p> + <p id="sign_in_reason"> + <% if @post_redirect.reason_params[:web].empty? %> + Please sign in as <%= link_to h(@post_redirect.reason_params[:user_name]), @post_redirect.reason_params[:user_url] %>. + <% else %> + <%= @post_redirect.reason_params[:web] %>, + please sign in as <%= link_to h(@post_redirect.reason_params[:user_name]), @post_redirect.reason_params[:user_url] %>. + <% end %> + </p> -<%= render :partial => 'signin' %> + <%= render :partial => 'signin' %> -<%= render :partial => 'signup' %> + </div> + +<% else %> + <% @title = "Sign in or make a new account" %> + + <div id="sign_together"> + + <p id="sign_in_reason"> + <% if @post_redirect.reason_params[:web].empty? %> + Please sign in or make a new account. + <% else %> + <%= @post_redirect.reason_params[:web] %>, please sign in or make a new account. + <% end %> + </p> + + <%= render :partial => 'signin' %> + <%= render :partial => 'signup' %> + + </div> + +<% end %> + +<% if @post_redirect.reason_params[:user_name] %> +<% else %> +<% end %> -</div> diff --git a/app/views/user/wrong_user.rhtml b/app/views/user/wrong_user.rhtml new file mode 100644 index 000000000..cb8eb8eac --- /dev/null +++ b/app/views/user/wrong_user.rhtml @@ -0,0 +1,8 @@ + +<p id="sign_in_reason"> +<%= @reason_params[:web] %>, please +<%= link_to "sign out", signout_url(:r => request.request_uri) %>, +and sign in as <%= h(@reason_params[:user_name]) %>. +</p> + + @@ -1,13 +1,6 @@ -Status outputs for entire request: -- Awaiting response (in 20 working day limit) -- Overdue a response (over 20 working day limit) +Form for requestor to choose what happened -- Received a positive response -- Received a partly positive response w/ rejection reasons -- Received an entirely negative response w/ rejection reasons - -- Have sent a follow up Next ==== @@ -33,6 +26,9 @@ Remove "Outgoing messages is invalid" error Remove everything from test/ +You need to pull the magic email addresses out of incoming_messages so they +aren't shown on the website + Tidying ======= |