diff options
| -rw-r--r-- | app/models/post_redirect.rb | 4 | ||||
| -rw-r--r-- | spec/controllers/request_controller_spec.rb | 50 | ||||
| -rw-r--r-- | todo.txt | 17 |
3 files changed, 65 insertions, 6 deletions
diff --git a/app/models/post_redirect.rb b/app/models/post_redirect.rb index c190562b5..9a8b06439 100644 --- a/app/models/post_redirect.rb +++ b/app/models/post_redirect.rb @@ -21,7 +21,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: post_redirect.rb,v 1.11 2008-01-10 01:13:28 francis Exp $ +# $Id: post_redirect.rb,v 1.12 2008-01-14 19:11:18 francis Exp $ require 'openssl' # for random bytes function @@ -70,7 +70,7 @@ class PostRedirect < ActiveRecord::Base end end - # Used by test code + # Used by (rspec) test code only def self.get_last_post_redirect # XXX yeuch - no other easy way of getting the token so we can check # the redirect URL, as it is by definition opaque to the controller diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb index 65a01ef09..0c23b41d9 100644 --- a/spec/controllers/request_controller_spec.rb +++ b/spec/controllers/request_controller_spec.rb @@ -104,6 +104,7 @@ describe RequestController, "when creating a new request" do post :new, :info_request => { :public_body_id => public_bodies(:geraldine_public_body).id }, :outgoing_message => { :body => "This is a silly letter. It is too short to be interesting." }, :submitted_new_request => 1 + # XXX how do I check the error message here? response.should render_template('new') end @@ -119,18 +120,25 @@ describe RequestController, "when creating a new request" do # post_redirect.post_params.should == params # XXX get this working. there's a : vs '' problem amongst others end - it "should create the request and outgoing message and redirect to request page when input is good and somebody is logged in" do + it "should create the request and outgoing message, and send the outgoing message by email, and redirect to request page when input is good and somebody is logged in" do session[:user_id] = users(:bob_smith_user).id post :new, :info_request => { :public_body_id => public_bodies(:geraldine_public_body).id, :title => "Why is your quango called Geraldine?"}, :outgoing_message => { :body => "This is a silly letter. It is too short to be interesting." }, :submitted_new_request => 1 + ir_array = InfoRequest.find(:all, :conditions => ["title = ?", "Why is your quango called Geraldine?"]) ir_array.size.should == 1 ir = ir_array[0] ir.outgoing_messages.size.should == 1 om = ir.outgoing_messages[0] om.body.should == "This is a silly letter. It is too short to be interesting." + + deliveries = ActionMailer::Base.deliveries + deliveries.size.should == 1 + mail = deliveries[0] + mail.body.should =~ /This is a silly letter. It is too short to be interesting./ + response.should redirect_to(:controller => 'request', :action => 'show', :id => ir.id) end @@ -179,6 +187,46 @@ describe RequestController, "when classifying an individual response" do end end +describe RequestController, "when sending a followup message" do + integrate_views + fixtures :info_requests, :public_bodies, :users, :incoming_messages, :outgoing_messages # all needed as integrating views + + it "should require login" do + post :show_response, :outgoing_message => { :body => "What a useless response! You suck." }, :id => info_requests(:fancy_dog_request).id, :incoming_message_id => incoming_messages(:useless_incoming_message), :submitted_followup => 1 + post_redirect = PostRedirect.get_last_post_redirect + response.should redirect_to(:controller => 'user', :action => 'signin', :token => post_redirect.token) + end + + it "should not let you if you are logged in as the wrong user" do + session[:user_id] = users(:silly_name_user).id + post :show_response, :outgoing_message => { :body => "What a useless response! You suck." }, :id => info_requests(:fancy_dog_request).id, :incoming_message_id => incoming_messages(:useless_incoming_message), :submitted_followup => 1 + response.should render_template('user/wrong_user') + end + + it "should give an error and render 'show_response' template when a body isn't given" do + session[:user_id] = users(:bob_smith_user).id + post :show_response, :outgoing_message => { :body => "" }, :id => info_requests(:fancy_dog_request).id, :incoming_message_id => incoming_messages(:useless_incoming_message), :submitted_followup => 1 + + # XXX how do I check the error message here? + response.should render_template('show_response') + end + + + it "should send the follow up message if you are the right user" do + session[:user_id] = users(:bob_smith_user).id + post :show_response, :outgoing_message => { :body => "What a useless response! You suck." }, :id => info_requests(:fancy_dog_request).id, :incoming_message_id => incoming_messages(:useless_incoming_message), :submitted_followup => 1 + + deliveries = ActionMailer::Base.deliveries + deliveries.size.should == 1 + mail = deliveries[0] + mail.body.should =~ /What a useless response! You suck./ + + response.should redirect_to(:controller => 'request', :action => 'show', :id => info_requests(:fancy_dog_request)) + end + + +end + @@ -19,11 +19,9 @@ BAILII - relationship with law courts, robots.txt ? Next ==== - Followups: - link to the follow up form, or embed in bottom of main request page - don't show classify link on /response/ page - - add spec test code for followups - rename get_quoted_part_of_followup - Copy To: for followups properly (including name not just email) Alert somewhere if working days table not up to date @@ -47,6 +45,10 @@ Show due date on, e.g. http://foi.mysociety.org/request/4 Sort by due date, show categorisation everywhere +Properly escape all name_and_email functions + +Check out all automatically things here: +http://foi.mysociety.org/request/14 Tidying ======= @@ -82,6 +84,7 @@ Legal/privacy ============= Check act to see if can use pseudonym for FOI request? + "We will not reveal your email address to anybody" - are there circumstances (e.g. somebody messaging creator of a request and it bouncing) where we may reasonably do this, and should say it may happen? @@ -89,7 +92,14 @@ Check act to see if can use pseudonym for FOI request? Later ===== -Synthesise these tips into 4 snappy bullet points +Workflow: +a) a confirmation of message received / forwarded on +b) a request for clarification +c) a response containing all the information you requested +d) a response containing some of the information +e) a rejection notice + +Synthesise these tips into our handful of snappy snappy bullet points http://community.foe.co.uk/tools/right_to_know/tips.html Change to Rails 2, may as well do it now rather than later. @@ -161,6 +171,7 @@ http://www.parliament.uk/parliamentary_publications_and_archives/freedom_of_info Including 'Request for information' in the subject line of your e-mail will assist us in prioritising your request. http://www.parliament.uk/parliamentary_publications_and_archives/freedom_of_information_in_the_house_of_lords/lords__foi___how_to_obtain_information.cfm +Consider putting the requesting user's name in the request's magic email address Sources of public bodies ======================== |