2 files changed, 25 insertions, 1 deletions

diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index bba614851..659537e80 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -507,7 +507,7 @@ class RequestController < ApplicationController
     def describe_state_requires_admin
         @info_request = InfoRequest.find_by_url_title!(params[:url_title])
 
-        unless @info_request.is_owning_user?(authenticated_user) || authenticated_as_user?(@info_request.user,
+        unless (authenticated_user && @info_request.is_old_unclassified?) || @info_request.is_owning_user?(authenticated_user) || authenticated_as_user?(@info_request.user,
             :web => _("To classify the response to this FOI request"),
             :email => _("Then you can classify the FOI response you have got from ") + @info_request.public_body.name + ".",
             :email_subject => _("Classify an FOI response from ") + @info_request.public_body.name)
diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb
index 005a77f17..fa7c946d5 100644
--- a/spec/controllers/request_controller_spec.rb
+++ b/spec/controllers/request_controller_spec.rb
@@ -1245,6 +1245,7 @@ describe RequestController, "describe_state_requires_admin" do
     let (:info_request) { info_requests(:fancy_dog_request) }
 
     before :each do
+        info_request.stub!(:is_old_unclassified?).and_return(false)
         InfoRequest.should_receive(:find_by_url_title!).with("info_request").and_return(info_request)
     end
 
@@ -1256,6 +1257,19 @@ describe RequestController, "describe_state_requires_admin" do
             post_redirect = PostRedirect.get_last_post_redirect
             response.should redirect_to(:controller => 'user', :action => 'signin', :token => post_redirect.token)
         end
+
+        context "request is old and unclassified" do
+            before (:each) { info_request.stub!(:is_old_unclassified?).and_return(true) }
+
+            it "should redirect to the login page" do
+                post :describe_state_requires_admin, :message => "Something weird happened", :url_title => "info_request"
+
+                # Ugh.
+                post_redirect = PostRedirect.get_last_post_redirect
+                response.should redirect_to(:controller => 'user', :action => 'signin', :token => post_redirect.token)
+            end
+        end
+
     end
 
     context "logged in as owner of request" do
@@ -1283,6 +1297,16 @@ describe RequestController, "describe_state_requires_admin" do
             response.should render_template('user/wrong_user')
         end
 
+        context "request is old and unclassified" do
+            before (:each) { info_request.stub!(:is_old_unclassified?).and_return(true) }
+
+            it "should set the state" do
+                info_request.should_receive(:set_described_state).with("requires_admin", nil, "Something weird happened")
+
+                post :describe_state_requires_admin, :message => "Something weird happened", :url_title => "info_request"
+            end
+        end
+
         context "and has admin powers" do
             before :each do 
                 user.update_attribute(:admin_level, "super")