7 files changed, 84 insertions, 1 deletions

diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb
index 3c700c567..2f1a92a50 100644
--- a/app/controllers/admin_request_controller.rb
+++ b/app/controllers/admin_request_controller.rb
@@ -6,6 +6,8 @@
 #
 # $Id: admin_request_controller.rb,v 1.42 2009-10-03 01:28:33 francis Exp $
 
+require 'ostruct'
+
 class AdminRequestController < AdminController
     def index
         list
@@ -24,6 +26,15 @@ class AdminRequestController < AdminController
 
     def show
         @info_request = InfoRequest.find(params[:id])
+        # XXX is this *really* the only way to render a template to a
+        # variable, rather than to the response?
+        vars = OpenStruct.new(:name_to => @info_request.user.name, 
+                :name_from => MySociety::Config.get("CONTACT_NAME", 'Alaveteli'), 
+                :info_request => @info_request, :reason => params[:reason],
+                :info_request_url => 'http://' + MySociety::Config.get('DOMAIN') + request_url(@info_request),
+                :site_name => site_name)
+        template = File.read(File.join(File.dirname(__FILE__), "..", "views", "admin_request", "hidden_user_explanation.rhtml"))
+        @request_hidden_user_explanation = ERB.new(template).result(vars.instance_eval { binding })
     end
 
     def resend
@@ -323,6 +334,24 @@ class AdminRequestController < AdminController
         redirect_to request_admin_url(info_request_event.info_request)
     end
 
+    def hide_request
+        ActiveRecord::Base.transaction do
+            explanation = params[:explanation]
+            info_request = InfoRequest.find(params[:id])
+            info_request.set_described_state(params[:reason])
+            info_request.prominence = "requester_only"
+            info_request.save!
+
+            ContactMailer.deliver_from_admin_message(
+                    info_request.user,
+                    "hello",
+                    params[:explanation]
+                )
+            flash[:notice] = _("Your message to {{recipient_user_name}} has been sent",:recipient_user_name=>CGI.escapeHTML(info_request.user.name))
+            redirect_to request_admin_url(info_request)
+        end
+    end
+
     private
 
 end
diff --git a/app/controllers/services_controller.rb b/app/controllers/services_controller.rb
index 225790d71..28dd2143d 100644
--- a/app/controllers/services_controller.rb
+++ b/app/controllers/services_controller.rb
@@ -21,4 +21,15 @@ class ServicesController < ApplicationController
         end
         render :text => text, :content_type => "text/plain"  # XXX workaround the HTML validation in test suite
     end
+    def hidden_user_explanation
+        info_request = InfoRequest.find(params[:info_request_id])
+        render :template => "admin_request/hidden_user_explanation", 
+               :content_type => "text/plain",
+               :layout => false,
+               :locals => {:name_to => info_request.user.name, 
+                          :name_from => MySociety::Config.get("CONTACT_NAME", 'Alaveteli'), 
+                          :info_request => info_request, :reason => params[:reason],
+                          :info_request_url => 'http://' + MySociety::Config.get('DOMAIN') + request_url(info_request),
+                          :site_name => site_name}
+    end
 end
diff --git a/app/models/info_request.rb b/app/models/info_request.rb
index 726383ad7..095a1b1af 100644
--- a/app/models/info_request.rb
+++ b/app/models/info_request.rb
@@ -90,7 +90,9 @@ class InfoRequest < ActiveRecord::Base
         'error_message',
         'requires_admin',
         'user_withdrawn',
-        'attention_requested'
+        'attention_requested',
+        'vexatious',
+        'not_foi'
         ]
         if @@custom_states_loaded
             states += InfoRequest.theme_extra_states
@@ -816,6 +818,10 @@ public
             _("Reported for administrator attention.")
         elsif status == 'user_withdrawn'
             _("Withdrawn by the requester.")
+        elsif status == 'vexatious'
+            _("Considered by administrators as vexatious and hidden from site.")
+        elsif status == 'not_foi'
+            _("Considered by administrators as not an FOI request and hidden from site.")
         else
             begin
                 return self.theme_display_status(status)
diff --git a/app/views/admin_request/hidden_user_explanation.rhtml b/app/views/admin_request/hidden_user_explanation.rhtml
new file mode 100644
index 000000000..aaea49fb6
--- /dev/null
+++ b/app/views/admin_request/hidden_user_explanation.rhtml
@@ -0,0 +1,9 @@
+Dear <%= name_to %>,
+
+Your request '<%= info_request.title %>' at <%= info_request_url %> has been reviewed by moderators.  
+
+We consider it <% if reason == 'not_foi' %>is not a valid FOI request<% else %>to be vexatious<% end%>, and have therefore hidden it from other users.  Please reply to this email if you would like to discuss this decision further.
+
+Yours,
+
+The <%= site_name %> team.
diff --git a/app/views/request/show.rhtml b/app/views/request/show.rhtml
index 120950343..27ad0700e 100644
--- a/app/views/request/show.rhtml
+++ b/app/views/request/show.rhtml
@@ -120,6 +120,10 @@
         	   There may be an explanation in the correspondence below.') %>
     <% elsif @status == 'attention_requested' %>
         <%= _('This request has been <strong>reported</strong> as needing administrator attention (perhaps because it is vexatious, or a request for personal information)') %>
+    <% elsif @status == 'vexatious' %>
+        <%= _('This request has been <strong>hidden</strong> from the site, because an administrator considers it vexatious') %>
+    <% elsif @status == 'not_foi' %>
+        <%= _('This request has been <strong>hidden</strong> from the site, because an administrator considers it not to be an FOI request') %>
     <% else %>
         <%= render :partial => 'general/custom_state_descriptions', :locals => { :status => @status } %>
     <% end %>
diff --git a/config/routes.rb b/config/routes.rb
index 698752218..ca032c7df 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -119,6 +119,7 @@ ActionController::Routing::Routes.draw do |map|
 
     map.with_options :controller => 'services' do |service|
         service.other_country_message "/country_message", :action => 'other_country_message'
+        service.hidden_user_explanation "/hidden_user_explanation", :action => 'hidden_user_explanation'
     end
 
     map.with_options :controller => 'track' do |track|
@@ -202,6 +203,7 @@ ActionController::Routing::Routes.draw do |map|
         admin.admin_request_show_raw_email '/admin/request/show_raw_email/:id', :action => 'show_raw_email'
         admin.admin_request_download_raw_email '/admin/request/download_raw_email/:id', :action => 'download_raw_email'
         admin.admin_request_clarification '/admin/request/mark_event_as_clarification', :action => 'mark_event_as_clarification'
+        admin.admin_request_hide '/admin/request/hide/:id', :action => 'hide_request'
     end
 
     map.with_options :controller => 'admin_user' do |user|
diff --git a/spec/controllers/admin_request_controller_spec.rb b/spec/controllers/admin_request_controller_spec.rb
index ece1fe389..c6e3f2572 100644
--- a/spec/controllers/admin_request_controller_spec.rb
+++ b/spec/controllers/admin_request_controller_spec.rb
@@ -110,4 +110,26 @@ describe AdminRequestController, "when administering the holding pen" do
         assert_equal File.exists?(raw_email), false        
     end
 
+    it "shows a suitable default 'your email has been hidden' message" do
+        ir = info_requests(:fancy_dog_request)
+        get :show, :id => ir.id
+        assigns[:request_hidden_user_explanation].should include(ir.user.name)
+        assigns[:request_hidden_user_explanation].should include("vexatious")
+        get :show, :id => ir.id, :reason => "not_foi"
+        assigns[:request_hidden_user_explanation].should_not include("vexatious")
+        assigns[:request_hidden_user_explanation].should include("not a valid FOI")
+    end
+
+    it "hides requests and sends a notification email that it has done so" do
+        ir = info_requests(:fancy_dog_request)
+        post :hide_request, :id => ir.id, :explanation => "Foo", :reason => "vexatious"
+        ir.reload
+        ir.prominence.should == "requester_only"
+        ir.described_state.should == "vexatious"
+        deliveries = ActionMailer::Base.deliveries
+        deliveries.size.should == 1
+        mail = deliveries[0]
+        mail.body.should =~ /Foo/
+    end
+
 end