8 files changed, 159 insertions, 9 deletions
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index edde31749..7be9fa963 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -4,7 +4,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: user_controller.rb,v 1.35 2008-03-06 14:15:41 francis Exp $
+# $Id: user_controller.rb,v 1.36 2008-03-12 13:01:04 francis Exp $
 
 class UserController < ApplicationController
     # Show page about a set of users with same url name
@@ -165,6 +165,46 @@ class UserController < ApplicationController
         end
     end
 
+    # Send a message to another user
+    def contact
+        @recipient_user = User.find(params[:id])
+
+        # You *must* be logged into send a message to another user. (This is
+        # partly to avoid spam, and partly to have some equanimity of openess
+        # between the two users)
+        if not authenticated?(
+                :web => "To send a message to " + CGI.escapeHTML(@recipient_user.name),
+                :email => "Then you can send a message to " + @recipient_user.name + ".",
+                :email_subject => "Send a message to " + @recipient_user.name
+            )
+            # "authenticated?" has done the redirect to signin page for us
+            return
+        end
+
+        if params[:submitted_contact_form]
+            params[:contact][:name] = @user.name
+            params[:contact][:email] = @user.email
+            @contact = ContactValidator.new(params[:contact])
+            if @contact.valid?
+                ContactMailer.deliver_user_message(
+                    @user,
+                    @recipient_user,
+                    main_url(user_url(@recipient_user)),
+                    params[:contact][:subject],
+                    params[:contact][:message]
+                )
+                flash[:notice] = "Your message to " + CGI.escapeHTML(@recipient_user.name) + " has been sent!"
+                redirect_to user_url(@recipient_user)
+                return
+            end
+        else
+            @contact = ContactValidator.new(
+                { :message => "" + @recipient_user.name + ",\n\n\n\nYours,\n\n" + @user.name }
+            )
+        end
+  
+    end
+
 
     private
 
diff --git a/app/models/contact_mailer.rb b/app/models/contact_mailer.rb
index 77854a4ef..de6a6ee58 100644
--- a/app/models/contact_mailer.rb
+++ b/app/models/contact_mailer.rb
@@ -4,9 +4,11 @@
 # Copyright (c) 2008 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: contact_mailer.rb,v 1.3 2008-02-20 12:51:29 francis Exp $
+# $Id: contact_mailer.rb,v 1.4 2008-03-12 13:01:04 francis Exp $
 
 class ContactMailer < ApplicationMailer
+
+    # Send message to administrator
     def message(name, email, subject, message, request_details)
         @from = name + " <" + email + ">"
         @recipients = contact_from_name_and_email
@@ -15,4 +17,22 @@ class ContactMailer < ApplicationMailer
             :request_details => request_details 
         }
     end
+
+    # Send message to another user
+    def user_message(from_user, recipient_user, recipient_url,subject, message)
+        @from = from_user.name_and_email
+        # Do not set envelope from address to the from_user, so they can't get
+        # someone's email addresses from transitory bounce messages.
+        headers 'Sender' => contact_from_name_and_email,  # XXX perhaps change to being a black hole
+                'Reply-To' => @from
+        @recipients = recipient_user.name_and_email
+        @subject = subject
+        @body = { 
+            :message => message,
+            :from_user => from_user,
+            :recipient_user => recipient_user,
+            :recipient_url => recipient_url
+        }
+    end
+
 end
diff --git a/app/views/contact_mailer/user_message.rhtml b/app/views/contact_mailer/user_message.rhtml
new file mode 100644
index 000000000..88e4dd05b
--- /dev/null
+++ b/app/views/contact_mailer/user_message.rhtml
@@ -0,0 +1,14 @@
+Hi <%=@recipient_user.name%>,
+
+<%=@from_user.name%> has used WhatDoTheyKnow to send you the message below.
+Your details have not been given to anyone, unless you choose to reply to this
+message, which will then go directly to the person who wrote the message.
+
+See the Freedom of Information requests that they have made: 
+<%= @recipient_url %>
+
+-- the WhatDoTheyKnow team
+
+---------------------------------------------------------------------
+
+<%= @message.strip %>
diff --git a/app/views/help/contact.rhtml b/app/views/help/contact.rhtml
index 785b2eca0..1b8e7f246 100644
--- a/app/views/help/contact.rhtml
+++ b/app/views/help/contact.rhtml
@@ -47,7 +47,7 @@
 
     <div class="form_button">
         <%= hidden_field_tag(:submitted_contact_form, { :value => 1 } ) %>
-        <%= submit_tag "Submit" %>
+        <%= submit_tag "Send message" %>
     </div>
 
 <% end %>
diff --git a/app/views/user/contact.rhtml b/app/views/user/contact.rhtml
new file mode 100644
index 000000000..d7cac2a4d
--- /dev/null
+++ b/app/views/user/contact.rhtml
@@ -0,0 +1,47 @@
+<% @title = "Contact " + h(@recipient_user.name) %>
+
+<% if not @user %>
+    <% raise "You need to be logged in" %>
+<% end %>
+
+<%= foi_error_messages_for :contact %>
+
+<% form_for :contact do |f| %>
+
+    <div class="form_note">
+        <h1>Contact <%=h @recipient_user.name%></h1>
+    </div>
+
+    <p>
+        <label class="form_label">From:</label> 
+        <%= h(@user.name_and_email) %>
+    </p>
+
+    <p>
+        <label class="form_label" for="contact_subject">Subject:</label> 
+        <%= f.text_field :subject, :size => 50 %>
+    </p>
+
+    <p>
+        <label class="form_label" for="outgoing_message_body">Message:</label> 
+        <%= f.text_area :message, :rows => 10, :cols => 50 %>
+    </p>
+
+    <p class="form_note">
+        <% if @user == @recipient_user %>
+            <strong>Note:</strong> You're sending a message to yourself, presumably
+            to try out how it works.
+        <% else %>
+            <strong>Privacy note:</strong> Your email address will be given to
+            <%= user_link(@recipient_user) %> when you send this message.
+        <% end %>
+    </p>
+
+    <div class="form_button">
+        <%= hidden_field_tag(:submitted_contact_form, { :value => 1 } ) %>
+        <%= submit_tag "Send message" %>
+    </div>
+
+<% end %>
+
+
diff --git a/app/views/user/show.rhtml b/app/views/user/show.rhtml
index 582e79703..66c707433 100644
--- a/app/views/user/show.rhtml
+++ b/app/views/user/show.rhtml
@@ -9,14 +9,16 @@
         <h1><%=@title%></h1>
         <p class="subtitle">Joined on <%= simple_date(display_user.created_at) %></p>
 
+        <p><%= link_to "Send message to " + h(display_user.name), contact_user_url(:id => display_user.id) %></p>
+
         <% if display_user.info_requests.empty? %>
             <p><%= display_user == @user ? 'You have' : 'This person has' %>
             made no Freedom of Information requests using this site.</p>
 
         <% else %>
-            <p><%= display_user == @user ? 'You have' : 'This person has' %>
-            made <%=pluralize(display_user.info_requests.size, "Freedom of Information request") %>
-            using this site.</p>
+            <h2>
+            <%=pluralize(display_user.info_requests.size, "Freedom of Information request") %>
+            </h2>
 
             <%= render :partial => 'request/request_listing', :locals => { :info_requests => display_user.info_requests.sort { |a,b| b.created_at <=> a.created_at } } %>
         <% end %>
diff --git a/config/routes.rb b/config/routes.rb
index b4a6259ce..dc428fa6c 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -4,7 +4,7 @@
 # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
 # Email: francis@mysociety.org; WWW: http://www.mysociety.org/
 #
-# $Id: routes.rb,v 1.44 2008-03-10 12:24:11 francis Exp $
+# $Id: routes.rb,v 1.45 2008-03-12 13:01:05 francis Exp $
 
 ActionController::Routing::Routes.draw do |map|
     # The priority is based upon order of creation: first created -> highest priority.
@@ -44,6 +44,7 @@ ActionController::Routing::Routes.draw do |map|
       user.signchange '/signchange',      :action => 'signchange'
       user.confirm '/c/:email_token', :action => 'confirm'
       user.show_user '/user/:url_name', :action => 'show'
+      user.contact_user '/user/contact/:id', :action => 'contact'
     end
 
     map.with_options :controller => 'body' do |body|
diff --git a/todo.txt b/todo.txt
index c797aa93c..73e95bb28 100644
--- a/todo.txt
+++ b/todo.txt
@@ -1,3 +1,9 @@
+Contact:
+Fix user pages properly
+Privacy policy
+
+
+
 Search:
 
 Date ranges http://lucene.apache.org/java/docs/queryparsersyntax.html
@@ -7,7 +13,7 @@ Search by type of public body
 Hide backpaged things from search
 http://www.whatdotheyknow.com/search/status:successful%20OR%20status:partially_successful
 
-cron jobs aren't running?
+cron jobs aren't running, some weirdness with run-with-lockfile
 
 Should we index by individual piece of correspondence, or by whole info requests?
     Advantages of individual:
@@ -18,6 +24,15 @@ Should we index by individual piece of correspondence, or by whole info requests
         Shorter search results
         Syntax of filtering requests by type is clearer
 
+Send mail re university requests
+    http://www.whatdotheyknow.com/user/jennifer_jones#user-55
+    Mention duty to provide assistance:
+    http://opsi.gov.uk/acts/acts2000/ukpga_20000036_en_2#pt1-pb1-l1g16
+    http://www.caat.org.uk/campaigns/clean-investment/universities/
+
+This search gives a runtime error:
+    "19 hours
+
 FOI requests to use to test it
 ==============================
 
@@ -33,6 +48,8 @@ BAILII - relationship with law courts, robots.txt ?
 Next
 ====
 
+Page of new responses - so I don't have to go into email
+
 Need something to mark contact as bad, e.g. for university of huddersfield
 
 This is knackered:
@@ -74,6 +91,12 @@ Send email to remind people to clarify
 Later
 =====
 
+Preview when sending followups - especially people need to see quoting/subject
+when sending "my response is late"
+
+Holding pen with comments - new requests don't get sent straight away, but are
+    delayed while people help improve them.
+
 One of the PDFs on live site has:
 Error: PDF version 1.6 -- xpdf supports version 1.5 (continuing anyway)
 Need to upgrade to poppler-utils?
@@ -151,7 +174,10 @@ http://www.liverpool.gov.uk/Council_government_and_democracy/About_your_council/
 For grey hints in input fields
 http://pauldowman.com/projects/fieldhints/
 
-Forgotten password link
+Hyperlink Section 1(3) to the act
+    http://www.whatdotheyknow.com/request/49/response/86
+and to guidance notes
+    http://www.ico.gov.uk/what_we_cover/freedom_of_information/guidance.aspx
 
 Way of contacting other users
     "We will not reveal your email address to anybody" - are there circumstances