aboutsummaryrefslogtreecommitdiffstats
path: root/app/controllers/request_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/request_controller.rb')
-rw-r--r--app/controllers/request_controller.rb90
1 files changed, 53 insertions, 37 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index c732a4b32..fe948db19 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -99,15 +99,13 @@ class RequestController < ApplicationController
# Sidebar stuff
# ... requests that have similar imporant terms
- behavior_cache :tag => ['similar', @info_request.id] do
- begin
- limit = 10
- @xapian_similar = ::ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events,
- :limit => limit, :collapse_by_prefix => 'request_collapse')
- @xapian_similar_more = (@xapian_similar.matches_estimated > limit)
- rescue
- @xapian_similar = nil
- end
+ begin
+ limit = 10
+ @xapian_similar = ::ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events,
+ :limit => limit, :collapse_by_prefix => 'request_collapse')
+ @xapian_similar_more = (@xapian_similar.matches_estimated > limit)
+ rescue
+ @xapian_similar = nil
end
# Track corresponding to this page
@@ -139,6 +137,11 @@ class RequestController < ApplicationController
short_cache
@per_page = 25
@page = (params[:page] || "1").to_i
+
+ # Later pages are very expensive to load
+ if @page > MAX_RESULTS / PER_PAGE
+ raise ActiveRecord::RecordNotFound.new("Sorry. No pages after #{MAX_RESULTS / PER_PAGE}.")
+ end
@info_request = InfoRequest.find_by_url_title!(params[:url_title])
raise ActiveRecord::RecordNotFound.new("Request not found") if @info_request.nil?
@@ -148,6 +151,8 @@ class RequestController < ApplicationController
end
@xapian_object = ::ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events,
:offset => (@page - 1) * @per_page, :limit => @per_page, :collapse_by_prefix => 'request_collapse')
+ @matches_estimated = @xapian_object.matches_estimated
+ @show_no_more_than = (@matches_estimated > MAX_RESULTS) ? MAX_RESULTS : @matches_estimated
if (@page > 1)
@page_desc = " (page " + @page.to_s + ")"
@@ -161,7 +166,7 @@ class RequestController < ApplicationController
@view = params[:view]
@page = get_search_page_from_params if !@page # used in cache case, as perform_search sets @page as side effect
if @view == "recent"
- return redirect_to request_list_all_path(:action => "list", :view => "all", :page => @page), :status => :moved_permanently
+ return redirect_to request_list_all_url(:action => "list", :view => "all", :page => @page), :status => :moved_permanently
end
# Later pages are very expensive to load
@@ -169,17 +174,13 @@ class RequestController < ApplicationController
raise ActiveRecord::RecordNotFound.new("Sorry. No pages after #{MAX_RESULTS / PER_PAGE}.")
end
- params[:latest_status] = @view
- query = make_query_from_params
+ query = make_query_from_params(params.merge(:latest_status => @view))
@title = _("View and search requests")
sortby = "newest"
- @cache_tag = Digest::MD5.hexdigest(query + @page.to_s + I18n.locale.to_s)
- behavior_cache :tag => [@cache_tag] do
- xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_collapse')
- @list_results = xapian_object.results.map { |r| r[:model] }
- @matches_estimated = xapian_object.matches_estimated
- @show_no_more_than = (@matches_estimated > MAX_RESULTS) ? MAX_RESULTS : @matches_estimated
- end
+ xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_collapse')
+ @list_results = xapian_object.results.map { |r| r[:model] }
+ @matches_estimated = xapian_object.matches_estimated
+ @show_no_more_than = (@matches_estimated > MAX_RESULTS) ? MAX_RESULTS : @matches_estimated
@title = @title + " (page " + @page.to_s + ")" if (@page > 1)
@track_thing = TrackThing.create_track_for_search_query(query)
@@ -320,9 +321,9 @@ class RequestController < ApplicationController
message = ""
if @outgoing_message.contains_email?
if @user.nil?
- message += _("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"];
+ message += (_("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe;
else
- message += _("<p>You do not need to include your email in the request in order to get a reply (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"];
+ message += (_("<p>You do not need to include your email in the request in order to get a reply (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe;
end
message += _("<p>We recommend that you edit your request and remove the email address.
If you leave it, the email address will be sent to the authority, but will not be displayed on the site.</p>")
@@ -331,7 +332,7 @@ class RequestController < ApplicationController
message += _("<p>Your request contains a <strong>postcode</strong>. Unless it directly relates to the subject of your request, please remove any address as it will <strong>appear publicly on the Internet</strong>.</p>");
end
if not message.empty?
- flash.now[:error] = message
+ flash.now[:error] = message.html_safe
end
render :action => 'preview'
return
@@ -368,7 +369,7 @@ class RequestController < ApplicationController
<p>If you write about this request (for example in a forum or a blog) please link to this page, and add an
annotation below telling people about your writing.</p>",:law_used_full=>@info_request.law_used_full,
:late_number_of_days => Configuration::reply_late_after_days)
- redirect_to show_new_request_path(:url_title => @info_request.url_title)
+ redirect_to show_new_request_url(:url_title => @info_request.url_title)
end
# Submitted to the describing state of messages form
@@ -437,8 +438,8 @@ class RequestController < ApplicationController
# Don't give advice on what to do next, as it isn't their request
RequestMailer.deliver_old_unclassified_updated(@info_request) if !@info_request.is_external?
if session[:request_game]
- flash[:notice] = _('Thank you for updating the status of the request \'<a href="{{url}}">{{info_request_title}}</a>\'. There are some more requests below for you to classify.',:info_request_title=>CGI.escapeHTML(@info_request.title), :url=>CGI.escapeHTML(request_url(@info_request)))
- redirect_to play_url
+ flash[:notice] = _('Thank you for updating the status of the request \'<a href="{{url}}">{{info_request_title}}</a>\'. There are some more requests below for you to classify.',:info_request_title=>CGI.escapeHTML(@info_request.title), :url=>CGI.escapeHTML(request_path(@info_request)))
+ redirect_to categorise_play_url
else
flash[:notice] = _('Thank you for updating this request!')
redirect_to request_url(@info_request)
@@ -623,7 +624,7 @@ class RequestController < ApplicationController
if !params[:submitted_followup].nil? && !params[:reedit]
if @info_request.allow_new_responses_from == 'nobody'
- flash[:error] = _('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="%s">contact us</a> if you really want to send a follow up message.') % [help_contact_path]
+ flash[:error] = (_('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="%s">contact us</a> if you really want to send a follow up message.') % [help_contact_path]).html_safe
else
if @info_request.find_existing_outgoing_message(params[:outgoing_message][:body])
flash[:error] = _('You previously submitted that exact follow up message for this request.')
@@ -743,6 +744,12 @@ class RequestController < ApplicationController
end
def get_attachment_as_html
+
+ # The conversion process can generate files in the cache directory that can be served up
+ # directly by the webserver according to httpd.conf, so don't allow it unless that's OK.
+ if @files_can_be_cached != true
+ raise ActiveRecord::RecordNotFound.new("Attachment HTML not found.")
+ end
get_attachment_internal(true)
# images made during conversion (e.g. images in PDF files) are put in the cache directory, so
@@ -862,22 +869,32 @@ class RequestController < ApplicationController
def download_entire_request
@locale = self.locale_from_params()
PublicBody.with_locale(@locale) do
- info_request = InfoRequest.find_by_url_title!(params[:url_title])
+ @info_request = InfoRequest.find_by_url_title!(params[:url_title])
+ # Test for whole request being hidden or requester-only
+ if !@info_request.all_can_view?
+ render :template => 'request/hidden', :status => 410 # gone
+ return
+ end
if authenticated?(
:web => _("To download the zip file"),
- :email => _("Then you can download a zip file of {{info_request_title}}.",:info_request_title=>info_request.title),
- :email_subject => _("Log in to download a zip file of {{info_request_title}}",:info_request_title=>info_request.title)
+ :email => _("Then you can download a zip file of {{info_request_title}}.",
+ :info_request_title=>@info_request.title),
+ :email_subject => _("Log in to download a zip file of {{info_request_title}}",
+ :info_request_title=>@info_request.title)
)
- updated = Digest::SHA1.hexdigest(info_request.get_last_event.created_at.to_i.to_s + info_request.updated_at.to_i.to_s)
- @url_path = "/download/#{updated[0..1]}/#{updated}/#{params[:url_title]}.zip"
- file_path = File.expand_path(File.join(File.dirname(__FILE__), '../../cache/zips', @url_path))
+ updated = Digest::SHA1.hexdigest(@info_request.get_last_event.created_at.to_i.to_s + @info_request.updated_at.to_i.to_s)
+ @url_path = File.join("/download",
+ request_dirs(@info_request),
+ updated,
+ "#{params[:url_title]}.zip")
+ file_path = File.expand_path(File.join(download_zip_dir(), @url_path))
if !File.exists?(file_path)
FileUtils.mkdir_p(File.dirname(file_path))
Zip::ZipFile.open(file_path, Zip::ZipFile::CREATE) { |zipfile|
convert_command = Configuration::html_to_pdf_command
done = false
if !convert_command.blank? && File.exists?(convert_command)
- url = "http://#{Configuration::domain}#{request_url(info_request)}?print_stylesheet=1"
+ url = "http://#{Configuration::domain}#{request_path(@info_request)}?print_stylesheet=1"
tempfile = Tempfile.new('foihtml2pdf')
output = AlaveteliExternalCommand.run(convert_command, url, tempfile.path)
if !output.nil?
@@ -886,22 +903,21 @@ class RequestController < ApplicationController
}
done = true
else
- logger.error("Could not convert info request #{info_request.id} to PDF with command '#{convert_command} #{url} #{tempfile.path}'")
+ logger.error("Could not convert info request #{@info_request.id} to PDF with command '#{convert_command} #{url} #{tempfile.path}'")
end
tempfile.close
else
logger.warn("No HTML -> PDF converter found at #{convert_command}")
end
if !done
- @info_request = info_request
- @info_request_events = info_request.info_request_events
+ @info_request_events = @info_request.info_request_events
template = File.read(File.join(File.dirname(__FILE__), "..", "views", "request", "simple_correspondence.rhtml"))
output = ERB.new(template).result(binding)
zipfile.get_output_stream("correspondence.txt") { |f|
f.puts(output)
}
end
- for message in info_request.incoming_messages
+ for message in @info_request.incoming_messages
attachments = message.get_attachments_for_display
for attachment in attachments
filename = "#{attachment.url_part_number}_#{attachment.display_filename}"
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 21:56:28 +0000