diff options
Diffstat (limited to 'app/controllers/request_controller.rb')
| -rw-r--r-- | app/controllers/request_controller.rb | 156 |
1 files changed, 84 insertions, 72 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index e82871d7b..0c1d9880c 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -1,10 +1,10 @@ +# encoding: UTF-8 # app/controllers/request_controller.rb: # Show information about one particular request. # # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. -# Email: francis@mysociety.org; WWW: http://www.mysociety.org/ +# Email: hello@mysociety.org; WWW: http://www.mysociety.org/ -require 'alaveteli_file_types' require 'zip/zip' require 'open-uri' @@ -17,7 +17,7 @@ class RequestController < ApplicationController @@custom_states_loaded = false begin - if ENV["RAILS_ENV"] != "test" + if !Rails.env.test? require 'customstates' include RequestControllerCustomStates @@custom_states_loaded = true @@ -28,7 +28,7 @@ class RequestController < ApplicationController def select_authority # Check whether we force the user to sign in right at the start, or we allow her # to start filling the request anonymously - if Configuration::force_registration_on_new_request && !authenticated?( + if AlaveteliConfiguration::force_registration_on_new_request && !authenticated?( :web => _("To send your FOI request"), :email => _("Then you'll be allowed to send FOI requests."), :email_subject => _("Confirm your email address") @@ -44,7 +44,7 @@ class RequestController < ApplicationController end def show - if !Configuration::varnish_host.blank? + if !AlaveteliConfiguration::varnish_host.blank? # If varnish is set up to accept PURGEs, then cache for a # long time long_cache @@ -67,8 +67,7 @@ class RequestController < ApplicationController # Test for whole request being hidden if !@info_request.user_can_view?(authenticated_user) - render :template => 'request/hidden', :status => 410 # gone - return + return render_hidden end # Other parameters @@ -101,7 +100,7 @@ class RequestController < ApplicationController # ... requests that have similar imporant terms begin limit = 10 - @xapian_similar = ::ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events, + @xapian_similar = ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events, :limit => limit, :collapse_by_prefix => 'request_collapse') @xapian_similar_more = (@xapian_similar.matches_estimated > limit) rescue @@ -126,8 +125,7 @@ class RequestController < ApplicationController long_cache @info_request = InfoRequest.find_by_url_title!(params[:url_title]) if !@info_request.user_can_view?(authenticated_user) - render :template => 'request/hidden', :status => 410 # gone - return + return render_hidden end @columns = ['id', 'event_type', 'created_at', 'described_state', 'last_described_at', 'calculated_state' ] end @@ -146,19 +144,12 @@ class RequestController < ApplicationController raise ActiveRecord::RecordNotFound.new("Request not found") if @info_request.nil? if !@info_request.user_can_view?(authenticated_user) - render :template => 'request/hidden', :status => 410 # gone - return + return render_hidden end - @xapian_object = ::ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events, + @xapian_object = ActsAsXapian::Similar.new([InfoRequestEvent], @info_request.info_request_events, :offset => (@page - 1) * @per_page, :limit => @per_page, :collapse_by_prefix => 'request_collapse') @matches_estimated = @xapian_object.matches_estimated @show_no_more_than = (@matches_estimated > MAX_RESULTS) ? MAX_RESULTS : @matches_estimated - - if (@page > 1) - @page_desc = " (page " + @page.to_s + ")" - else - @page_desc = "" - end end def list @@ -242,16 +233,19 @@ class RequestController < ApplicationController # Read parameters in - first the public body (by URL name or id) if params[:url_name] if params[:url_name].match(/^[0-9]+$/) - params[:info_request][:public_body_id] = params[:url_name] + params[:info_request][:public_body] = PublicBody.find(params[:url_name]) else public_body = PublicBody.find_by_url_name_with_historic(params[:url_name]) raise ActiveRecord::RecordNotFound.new("None found") if public_body.nil? # XXX proper 404 - params[:info_request][:public_body_id] = public_body.id + params[:info_request][:public_body] = public_body end elsif params[:public_body_id] - params[:info_request][:public_body_id] = params[:public_body_id] + params[:info_request][:public_body] = PublicBody.find(params[:public_body_id]) + # Explicitly load the association as this isn't done automatically in newer Rails versions + elsif params[:info_request][:public_body_id] + params[:info_request][:public_body] = PublicBody.find(params[:info_request][:public_body_id]) end - if !params[:info_request][:public_body_id] + if !params[:info_request][:public_body] # compulsory to have a body by here, or go to front page which is start of process redirect_to frontpage_url return @@ -344,7 +338,7 @@ class RequestController < ApplicationController end if !authenticated?( - :web => _("To send your FOI request"), + :web => _("To send your FOI request").to_str, :email => _("Then your FOI request to {{public_body_name}} will be sent.",:public_body_name=>@info_request.public_body.name), :email_subject => _("Confirm your FOI request to ") + @info_request.public_body.name ) @@ -368,8 +362,8 @@ class RequestController < ApplicationController replied by then.</p> <p>If you write about this request (for example in a forum or a blog) please link to this page, and add an annotation below telling people about your writing.</p>",:law_used_full=>@info_request.law_used_full, - :late_number_of_days => Configuration::reply_late_after_days) - redirect_to show_new_request_url(:url_title => @info_request.url_title) + :late_number_of_days => AlaveteliConfiguration::reply_late_after_days) + redirect_to show_new_request_path(:url_title => @info_request.url_title) end # Submitted to the describing state of messages form @@ -417,12 +411,22 @@ class RequestController < ApplicationController end # Make the state change + event = info_request.log_event("status_update", + { :user_id => authenticated_user.id, + :old_described_state => info_request.described_state, + :described_state => described_state, + }) + info_request.set_described_state(described_state, authenticated_user, message) # If you're not the *actual* requester. e.g. you are playing the # classification game, or you're doing this just because you are an # admin user (not because you also own the request). if !info_request.is_actual_owning_user?(authenticated_user) + # Create a classification event for league tables + RequestClassification.create!(:user_id => authenticated_user.id, + :info_request_event_id => event.id) + # Don't give advice on what to do next, as it isn't their request if session[:request_game] flash[:notice] = _('Thank you for updating the status of the request \'<a href="{{url}}">{{info_request_title}}</a>\'. There are some more requests below for you to classify.',:info_request_title=>CGI.escapeHTML(info_request.title), :url=>CGI.escapeHTML(request_path(info_request))) @@ -434,6 +438,7 @@ class RequestController < ApplicationController return end + calculated_status = info_request.calculate_status # Display advice for requester on what to do next, as appropriate flash[:notice] = case info_request.calculate_status when 'waiting_response' @@ -442,7 +447,7 @@ class RequestController < ApplicationController when 'waiting_response_overdue' _("<p>Thank you! Hope you don't have to wait much longer.</p> <p>By law, you should have got a response promptly, and normally before the end of <strong>{{date_response_required_by}}</strong>.</p>",:date_response_required_by=>simple_date(info_request.date_response_required_by)) when 'waiting_response_very_overdue' - _("<p>Thank you! Your request is long overdue, by more than {{very_late_number_of_days}} working days. Most requests should be answered within {{late_number_of_days}} working days. You might like to complain about this, see below.</p>", :very_late_number_of_days => Configuration::reply_very_late_after_days, :late_number_of_days => Configuration::reply_late_after_days) + _("<p>Thank you! Your request is long overdue, by more than {{very_late_number_of_days}} working days. Most requests should be answered within {{late_number_of_days}} working days. You might like to complain about this, see below.</p>", :very_late_number_of_days => AlaveteliConfiguration::reply_very_late_after_days, :late_number_of_days => AlaveteliConfiguration::reply_late_after_days) when 'not_held' _("<p>Thank you! Here are some ideas on what to do next:</p> <ul> @@ -460,15 +465,25 @@ class RequestController < ApplicationController when 'rejected' _("Oh no! Sorry to hear that your request was refused. Here is what to do now.") when 'successful' - _("<p>We're glad you got all the information that you wanted. If you write about or make use of the information, please come back and add an annotation below saying what you did.</p><p>If you found {{site_name}} useful, <a href=\"{{donation_url}}\">make a donation</a> to the charity which runs it.</p>", :site_name=>site_name, :donation_url => "http://www.mysociety.org/donate/") + if AlaveteliConfiguration::donation_url.blank? + _("<p>We're glad you got all the information that you wanted. If you write about or make use of the information, please come back and add an annotation below saying what you did.</p>") + else + _("<p>We're glad you got all the information that you wanted. If you write about or make use of the information, please come back and add an annotation below saying what you did.</p><p>If you found {{site_name}} useful, <a href=\"{{donation_url}}\">make a donation</a> to the charity which runs it.</p>", + :site_name => site_name, :donation_url => AlaveteliConfiguration::donation_url) + end when 'partially_successful' - _("<p>We're glad you got some of the information that you wanted. If you found {{site_name}} useful, <a href=\"{{donation_url}}\">make a donation</a> to the charity which runs it.</p><p>If you want to try and get the rest of the information, here's what to do now.</p>", :site_name=>site_name, :donation_url=>"http://www.mysociety.org/donate/") + if AlaveteliConfiguration::donation_url.blank? + _("<p>We're glad you got some of the information that you wanted.</p><p>If you want to try and get the rest of the information, here's what to do now.</p>") + else + _("<p>We're glad you got some of the information that you wanted. If you found {{site_name}} useful, <a href=\"{{donation_url}}\">make a donation</a> to the charity which runs it.</p><p>If you want to try and get the rest of the information, here's what to do now.</p>", + :site_name => site_name, :donation_url => AlaveteliConfiguration::donation_url) + end when 'waiting_clarification' _("Please write your follow up message containing the necessary clarifications below.") when 'gone_postal' nil when 'internal_review' - _("<p>Thank you! Hopefully your wait isn't too long.</p><p>You should get a response within {{late_number_of_days}} days, or be told if it will take longer (<a href=\"{{review_url}}\">details</a>).</p>",:late_number_of_days => Configuration.reply_late_after_days, :review_url => unhappy_url(info_request) + "#internal_review") + _("<p>Thank you! Hopefully your wait isn't too long.</p><p>You should get a response within {{late_number_of_days}} days, or be told if it will take longer (<a href=\"{{review_url}}\">details</a>).</p>",:late_number_of_days => AlaveteliConfiguration.reply_late_after_days, :review_url => unhappy_url(info_request) + "#internal_review") when 'error_message', 'requires_admin' _("Thank you! We'll look into what happened and try and fix it up.") when 'user_withdrawn' @@ -560,10 +575,7 @@ class RequestController < ApplicationController end - params_outgoing_message = params[:outgoing_message] - if params_outgoing_message.nil? - params_outgoing_message = {} - end + params_outgoing_message = params[:outgoing_message] ? params[:outgoing_message].clone : {} params_outgoing_message.merge!({ :status => 'ready', :message_type => 'followup', @@ -586,8 +598,7 @@ class RequestController < ApplicationController # Test for hidden requests if !authenticated_user.nil? && !@info_request.user_can_view?(authenticated_user) - render :template => 'request/hidden', :status => 410 # gone - return + return render_hidden end # Check address is good @@ -670,7 +681,7 @@ class RequestController < ApplicationController raise ActiveRecord::RecordNotFound.new("Message not found") if incoming_message.nil? if !incoming_message.info_request.user_can_view?(authenticated_user) @info_request = incoming_message.info_request # used by view - render :template => 'request/hidden', :status => 410 # gone + return render_hidden end # Is this a completely public request that we can cache attachments for # to be served up without authentication? @@ -679,25 +690,6 @@ class RequestController < ApplicationController end end - def report_request - info_request = InfoRequest.find_by_url_title!(params[:url_title]) - return if !authenticated?( - :web => _("To report this FOI request"), - :email => _("Then you can report the request '{{title}}'", :title => info_request.title), - :email_subject => _("Report an offensive or unsuitable request") - ) - - if !info_request.attention_requested - info_request.set_described_state('attention_requested', @user) - info_request.attention_requested = true # tells us if attention has ever been requested - info_request.save! - flash[:notice] = _("This request has been reported for administrator attention") - else - flash[:notice] = _("This request has already been reported for administrator attention") - end - redirect_to request_url(info_request) - end - # special caching code so mime types are handled right around_filter :cache_attachments, :only => [ :get_attachment, :get_attachment_as_html ] def cache_attachments @@ -708,16 +700,19 @@ class RequestController < ApplicationController key_path = foi_fragment_cache_path(key) if foi_fragment_cache_exists?(key_path) logger.info("Reading cache for #{key_path}") - raise PermissionDenied.new("Directory listing not allowed") if File.directory?(key_path) - cached = foi_fragment_cache_read(key_path) - response.content_type = AlaveteliFileTypes.filename_to_mimetype(params[:file_name].join("/")) || 'application/octet-stream' - render_for_text(cached) + + if File.directory?(key_path) + render :text => "Directory listing not allowed", :status => 403 + else + render :text => foi_fragment_cache_read(key_path), + :content_type => (AlaveteliFileTypes.filename_to_mimetype(params[:file_name]) || 'application/octet-stream') + end return end yield - if params[:skip_cache].nil? + if params[:skip_cache].nil? && response.status == 200 # write it to the fileystem ourselves, so is just a plain file. (The # various fragment cache functions using Ruby Marshall to write the file # which adds a header, so isnt compatible with images that have been @@ -732,13 +727,14 @@ class RequestController < ApplicationController def get_attachment get_attachment_internal(false) + return unless @attachment # Prevent spam to magic request address. Note that the binary # subsitution method used depends on the content type @incoming_message.binary_mask_stuff!(@attachment.body, @attachment.content_type) # we don't use @attachment.content_type here, as we want same mime type when cached in cache_attachments above - response.content_type = AlaveteliFileTypes.filename_to_mimetype(params[:file_name].join("/")) || 'application/octet-stream' + response.content_type = AlaveteliFileTypes.filename_to_mimetype(params[:file_name]) || 'application/octet-stream' render :text => @attachment.body end @@ -751,6 +747,7 @@ class RequestController < ApplicationController raise ActiveRecord::RecordNotFound.new("Attachment HTML not found.") end get_attachment_internal(true) + return unless @attachment # images made during conversion (e.g. images in PDF files) are put in the cache directory, so # the same cache code in cache_attachments above will display them. @@ -788,7 +785,7 @@ class RequestController < ApplicationController raise ActiveRecord::RecordNotFound.new(message) end @part_number = params[:part].to_i - @filename = params[:file_name].join("/") + @filename = params[:file_name] if html_conversion @original_filename = @filename.gsub(/\.html$/, "") else @@ -797,8 +794,11 @@ class RequestController < ApplicationController # check permissions raise "internal error, pre-auth filter should have caught this" if !@info_request.user_can_view?(authenticated_user) - @attachment = IncomingMessage.get_attachment_by_url_part_number(@incoming_message.get_attachments_for_display, @part_number) - raise ActiveRecord::RecordNotFound.new("attachment not found part number " + @part_number.to_s + " incoming_message " + @incoming_message.id.to_s) if @attachment.nil? + @attachment = IncomingMessage.get_attachment_by_url_part_number_and_filename(@incoming_message.get_attachments_for_display, @part_number, @original_filename) + # If we can't find the right attachment, redirect to the incoming message: + unless @attachment + return redirect_to incoming_message_url(@incoming_message), :status => 303 + end # check filename in URL matches that in database (use a censor rule if you want to change a filename) raise ActiveRecord::RecordNotFound.new("please use same filename as original file has, display: '" + @attachment.display_filename + "' old_display: '" + @attachment.old_display_filename + "' original: '" + @original_filename + "'") if @attachment.display_filename != @original_filename && @attachment.old_display_filename != @original_filename @@ -849,7 +849,8 @@ class RequestController < ApplicationController return end - mail = RequestMailer.create_fake_response(@info_request, @user, body, file_name, file_content) + mail = RequestMailer.fake_response(@info_request, @user, body, file_name, file_content) + @info_request.receive(mail, mail.encoded, true) flash[:notice] = _("Thank you for responding to this FOI request! Your response has been published below, and a link to your response has been emailed to ") + CGI.escapeHTML(@info_request.user.name) + "." redirect_to request_url(@info_request) @@ -863,7 +864,7 @@ class RequestController < ApplicationController # by making the last work a wildcard, which is quite the same query = params[:q] @xapian_requests = perform_search_typeahead(query, InfoRequestEvent) - render :partial => "request/search_ahead.rhtml" + render :partial => "request/search_ahead" end def download_entire_request @@ -872,8 +873,7 @@ class RequestController < ApplicationController @info_request = InfoRequest.find_by_url_title!(params[:url_title]) # Test for whole request being hidden or requester-only if !@info_request.all_can_view? - render :template => 'request/hidden', :status => 410 # gone - return + return render_hidden end if authenticated?( :web => _("To download the zip file"), @@ -891,10 +891,10 @@ class RequestController < ApplicationController if !File.exists?(file_path) FileUtils.mkdir_p(File.dirname(file_path)) Zip::ZipFile.open(file_path, Zip::ZipFile::CREATE) { |zipfile| - convert_command = Configuration::html_to_pdf_command + convert_command = AlaveteliConfiguration::html_to_pdf_command done = false if !convert_command.blank? && File.exists?(convert_command) - url = "http://#{Configuration::domain}#{request_path(@info_request)}?print_stylesheet=1" + url = "http://#{AlaveteliConfiguration::domain}#{request_path(@info_request)}?print_stylesheet=1" tempfile = Tempfile.new('foihtml2pdf') output = AlaveteliExternalCommand.run(convert_command, url, tempfile.path) if !output.nil? @@ -911,7 +911,7 @@ class RequestController < ApplicationController end if !done @info_request_events = @info_request.info_request_events - template = File.read(File.join(File.dirname(__FILE__), "..", "views", "request", "simple_correspondence.rhtml")) + template = File.read(File.join(File.dirname(__FILE__), "..", "views", "request", "simple_correspondence.html.erb")) output = ERB.new(template).result(binding) zipfile.get_output_stream("correspondence.txt") { |f| f.puts(output) @@ -933,5 +933,17 @@ class RequestController < ApplicationController end end end + + private + + def render_hidden + respond_to do |format| + response_code = 410 # gone + format.html{ render :template => 'request/hidden', :status => response_code } + format.any{ render :nothing => true, :status => response_code } + end + false + end + end |