diff options
Diffstat (limited to 'app/controllers/request_controller.rb')
| -rw-r--r-- | app/controllers/request_controller.rb | 45 |
1 files changed, 37 insertions, 8 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index dfa3a4834..162060d9b 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -52,7 +52,7 @@ class RequestController < ApplicationController medium_cache end @locale = self.locale_from_params() - PublicBody.with_locale(@locale) do + I18n.with_locale(@locale) do # Look up by old style numeric identifiers if params[:url_title].match(/^[0-9]+$/) @@ -709,10 +709,13 @@ class RequestController < ApplicationController key_path = foi_fragment_cache_path(key) if foi_fragment_cache_exists?(key_path) logger.info("Reading cache for #{key_path}") - raise PermissionDenied.new("Directory listing not allowed") if File.directory?(key_path) - cached = foi_fragment_cache_read(key_path) - response.content_type = AlaveteliFileTypes.filename_to_mimetype(params[:file_name].join("/")) || 'application/octet-stream' - render_for_text(cached) + + if File.directory?(key_path) + render :text => "Directory listing not allowed", :status => 403 + else + render :text => foi_fragment_cache_read(key_path), + :content_type => (AlaveteliFileTypes.filename_to_mimetype(params[:file_name].join("/")) || 'application/octet-stream') + end return end @@ -812,7 +815,7 @@ class RequestController < ApplicationController # FOI officers can upload a response def upload_response @locale = self.locale_from_params() - PublicBody.with_locale(@locale) do + I18n.with_locale(@locale) do @info_request = InfoRequest.find_by_url_title!(params[:url_title]) @reason_params = { @@ -850,7 +853,33 @@ class RequestController < ApplicationController return end - mail = RequestMailer.create_fake_response(@info_request, @user, body, file_name, file_content) + # There is duplication of the email creation code in api_controller.rb + # TODO: Remove duplication + if MailHandler.backend == "TMail" + # Directly construct Tmail object using attachment_hashes + mail = TMail::Mail.new + mail.from = @user.name_and_email + mail.to = @info_request.incoming_name_and_email + + b = TMail::Mail.new + b.body = body + b.set_content_type("text/plain") + b['Content-Disposition'] = "inline" + mail.parts << b + + if !file_name.nil? && !file_content.nil? + content_type = AlaveteliFileTypes.filename_to_mimetype(file_name) || 'application/octet-stream' + + attachment = TMail::Mail.new + attachment.body = Base64.encode64(file_content) + attachment.transfer_encoding = "base64" + attachment['Content-Type'] = "#{content_type}; name=\"#{file_name}\"" + attachment['Content-Disposition'] = "attachment; filename=#{file_name}" + mail.parts << attachment + end + else + mail = RequestMailer.create_fake_response(@info_request, @user, body, file_name, file_content) + end @info_request.receive(mail, mail.encoded, true) flash[:notice] = _("Thank you for responding to this FOI request! Your response has been published below, and a link to your response has been emailed to ") + CGI.escapeHTML(@info_request.user.name) + "." redirect_to request_url(@info_request) @@ -869,7 +898,7 @@ class RequestController < ApplicationController def download_entire_request @locale = self.locale_from_params() - PublicBody.with_locale(@locale) do + I18n.with_locale(@locale) do @info_request = InfoRequest.find_by_url_title!(params[:url_title]) # Test for whole request being hidden or requester-only if !@info_request.all_can_view? |