diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/admin_general_controller.rb | 13 | ||||
| -rw-r--r-- | app/controllers/admin_public_body_change_requests_controller.rb | 15 | ||||
| -rw-r--r-- | app/controllers/admin_public_body_controller.rb | 42 | ||||
| -rw-r--r-- | app/controllers/admin_request_controller.rb | 19 | ||||
| -rw-r--r-- | app/controllers/admin_user_controller.rb | 1 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 98 | ||||
| -rw-r--r-- | app/controllers/comment_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/general_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/info_request_batch_controller.rb | 16 | ||||
| -rw-r--r-- | app/controllers/public_body_change_requests_controller.rb | 28 | ||||
| -rw-r--r-- | app/controllers/public_body_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/request_controller.rb | 298 | ||||
| -rw-r--r-- | app/controllers/track_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/user_controller.rb | 3 |
14 files changed, 328 insertions, 215 deletions
diff --git a/app/controllers/admin_general_controller.rb b/app/controllers/admin_general_controller.rb index 196616ed6..753208c9a 100644 --- a/app/controllers/admin_general_controller.rb +++ b/app/controllers/admin_general_controller.rb @@ -27,13 +27,16 @@ class AdminGeneralController < AdminController @comment_count = Comment.count # Tasks to do - @requires_admin_requests = InfoRequest.find(:all, :select => '*, ' + InfoRequest.last_event_time_clause + ' as last_event_time', :conditions => ["described_state = 'requires_admin'"], :order => "last_event_time") - @error_message_requests = InfoRequest.find(:all, :select => '*, ' + InfoRequest.last_event_time_clause + ' as last_event_time', :conditions => ["described_state = 'error_message'"], :order => "last_event_time") - @attention_requests = InfoRequest.find(:all, :select => '*, ' + InfoRequest.last_event_time_clause + ' as last_event_time', :conditions => ["described_state = 'attention_requested'"], :order => "last_event_time") - @blank_contacts = PublicBody.find(:all, :conditions => ["request_email = ''"], :order => "updated_at") + @requires_admin_requests = InfoRequest.find_in_state('requires_admin') + @error_message_requests = InfoRequest.find_in_state('error_message') + @attention_requests = InfoRequest.find_in_state('attention_requested') + @blank_contacts = PublicBody.find(:all, :conditions => ["request_email = ''"], + :order => "updated_at") @old_unclassified = InfoRequest.find_old_unclassified(:limit => 20, - :conditions => ["prominence = 'normal'"]) + :conditions => ["prominence = 'normal'"]) @holding_pen_messages = InfoRequest.holding_pen_request.incoming_messages + @new_body_requests = PublicBodyChangeRequest.new_body_requests.open + @body_update_requests = PublicBodyChangeRequest.body_update_requests.open end def timeline diff --git a/app/controllers/admin_public_body_change_requests_controller.rb b/app/controllers/admin_public_body_change_requests_controller.rb new file mode 100644 index 000000000..d76cdc0e5 --- /dev/null +++ b/app/controllers/admin_public_body_change_requests_controller.rb @@ -0,0 +1,15 @@ +class AdminPublicBodyChangeRequestsController < AdminController + + def edit + @change_request = PublicBodyChangeRequest.find(params[:id]) + end + + def update + @change_request = PublicBodyChangeRequest.find(params[:id]) + @change_request.close! + @change_request.send_response(params[:subject], params[:response]) + flash[:notice] = 'The change request has been closed and the user has been notified' + redirect_to admin_general_index_path + end + +end diff --git a/app/controllers/admin_public_body_controller.rb b/app/controllers/admin_public_body_controller.rb index 88e275960..120419a27 100644 --- a/app/controllers/admin_public_body_controller.rb +++ b/app/controllers/admin_public_body_controller.rb @@ -85,14 +85,33 @@ class AdminPublicBodyController < AdminController def new @public_body = PublicBody.new - render + if params[:change_request_id] + @change_request = PublicBodyChangeRequest.find(params[:change_request_id]) + end + if @change_request + @change_request_user_response = render_to_string(:template => "admin_public_body_change_requests/add_accepted", + :formats => [:txt]) + @public_body.name = @change_request.public_body_name + @public_body.request_email = @change_request.public_body_email + @public_body.last_edit_comment = @change_request.comment_for_public_body + end + render :formats => [:html] end def create I18n.with_locale(I18n.default_locale) do + if params[:change_request_id] + @change_request = PublicBodyChangeRequest.find(params[:change_request_id]) + end params[:public_body][:last_edit_editor] = admin_current_user() @public_body = PublicBody.new(params[:public_body]) if @public_body.save + if @change_request + response_text = params[:response].gsub(_("[Authority URL will be inserted here]"), + public_body_url(@public_body, :only_path => false)) + @change_request.close! + @change_request.send_response(params[:subject], response_text) + end flash[:notice] = 'PublicBody was successfully created.' redirect_to admin_body_show_url(@public_body) else @@ -103,15 +122,32 @@ class AdminPublicBodyController < AdminController def edit @public_body = PublicBody.find(params[:id]) - @public_body.last_edit_comment = "" - render + if params[:change_request_id] + @change_request = PublicBodyChangeRequest.find(params[:change_request_id]) + end + if @change_request + @change_request_user_response = render_to_string(:template => "admin_public_body_change_requests/update_accepted", + :formats => [:txt]) + @public_body.request_email = @change_request.public_body_email + @public_body.last_edit_comment = @change_request.comment_for_public_body + else + @public_body.last_edit_comment = "" + end + render :formats => [:html] end def update + if params[:change_request_id] + @change_request = PublicBodyChangeRequest.find(params[:change_request_id]) + end I18n.with_locale(I18n.default_locale) do params[:public_body][:last_edit_editor] = admin_current_user() @public_body = PublicBody.find(params[:id]) if @public_body.update_attributes(params[:public_body]) + if @change_request + @change_request.close! + @change_request.send_response(params[:subject], params[:response]) + end flash[:notice] = 'PublicBody was successfully updated.' redirect_to admin_body_show_url(@public_body) else diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb index 4d45ced8b..fc291d998 100644 --- a/app/controllers/admin_request_controller.rb +++ b/app/controllers/admin_request_controller.rb @@ -26,15 +26,13 @@ class AdminRequestController < AdminController def show @info_request = InfoRequest.find(params[:id]) - # XXX is this *really* the only way to render a template to a - # variable, rather than to the response? - vars = OpenStruct.new(:name_to => @info_request.user_name, - :name_from => AlaveteliConfiguration::contact_name, - :info_request => @info_request, :reason => params[:reason], - :info_request_url => 'http://' + AlaveteliConfiguration::domain + request_url(@info_request), - :site_name => site_name) - template = File.read(File.join(File.dirname(__FILE__), "..", "views", "admin_request", "hidden_user_explanation.html.erb")) - @request_hidden_user_explanation = ERB.new(template).result(vars.instance_eval { binding }) + vars_for_explanation = {:reason => params[:reason], + :info_request => @info_request, + :name_to => @info_request.user_name, + :name_from => AlaveteliConfiguration::contact_name, + :info_request_url => request_url(@info_request, :only_path => false)} + @request_hidden_user_explanation = render_to_string(:template => "admin_request/hidden_user_explanation", + :locals => vars_for_explanation) end def resend @@ -281,7 +279,8 @@ class AdminRequestController < AdminController if ! info_request.is_external? ContactMailer.from_admin_message( - info_request.user, + info_request.user.name, + info_request.user.email, subject, params[:explanation].strip.html_safe ).deliver diff --git a/app/controllers/admin_user_controller.rb b/app/controllers/admin_user_controller.rb index 929b93e0e..940a5fe8f 100644 --- a/app/controllers/admin_user_controller.rb +++ b/app/controllers/admin_user_controller.rb @@ -48,6 +48,7 @@ class AdminUserController < AdminController @admin_user.ban_text = params[:admin_user][:ban_text] @admin_user.about_me = params[:admin_user][:about_me] @admin_user.no_limit = params[:admin_user][:no_limit] + @admin_user.can_make_batch_requests = params[:admin_user][:can_make_batch_requests] if @admin_user.valid? @admin_user.save! diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 161a82b26..370e8e15c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -369,9 +369,9 @@ class ApplicationController < ActionController::Base return page end - def perform_search_typeahead(query, model) + def perform_search_typeahead(query, model, per_page=25) @page = get_search_page_from_params - @per_page = 10 + @per_page = per_page query_words = query.split(/ +(?![-+]+)/) if query_words.last.nil? || query_words.last.strip.length < 3 xapian_requests = nil @@ -428,100 +428,6 @@ class ApplicationController < ActionController::Base end end - def get_request_variety_from_params(params) - query = "" - sortby = "newest" - varieties = [] - if params[:request_variety] && !(query =~ /variety:/) - if params[:request_variety].include? "sent" - varieties -= ['variety:sent', 'variety:followup_sent', 'variety:response', 'variety:comment'] - varieties << ['variety:sent', 'variety:followup_sent'] - end - if params[:request_variety].include? "response" - varieties << ['variety:response'] - end - if params[:request_variety].include? "comment" - varieties << ['variety:comment'] - end - end - if !varieties.empty? - query = " (#{varieties.join(' OR ')})" - end - return query - end - - def get_status_from_params(params) - query = "" - if params[:latest_status] - statuses = [] - if params[:latest_status].class == String - params[:latest_status] = [params[:latest_status]] - end - if params[:latest_status].include?("recent") || params[:latest_status].include?("all") - query += " (variety:sent OR variety:followup_sent OR variety:response OR variety:comment)" - end - if params[:latest_status].include? "successful" - statuses << ['latest_status:successful', 'latest_status:partially_successful'] - end - if params[:latest_status].include? "unsuccessful" - statuses << ['latest_status:rejected', 'latest_status:not_held'] - end - if params[:latest_status].include? "awaiting" - statuses << ['latest_status:waiting_response', 'latest_status:waiting_clarification', 'waiting_classification:true', 'latest_status:internal_review','latest_status:gone_postal', 'latest_status:error_message', 'latest_status:requires_admin'] - end - if params[:latest_status].include? "internal_review" - statuses << ['status:internal_review'] - end - if params[:latest_status].include? "other" - statuses << ['latest_status:gone_postal', 'latest_status:error_message', 'latest_status:requires_admin', 'latest_status:user_withdrawn'] - end - if params[:latest_status].include? "gone_postal" - statuses << ['latest_status:gone_postal'] - end - if !statuses.empty? - query = " (#{statuses.join(' OR ')})" - end - end - return query - end - - def get_date_range_from_params(params) - query = "" - if params.has_key?(:request_date_after) && !params.has_key?(:request_date_before) - params[:request_date_before] = Time.now.strftime("%d/%m/%Y") - query += " #{params[:request_date_after]}..#{params[:request_date_before]}" - elsif !params.has_key?(:request_date_after) && params.has_key?(:request_date_before) - params[:request_date_after] = "01/01/2001" - end - if params.has_key?(:request_date_after) - query = " #{params[:request_date_after]}..#{params[:request_date_before]}" - end - return query - end - - def get_tags_from_params(params) - query = "" - tags = [] - if params.has_key?(:tags) - params[:tags].split().each do |tag| - tags << "tag:#{tag}" - end - end - if !tags.empty? - query = " (#{tags.join(' OR ')})" - end - return query - end - - def make_query_from_params(params) - query = params[:query] || "" if query.nil? - query += get_date_range_from_params(params) - query += get_request_variety_from_params(params) - query += get_status_from_params(params) - query += get_tags_from_params(params) - return query - end - def country_from_ip country = "" if !AlaveteliConfiguration::gaze_url.empty? diff --git a/app/controllers/comment_controller.rb b/app/controllers/comment_controller.rb index d4b17e9d2..cda56a211 100644 --- a/app/controllers/comment_controller.rb +++ b/app/controllers/comment_controller.rb @@ -38,7 +38,7 @@ class CommentController < ApplicationController if params[:comment] # XXX this check should theoretically be a validation rule in the model - @existing_comment = Comment.find_by_existing_comment(@info_request.id, params[:comment][:body]) + @existing_comment = Comment.find_existing(@info_request.id, params[:comment][:body]) else # Default to subscribing to request when first viewing form params[:subscribe_to_request] = true @@ -68,7 +68,7 @@ class CommentController < ApplicationController if params[:subscribe_to_request] @track_thing = TrackThing.create_track_for_request(@info_request) - @existing_track = TrackThing.find_by_existing_track(@user, @track_thing) + @existing_track = TrackThing.find_existing(@user, @track_thing) if @user && @info_request.user == @user # don't subscribe to own request! elsif !@existing_track diff --git a/app/controllers/general_controller.rb b/app/controllers/general_controller.rb index b01a67027..6f0d29889 100644 --- a/app/controllers/general_controller.rb +++ b/app/controllers/general_controller.rb @@ -103,7 +103,7 @@ class GeneralController < ApplicationController params[:query] = @query end if @variety_postfix != "all" && @requests - @query, _ = make_query_from_params(params) + @query = InfoRequestEvent.make_query_from_params(params) end @inputted_sortby = @sortby if @sortby.nil? diff --git a/app/controllers/info_request_batch_controller.rb b/app/controllers/info_request_batch_controller.rb new file mode 100644 index 000000000..b66658757 --- /dev/null +++ b/app/controllers/info_request_batch_controller.rb @@ -0,0 +1,16 @@ +class InfoRequestBatchController < ApplicationController + + def show + @info_request_batch = InfoRequestBatch.find(params[:id]) + @per_page = 25 + @page = get_search_page_from_params + if @info_request_batch.sent_at + @info_requests = @info_request_batch.info_requests.visible.all(:offset => (@page - 1) * @per_page, + :limit => @per_page) + else + @public_bodies = @info_request_batch.public_bodies.all(:offset => (@page - 1) * @per_page, + :limit => @per_page) + end + end + +end diff --git a/app/controllers/public_body_change_requests_controller.rb b/app/controllers/public_body_change_requests_controller.rb new file mode 100644 index 000000000..4a6c5f5cb --- /dev/null +++ b/app/controllers/public_body_change_requests_controller.rb @@ -0,0 +1,28 @@ +class PublicBodyChangeRequestsController < ApplicationController + + def create + @change_request = PublicBodyChangeRequest.from_params(params[:public_body_change_request], @user) + if @change_request.save + @change_request.send_message + flash[:notice] = @change_request.thanks_notice + redirect_to frontpage_url + return + else + render :action => 'new' + end + end + + def new + @change_request = PublicBodyChangeRequest.new + if params[:body] + @change_request.public_body = PublicBody.find_by_url_name_with_historic(params[:body]) + end + if @change_request.public_body + @title = _('Ask us to update the email address for {{public_body_name}}', + :public_body_name => @change_request.public_body.name) + else + @title = _('Ask us to add an authority') + end + + end +end diff --git a/app/controllers/public_body_controller.rb b/app/controllers/public_body_controller.rb index 308d38e4c..862f4b318 100644 --- a/app/controllers/public_body_controller.rb +++ b/app/controllers/public_body_controller.rb @@ -40,7 +40,7 @@ class PublicBodyController < ApplicationController @searched_to_send_request = true end @view = params[:view] - query = make_query_from_params(params.merge(:latest_status => @view)) + query = InfoRequestEvent.make_query_from_params(params.merge(:latest_status => @view)) query += " requested_from:#{@public_body.url_name}" # Use search query for this so can collapse and paginate easily # XXX really should just use SQL query here rather than Xapian. diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index d982bd391..a94461758 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -11,7 +11,7 @@ require 'open-uri' class RequestController < ApplicationController before_filter :check_read_only, :only => [ :new, :show_response, :describe_state, :upload_response ] protect_from_forgery :only => [ :new, :show_response, :describe_state, :upload_response ] # See ActionController::RequestForgeryProtection for details - + before_filter :check_batch_requests_and_user_allowed, :only => [ :select_authorities, :new_batch ] MAX_RESULTS = 500 PER_PAGE = 25 @@ -43,6 +43,32 @@ class RequestController < ApplicationController medium_cache end + def select_authorities + if !params[:public_body_query].nil? + @search_bodies = perform_search_typeahead(params[:public_body_query], PublicBody, 1000) + end + respond_to do |format| + format.html do + if !params[:public_body_ids].nil? + if !params[:remove_public_body_ids].nil? + body_ids = params[:public_body_ids] - params[:remove_public_body_ids] + else + body_ids = params[:public_body_ids] + end + @public_bodies = PublicBody.where({:id => body_ids}).all + end + end + format.json do + if @search_bodies + render :json => @search_bodies.results.map{ |result| {:name => result[:model].name, + :id => result[:model].id } } + else + render :json => [] + end + end + end + end + def show if !AlaveteliConfiguration::varnish_host.blank? # If varnish is set up to accept PURGEs, then cache for a @@ -141,7 +167,10 @@ class RequestController < ApplicationController def list medium_cache @view = params[:view] + @locale = self.locale_from_params() @page = get_search_page_from_params if !@page # used in cache case, as perform_search sets @page as side effect + @per_page = PER_PAGE + @max_results = MAX_RESULTS if @view == "recent" return redirect_to request_list_all_url(:action => "list", :view => "all", :page => @page), :status => :moved_permanently end @@ -151,16 +180,11 @@ class RequestController < ApplicationController raise ActiveRecord::RecordNotFound.new("Sorry. No pages after #{MAX_RESULTS / PER_PAGE}.") end - query = make_query_from_params(params.merge(:latest_status => @view)) + @filters = params.merge(:latest_status => @view) @title = _("View and search requests") - sortby = "newest" - xapian_object = perform_search([InfoRequestEvent], query, sortby, 'request_collapse') - @list_results = xapian_object.results.map { |r| r[:model] } - @matches_estimated = xapian_object.matches_estimated - @show_no_more_than = (@matches_estimated > MAX_RESULTS) ? MAX_RESULTS : @matches_estimated @title = @title + " (page " + @page.to_s + ")" if (@page > 1) - @track_thing = TrackThing.create_track_for_search_query(query) + @track_thing = TrackThing.create_track_for_search_query(InfoRequestEvent.make_query_from_params(@filters)) @feed_autodetect = [ { :url => do_track_url(@track_thing, 'feed'), :title => @track_thing.params[:title_in_rss], :has_json => true } ] # Don't let robots go more than 20 pages in @@ -169,6 +193,69 @@ class RequestController < ApplicationController end end + def new_batch + if params[:public_body_ids].blank? + redirect_to select_authorities_path and return + end + + # TODO: Decide if we make batch requesters describe their undescribed requests + # before being able to make a new batch request + + if !authenticated_user.can_file_requests? + @details = authenticated_user.can_fail_html + render :template => 'user/banned' and return + end + + @batch = true + + I18n.with_locale(@locale) do + @public_bodies = PublicBody.where({:id => params[:public_body_ids]}). + includes(:translations). + order('public_body_translations.name').all + end + if params[:submitted_new_request].nil? || params[:reedit] + return render_new_compose(batch=true) + end + + # Check for double submission of batch + @existing_batch = InfoRequestBatch.find_existing(authenticated_user, + params[:info_request][:title], + params[:outgoing_message][:body], + params[:public_body_ids]) + + @info_request = InfoRequest.create_from_attributes(params[:info_request], + params[:outgoing_message], + authenticated_user) + @outgoing_message = @info_request.outgoing_messages.first + @info_request.is_batch_request_template = true + if !@existing_batch.nil? || !@info_request.valid? + # We don't want the error "Outgoing messages is invalid", as in this + # case the list of errors will also contain a more specific error + # describing the reason it is invalid. + @info_request.errors.delete(:outgoing_messages) + render :action => 'new' + return + end + + # Show preview page, if it is a preview + if params[:preview].to_i == 1 + return render_new_preview + end + + @info_request_batch = InfoRequestBatch.create!(:title => params[:info_request][:title], + :body => params[:outgoing_message][:body], + :public_bodies => @public_bodies, + :user => authenticated_user) + flash[:notice] = _("<p>Your {{law_used_full}} requests will be <strong>sent</strong> shortly!</p> + <p><strong>We will email you</strong> when they have been sent. + We will also email you when there is a response to any of them, or after {{late_number_of_days}} working days if the authorities still haven't + replied by then.</p> + <p>If you write about these requests (for example in a forum or a blog) please link to this page.</p>", + :law_used_full=>@info_request.law_used_full, + :late_number_of_days => AlaveteliConfiguration::reply_late_after_days) + redirect_to info_request_batch_path(@info_request_batch) + end + # Page new form posts to def new # All new requests are of normal_sort @@ -213,71 +300,19 @@ class RequestController < ApplicationController render :template => 'user/rate_limited' return end - - params[:info_request] = { } if !params[:info_request] - - # Read parameters in - first the public body (by URL name or id) - if params[:url_name] - if params[:url_name].match(/^[0-9]+$/) - params[:info_request][:public_body] = PublicBody.find(params[:url_name]) - else - public_body = PublicBody.find_by_url_name_with_historic(params[:url_name]) - raise ActiveRecord::RecordNotFound.new("None found") if public_body.nil? # XXX proper 404 - params[:info_request][:public_body] = public_body - end - elsif params[:public_body_id] - params[:info_request][:public_body] = PublicBody.find(params[:public_body_id]) - # Explicitly load the association as this isn't done automatically in newer Rails versions - elsif params[:info_request][:public_body_id] - params[:info_request][:public_body] = PublicBody.find(params[:info_request][:public_body_id]) - end - if !params[:info_request][:public_body] - # compulsory to have a body by here, or go to front page which is start of process - redirect_to frontpage_url - return - end - - # ... next any tags or other things - params[:info_request][:title] = params[:title] if params[:title] - params[:info_request][:tag_string] = params[:tags] if params[:tags] - - @info_request = InfoRequest.new(params[:info_request]) - params[:info_request_id] = @info_request.id - params[:outgoing_message] = {} if !params[:outgoing_message] - params[:outgoing_message][:body] = params[:body] if params[:body] - params[:outgoing_message][:default_letter] = params[:default_letter] if params[:default_letter] - params[:outgoing_message][:info_request] = @info_request - @outgoing_message = OutgoingMessage.new(params[:outgoing_message]) - @outgoing_message.set_signature_name(@user.name) if !@user.nil? - - if @info_request.public_body.is_requestable? - render :action => 'new' - else - if @info_request.public_body.not_requestable_reason == 'bad_contact' - render :action => 'new_bad_contact' - else - # if not requestable because defunct or not_apply, redirect to main page - # (which doesn't link to the /new/ URL) - redirect_to public_body_url(@info_request.public_body) - end - end - return + return render_new_compose(batch=false) end # See if the exact same request has already been submitted # XXX this check should theoretically be a validation rule in the # model, except we really want to pass @existing_request to the view so # it can link to it. - @existing_request = InfoRequest.find_by_existing_request(params[:info_request][:title], params[:info_request][:public_body_id], params[:outgoing_message][:body]) + @existing_request = InfoRequest.find_existing(params[:info_request][:title], params[:info_request][:public_body_id], params[:outgoing_message][:body]) # Create both FOI request and the first request message - @info_request = InfoRequest.new(params[:info_request]) - @outgoing_message = OutgoingMessage.new(params[:outgoing_message].merge({ - :status => 'ready', - :message_type => 'initial_request' - })) - @info_request.outgoing_messages << @outgoing_message - @outgoing_message.info_request = @info_request + @info_request = InfoRequest.create_from_attributes(params[:info_request], + params[:outgoing_message]) + @outgoing_message = @info_request.outgoing_messages.first # Maybe we lost the address while they're writing it if !@info_request.public_body.is_requestable? @@ -298,24 +333,7 @@ class RequestController < ApplicationController # Show preview page, if it is a preview if params[:preview].to_i == 1 - message = "" - if @outgoing_message.contains_email? - if @user.nil? - message += _("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"{{url}}\">details</a>).</p>", :url => (help_privacy_path+"#email_address").html_safe); - else - message += _("<p>You do not need to include your email in the request in order to get a reply (<a href=\"{{url}}\">details</a>).</p>", :url => (help_privacy_path+"#email_address").html_safe); - end - message += _("<p>We recommend that you edit your request and remove the email address. - If you leave it, the email address will be sent to the authority, but will not be displayed on the site.</p>") - end - if @outgoing_message.contains_postcode? - message += _("<p>Your request contains a <strong>postcode</strong>. Unless it directly relates to the subject of your request, please remove any address as it will <strong>appear publicly on the Internet</strong>.</p>"); - end - if not message.empty? - flash.now[:error] = message.html_safe - end - render :action => 'preview' - return + return render_new_preview end if user_exceeded_limit @@ -326,7 +344,7 @@ class RequestController < ApplicationController if !authenticated?( :web => _("To send your FOI request").to_str, :email => _("Then your FOI request to {{public_body_name}} will be sent.",:public_body_name=>@info_request.public_body.name), - :email_subject => _("Confirm your FOI request to ") + @info_request.public_body.name + :email_subject => _("Confirm your FOI request to {{public_body_name}}",:public_body_name=>@info_request.public_body.name) ) # do nothing - as "authenticated?" has done the redirect to signin page for us return @@ -671,7 +689,7 @@ class RequestController < ApplicationController end if !incoming_message.user_can_view?(authenticated_user) @incoming_message = incoming_message # used by view - return render_hidden_message + return render_hidden('request/hidden_correspondence') end # Is this a completely public request that we can cache attachments for # to be served up without authentication? @@ -885,19 +903,10 @@ class RequestController < ApplicationController private - def render_hidden + def render_hidden(template='request/hidden') respond_to do |format| response_code = 403 # forbidden - format.html{ render :template => 'request/hidden', :status => response_code } - format.any{ render :nothing => true, :status => response_code } - end - false - end - - def render_hidden_message - respond_to do |format| - response_code = 403 # forbidden - format.html{ render :template => 'request/hidden_correspondence', :status => response_code } + format.html{ render :template => template, :status => response_code } format.any{ render :nothing => true, :status => response_code } end false @@ -969,6 +978,103 @@ class RequestController < ApplicationController "request/similar/#{info_request.id}/#{locale}" end + def check_batch_requests_and_user_allowed + if !AlaveteliConfiguration::allow_batch_requests + raise RouteNotFound.new("Page not enabled") + end + if !authenticated?( + :web => _("To make a batch request"), + :email => _("Then you can make a batch request"), + :email_subject => _("Make a batch request"), + :user_name => "a user who has been authorised to make batch requests") + # do nothing - as "authenticated?" has done the redirect to signin page for us + return + end + if !@user.can_make_batch_requests? + return render_hidden('request/batch_not_allowed') + end + end + + def render_new_compose(batch) + + params[:info_request] = { } if !params[:info_request] + + # Read parameters in + unless batch + # first the public body (by URL name or id) + if params[:url_name] + if params[:url_name].match(/^[0-9]+$/) + params[:info_request][:public_body] = PublicBody.find(params[:url_name]) + else + public_body = PublicBody.find_by_url_name_with_historic(params[:url_name]) + raise ActiveRecord::RecordNotFound.new("None found") if public_body.nil? # XXX proper 404 + params[:info_request][:public_body] = public_body + end + elsif params[:public_body_id] + params[:info_request][:public_body] = PublicBody.find(params[:public_body_id]) + # Explicitly load the association as this isn't done automatically in newer Rails versions + elsif params[:info_request][:public_body_id] + params[:info_request][:public_body] = PublicBody.find(params[:info_request][:public_body_id]) + end + if !params[:info_request][:public_body] + # compulsory to have a body by here, or go to front page which is start of process + redirect_to frontpage_url + return + end + end + + # ... next any tags or other things + params[:info_request][:title] = params[:title] if params[:title] + params[:info_request][:tag_string] = params[:tags] if params[:tags] + + @info_request = InfoRequest.new(params[:info_request]) + if batch + @info_request.is_batch_request_template = true + end + params[:info_request_id] = @info_request.id + params[:outgoing_message] = {} if !params[:outgoing_message] + params[:outgoing_message][:body] = params[:body] if params[:body] + params[:outgoing_message][:default_letter] = params[:default_letter] if params[:default_letter] + params[:outgoing_message][:info_request] = @info_request + @outgoing_message = OutgoingMessage.new(params[:outgoing_message]) + @outgoing_message.set_signature_name(@user.name) if !@user.nil? + + if batch + render :action => 'new' + else + if @info_request.public_body.is_requestable? + render :action => 'new' + else + if @info_request.public_body.not_requestable_reason == 'bad_contact' + render :action => 'new_bad_contact' + else + # if not requestable because defunct or not_apply, redirect to main page + # (which doesn't link to the /new/ URL) + redirect_to public_body_url(@info_request.public_body) + end + end + end + return + end + def render_new_preview + message = "" + if @outgoing_message.contains_email? + if @user.nil? + message += _("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"{{url}}\">details</a>).</p>", :url => (help_privacy_path+"#email_address").html_safe); + else + message += _("<p>You do not need to include your email in the request in order to get a reply (<a href=\"{{url}}\">details</a>).</p>", :url => (help_privacy_path+"#email_address").html_safe); + end + message += _("<p>We recommend that you edit your request and remove the email address. + If you leave it, the email address will be sent to the authority, but will not be displayed on the site.</p>") + end + if @outgoing_message.contains_postcode? + message += _("<p>Your request contains a <strong>postcode</strong>. Unless it directly relates to the subject of your request, please remove any address as it will <strong>appear publicly on the Internet</strong>.</p>"); + end + if not message.empty? + flash.now[:error] = message.html_safe + end + render :action => 'preview' + end end diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb index 1123903f9..83e05ebbc 100644 --- a/app/controllers/track_controller.rb +++ b/app/controllers/track_controller.rb @@ -116,7 +116,7 @@ class TrackController < ApplicationController # Generic request tracker - set @track_thing before calling def track_set if @user - @existing_track = TrackThing.find_by_existing_track(@user, @track_thing) + @existing_track = TrackThing.find_existing(@user, @track_thing) if @existing_track flash[:notice] = _("You are already following updates about {{track_description}}", :track_description => @track_thing.params[:list_description]) return true diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index 175425280..8d6522923 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -26,12 +26,15 @@ class UserController < ApplicationController if params[:view].nil? @show_requests = true @show_profile = true + @show_batches = false elsif params[:view] == 'profile' @show_profile = true @show_requests = false + @show_batches = false elsif params[:view] == 'requests' @show_profile = false @show_requests = true + @show_batches = true end @display_user = User.find(:first, :conditions => [ "url_name = ? and email_confirmed = ?", params[:url_name], true ]) |