aboutsummaryrefslogtreecommitdiffstats
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/admin_user_controller.rb1
-rw-r--r--app/controllers/application_controller.rb4
-rw-r--r--app/controllers/comment_controller.rb4
-rw-r--r--app/controllers/info_request_batch_controller.rb16
-rw-r--r--app/controllers/request_controller.rb284
-rw-r--r--app/controllers/track_controller.rb2
-rw-r--r--app/controllers/user_controller.rb3
7 files changed, 221 insertions, 93 deletions
diff --git a/app/controllers/admin_user_controller.rb b/app/controllers/admin_user_controller.rb
index 929b93e0e..940a5fe8f 100644
--- a/app/controllers/admin_user_controller.rb
+++ b/app/controllers/admin_user_controller.rb
@@ -48,6 +48,7 @@ class AdminUserController < AdminController
@admin_user.ban_text = params[:admin_user][:ban_text]
@admin_user.about_me = params[:admin_user][:about_me]
@admin_user.no_limit = params[:admin_user][:no_limit]
+ @admin_user.can_make_batch_requests = params[:admin_user][:can_make_batch_requests]
if @admin_user.valid?
@admin_user.save!
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 7c122917d..370e8e15c 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -369,9 +369,9 @@ class ApplicationController < ActionController::Base
return page
end
- def perform_search_typeahead(query, model)
+ def perform_search_typeahead(query, model, per_page=25)
@page = get_search_page_from_params
- @per_page = 10
+ @per_page = per_page
query_words = query.split(/ +(?![-+]+)/)
if query_words.last.nil? || query_words.last.strip.length < 3
xapian_requests = nil
diff --git a/app/controllers/comment_controller.rb b/app/controllers/comment_controller.rb
index d4b17e9d2..cda56a211 100644
--- a/app/controllers/comment_controller.rb
+++ b/app/controllers/comment_controller.rb
@@ -38,7 +38,7 @@ class CommentController < ApplicationController
if params[:comment]
# XXX this check should theoretically be a validation rule in the model
- @existing_comment = Comment.find_by_existing_comment(@info_request.id, params[:comment][:body])
+ @existing_comment = Comment.find_existing(@info_request.id, params[:comment][:body])
else
# Default to subscribing to request when first viewing form
params[:subscribe_to_request] = true
@@ -68,7 +68,7 @@ class CommentController < ApplicationController
if params[:subscribe_to_request]
@track_thing = TrackThing.create_track_for_request(@info_request)
- @existing_track = TrackThing.find_by_existing_track(@user, @track_thing)
+ @existing_track = TrackThing.find_existing(@user, @track_thing)
if @user && @info_request.user == @user
# don't subscribe to own request!
elsif !@existing_track
diff --git a/app/controllers/info_request_batch_controller.rb b/app/controllers/info_request_batch_controller.rb
new file mode 100644
index 000000000..b66658757
--- /dev/null
+++ b/app/controllers/info_request_batch_controller.rb
@@ -0,0 +1,16 @@
+class InfoRequestBatchController < ApplicationController
+
+ def show
+ @info_request_batch = InfoRequestBatch.find(params[:id])
+ @per_page = 25
+ @page = get_search_page_from_params
+ if @info_request_batch.sent_at
+ @info_requests = @info_request_batch.info_requests.visible.all(:offset => (@page - 1) * @per_page,
+ :limit => @per_page)
+ else
+ @public_bodies = @info_request_batch.public_bodies.all(:offset => (@page - 1) * @per_page,
+ :limit => @per_page)
+ end
+ end
+
+end
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb
index b79ead73d..a94461758 100644
--- a/app/controllers/request_controller.rb
+++ b/app/controllers/request_controller.rb
@@ -11,7 +11,7 @@ require 'open-uri'
class RequestController < ApplicationController
before_filter :check_read_only, :only => [ :new, :show_response, :describe_state, :upload_response ]
protect_from_forgery :only => [ :new, :show_response, :describe_state, :upload_response ] # See ActionController::RequestForgeryProtection for details
-
+ before_filter :check_batch_requests_and_user_allowed, :only => [ :select_authorities, :new_batch ]
MAX_RESULTS = 500
PER_PAGE = 25
@@ -43,6 +43,32 @@ class RequestController < ApplicationController
medium_cache
end
+ def select_authorities
+ if !params[:public_body_query].nil?
+ @search_bodies = perform_search_typeahead(params[:public_body_query], PublicBody, 1000)
+ end
+ respond_to do |format|
+ format.html do
+ if !params[:public_body_ids].nil?
+ if !params[:remove_public_body_ids].nil?
+ body_ids = params[:public_body_ids] - params[:remove_public_body_ids]
+ else
+ body_ids = params[:public_body_ids]
+ end
+ @public_bodies = PublicBody.where({:id => body_ids}).all
+ end
+ end
+ format.json do
+ if @search_bodies
+ render :json => @search_bodies.results.map{ |result| {:name => result[:model].name,
+ :id => result[:model].id } }
+ else
+ render :json => []
+ end
+ end
+ end
+ end
+
def show
if !AlaveteliConfiguration::varnish_host.blank?
# If varnish is set up to accept PURGEs, then cache for a
@@ -167,6 +193,69 @@ class RequestController < ApplicationController
end
end
+ def new_batch
+ if params[:public_body_ids].blank?
+ redirect_to select_authorities_path and return
+ end
+
+ # TODO: Decide if we make batch requesters describe their undescribed requests
+ # before being able to make a new batch request
+
+ if !authenticated_user.can_file_requests?
+ @details = authenticated_user.can_fail_html
+ render :template => 'user/banned' and return
+ end
+
+ @batch = true
+
+ I18n.with_locale(@locale) do
+ @public_bodies = PublicBody.where({:id => params[:public_body_ids]}).
+ includes(:translations).
+ order('public_body_translations.name').all
+ end
+ if params[:submitted_new_request].nil? || params[:reedit]
+ return render_new_compose(batch=true)
+ end
+
+ # Check for double submission of batch
+ @existing_batch = InfoRequestBatch.find_existing(authenticated_user,
+ params[:info_request][:title],
+ params[:outgoing_message][:body],
+ params[:public_body_ids])
+
+ @info_request = InfoRequest.create_from_attributes(params[:info_request],
+ params[:outgoing_message],
+ authenticated_user)
+ @outgoing_message = @info_request.outgoing_messages.first
+ @info_request.is_batch_request_template = true
+ if !@existing_batch.nil? || !@info_request.valid?
+ # We don't want the error "Outgoing messages is invalid", as in this
+ # case the list of errors will also contain a more specific error
+ # describing the reason it is invalid.
+ @info_request.errors.delete(:outgoing_messages)
+ render :action => 'new'
+ return
+ end
+
+ # Show preview page, if it is a preview
+ if params[:preview].to_i == 1
+ return render_new_preview
+ end
+
+ @info_request_batch = InfoRequestBatch.create!(:title => params[:info_request][:title],
+ :body => params[:outgoing_message][:body],
+ :public_bodies => @public_bodies,
+ :user => authenticated_user)
+ flash[:notice] = _("<p>Your {{law_used_full}} requests will be <strong>sent</strong> shortly!</p>
+ <p><strong>We will email you</strong> when they have been sent.
+ We will also email you when there is a response to any of them, or after {{late_number_of_days}} working days if the authorities still haven't
+ replied by then.</p>
+ <p>If you write about these requests (for example in a forum or a blog) please link to this page.</p>",
+ :law_used_full=>@info_request.law_used_full,
+ :late_number_of_days => AlaveteliConfiguration::reply_late_after_days)
+ redirect_to info_request_batch_path(@info_request_batch)
+ end
+
# Page new form posts to
def new
# All new requests are of normal_sort
@@ -211,71 +300,19 @@ class RequestController < ApplicationController
render :template => 'user/rate_limited'
return
end
-
- params[:info_request] = { } if !params[:info_request]
-
- # Read parameters in - first the public body (by URL name or id)
- if params[:url_name]
- if params[:url_name].match(/^[0-9]+$/)
- params[:info_request][:public_body] = PublicBody.find(params[:url_name])
- else
- public_body = PublicBody.find_by_url_name_with_historic(params[:url_name])
- raise ActiveRecord::RecordNotFound.new("None found") if public_body.nil? # XXX proper 404
- params[:info_request][:public_body] = public_body
- end
- elsif params[:public_body_id]
- params[:info_request][:public_body] = PublicBody.find(params[:public_body_id])
- # Explicitly load the association as this isn't done automatically in newer Rails versions
- elsif params[:info_request][:public_body_id]
- params[:info_request][:public_body] = PublicBody.find(params[:info_request][:public_body_id])
- end
- if !params[:info_request][:public_body]
- # compulsory to have a body by here, or go to front page which is start of process
- redirect_to frontpage_url
- return
- end
-
- # ... next any tags or other things
- params[:info_request][:title] = params[:title] if params[:title]
- params[:info_request][:tag_string] = params[:tags] if params[:tags]
-
- @info_request = InfoRequest.new(params[:info_request])
- params[:info_request_id] = @info_request.id
- params[:outgoing_message] = {} if !params[:outgoing_message]
- params[:outgoing_message][:body] = params[:body] if params[:body]
- params[:outgoing_message][:default_letter] = params[:default_letter] if params[:default_letter]
- params[:outgoing_message][:info_request] = @info_request
- @outgoing_message = OutgoingMessage.new(params[:outgoing_message])
- @outgoing_message.set_signature_name(@user.name) if !@user.nil?
-
- if @info_request.public_body.is_requestable?
- render :action => 'new'
- else
- if @info_request.public_body.not_requestable_reason == 'bad_contact'
- render :action => 'new_bad_contact'
- else
- # if not requestable because defunct or not_apply, redirect to main page
- # (which doesn't link to the /new/ URL)
- redirect_to public_body_url(@info_request.public_body)
- end
- end
- return
+ return render_new_compose(batch=false)
end
# See if the exact same request has already been submitted
# XXX this check should theoretically be a validation rule in the
# model, except we really want to pass @existing_request to the view so
# it can link to it.
- @existing_request = InfoRequest.find_by_existing_request(params[:info_request][:title], params[:info_request][:public_body_id], params[:outgoing_message][:body])
+ @existing_request = InfoRequest.find_existing(params[:info_request][:title], params[:info_request][:public_body_id], params[:outgoing_message][:body])
# Create both FOI request and the first request message
- @info_request = InfoRequest.new(params[:info_request])
- @outgoing_message = OutgoingMessage.new(params[:outgoing_message].merge({
- :status => 'ready',
- :message_type => 'initial_request'
- }))
- @info_request.outgoing_messages << @outgoing_message
- @outgoing_message.info_request = @info_request
+ @info_request = InfoRequest.create_from_attributes(params[:info_request],
+ params[:outgoing_message])
+ @outgoing_message = @info_request.outgoing_messages.first
# Maybe we lost the address while they're writing it
if !@info_request.public_body.is_requestable?
@@ -296,24 +333,7 @@ class RequestController < ApplicationController
# Show preview page, if it is a preview
if params[:preview].to_i == 1
- message = ""
- if @outgoing_message.contains_email?
- if @user.nil?
- message += _("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"{{url}}\">details</a>).</p>", :url => (help_privacy_path+"#email_address").html_safe);
- else
- message += _("<p>You do not need to include your email in the request in order to get a reply (<a href=\"{{url}}\">details</a>).</p>", :url => (help_privacy_path+"#email_address").html_safe);
- end
- message += _("<p>We recommend that you edit your request and remove the email address.
- If you leave it, the email address will be sent to the authority, but will not be displayed on the site.</p>")
- end
- if @outgoing_message.contains_postcode?
- message += _("<p>Your request contains a <strong>postcode</strong>. Unless it directly relates to the subject of your request, please remove any address as it will <strong>appear publicly on the Internet</strong>.</p>");
- end
- if not message.empty?
- flash.now[:error] = message.html_safe
- end
- render :action => 'preview'
- return
+ return render_new_preview
end
if user_exceeded_limit
@@ -669,7 +689,7 @@ class RequestController < ApplicationController
end
if !incoming_message.user_can_view?(authenticated_user)
@incoming_message = incoming_message # used by view
- return render_hidden_message
+ return render_hidden('request/hidden_correspondence')
end
# Is this a completely public request that we can cache attachments for
# to be served up without authentication?
@@ -883,19 +903,10 @@ class RequestController < ApplicationController
private
- def render_hidden
+ def render_hidden(template='request/hidden')
respond_to do |format|
response_code = 403 # forbidden
- format.html{ render :template => 'request/hidden', :status => response_code }
- format.any{ render :nothing => true, :status => response_code }
- end
- false
- end
-
- def render_hidden_message
- respond_to do |format|
- response_code = 403 # forbidden
- format.html{ render :template => 'request/hidden_correspondence', :status => response_code }
+ format.html{ render :template => template, :status => response_code }
format.any{ render :nothing => true, :status => response_code }
end
false
@@ -967,6 +978,103 @@ class RequestController < ApplicationController
"request/similar/#{info_request.id}/#{locale}"
end
+ def check_batch_requests_and_user_allowed
+ if !AlaveteliConfiguration::allow_batch_requests
+ raise RouteNotFound.new("Page not enabled")
+ end
+ if !authenticated?(
+ :web => _("To make a batch request"),
+ :email => _("Then you can make a batch request"),
+ :email_subject => _("Make a batch request"),
+ :user_name => "a user who has been authorised to make batch requests")
+ # do nothing - as "authenticated?" has done the redirect to signin page for us
+ return
+ end
+ if !@user.can_make_batch_requests?
+ return render_hidden('request/batch_not_allowed')
+ end
+ end
+
+ def render_new_compose(batch)
+
+ params[:info_request] = { } if !params[:info_request]
+ # Read parameters in
+ unless batch
+ # first the public body (by URL name or id)
+ if params[:url_name]
+ if params[:url_name].match(/^[0-9]+$/)
+ params[:info_request][:public_body] = PublicBody.find(params[:url_name])
+ else
+ public_body = PublicBody.find_by_url_name_with_historic(params[:url_name])
+ raise ActiveRecord::RecordNotFound.new("None found") if public_body.nil? # XXX proper 404
+ params[:info_request][:public_body] = public_body
+ end
+ elsif params[:public_body_id]
+ params[:info_request][:public_body] = PublicBody.find(params[:public_body_id])
+ # Explicitly load the association as this isn't done automatically in newer Rails versions
+ elsif params[:info_request][:public_body_id]
+ params[:info_request][:public_body] = PublicBody.find(params[:info_request][:public_body_id])
+ end
+ if !params[:info_request][:public_body]
+ # compulsory to have a body by here, or go to front page which is start of process
+ redirect_to frontpage_url
+ return
+ end
+ end
+
+ # ... next any tags or other things
+ params[:info_request][:title] = params[:title] if params[:title]
+ params[:info_request][:tag_string] = params[:tags] if params[:tags]
+
+ @info_request = InfoRequest.new(params[:info_request])
+ if batch
+ @info_request.is_batch_request_template = true
+ end
+ params[:info_request_id] = @info_request.id
+ params[:outgoing_message] = {} if !params[:outgoing_message]
+ params[:outgoing_message][:body] = params[:body] if params[:body]
+ params[:outgoing_message][:default_letter] = params[:default_letter] if params[:default_letter]
+ params[:outgoing_message][:info_request] = @info_request
+ @outgoing_message = OutgoingMessage.new(params[:outgoing_message])
+ @outgoing_message.set_signature_name(@user.name) if !@user.nil?
+
+ if batch
+ render :action => 'new'
+ else
+ if @info_request.public_body.is_requestable?
+ render :action => 'new'
+ else
+ if @info_request.public_body.not_requestable_reason == 'bad_contact'
+ render :action => 'new_bad_contact'
+ else
+ # if not requestable because defunct or not_apply, redirect to main page
+ # (which doesn't link to the /new/ URL)
+ redirect_to public_body_url(@info_request.public_body)
+ end
+ end
+ end
+ return
+ end
+
+ def render_new_preview
+ message = ""
+ if @outgoing_message.contains_email?
+ if @user.nil?
+ message += _("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"{{url}}\">details</a>).</p>", :url => (help_privacy_path+"#email_address").html_safe);
+ else
+ message += _("<p>You do not need to include your email in the request in order to get a reply (<a href=\"{{url}}\">details</a>).</p>", :url => (help_privacy_path+"#email_address").html_safe);
+ end
+ message += _("<p>We recommend that you edit your request and remove the email address.
+ If you leave it, the email address will be sent to the authority, but will not be displayed on the site.</p>")
+ end
+ if @outgoing_message.contains_postcode?
+ message += _("<p>Your request contains a <strong>postcode</strong>. Unless it directly relates to the subject of your request, please remove any address as it will <strong>appear publicly on the Internet</strong>.</p>");
+ end
+ if not message.empty?
+ flash.now[:error] = message.html_safe
+ end
+ render :action => 'preview'
+ end
end
diff --git a/app/controllers/track_controller.rb b/app/controllers/track_controller.rb
index 1123903f9..83e05ebbc 100644
--- a/app/controllers/track_controller.rb
+++ b/app/controllers/track_controller.rb
@@ -116,7 +116,7 @@ class TrackController < ApplicationController
# Generic request tracker - set @track_thing before calling
def track_set
if @user
- @existing_track = TrackThing.find_by_existing_track(@user, @track_thing)
+ @existing_track = TrackThing.find_existing(@user, @track_thing)
if @existing_track
flash[:notice] = _("You are already following updates about {{track_description}}", :track_description => @track_thing.params[:list_description])
return true
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 175425280..8d6522923 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -26,12 +26,15 @@ class UserController < ApplicationController
if params[:view].nil?
@show_requests = true
@show_profile = true
+ @show_batches = false
elsif params[:view] == 'profile'
@show_profile = true
@show_requests = false
+ @show_batches = false
elsif params[:view] == 'requests'
@show_profile = false
@show_requests = true
+ @show_batches = true
end
@display_user = User.find(:first, :conditions => [ "url_name = ? and email_confirmed = ?", params[:url_name], true ])
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-21 22:46:26 +0000