diff options
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/admin_censor_rule_controller.rb | 55 | ||||
| -rw-r--r-- | app/controllers/admin_general_controller.rb | 7 | ||||
| -rw-r--r-- | app/controllers/admin_public_body_categories_controller.rb | 86 | ||||
| -rw-r--r-- | app/controllers/admin_public_body_change_requests_controller.rb | 8 | ||||
| -rw-r--r-- | app/controllers/admin_public_body_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/admin_public_body_headings_controller.rb | 108 | ||||
| -rw-r--r-- | app/controllers/admin_request_controller.rb | 25 | ||||
| -rw-r--r-- | app/controllers/admin_spam_addresses_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/application_controller.rb | 3 | ||||
| -rw-r--r-- | app/controllers/general_controller.rb | 2 | ||||
| -rw-r--r-- | app/controllers/health_checks_controller.rb | 16 | ||||
| -rw-r--r-- | app/controllers/help_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/public_body_controller.rb | 4 | ||||
| -rw-r--r-- | app/controllers/request_controller.rb | 49 | ||||
| -rw-r--r-- | app/controllers/user_controller.rb | 15 |
15 files changed, 353 insertions, 35 deletions
diff --git a/app/controllers/admin_censor_rule_controller.rb b/app/controllers/admin_censor_rule_controller.rb index 6f79b5ba1..68ca57510 100644 --- a/app/controllers/admin_censor_rule_controller.rb +++ b/app/controllers/admin_censor_rule_controller.rb @@ -8,23 +8,49 @@ class AdminCensorRuleController < AdminController def new if params[:info_request_id] @info_request = InfoRequest.find(params[:info_request_id]) + @censor_rule = @info_request.censor_rules.build + @form_url = admin_info_request_censor_rules_path(@info_request) end + if params[:user_id] @censor_user = User.find(params[:user_id]) + @censor_rule = @censor_user.censor_rules.build + @form_url = admin_user_censor_rules_path(@censor_user) end + + @censor_rule ||= CensorRule.new + @form_url ||= admin_rule_create_path end def create - params[:censor_rule][:last_edit_editor] = admin_current_user() - @censor_rule = CensorRule.new(params[:censor_rule]) + params[:censor_rule][:last_edit_editor] = admin_current_user + + if params[:info_request_id] + @info_request = InfoRequest.find(params[:info_request_id]) + @censor_rule = @info_request.censor_rules.build(params[:censor_rule]) + @form_url = admin_info_request_censor_rules_path(@info_request) + end + + if params[:user_id] + @censor_user = User.find(params[:user_id]) + @censor_rule = @censor_user.censor_rules.build(params[:censor_rule]) + @form_url = admin_user_censor_rules_path(@censor_user) + end + + @censor_rule ||= CensorRule.new(params[:censor_rule]) + @form_url ||= admin_rule_create_path + if @censor_rule.save if !@censor_rule.info_request.nil? expire_for_request(@censor_rule.info_request) end + if !@censor_rule.user.nil? expire_requests_for_user(@censor_rule.user) end + flash[:notice] = 'CensorRule was successfully created.' + if !@censor_rule.info_request.nil? redirect_to admin_request_show_url(@censor_rule.info_request) elsif !@censor_rule.user.nil? @@ -42,16 +68,20 @@ class AdminCensorRuleController < AdminController end def update - params[:censor_rule][:last_edit_editor] = admin_current_user() + params[:censor_rule][:last_edit_editor] = admin_current_user @censor_rule = CensorRule.find(params[:id]) + if @censor_rule.update_attributes(params[:censor_rule]) - if !@censor_rule.info_request.nil? + unless @censor_rule.info_request.nil? expire_for_request(@censor_rule.info_request) end - if !@censor_rule.user.nil? + + unless @censor_rule.user.nil? expire_requests_for_user(@censor_rule.user) end + flash[:notice] = 'CensorRule was successfully updated.' + if !@censor_rule.info_request.nil? redirect_to admin_request_show_url(@censor_rule.info_request) elsif !@censor_rule.user.nil? @@ -65,19 +95,22 @@ class AdminCensorRuleController < AdminController end def destroy - censor_rule = CensorRule.find(params[:censor_rule_id]) - info_request = censor_rule.info_request - user = censor_rule.user + @censor_rule = CensorRule.find(params[:censor_rule_id]) + info_request = @censor_rule.info_request + user = @censor_rule.user - censor_rule.destroy - if !info_request.nil? + @censor_rule.destroy + + unless info_request.nil? expire_for_request(info_request) end - if !user.nil? + + unless user.nil? expire_requests_for_user(user) end flash[:notice] = "CensorRule was successfully destroyed." + if !info_request.nil? redirect_to admin_request_show_url(info_request) elsif !user.nil? diff --git a/app/controllers/admin_general_controller.rb b/app/controllers/admin_general_controller.rb index 753208c9a..f2414eeab 100644 --- a/app/controllers/admin_general_controller.rb +++ b/app/controllers/admin_general_controller.rb @@ -7,13 +7,6 @@ class AdminGeneralController < AdminController def index - # ensure we have a trailing slash - current_uri = request.env['REQUEST_URI'] - if params[:suppress_redirect].nil? && !(current_uri =~ /\/$/) - redirect_to admin_general_index_url + "/" - return - end - # Overview counts of things @public_body_count = PublicBody.count diff --git a/app/controllers/admin_public_body_categories_controller.rb b/app/controllers/admin_public_body_categories_controller.rb new file mode 100644 index 000000000..5e305dde3 --- /dev/null +++ b/app/controllers/admin_public_body_categories_controller.rb @@ -0,0 +1,86 @@ +class AdminPublicBodyCategoriesController < AdminController + def index + @locale = self.locale_from_params + @category_headings = PublicBodyHeading.all + @without_heading = PublicBodyCategory.without_headings + end + + def new + @category = PublicBodyCategory.new + render :formats => [:html] + end + + def edit + @category = PublicBodyCategory.find(params[:id]) + @tagged_public_bodies = PublicBody.find_by_tag(@category.category_tag) + end + + def update + @category = PublicBodyCategory.find(params[:id]) + @tagged_public_bodies = PublicBody.find_by_tag(@category.category_tag) + heading_ids = [] + + I18n.with_locale(I18n.default_locale) do + if params[:public_body_category][:category_tag] && PublicBody.find_by_tag(@category.category_tag).count > 0 && @category.category_tag != params[:public_body_category][:category_tag] + flash[:error] = "There are authorities associated with this category, so the tag can't be renamed" + render :action => 'edit' + else + if params[:headings] + heading_ids = params[:headings].values + removed_headings = @category.public_body_heading_ids - heading_ids + added_headings = heading_ids - @category.public_body_heading_ids + + unless removed_headings.empty? + # remove the link objects + deleted_links = PublicBodyCategoryLink.where( + :public_body_category_id => @category.id, + :public_body_heading_id => [removed_headings] + ) + deleted_links.delete_all + + #fix the category object + @category.public_body_heading_ids = heading_ids + end + + added_headings.each do |heading_id| + PublicBodyHeading.find(heading_id).add_category(@category) + end + end + + if @category.update_attributes(params[:public_body_category]) + flash[:notice] = 'Category was successfully updated.' + redirect_to edit_admin_category_path(@category) + else + render :action => 'edit' + end + end + end + end + + def create + I18n.with_locale(I18n.default_locale) do + @category = PublicBodyCategory.new(params[:public_body_category]) + if @category.save + if params[:headings] + params[:headings].values.each do |heading_id| + PublicBodyHeading.find(heading_id).add_category(@category) + end + end + flash[:notice] = 'Category was successfully created.' + redirect_to admin_categories_path + else + render :action => 'new' + end + end + end + + def destroy + @locale = self.locale_from_params + I18n.with_locale(@locale) do + category = PublicBodyCategory.find(params[:id]) + category.destroy + flash[:notice] = "Category was successfully destroyed." + redirect_to admin_categories_path + end + end +end diff --git a/app/controllers/admin_public_body_change_requests_controller.rb b/app/controllers/admin_public_body_change_requests_controller.rb index d76cdc0e5..6ff03a2bd 100644 --- a/app/controllers/admin_public_body_change_requests_controller.rb +++ b/app/controllers/admin_public_body_change_requests_controller.rb @@ -7,8 +7,12 @@ class AdminPublicBodyChangeRequestsController < AdminController def update @change_request = PublicBodyChangeRequest.find(params[:id]) @change_request.close! - @change_request.send_response(params[:subject], params[:response]) - flash[:notice] = 'The change request has been closed and the user has been notified' + if params[:subject] && params[:response] + @change_request.send_response(params[:subject], params[:response]) + flash[:notice] = 'The change request has been closed and the user has been notified' + else + flash[:notice] = 'The change request has been closed' + end redirect_to admin_general_index_path end diff --git a/app/controllers/admin_public_body_controller.rb b/app/controllers/admin_public_body_controller.rb index 120419a27..f7a80476c 100644 --- a/app/controllers/admin_public_body_controller.rb +++ b/app/controllers/admin_public_body_controller.rb @@ -4,8 +4,6 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: hello@mysociety.org; WWW: http://www.mysociety.org/ -require "public_body_categories" - class AdminPublicBodyController < AdminController def index list diff --git a/app/controllers/admin_public_body_headings_controller.rb b/app/controllers/admin_public_body_headings_controller.rb new file mode 100644 index 000000000..e893e760d --- /dev/null +++ b/app/controllers/admin_public_body_headings_controller.rb @@ -0,0 +1,108 @@ +class AdminPublicBodyHeadingsController < AdminController + + def edit + @heading = PublicBodyHeading.find(params[:id]) + render :formats => [:html] + end + + def update + I18n.with_locale(I18n.default_locale) do + @heading = PublicBodyHeading.find(params[:id]) + if @heading.update_attributes(params[:public_body_heading]) + flash[:notice] = 'Category heading was successfully updated.' + redirect_to edit_admin_heading_path(@heading) + else + render :action => 'edit' + end + end + end + + def reorder + transaction = reorder_headings(params[:headings]) + if transaction[:success] + render :nothing => true, :status => :ok + else + render :text => transaction[:error], :status => :unprocessable_entity + end + end + + def reorder_categories + transaction = reorder_categories_for_heading(params[:id], params[:categories]) + if transaction[:success] + render :nothing => true, :status => :ok and return + else + render :text => transaction[:error], :status => :unprocessable_entity + end + end + + def new + @heading = PublicBodyHeading.new + render :formats => [:html] + end + + def create + I18n.with_locale(I18n.default_locale) do + @heading = PublicBodyHeading.new(params[:public_body_heading]) + if @heading.save + flash[:notice] = 'Category heading was successfully created.' + redirect_to admin_categories_url + else + render :action => 'new' + end + end + end + + def destroy + @locale = self.locale_from_params() + I18n.with_locale(@locale) do + heading = PublicBodyHeading.find(params[:id]) + heading.destroy + flash[:notice] = "Category heading was successfully destroyed." + redirect_to admin_categories_url + end + end + + protected + + def reorder_headings(headings) + error = nil + ActiveRecord::Base.transaction do + headings.each_with_index do |heading_id, index| + begin + heading = PublicBodyHeading.find(heading_id) + rescue ActiveRecord::RecordNotFound => e + error = e.message + raise ActiveRecord::Rollback + end + heading.display_order = index + unless heading.save + error = heading.errors.full_messages.join(",") + raise ActiveRecord::Rollback + end + end + end + { :success => error.nil? ? true : false, :error => error } + end + + def reorder_categories_for_heading(heading_id, categories) + error = nil + ActiveRecord::Base.transaction do + categories.each_with_index do |category_id, index| + conditions = { :public_body_category_id => category_id, + :public_body_heading_id => heading_id } + link = PublicBodyCategoryLink.where(conditions).first + unless link + error = "Couldn't find PublicBodyCategoryLink for category #{category_id}, heading #{heading_id}" + raise ActiveRecord::Rollback + end + link.category_display_order = index + unless link.save + error = link.errors.full_messages.join(",") + raise ActiveRecord::Rollback + end + end + end + { :success => error.nil? ? true : false, :error => error } + end + +end diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb index 21120e4ad..8f023bf12 100644 --- a/app/controllers/admin_request_controller.rb +++ b/app/controllers/admin_request_controller.rb @@ -37,7 +37,30 @@ class AdminRequestController < AdminController def resend @outgoing_message = OutgoingMessage.find(params[:outgoing_message_id]) - @outgoing_message.resend_message + @outgoing_message.prepare_message_for_resend + + mail_message = case @outgoing_message.message_type + when 'initial_request' + OutgoingMailer.initial_request( + @outgoing_message.info_request, + @outgoing_message + ).deliver + when 'followup' + OutgoingMailer.followup( + @outgoing_message.info_request, + @outgoing_message, + @outgoing_message.incoming_message_followup + ).deliver + else + raise "Message id #{id} has type '#{message_type}' which cannot be resent" + end + + @outgoing_message.record_email_delivery( + mail_message.to_addrs.join(', '), + mail_message.message_id, + 'resent' + ) + flash[:notice] = "Outgoing message resent" redirect_to admin_request_show_url(@outgoing_message.info_request) end diff --git a/app/controllers/admin_spam_addresses_controller.rb b/app/controllers/admin_spam_addresses_controller.rb index f5c7e93da..fff7e2a4a 100644 --- a/app/controllers/admin_spam_addresses_controller.rb +++ b/app/controllers/admin_spam_addresses_controller.rb @@ -10,7 +10,7 @@ class AdminSpamAddressesController < AdminController if @spam_address.save notice = "#{ @spam_address.email } has been added to the spam addresses list" - redirect_to spam_addresses_path, :notice => notice + redirect_to admin_spam_addresses_path, :notice => notice else @spam_addresses = SpamAddress.all render :index @@ -21,7 +21,7 @@ class AdminSpamAddressesController < AdminController @spam_address = SpamAddress.find(params[:id]) @spam_address.destroy notice = "#{ @spam_address.email } has been removed from the spam addresses list" - redirect_to spam_addresses_path, :notice => notice + redirect_to admin_spam_addresses_path, :notice => notice end end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 4d3f40d40..1ccf7e5db 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -17,6 +17,9 @@ class ApplicationController < ActionController::Base # assign our own handler method for non-local exceptions rescue_from Exception, :with => :render_exception + # Add some security-related headers (see config/initializers/secure_headers.rb) + ensure_security_headers + # Standard headers, footers and navigation for whole site layout "default" include FastGettext::Translation # make functions like _, n_, N_ etc available) diff --git a/app/controllers/general_controller.rb b/app/controllers/general_controller.rb index 158492eb2..2c8abbaf4 100644 --- a/app/controllers/general_controller.rb +++ b/app/controllers/general_controller.rb @@ -32,7 +32,7 @@ class GeneralController < ApplicationController if !content.empty? @data = XmlSimple.xml_in(content) @channel = @data['channel'][0] - @blog_items = @channel['item'] + @blog_items = @channel.fetch('item') { [] } @feed_autodetect = [{:url => @feed_url, :title => "#{site_name} blog"}] end end diff --git a/app/controllers/health_checks_controller.rb b/app/controllers/health_checks_controller.rb new file mode 100644 index 000000000..473a1aacc --- /dev/null +++ b/app/controllers/health_checks_controller.rb @@ -0,0 +1,16 @@ +class HealthChecksController < ApplicationController + + def index + @health_checks = HealthChecks.all + + respond_to do |format| + if HealthChecks.ok? + format.html { render :action => :index, :layout => false } + else + format.html { render :action => :index, :layout => false , :status => 500 } + end + end + + end + +end diff --git a/app/controllers/help_controller.rb b/app/controllers/help_controller.rb index 9033198a0..93215ccad 100644 --- a/app/controllers/help_controller.rb +++ b/app/controllers/help_controller.rb @@ -11,6 +11,10 @@ class HelpController < ApplicationController before_filter :long_cache before_filter :catch_spam, :only => [:contact] + def index + redirect_to help_about_path + end + def unhappy @info_request = nil if params[:url_title] diff --git a/app/controllers/public_body_controller.rb b/app/controllers/public_body_controller.rb index d2c84d820..e64644a1b 100644 --- a/app/controllers/public_body_controller.rb +++ b/app/controllers/public_body_controller.rb @@ -111,7 +111,7 @@ class PublicBodyController < ApplicationController if @tag.nil? || @tag == 'all' @tag = 'all' elsif @tag == 'other' - category_list = PublicBodyCategories.get.tags.map{ |c| %Q('#{ c }') }.join(",") + category_list = PublicBodyCategory.get.tags.map{ |c| %Q('#{ c }') }.join(",") where_condition += base_tag_condition + " AND has_tag_string_tags.name in (#{category_list})) = 0" elsif @tag.scan(/./mu).size == 1 @tag = Unicode.upcase(@tag) @@ -132,7 +132,7 @@ class PublicBodyController < ApplicationController elsif @tag.size == 1 @description = _("beginning with ‘{{first_letter}}’", :first_letter => @tag) else - category_name = PublicBodyCategories.get.by_tag[@tag] + category_name = PublicBodyCategory.get.by_tag[@tag] if category_name.nil? @description = _("matching the tag ‘{{tag_name}}’", :tag_name => @tag) else diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index 3fa0ef0ce..346aaf384 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -365,8 +365,21 @@ class RequestController < ApplicationController end # This automatically saves dependent objects, such as @outgoing_message, in the same transaction @info_request.save! - # TODO: send_message needs the database id, so we send after saving, which isn't ideal if the request broke here. - @outgoing_message.send_message + + # TODO: Sending the message needs the database id, so we send after + # saving, which isn't ideal if the request broke here. + if @outgoing_message.sendable? + mail_message = OutgoingMailer.initial_request( + @outgoing_message.info_request, + @outgoing_message + ).deliver + + @outgoing_message.record_email_delivery( + mail_message.to_addrs.join(', '), + mail_message.message_id + ) + end + flash[:notice] = _("<p>Your {{law_used_full}} request has been <strong>sent on its way</strong>!</p> <p><strong>We will email you</strong> when there is a response, or after {{late_number_of_days}} working days if the authority still hasn't replied by then.</p> @@ -668,13 +681,27 @@ class RequestController < ApplicationController end # Send a follow up message - @outgoing_message.send_message + @outgoing_message.sendable? + + mail_message = OutgoingMailer.followup( + @outgoing_message.info_request, + @outgoing_message, + @outgoing_message.incoming_message_followup + ).deliver + + @outgoing_message.record_email_delivery( + mail_message.to_addrs.join(', '), + mail_message.message_id + ) + @outgoing_message.save! + if @outgoing_message.what_doing == 'internal_review' flash[:notice] = _("Your internal review request has been sent on its way.") else flash[:notice] = _("Your follow up message has been sent on its way.") end + redirect_to request_url(@info_request) end else @@ -873,10 +900,18 @@ class RequestController < ApplicationController # Type ahead search def search_typeahead - # Since acts_as_xapian doesn't support the Partial match flag, we work around it - # by making the last work a wildcard, which is quite the same - query = params[:q] - @xapian_requests = perform_search_typeahead(query, InfoRequestEvent) + # Since acts_as_xapian doesn't support the Partial match flag, we work + # around it by making the last word a wildcard, which is quite the same + @query = '' + + if params.key?(:requested_from) + @query << "requested_from:#{ params[:requested_from] } " + end + + @per_page = (params.fetch(:per_page) { 25 }).to_i + + @query << params[:q] + @xapian_requests = perform_search_typeahead(@query, InfoRequestEvent, @per_page) render :partial => "request/search_ahead" end diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb index f23343ddb..baeaab18a 100644 --- a/app/controllers/user_controller.rb +++ b/app/controllers/user_controller.rb @@ -49,13 +49,28 @@ class UserController < ApplicationController # TODO: really should just use SQL query here rather than Xapian. if @show_requests begin + + request_states = @display_user.info_requests.pluck(:described_state).uniq + + option_item = Struct.new(:value, :text) + @request_states = request_states.map do |state| + option_item.new(state, InfoRequest.get_status_description(state)) + end + requests_query = 'requested_by:' + @display_user.url_name comments_query = 'commented_by:' + @display_user.url_name if !params[:user_query].nil? requests_query += " " + params[:user_query] comments_query += " " + params[:user_query] @match_phrase = _("{{search_results}} matching '{{query}}'", :search_results => "", :query => params[:user_query]) + + unless params[:request_latest_status].blank? + requests_query << ' latest_status:' << params[:request_latest_status] + comments_query << ' latest_status:' << params[:request_latest_status] + @match_phrase << _(" filtered by status: '{{status}}'", :status => params[:request_latest_status]) + end end + @xapian_requests = perform_search([InfoRequestEvent], requests_query, 'newest', 'request_collapse') @xapian_comments = perform_search([InfoRequestEvent], comments_query, 'newest', nil) |